# @serve.zone/corebuild

CoreBuild is the serve.zone build-worker service for heavy image artifact jobs. Cloudly schedules the work; CoreBuild runs the build on a capable worker node, calls `isocreator`, uploads the finished artifact to S3-compatible storage, and returns artifact metadata and logs.

## Issue Reporting and Security

For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly.

## Current Scope

CoreBuild currently supports the `baseos-image` job type used by Cloudly's BaseOS manager.

Supported output families:

- `ubuntu-iso` for `amd64` and `arm64` BaseOS installer images.
- `balena-raw` for Raspberry Pi or raw-image based BaseOS builds.

Supported architecture values reported by `/corebuild/v1/capabilities`:

- `amd64`
- `arm64`
- `rpi`

CoreBuild does not store permanent build state. Each job gets a temporary workspace under the configured workdir, and the workspace is removed after the artifact is uploaded.

## Runtime Flow

```text
Cloudly BaseOS manager
  -> GET /corebuild/v1/capabilities
  -> POST /corebuild/v1/jobs/baseos-image
      -> BaseOsImageBuilder
          -> writes isocreator.config.json
          -> runs ISO_CREATOR_COMMAND build --config <config>
          -> uploads artifact to S3 with smartbucket
          -> returns filename, size, sha256, content type, bucket, and key
```

Cloudly owns build records, user-facing status, retention, and download URLs. CoreBuild only executes the worker-side job.

## Configuration

| Env var | Default | Purpose |
| --- | --- | --- |
| `COREBUILD_PORT` | `3060` | HTTP server port. |
| `COREBUILD_TOKEN` | unset | Optional shared token required for build jobs. |
| `COREBUILD_WORKDIR` | `.nogit/workdir` under the current working directory | Temporary build workspace. |
| `COREBUILD_WORKER_ID` | `<hostname>-<pid>` | Worker id reported in capabilities. |
| `ISO_CREATOR_COMMAND` | `isocreator` | Command used to run isocreator. |

Local development against the workspace checkout can point `ISO_CREATOR_COMMAND` at the neighboring `isocreator` repo:

```sh
ISO_CREATOR_COMMAND="deno run --allow-all ../isocreator/mod.ts" pnpm run startTs
```

## Starting CoreBuild

```sh
pnpm install
pnpm build
pnpm start
```

For direct TypeScript execution:

```sh
pnpm run startTs
```

Programmatic startup:

```ts
import { CoreBuildServer } from '@serve.zone/corebuild';

const server = CoreBuildServer.fromEnv();
await server.start();
```

## HTTP API

### `GET /health`

Returns a minimal health response:

```json
{ "ok": true }
```

### `GET /corebuild/v1/capabilities`

Returns worker capabilities and sizing information:

```json
{
  "workerId": "builder-1-12345",
  "supportedBuildTypes": ["baseos-image"],
  "supportedArchitectures": ["amd64", "arm64", "rpi"],
  "supportedImageKinds": ["ubuntu-iso", "balena-raw"],
  "cpuCores": 16,
  "memoryGb": 64,
  "workdir": "/var/tmp/corebuild"
}
```

### `POST /corebuild/v1/jobs/baseos-image`

Runs one BaseOS image job. If `COREBUILD_TOKEN` is set, the request must provide the token through one of these mechanisms:

- `Authorization: Bearer <token>`
- `x-corebuild-token: <token>`
- JSON body field `apiToken`

Request shape:

```json
{
  "apiToken": "optional-token",
  "job": {
    "id": "build-123",
    "architecture": "amd64",
    "imageKind": "ubuntu-iso",
    "cloudlyUrl": "https://cloudly.example.com",
    "provisioningToken": "one-time-baseos-token",
    "ubuntuVersion": "24.04",
    "hostname": "baseos-build-123",
    "sshPublicKey": "ssh-ed25519 ...",
    "s3Descriptor": {
      "endpoint": "s3.example.com",
      "accessKey": "access-key",
      "accessSecret": "secret-key",
      "bucketName": "servezone-artifacts",
      "port": 443,
      "useSsl": true,
      "region": "us-east-1"
    },
    "artifactKey": "corebuild/baseos/build-123/baseos.iso"
  }
}
```

Successful response:

```json
{
  "success": true,
  "artifact": {
    "bucketName": "servezone-artifacts",
    "key": "corebuild/baseos/build-123/baseos.iso",
    "filename": "baseos.iso",
    "contentType": "application/x-iso9660-image",
    "size": 123456789,
    "sha256": "...",
    "createdAt": 1760000000000
  },
  "logs": ["Starting isocreator for amd64 ubuntu-iso"]
}
```

## Image Generation Details

For `ubuntu-iso` jobs, CoreBuild generates an isocreator config that:

- Uses Ubuntu Server `24.04` unless the job supplies `ubuntuVersion`.
- Writes `/etc/baseos/baserunner.env` with `BASEOS_CLOUDLY_URL`, `BASEOS_JOIN_TOKEN`, `BASEOS_STATE_PATH`, and heartbeat interval.
- Installs a `baseos-baserunner.service` systemd unit.
- Adds an installation script that installs Deno when missing and checks out `https://code.foss.global/serve.zone/baseos.git` into `/opt/baseos`.
- Optionally injects WiFi and SSH user configuration.

For `balena-raw` jobs, `sourceImageUrl` is required. The generated config embeds the Cloudly URL and provisioning token in the Balena/BaseOS runtime configuration and emits a compressed `baseos-<architecture>.img.xz` style artifact.

## Cloudly Integration

Cloudly discovers CoreBuild workers from settings:

- `corebuildWorkersJson`: preferred, accepts a JSON array of URL strings or objects with `url`, optional `token`, and optional `id`.
- `corebuildWorkerUrl` and `corebuildWorkerToken`: legacy single-worker settings.

Cloudly selects the first worker whose capabilities include the requested build type, architecture, and image kind. It then posts the job with the configured token in both the authorization header and request body for compatibility with CoreBuild's token validation.

## Development

Common commands:

```sh
pnpm install
pnpm build
pnpm test
pnpm run startTs
```

Important files:

| Path | Purpose |
| --- | --- |
| `ts/index.ts` | Exports the public API and starts `CoreBuildServer.fromEnv()` when run directly. |
| `ts/classes.corebuildserver.ts` | HTTP server, token validation, health, capabilities, and job endpoint. |
| `ts/classes.baseosimagebuilder.ts` | Build workspace handling, isocreator config generation, command execution, artifact hashing, and S3 upload. |
| `ts/types.ts` | Job, artifact, S3 descriptor, capability, architecture, and image-kind types. |

## License and Legal Information

This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](./license) file.

**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.

### Trademarks

This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH or third parties, and are not included within the scope of the MIT license granted herein.

Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines or the guidelines of the respective third-party owners, and any usage must be approved in writing. Third-party trademarks used herein are the property of their respective owners and used only in a descriptive manner, e.g. for an implementation of an API or similar.

### Company Information

Task Venture Capital GmbH
Registered at District Court Bremen HRB 35230 HB, Germany

For any legal inquiries or further information, please contact us via email at hello@task.vc.

By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.