serve.zone/corebuild
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1eb78ff213c40380c8ca4fc85a1cc7056d273fbc
corebuild/readme.md
T

7.9 KiB
Raw Blame History

@serve.zone/corebuild

CoreBuild is the serve.zone build-worker service for heavy image artifact jobs. Cloudly schedules the work; CoreBuild runs the build on a capable worker node, calls isocreator, uploads the finished artifact to S3-compatible storage, and returns artifact metadata and logs.

Issue Reporting and Security

For reporting bugs, issues, or security vulnerabilities, please visit community.foss.global/. This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a code.foss.global/ account to submit Pull Requests directly.

Current Scope

CoreBuild currently supports the baseos-image job type used by Cloudly's BaseOS manager.

Supported output families:

  • ubuntu-iso for amd64 and arm64 BaseOS installer images.
  • balena-raw for Raspberry Pi or raw-image based BaseOS builds.

Supported architecture values reported by /corebuild/v1/capabilities:

  • amd64
  • arm64
  • rpi

CoreBuild does not store permanent build state. Each job gets a temporary workspace under the configured workdir, and the workspace is removed after the artifact is uploaded.

Runtime Flow

Cloudly BaseOS manager
  -> GET /corebuild/v1/capabilities
  -> POST /corebuild/v1/jobs/baseos-image
      -> BaseOsImageBuilder
          -> writes isocreator.config.json
          -> runs ISO_CREATOR_COMMAND build --config <config>
          -> uploads artifact to S3 with smartbucket
          -> returns filename, size, sha256, content type, bucket, and key

Cloudly owns build records, user-facing status, retention, and download URLs. CoreBuild only executes the worker-side job.

Configuration

Env var Default Purpose
COREBUILD_PORT 3060 HTTP server port.
COREBUILD_TOKEN unset Optional shared token required for build jobs.
COREBUILD_WORKDIR .nogit/workdir under the current working directory Temporary build workspace.
COREBUILD_WORKER_ID <hostname>-<pid> Worker id reported in capabilities.
ISO_CREATOR_COMMAND isocreator Command used to run isocreator.

Local development against the workspace checkout can point ISO_CREATOR_COMMAND at the neighboring isocreator repo:

ISO_CREATOR_COMMAND="deno run --allow-all ../isocreator/mod.ts" pnpm run startTs

Starting CoreBuild

pnpm install
pnpm build
pnpm start

For direct TypeScript execution:

pnpm run startTs

Programmatic startup:

import { CoreBuildServer } from '@serve.zone/corebuild';

const server = CoreBuildServer.fromEnv();
await server.start();

HTTP API

GET /health

Returns a minimal health response:

{ "ok": true }

GET /corebuild/v1/capabilities

Returns worker capabilities and sizing information:

{
  "workerId": "builder-1-12345",
  "supportedBuildTypes": ["baseos-image"],
  "supportedArchitectures": ["amd64", "arm64", "rpi"],
  "supportedImageKinds": ["ubuntu-iso", "balena-raw"],
  "cpuCores": 16,
  "memoryGb": 64,
  "workdir": "/var/tmp/corebuild"
}

POST /corebuild/v1/jobs/baseos-image

Runs one BaseOS image job. If COREBUILD_TOKEN is set, the request must provide the token through one of these mechanisms:

  • Authorization: Bearer <token>
  • x-corebuild-token: <token>
  • JSON body field apiToken

Request shape:

{
  "apiToken": "optional-token",
  "job": {
    "id": "build-123",
    "architecture": "amd64",
    "imageKind": "ubuntu-iso",
    "cloudlyUrl": "https://cloudly.example.com",
    "provisioningToken": "one-time-baseos-token",
    "ubuntuVersion": "24.04",
    "hostname": "baseos-build-123",
    "sshPublicKey": "ssh-ed25519 ...",
    "s3Descriptor": {
      "endpoint": "s3.example.com",
      "accessKey": "access-key",
      "accessSecret": "secret-key",
      "bucketName": "servezone-artifacts",
      "port": 443,
      "useSsl": true,
      "region": "us-east-1"
    },
    "artifactKey": "corebuild/baseos/build-123/baseos.iso"
  }
}

Successful response:

{
  "success": true,
  "artifact": {
    "bucketName": "servezone-artifacts",
    "key": "corebuild/baseos/build-123/baseos.iso",
    "filename": "baseos.iso",
    "contentType": "application/x-iso9660-image",
    "size": 123456789,
    "sha256": "...",
    "createdAt": 1760000000000
  },
  "logs": ["Starting isocreator for amd64 ubuntu-iso"]
}

Image Generation Details

For ubuntu-iso jobs, CoreBuild generates an isocreator config that:

  • Uses Ubuntu Server 24.04 unless the job supplies ubuntuVersion.
  • Writes /etc/baseos/baserunner.env with BASEOS_CLOUDLY_URL, BASEOS_JOIN_TOKEN, BASEOS_STATE_PATH, and heartbeat interval.
  • Installs a baseos-baserunner.service systemd unit.
  • Adds an installation script that installs Deno when missing and checks out https://code.foss.global/serve.zone/baseos.git into /opt/baseos.
  • Optionally injects WiFi and SSH user configuration.

For balena-raw jobs, sourceImageUrl is required. The generated config embeds the Cloudly URL and provisioning token in the Balena/BaseOS runtime configuration and emits a compressed baseos-<architecture>.img.xz style artifact.

Cloudly Integration

Cloudly discovers CoreBuild workers from settings:

  • corebuildWorkersJson: preferred, accepts a JSON array of URL strings or objects with url, optional token, and optional id.
  • corebuildWorkerUrl and corebuildWorkerToken: legacy single-worker settings.

Cloudly selects the first worker whose capabilities include the requested build type, architecture, and image kind. It then posts the job with the configured token in both the authorization header and request body for compatibility with CoreBuild's token validation.

Development

Common commands:

pnpm install
pnpm build
pnpm test
pnpm run startTs

Important files:

Path Purpose
ts/index.ts Exports the public API and starts CoreBuildServer.fromEnv() when run directly.
ts/classes.corebuildserver.ts HTTP server, token validation, health, capabilities, and job endpoint.
ts/classes.baseosimagebuilder.ts Build workspace handling, isocreator config generation, command execution, artifact hashing, and S3 upload.
ts/types.ts Job, artifact, S3 descriptor, capability, architecture, and image-kind types.

License and Legal Information

This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the license file.

Please note: The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.

Trademarks

This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH or third parties, and are not included within the scope of the MIT license granted herein.

Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines or the guidelines of the respective third-party owners, and any usage must be approved in writing. Third-party trademarks used herein are the property of their respective owners and used only in a descriptive manner, e.g. for an implementation of an API or similar.

Company Information

Task Venture Capital GmbH Registered at District Court Bremen HRB 35230 HB, Germany

For any legal inquiries or further information, please contact us via email at hello@task.vc.

By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.

Reference in New Issue View Git Blame Copy Permalink