Experiment with agent/hub architecture

.dockerignore

@@ -0,0 +1,7 @@
+.git
+.gitignore
+README.md
+node_modules
+frontend/node_modules
+frontend/dist
+*.md

.github/dependabot.yml

@@ -0,0 +1,61 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+      time: "06:00"
+    commit-message:
+      prefix: "chore"
+    labels:
+      - "dependencies"
+    open-pull-requests-limit: 5
+    groups:
+      dependencies:
+        patterns:
+          - "*"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+      time: "06:00"
+    commit-message:
+      prefix: "chore"
+    labels:
+      - "dependencies"
+    open-pull-requests-limit: 5
+    groups:
+      dependencies:
+        patterns:
+          - "*"
+
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+      time: "06:00"
+    commit-message:
+      prefix: "chore"
+    labels:
+      - "dependencies"
+    open-pull-requests-limit: 5
+    groups:
+      dependencies:
+        patterns:
+          - "*"
+
+  - package-ecosystem: "npm"
+    directory: "/frontend"
+    schedule:
+      interval: "monthly"
+      time: "06:00"
+    commit-message:
+      prefix: "chore"
+    labels:
+      - "dependencies"
+    open-pull-requests-limit: 5
+    groups:
+      dependencies:
+        patterns:
+          - "*"

.github/workflows/quality.yml

@@ -0,0 +1,74 @@
+name: Quality
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+jobs:
+  backend:
+    name: Backend Quality Checks
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: "1.25"
+          cache: true
+
+      - name: Verify dependencies
+        run: go mod verify
+
+      - name: Build
+        run: go build -v ./...
+
+      - name: Check format
+        run: go mod tidy && gofmt -s -w . && git diff --exit-code
+
+      - name: Check vet
+        run: go vet ./...
+
+      - name: Run Tests
+        run: go test -v -race -coverprofile=coverage.txt ./...
+
+  frontend:
+    name: Frontend Quality Checks
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Use Node.js 24.x
+        uses: actions/setup-node@v6
+        with:
+          node-version: 24.x
+          cache: 'npm'
+          cache-dependency-path: ./frontend/package-lock.json
+
+      - name: Setup Aikido Safe Chain
+        working-directory: ./frontend
+        run: |
+          npm i -g @aikidosec/safe-chain
+          safe-chain setup-ci
+
+      - name: Install dependencies
+        working-directory: ./frontend
+        run: npm ci --safe-chain-skip-minimum-package-age
+
+      - name: Run Linter
+        working-directory: ./frontend
+        run: node --run lint
+
+      - name: Check Formatting
+        working-directory: ./frontend
+        run: node --run check:format
+
+      - name: Type Checking
+        working-directory: ./frontend
+        run: node --run check:types

.github/workflows/release.yml

@@ -0,0 +1,79 @@
+name: Release Please
+
+on:
+  push:
+    branches:
+      - main
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    outputs:
+      new-release-created: ${{ steps.release-please-action.outputs.releases_created }}
+      tag-name: ${{ steps.release-please-action.outputs.tag_name }}
+    steps:
+      - uses: googleapis/release-please-action@v4
+        id: release-please-action
+        with:
+          release-type: go
+
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+    needs: release-please
+    if: needs.release-please.outputs.new-release-created == 'true'
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=semver,pattern={{version}},value=${{ needs.release-please.outputs.tag-name }}
+            type=semver,pattern={{major}}.{{minor}}.{{patch}},value=${{ needs.release-please.outputs.tag-name }}
+            type=semver,pattern={{major}}.{{minor}},value=${{ needs.release-please.outputs.tag-name }}
+            type=semver,pattern={{major}},value=${{ needs.release-please.outputs.tag-name }}
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          provenance: true
+          sbom: true

.gitignore

@@ -0,0 +1,17 @@
+# data directory for SQLite
+data/
+*.db
+
+# Go
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+*.test
+*.out
+go.work
+
+# compiled binaries
+bin/
+*.pb.go

