Subscription activation and registry service account configuration implementation using available REST APIs

.github/workflows/build.yaml

@@ -23,7 +23,7 @@ jobs:
 
       - name: Get yarn cache directory path
         id: yarn-cache-dir-path
-        run: echo "dir=$(yarn cache dir)" >> "$GITHUB_OUTPUT"
+        run: echo "dir=$(yarn cache dir)" >> "${GITHUB_OUTPUT}"
 
       - uses: actions/cache@v3
         id: yarn-cache

.github/workflows/pr-check.yaml

@@ -20,97 +20,10 @@ name: pr-check
 on: [pull_request]
 
 jobs:
-  windows:
-    name: Windows
-    runs-on: windows-2022
-    timeout-minutes: 60
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    steps:
-      - uses: actions/checkout@v3
-
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 18
-
-      - name: Get yarn cache directory path
-        id: yarn-cache-dir-path
-        run: echo "dir=$(yarn cache dir)" >> ${env:GITHUB_OUTPUT}
-
-      - uses: actions/cache@v3
-        id: yarn-cache
-        with:
-          path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
-          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-yarn-
-
-      - name: yarn
-        run: |
-          yarn --frozen-lockfile --network-timeout 180000
-
-      - name: Run Build
-        timeout-minutes: 20
-        run: yarn build
-
-  darwin:
-    name: macOS
-    runs-on: macos-11
-    timeout-minutes: 40
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    steps:
-      - uses: actions/checkout@v3
-
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 18
-
-      - name: Get yarn cache directory path
-        id: yarn-cache-dir-path
-        run: echo "dir=$(yarn cache dir)" >> ${GITHUB_OUTPUT}
-
-      - uses: actions/cache@v3
-        id: yarn-cache
-        with:
-          path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
-          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-yarn-
-
-      - name: Execute yarn
-        if: ${{ steps.cacheNodeModules.outputs.cache-hit != 'true' }}
-        run: yarn --frozen-lockfile --network-timeout 180000
-
-      - name: Run Build
-        timeout-minutes: 20
-        run: yarn build
-
-  linux:
-    name: Linux
-    runs-on: ubuntu-20.04
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 18
-
-      - name: Get yarn cache directory path
-        id: yarn-cache-dir-path
-        run: echo "dir=$(yarn cache dir)" >> ${GITHUB_OUTPUT}
-
-      - uses: actions/cache@v3
-        id: yarn-cache
-        with:
-          path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
-          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-yarn-
-
-      - name: Execute yarn
-        run: yarn --frozen-lockfile
-
-      - name: Run Build
-        timeout-minutes: 20
-        run: yarn build
-
+  pr-check-job:
+    strategy:
+      matrix:
+        target: [windows-2022, macos-11, ubuntu-20.04]
+    uses: redhat-developer/podman-desktop-redhat-account-ext/.github/workflows/build.yaml@main
+    with:
+      runs-on: ${{ matrix.target }}

Dockerfile

@@ -0,0 +1,22 @@
+FROM node:17.7-alpine3.14 AS extension-builder
+WORKDIR /
+# cache packages in layer
+COPY  . .
+
+RUN ls -la
+
+RUN yarn config set cache-folder /usr/local/share/.cache/yarn
+RUN yarn config set network-timeout 120000
+# install
+RUN --mount=type=cache,target=/usr/local/share/.cache/yarn yarn global add rollup
+RUN --mount=type=cache,target=/usr/local/share/.cache/yarn yarn install
+RUN --mount=type=cache,target=/usr/local/share/.cache/yarn yarn run build 
+
+FROM scratch as podman-extension
+LABEL org.opencontainers.image.title="Red Hat SSO Authentication Provider Extension for Podman Desktop" \
+    org.opencontainers.image.description="Official Red Hat SSO Integration for Podman Desktop" \
+    org.opencontainers.image.vendor="Red Hat Inc." \
+    io.podman-desktop.api.version=">= 0.2.0"
+
+COPY --from=extension-builder /dist /dist
+COPY --from=extension-builder /package.json /package.json

README.md

@@ -1,39 +1,53 @@
+# Podman Desktop Red Hat SSO Extension
 
-# Red Hat Account extension
+An extension for Podman Desktop to simplify logging into and creating a Red Hat account.  The extension opens sso.redhat.com in the browser to retrieve an SSO token upon successful login.  The SSO token is then used to log into the [registry.redhat.io](https://catalog.redhat.com/) Container Registry and to register the Linux virtual machine powering Podman Desktop via subscription-manager to grant the containers access to protected Red Hat content such as RHEL repositories.
 
-This extension plugs into Podman Desktop an authentication provider that allows login to Red Hat SSO
+# Installation
 
-# Run and build
+The extension is currently available in an Alpha version but ready to test.  Extension for Podman Desktop are shipped as OCI container images.  Please refer to the [Podman Desktop documentation](https://podman-desktop.io/docs/extensions/install) for installation instructions and to [Quay.io](https://quay.io/repository/redhat-developer/podman-desktop-redhat-account-ext?tab=tags) for available tags.
 
