Add feature flag to enable shared cache

java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/TheiaCloudOperatorArguments.java

@@ -126,6 +126,24 @@ public enum BandwidthLimiter {
             "--oAuth2ProxyVersion" }, description = "The version to use of the quay.io/oauth2-proxy/oauth2-proxy image.", required = false, defaultValue = "latest")
     private String oAuth2ProxyVersion;
 
+    @Option(names = {
+            "--enableBuildCaching" }, description = "Whether to enable caching of Theia application builds.", required = false)
+    private boolean enableBuildCaching = false;
+
+    @Option(names = { "--buildCacheUrl" }, description = "The URL of the remote build cache server.", required = false)
+    private String buildCacheUrl;
+
+    @Option(names = {
+            "--enableBuildCachePush" }, description = "Whether sessions are allowed to push to the build cache.", required = false)
+    private boolean enableBuildCachePush = false;
+
+    @Option(names = {
+            "--enableDependencyCaching" }, description = "Whether to enable the dependency cache (Reposilite).", required = false)
+    private boolean enableDependencyCaching = false;
+
+    @Option(names = { "--dependencyCacheUrl" }, description = "The URL of the dependency cache server (Reposilite).", required = false)
+    private String dependencyCacheUrl;
+
     public boolean isUseKeycloak() {
         return useKeycloak;
     }
@@ -257,6 +275,43 @@ private String getServiceAuthTokenWithFallback() {
         return null;
     }
 
+    /**
+     * Validates that required argument combinations are satisfied.
+     * Must be called after argument parsing.
+     *
+     * @throws IllegalArgumentException if a caching flag is enabled but its URL is missing
+     */
+    public void validate() {
+        if (enableBuildCaching && (buildCacheUrl == null || buildCacheUrl.trim().isEmpty())) {
+            throw new IllegalArgumentException(
+                    "--buildCacheUrl is required when --enableBuildCaching is set");
+        }
+        if (enableDependencyCaching && (dependencyCacheUrl == null || dependencyCacheUrl.trim().isEmpty())) {
+            throw new IllegalArgumentException(
+                    "--dependencyCacheUrl is required when --enableDependencyCaching is set");
+        }
+    }
+
+    public boolean isEnableBuildCaching() {
+        return enableBuildCaching;
+    }
+
+    public String getBuildCacheUrl() {
+        return buildCacheUrl;
+    }
+
+    public boolean isEnableBuildCachePush() {
+        return enableBuildCachePush;
+    }
+
+    public boolean isEnableDependencyCaching() {
+        return enableDependencyCaching;
+    }
+
+    public String getDependencyCacheUrl() {
+        return dependencyCacheUrl;
+    }
+
     @Override
     public int hashCode() {
         final int prime = 31;
@@ -287,6 +342,11 @@ public int hashCode() {
         result = prime * result + (usePaths ? 1231 : 1237);
         result = prime * result + ((wondershaperImage == null) ? 0 : wondershaperImage.hashCode());
         result = prime * result + ((oAuth2ProxyVersion == null) ? 0 : oAuth2ProxyVersion.hashCode());
+        result = prime * result + (enableBuildCaching ? 1231 : 1237);
+        result = prime * result + ((buildCacheUrl == null) ? 0 : buildCacheUrl.hashCode());
+        result = prime * result + (enableBuildCachePush ? 1231 : 1237);
+        result = prime * result + (enableDependencyCaching ? 1231 : 1237);
+        result = prime * result + ((dependencyCacheUrl == null) ? 0 : dependencyCacheUrl.hashCode());
         return result;
     }
 
@@ -393,6 +453,22 @@ public boolean equals(Object obj) {
                 return false;
         } else if (!oAuth2ProxyVersion.equals(other.oAuth2ProxyVersion))
             return false;
+        if (enableBuildCaching != other.enableBuildCaching)
+            return false;
+        if (buildCacheUrl == null) {
+            if (other.buildCacheUrl != null)
+                return false;
+        } else if (!buildCacheUrl.equals(other.buildCacheUrl))
+            return false;
+        if (enableBuildCachePush != other.enableBuildCachePush)
+            return false;
+        if (enableDependencyCaching != other.enableDependencyCaching)
+            return false;
+        if (dependencyCacheUrl == null) {
+            if (other.dependencyCacheUrl != null)
+                return false;
+        } else if (!dependencyCacheUrl.equals(other.dependencyCacheUrl))
+            return false;
         return true;
     }
 
@@ -408,7 +484,10 @@ public String toString() {
                 + ", keycloakClientId=" + keycloakClientId + ", leaderLeaseDuration=" + leaderLeaseDuration
                 + ", leaderRenewDeadline=" + leaderRenewDeadline + ", leaderRetryPeriod=" + leaderRetryPeriod
                 + ", maxWatchIdleTime=" + maxWatchIdleTime + ", continueOnException=" + continueOnException
-                + ", oAuth2ProxyVersion=" + oAuth2ProxyVersion + "]";
+                + ", oAuth2ProxyVersion=" + oAuth2ProxyVersion + ", enableBuildCaching=" + enableBuildCaching + ", buildCacheUrl="
+                + buildCacheUrl + ", enableBuildCachePush=" + enableBuildCachePush
+                + ", enableDependencyCaching=" + enableDependencyCaching + ", dependencyCacheUrl="
+                + dependencyCacheUrl + "]";
     }
 
