design-proposal: cozymarketplace — community marketplace of External-Apps repositories#18
design-proposal: cozymarketplace — community marketplace of External-Apps repositories#18Andrei Kvapil (kvaps) wants to merge 2 commits into
Conversation
…Apps repositories Signed-off-by: Andrei Kvapil <andrei.kvapil@aenix.io>
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a design proposal for Cozymarketplace, a community marketplace of External-Apps repositories for Cozystack. The feedback suggests grouping the 'tap' command under the 'repo' subcommand for CLI consistency, and addresses a potential edge case regarding how to handle the uninstallation of orphaned packages when their source repository is disabled or removed.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| ```text | ||
| # illustrative — verb names to be finalized against existing cozypkg UX | ||
| cozypkg repo list # list repositories from the meta-index | ||
| cozypkg repo update # refresh the index | ||
| cozypkg tap aenix-apps # connect a repository (latest tag) to this cluster | ||
| cozypkg tap aenix-apps@v1.5.0 # pin the repository to a specific OCI artifact version | ||
| cozypkg list # packages available from tapped repos | ||
| cozypkg add <package> # install a package | ||
| ``` |
There was a problem hiding this comment.
For CLI consistency, repository-level commands should be grouped under the repo subcommand. Mixing cozypkg repo list with a top-level cozypkg tap command can make the CLI interface feel disjointed. Consider nesting the tap command under repo (e.g., cozypkg repo tap).
| ```text | |
| # illustrative — verb names to be finalized against existing cozypkg UX | |
| cozypkg repo list # list repositories from the meta-index | |
| cozypkg repo update # refresh the index | |
| cozypkg tap aenix-apps # connect a repository (latest tag) to this cluster | |
| cozypkg tap aenix-apps@v1.5.0 # pin the repository to a specific OCI artifact version | |
| cozypkg list # packages available from tapped repos | |
| cozypkg add <package> # install a package | |
| ``` | |
| # illustrative — verb names to be finalized against existing cozypkg UX | |
| cozypkg repo list # list repositories from the meta-index | |
| cozypkg repo update # refresh the index | |
| cozypkg repo tap aenix-apps # connect a repository (latest tag) to this cluster | |
| cozypkg repo tap aenix-apps@v1.5.0 # pin the repository to a specific OCI artifact version | |
| cozypkg list # packages available from tapped repos | |
| cozypkg add <package> # install a package |
|
|
||
| - **Index entry points at an unreachable / invalid source →** tap fails; the resulting `PackageSource` / Flux source surfaces the error on its status, the same way a broken External App does today. | ||
| - **Repository chart fails to template or install →** Flux `HelmRelease` reports the failure; nothing different from a normal External App install failure. | ||
| - **Operator disables a repository that has installed packages →** the connected source is disabled; already-installed packages remain until explicitly removed (`cozypkg del`). (Inference; exact behavior to confirm.) |
There was a problem hiding this comment.
If a repository is disabled or removed, the package definitions (and their underlying Helm charts) may no longer be accessible. This can prevent operators from cleanly uninstalling existing packages using cozypkg del or Flux, as the source manifests/charts are gone. Consider specifying how Cozystack will handle uninstallation of orphaned packages, or if disabling a repository should be blocked while it still has active package installations.
…tions and leaked Russian Signed-off-by: Andrei Kvapil <andrei.kvapil@aenix.io>
1 participant
Adds a design proposal for cozymarketplace — a community marketplace for Cozystack External Apps.
What
A single meta-repository (an index, krew-index style) of External-Apps repositories. Anyone — Aenix or third parties — lists a repository in the index; an operator browses it, taps a repository onto their cluster with
cozypkg, then installs the apps it offers. The installable, versioned unit is the repository — an OCI artifact bundling all its apps and carrying a version/tag — not the individual package.Why
There is no shared, browsable place to discover External-Apps repositories or connect one. Cozystack's value is a tested set of components known to work together; a thematic repository is the natural carrier of that guarantee. Model: Ubuntu PPA (a marketplace of repositories), not AUR (individual packages).
Scope
Phase 1, deliberately thin, built on the existing External-Apps mechanism (
PackageSource+ OCI + Flux) andcozypkg. Repository-level versioning is in scope (OCI tag); per-package version pinning is out of scope.A separate, competing proposal (by Ivan Okhotnikov) approaches the same problem from a package-centric / brew-taps angle; the two are intended to be compared.
Rendered:
design-proposals/cozymarketplace/README.md