+The first available Alpha image is `quay.io/redhat-developer/podman-desktop-redhat-account-ext:0.0.1-alpha.1`.
 
+Starting with Podman 5.0, subscription-manager will be shipped by default.  For prior versions, the extension will take care of installing subscription-manager which may take a short while and requires a reboot.
 
-To rebuild podman-desktop and OpenShift Local extension run:
+# Usage
 
-```shell
-  yarn build
-```
+Once installed, you can find the extension in the Settings menu which you can find in the bottom left corner of Podman Desktop:
+![image](screenshots/settings.png)
 
-To execute this extension into Podman Desktop, uses one of these commands:
+To sign into your Red Hat account, open the Authentication menu and click on the drop-down button:
+![image](screenshots/authentication-menu.png)
 
-```shell
-  podman-desktop --extension-folder this_folder
-```
-
-if using the released bits from Podman Desktop
+To sign into your Red Had account, Podman Desktop will open Red Hat SSO in your browser of choice.  The SSO form will make sure that each user has accepted the terms and conditions, and has a valid Red Hat [developers subscription](https://developers.redhat.com/about?source=sso). If needed, you may also create a new Red Hat account and further use social login via an existing Google, Microsoft or GitHub accout:
+![image](screenshots/sso.png)
 
-or 
+Once signed in, there is nothing further to be done. Podman Desktop will automatically use the SSO token to log into the Red Hat container registry and to register the Linux virtual machine (i.e., podman machine) via subscription-manager. The two tasks are listed in the Tasks menu which you can open on the bottom right of Podman Desktop:
+![image](screenshots/tasks.png)
 
-```shell
-  yarn watch --extension-folder this_folder
-```
+To verify that the sign-in process was successfull, you may build the following Dockerfile:
+```Dockerfile
+FROM registry.redhat.io/rhel9/toolbox
+RUN  dnf install -y kernel
+````
 
-from the Podman Desktop source folder if using the develpment version from Podman Desktop
+Pulling the container image `registry.redhat.io/rhel9/toolbox` requires having logged into the Red Hat container registry.  Installing the `kernel` package requires access to protected content.
 
-# Nightly build installation
+# Local Development
 
-use `ghcr.io/redhat-developer/podman-desktop-redhat-account-ext:latest` on Settings/Extension page using 'Install a new extension from OCI Image' form (see screenshot below).
+To rebuild Podman Desktop and the extension run:
 
+```shell
+  yarn build
+```
 
+To execute the extension in Podman Desktop, use one of the following to options.
 
-![image](https://user-images.githubusercontent.com/620330/232674528-9d07e38d-618c-4d69-a01a-309033b7b3f0.png)
+With a pre-installed version of Podman Desktop:
+```shell
+podman-desktop --extension-folder this_folder
+```
 
+In a local git tree of Podman Desktop:
+```shell
+yarn watch --extension-folder this_folder
+```

package.json

@@ -13,8 +13,8 @@
   "contributes": {
     "commands": [
       {
-        "command": "redhat.auth.login",
-        "title": "Red Hat Authentication: login"
+        "command": "redhat.authentication.signin",
+        "title": "Red Hat SSO Provider: Sign In"
       }
     ]
   },
@@ -25,7 +25,10 @@
   },
   "dependencies": {
     "@podman-desktop/api": "^1.6.4",
+    "@redhat-developer/rhcra-client": "^0.0.1",
+    "@redhat-developer/rhsm-client": "^0.0.4",
     "@types/node": "^18.15.11",
+    "axios": "^1.6.5",
     "js-yaml": "^4.1.0",
     "openid-client": "5.4.0"
   },
@@ -38,11 +41,12 @@
     "@types/js-yaml": "^4.0.5",
     "@vitest/coverage-v8": "^1.2.1",
     "mkdirp": "^2.1.3",
+    "openapi-typescript-codegen": "^0.27.0",
     "rollup": "^3.20.4",
     "tslib": "^2.5.0",
     "typescript": "^5.0.4",
-    "vite": "^5.0.11",
-    "vitest": "^1.1.1",
+    "vite": "^5.0.12",
+    "vitest": "^1.2.0",
     "zip-local": "^0.3.5"
   }
 }

src/configuration.ts

@@ -36,7 +36,7 @@ const REDHAT_AUTH_URL = process.env.REDHAT_SSO_URL
   ? process.env.REDHAT_SSO_URL
   : 'https://sso.redhat.com/auth/realms/redhat-external/';
 const KAS_API_URL = process.env.KAS_API_URL ? process.env.KAS_API_URL : 'https://api.openshift.com';
-const CLIENT_ID = process.env.CLIENT_ID ? process.env.CLIENT_ID : 'vscode-redhat-account';
+const CLIENT_ID = process.env.CLIENT_ID ? process.env.CLIENT_ID : 'podman-desktop';
 
 console.log('REDHAT_AUTH_URL: ' + REDHAT_AUTH_URL);
 console.log('KAS_API_URL: ' + KAS_API_URL);