Dockerfile.agent

@@ -0,0 +1,46 @@
+# Build stage for Go agent
+FROM golang:1.25-alpine AS builder
+
+WORKDIR /app
+
+# Install build dependencies
+RUN apk add --no-cache gcc musl-dev
+
+# Copy go mod files
+COPY go.mod go.sum* ./
+
+# Download dependencies
+RUN go mod download
+
+# Copy proto files
+COPY api/ ./api/
+
+# Copy source code
+COPY cmd/ ./cmd/
+COPY internal/ ./internal/
+
+# Define build arguments
+ARG VERSION=dev
+ARG BUILD_TIME=unknown
+ARG GIT_COMMIT=unknown
+
+# Build the Agent application
+RUN CGO_ENABLED=0 GOOS=linux go build \
+    -ldflags="-X 'github.com/OrcaCD/orca-cd/internal/config.Version=${VERSION}' \
+              -X 'github.com/OrcaCD/orca-cd/internal/config.BuildTime=${BUILD_TIME}' \
+              -X 'github.com/OrcaCD/orca-cd/internal/config.GitCommit=${GIT_COMMIT}'" \
+    -o agent ./cmd/agent
+
+# Final stage - minimal image for agent
+FROM alpine:3.22
+
+RUN apk --no-cache add ca-certificates docker-cli kubectl git
+
+WORKDIR /root/
+
+# Copy the Agent binary from builder
+COPY --from=builder /app/agent .
+
+# Run the agent
+# Note: --hub and --id flags can be passed via CMD or environment variables
+CMD ["./agent"]

Dockerfile.hub

@@ -0,0 +1,85 @@
+# Build stage for frontend
+FROM node:24-trixie-slim AS frontend-builder
+
+WORKDIR /app/frontend
+
+# Copy frontend package files
+COPY frontend/package*.json ./
+
+# Install dependencies
+RUN npm install
+
+# Copy frontend source
+COPY frontend/ ./
+
+# Build frontend
+RUN npm run build
+
+# Build stage for Go backend
+FROM golang:1.25-alpine AS backend-builder
+
+WORKDIR /app
+
+# Install build dependencies for SQLite and protobuf
+RUN apk add --no-cache gcc musl-dev sqlite-dev protobuf
+
+# Copy go mod files
+COPY go.mod go.sum* ./
+
+# Download dependencies
+RUN go mod download
+
+# Copy proto files and generate
+COPY api/ ./api/
+
+# Copy source code
+COPY cmd/ ./cmd/
+COPY internal/ ./internal/
+
+# Define build arguments
+ARG VERSION=dev
+ARG BUILD_TIME=unknown
+ARG GIT_COMMIT=unknown
+
+# Build the Hub application
+RUN CGO_ENABLED=1 GOOS=linux go build \
+    -ldflags="-X 'github.com/OrcaCD/orca-cd/internal/config.Version=${VERSION}' \
+              -X 'github.com/OrcaCD/orca-cd/internal/config.BuildTime=${BUILD_TIME}' \
+              -X 'github.com/OrcaCD/orca-cd/internal/config.GitCommit=${GIT_COMMIT}'" \
+    -o hub ./cmd/hub
+
+# Build the CLI application
+RUN CGO_ENABLED=1 GOOS=linux go build \
+    -ldflags="-X 'github.com/OrcaCD/orca-cd/internal/config.Version=${VERSION}' \
+              -X 'github.com/OrcaCD/orca-cd/internal/config.BuildTime=${BUILD_TIME}' \
+              -X 'github.com/OrcaCD/orca-cd/internal/config.GitCommit=${GIT_COMMIT}'" \
+    -o orca-cli ./cmd/cli
+
+# Final stage
+FROM alpine:3.22
+
+RUN apk --no-cache add ca-certificates sqlite-libs
+
+WORKDIR /root/
+
+# Copy the Hub binary from backend builder
+COPY --from=backend-builder /app/hub .
+
+# Copy the CLI binary from backend builder
+COPY --from=backend-builder /app/orca-cli .
+
+# Copy the built frontend from frontend builder
+COPY --from=frontend-builder /app/frontend/dist ./frontend/dist
+
+# Create data directory for SQLite database
+RUN mkdir -p ./data
+
+VOLUME ["/data"]
+
+# Expose HTTP and gRPC ports
+EXPOSE 8080 9090
+
+HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 CMD ["./hub", "health"]
+
+# Run the hub server
+CMD ["./hub"]