 }

java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/TheiaCloudOperatorLauncher.java

@@ -57,6 +57,7 @@ public TheiaCloudOperatorArguments createArguments(String[] args) {
             TheiaCloudOperatorArguments arguments = new TheiaCloudOperatorArguments();
             CommandLine commandLine = new CommandLine(arguments).setTrimQuotes(true);
             commandLine.parseArgs(args);
+            arguments.validate();
             LOGGER.info(formatLogMessage(COR_ID_INIT, "Parsed args: " + arguments));
             return arguments;
         } catch (ParameterException e) {

java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/handler/AddedHandlerUtil.java

@@ -63,6 +63,7 @@
 import io.fabric8.kubernetes.api.model.SecretEnvSource;
 import io.fabric8.kubernetes.api.model.apps.Deployment;
 import io.fabric8.kubernetes.client.NamespacedKubernetesClient;
+import org.eclipse.theia.cloud.operator.TheiaCloudOperatorArguments;
 import io.sentry.ISpan;
 import io.sentry.ITransaction;
 import io.sentry.Sentry;

java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/replacements/DefaultDeploymentTemplateReplacements.java

@@ -68,6 +68,18 @@ public class DefaultDeploymentTemplateReplacements implements DeploymentTemplate
     public static final String PLACEHOLDER_ENABLE_ACTIVITY_TRACKER = "placeholder-enable-activity-tracker";
     public static final String PLACEHOLDER_OAUTH2_PROXY_VERSION = "placeholder-oauth2-proxy-version";
 
+    public static final String PLACEHOLDER_ENV_BUILD_CACHE_ENABLED = "placeholder-build-cache-enabled";
+    public static final String PLACEHOLDER_ENV_BUILD_CACHE_URL = "placeholder-build-cache-url";
+    public static final String PLACEHOLDER_ENV_BUILD_CACHE_PUSH = "placeholder-build-cache-push";
+
+    public static final String PLACEHOLDER_ENV_DEPENDENCY_CACHE_ENABLED = "placeholder-dependency-cache-enabled";
+    public static final String PLACEHOLDER_ENV_DEPENDENCY_CACHE_URL = "placeholder-dependency-cache-url";
+
+    public static final String PLACEHOLDER_CA_BUNDLE_PEM_PATH = "placeholder-ca-bundle-pem-path";
+    public static final String PLACEHOLDER_GRADLE_TRUST_OPTS = "placeholder-gradle-trust-opts";
+    public static final String PLACEHOLDER_TRUST_BUNDLE_MOUNT_PATH = "placeholder-trust-bundle-mount-path";
+    public static final String PLACEHOLDER_TRUST_BUNDLE_CONFIGMAP = "placeholder-trust-bundle-configmap";
+
     protected static final String DEFAULT_UID = "1000";
 
     @Inject
@@ -150,6 +162,43 @@ protected Map<String, String> getEnvironmentVariables(AppDefinition appDefinitio
             environmentVariables.put(PLACEHOLDER_ENV_SESSION_KEYCLOAK_CLIENT_ID, "");
         }
 
+        if (arguments.isEnableBuildCaching() && arguments.getBuildCacheUrl() != null
+                && !arguments.getBuildCacheUrl().trim().isEmpty()) {
+            environmentVariables.put(PLACEHOLDER_ENV_BUILD_CACHE_ENABLED, "true");
+            environmentVariables.put(PLACEHOLDER_ENV_BUILD_CACHE_URL, arguments.getBuildCacheUrl().trim());
+            environmentVariables.put(PLACEHOLDER_ENV_BUILD_CACHE_PUSH,
+                    arguments.isEnableBuildCachePush() ? "true" : "false");
+        } else {
+            environmentVariables.put(PLACEHOLDER_ENV_BUILD_CACHE_ENABLED, "false");
+            environmentVariables.put(PLACEHOLDER_ENV_BUILD_CACHE_URL, "");
+            environmentVariables.put(PLACEHOLDER_ENV_BUILD_CACHE_PUSH, "false");
+        }
+
+        if (arguments.isEnableDependencyCaching() && arguments.getDependencyCacheUrl() != null
+                && !arguments.getDependencyCacheUrl().trim().isEmpty()) {
+            environmentVariables.put(PLACEHOLDER_ENV_DEPENDENCY_CACHE_ENABLED, "true");
+            environmentVariables.put(PLACEHOLDER_ENV_DEPENDENCY_CACHE_URL,
+                    arguments.getDependencyCacheUrl().trim());
+        } else {
+            environmentVariables.put(PLACEHOLDER_ENV_DEPENDENCY_CACHE_ENABLED, "false");
+            environmentVariables.put(PLACEHOLDER_ENV_DEPENDENCY_CACHE_URL, "");
+        }
+
+        if (arguments.isEnableBuildCaching() && arguments.getBuildCacheUrl() != null
+                && arguments.getBuildCacheUrl().trim().startsWith("https")) {
+            // Only set trust config when using HTTPS for the cache
+            environmentVariables.put(PLACEHOLDER_CA_BUNDLE_PEM_PATH, "/etc/ssl/theia-trust/trust-bundle.pem");
+            environmentVariables.put(PLACEHOLDER_GRADLE_TRUST_OPTS,
+                    "-Djavax.net.ssl.trustStore=/etc/ssl/theia-trust/truststore.jks -Djavax.net.ssl.trustStorePassword=changeit");
+            environmentVariables.put(PLACEHOLDER_TRUST_BUNDLE_MOUNT_PATH, "/etc/ssl/theia-trust");
+            environmentVariables.put(PLACEHOLDER_TRUST_BUNDLE_CONFIGMAP, "theia-internal-trust");
+        } else {
+            environmentVariables.put(PLACEHOLDER_CA_BUNDLE_PEM_PATH, "");
+            environmentVariables.put(PLACEHOLDER_GRADLE_TRUST_OPTS, "");
+            environmentVariables.put(PLACEHOLDER_TRUST_BUNDLE_MOUNT_PATH, "/tmp/trust-bundle-unused");
+            environmentVariables.put(PLACEHOLDER_TRUST_BUNDLE_CONFIGMAP, "trust-bundle-unused");
+        }
+
         if (arguments.isEnableMonitor()) {
             if (appDefinition.getSpec().getMonitor() != null && appDefinition.getSpec().getMonitor().getPort() > 0) {
                 String port = String.valueOf(appDefinition.getSpec().getMonitor().getPort());

