Add ability to specify github enpoints for creds

The GitHub credentials section now allows setting some API endpoints
that point the github client and the runner setup script to the propper
URLs. This allows us to use garm with an on-prem github enterprise server.

Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>

runner/common/pool.go

@@ -27,7 +27,9 @@ const (
 
 	PoolConsilitationInterval = 5 * time.Second
 	PoolReapTimeoutInterval   = 5 * time.Minute
-	PoolToolUpdateInterval    = 3 * time.Hour
+	// Temporary tools download token is valid for 1 hour by default.
+	// Set this to less than an hour so as not to run into 401 errors.
+	PoolToolUpdateInterval = 50 * time.Minute
 )
 
 type PoolManager interface {

runner/pool/organization.go

@@ -20,7 +20,6 @@ import (
 	"strings"
 	"sync"
 
-	"garm/config"
 	dbCommon "garm/database/common"
 	runnerErrors "garm/errors"
 	"garm/params"
@@ -35,7 +34,7 @@ import (
 var _ poolHelper = &organization{}
 
 func NewOrganizationPoolManager(ctx context.Context, cfg params.Organization, cfgInternal params.Internal, providers map[string]common.Provider, store dbCommon.Store) (common.PoolManager, error) {
-	ghc, err := util.GithubClient(ctx, cfgInternal.OAuth2Token)
+	ghc, err := util.GithubClient(ctx, cfgInternal.OAuth2Token, cfgInternal.GithubCredentialsDetails)
 	if err != nil {
 		return nil, errors.Wrap(err, "getting github client")
 	}
@@ -57,6 +56,7 @@ func NewOrganizationPoolManager(ctx context.Context, cfg params.Organization, cf
 		quit:         make(chan struct{}),
 		done:         make(chan struct{}),
 		helper:       helper,
+		credsDetails: cfgInternal.GithubCredentialsDetails,
 	}
 	return repo, nil
 }
@@ -89,7 +89,7 @@ func (r *organization) UpdateState(param params.UpdatePoolStateParams) error {
 
 	r.cfg.WebhookSecret = param.WebhookSecret
 
-	ghc, err := util.GithubClient(r.ctx, r.GetGithubToken())
+	ghc, err := util.GithubClient(r.ctx, r.GetGithubToken(), r.cfgInternal.GithubCredentialsDetails)
 	if err != nil {
 		return errors.Wrap(err, "getting github client")
 	}
@@ -138,7 +138,7 @@ func (r *organization) ListPools() ([]params.Pool, error) {
 }
 
 func (r *organization) GithubURL() string {
-	return fmt.Sprintf("%s/%s", config.GithubBaseURL, r.cfg.Name)
+	return fmt.Sprintf("%s/%s", r.cfgInternal.GithubCredentialsDetails.BaseURL, r.cfg.Name)
 }
 
 func (r *organization) JwtToken() string {

runner/pool/pool.go

@@ -58,7 +58,8 @@ type basePool struct {
 	quit      chan struct{}
 	done      chan struct{}
 
-	helper poolHelper
+	helper       poolHelper
+	credsDetails params.GithubCredentials
 
 	mux sync.Mutex
 }
@@ -454,6 +455,7 @@ func (r *basePool) addInstanceToProvider(instance params.Instance) error {
 		Image:                   pool.Image,
 		Labels:                  labels,
 		PoolID:                  instance.PoolID,
+		CACertBundle:            r.credsDetails.CABundle,
 	}
 
 	var instanceIDToDelete string

runner/pool/repository.go

@@ -20,7 +20,6 @@ import (
 	"strings"
 	"sync"
 
-	"garm/config"
 	dbCommon "garm/database/common"
 	runnerErrors "garm/errors"
 	"garm/params"
@@ -35,7 +34,7 @@ import (
 var _ poolHelper = &repository{}
 
 func NewRepositoryPoolManager(ctx context.Context, cfg params.Repository, cfgInternal params.Internal, providers map[string]common.Provider, store dbCommon.Store) (common.PoolManager, error) {
-	ghc, err := util.GithubClient(ctx, cfgInternal.OAuth2Token)
+	ghc, err := util.GithubClient(ctx, cfgInternal.OAuth2Token, cfgInternal.GithubCredentialsDetails)
 	if err != nil {
 		return nil, errors.Wrap(err, "getting github client")
 	}
@@ -57,6 +56,7 @@ func NewRepositoryPoolManager(ctx context.Context, cfg params.Repository, cfgInt
 		quit:         make(chan struct{}),
 		done:         make(chan struct{}),
 		helper:       helper,
+		credsDetails: cfgInternal.GithubCredentialsDetails,
 	}
 	return repo, nil
 }
@@ -91,7 +91,7 @@ func (r *repository) UpdateState(param params.UpdatePoolStateParams) error {
 
 	r.cfg.WebhookSecret = param.WebhookSecret
 
-	ghc, err := util.GithubClient(r.ctx, r.GetGithubToken())
+	ghc, err := util.GithubClient(r.ctx, r.GetGithubToken(), r.cfgInternal.GithubCredentialsDetails)
 	if err != nil {
 		return errors.Wrap(err, "getting github client")
 	}
@@ -140,7 +140,7 @@ func (r *repository) ListPools() ([]params.Pool, error) {
 }
 
 func (r *repository) GithubURL() string {
-	return fmt.Sprintf("%s/%s/%s", config.GithubBaseURL, r.cfg.Owner, r.cfg.Name)
+	return fmt.Sprintf("%s/%s/%s", r.cfgInternal.GithubCredentialsDetails.BaseURL, r.cfg.Owner, r.cfg.Name)
 }
 
 func (r *repository) JwtToken() string {

runner/runner.go

@@ -190,11 +190,24 @@ func (p *poolManagerCtrl) getInternalConfig(credsName string) (params.Internal,
 		return params.Internal{}, runnerErrors.NewBadRequestError("invalid credential name (%s)", credsName)
 	}
 
+	caBundle, err := creds.CACertBundle()
+	if err != nil {
+		return params.Internal{}, fmt.Errorf("fetching CA bundle for creds: %w", err)
+	}
+
 	return params.Internal{
 		OAuth2Token:         creds.OAuth2Token,
 		ControllerID:        p.controllerID,
 		InstanceCallbackURL: p.config.Default.CallbackURL,
 		JWTSecret:           p.config.JWTAuth.Secret,
+		GithubCredentialsDetails: params.GithubCredentials{
+			Name:          creds.Name,
+			Description:   creds.Description,
+			BaseURL:       creds.BaseURL,
+			APIBaseURL:    creds.APIBaseURL,
+			UploadBaseURL: creds.UploadBaseURL,
+			CABundle:      caBundle,
+		},
 	}, nil
 }
 
@@ -219,8 +232,11 @@ func (r *Runner) ListCredentials(ctx context.Context) ([]params.GithubCredential
 
 	for _, val := range r.config.Github {
 		ret = append(ret, params.GithubCredentials{
-			Name:        val.Name,
-			Description: val.Description,
+			Name:          val.Name,
+			Description:   val.Description,
+			BaseURL:       val.BaseEndpoint(),
+			APIBaseURL:    val.APIEndpoint(),
+			UploadBaseURL: val.UploadEndpoint(),
 		})
 	}
 	return ret, nil