Client tools nightlies & installers

[philpennock]

The request was: a reliable shell installer for nats and nsc and perhaps ngs CLI tools, with the following mandates:

• Want real nightlies.
• Derek wants CloudFlare not S3.
• Need all tools installed to same location.
• CF, nice name, CDN, goreleaser. Explicit release or a nightly.

Release channels:

• nightlies: both server and tools all nightly
• release: release nats server, release clients

Want the nats-server to be split out from the CLI and installed separately, so that can rewrite the CLI in another language, and manage multiple local installs.

Tentatively: CE repo controlling it all, with YAML definitions of the streams, build everything out from there, able to update release channels after a release.

The installer should handle completions

Unstated in the meeting but implicit from an Operations PoV: we should have monitoring of the nightlies.

Phil is on the hook for the nightlies, the site, and the shell installer, but not for installers for Windows.

[philpennock]

Current status:

• The shell client installer works
  • but isn't yet checking checksums
  • it manages the channels, and sticking to one channel, and is extensible to new channels and additional tools, via a config file
• We have a new site, https://get-nats.io/, which redirects to synadia.com right now but that is easy to adjust.
• Nightlies are built and published
  • Includes a "latest available" datestamp on a fixed URL
    • used for the installer
    • can be used in monitoring
  • These are published into the CF CDN as KV store objects with a 2 week TTL

The README.md at the top level of https://github.com/ConnectEverything/client-tools/ goes into detail of what we have.

We aren't copying the release assets for a given release from GitHub into the CloudFlare CDN, and the consensus of the sync meeting on 2022-02-02 was that we should just serve from the GitHub CDN. That's fine, the config file we serve to the installer says where to fetch from, we can easily point it to a new location.

The domain get-nats.io minimized bureaucracy around getting a convenient domain up and running; it has DNSSEC enabled and completely disables email service.

TODO:

• implement checksum verification, by hunting for various tools which might be available for verifying checksums and using the first one found
• monitoring that the date in https://get-nats.io/current-nightly is not too old
• install tab-completions too
• sweep for FIXME cleanup
• sync the set of OS combinations which we support, so that, eg, FreeBSD works

[philpennock]

• Checksum verification done
• Monitoring set up in Checkly; see README
• FIXME: two left, in .github/workflows/nightly.yaml; one is for adding cosign signing (a bigger issue), one is minimizing the permissions, neither is a blocker for public use
• freebsd builds nats-io/nsc#457 submitted to add FreeBSD support; pending

[philpennock]

The proposed/offered JSON format has now been implemented, as two files, to let other installers use whatever's easiest for them.

[philpennock]

Tab-completion for zsh done, don't know enough about the bash completion ecosystem to want to write something for it right now.

This just leaves the platform sync between tools. Otherwise, I believe I'm all done.

(Unless we add artifact signing)

[philpennock]

Done. There's the Windows installer, by Scott, to merge but all the development and deployment work on me is complete.

I've opened #3 for artifact signing, as opposed to just having signatures.