java/operator/org.eclipse.theia.cloud.operator/src/main/resources/templateDeployment.yaml

@@ -83,6 +83,16 @@ spec:
             value: placeholder-keycloak-env-realm
           - name: THEIACLOUD_KEYCLOAK_CLIENT_ID
             value: placeholder-keycloak-env-clientid
+          - name: BUILD_CACHE_ENABLED
+            value: placeholder-build-cache-enabled
+          - name: BUILD_CACHE_URL
+            value: placeholder-build-cache-url
+          - name: BUILD_CACHE_PUSH
+            value: placeholder-build-cache-push
+          - name: DEPENDENCY_CACHE_ENABLED
+            value: placeholder-dependency-cache-enabled
+          - name: DEPENDENCY_CACHE_URL
+            value: placeholder-dependency-cache-url
           - name: DATA_BRIDGE_PORT
             value: placeholder-data-bridge-env-port
           - name: DATA_BRIDGE_ENABLED
@@ -91,6 +101,14 @@ spec:
             value: placeholder-data-bridge-strategy
           - name: THEIA
             value: 1
+          - name: NODE_EXTRA_CA_CERTS
+            value: placeholder-ca-bundle-pem-path
+          - name: GRADLE_OPTS
+            value: placeholder-gradle-trust-opts
+          volumeMounts:
+            - name: trust-bundle
+              mountPath: placeholder-trust-bundle-mount-path
+              readOnly: true
           securityContext:
             runAsUser: placeholder-uid
             runAsGroup: placeholder-uid
@@ -106,3 +124,7 @@ spec:
         - name: oauth2-emails
           configMap:
             name: placeholder-emailsconfigname
+        - name: trust-bundle
+          configMap:
+            name: placeholder-trust-bundle-configmap
+            optional: true

java/operator/org.eclipse.theia.cloud.operator/src/main/resources/templateDeploymentWithoutOAuthProxy.yaml

@@ -70,14 +70,38 @@ spec:
             value: placeholder-keycloak-env-realm
           - name: THEIACLOUD_KEYCLOAK_CLIENT_ID
             value: placeholder-keycloak-env-clientid
+          - name: BUILD_CACHE_ENABLED
+            value: placeholder-build-cache-enabled
+          - name: BUILD_CACHE_URL
+            value: placeholder-build-cache-url
+          - name: BUILD_CACHE_PUSH
+            value: placeholder-build-cache-push
+          - name: DEPENDENCY_CACHE_ENABLED
+            value: placeholder-dependency-cache-enabled
+          - name: DEPENDENCY_CACHE_URL
+            value: placeholder-dependency-cache-url
           - name: DATA_BRIDGE_PORT
             value: placeholder-data-bridge-env-port
           - name: DATA_BRIDGE_ENABLED
             value: placeholder-data-bridge-enabled
           - name: SCORPIO_THEIA_ENV_STRATEGY
             value: placeholder-data-bridge-strategy
+          - name: NODE_EXTRA_CA_CERTS
+            value: placeholder-ca-bundle-pem-path
+          - name: GRADLE_OPTS
+            value: placeholder-gradle-trust-opts
+          volumeMounts:
+            - name: trust-bundle
+              mountPath: placeholder-trust-bundle-mount-path
+              readOnly: true
+
           securityContext:
             runAsUser: placeholder-uid
             runAsGroup: placeholder-uid
       securityContext:
         fsGroup: placeholder-uid
+      volumes:
+        - name: trust-bundle
+          configMap:
+            name: placeholder-trust-bundle-configmap
+            optional: true