Gitops folder

* Updates pipeline to the latest version (including change to use release-drafter for release) * Wraps all the config into a single helm chart with dependencies * Manually adds subcharts from dependencies to workaround helm terraform provider bug (hashicorp/terraform-provider-helm#405) * Sets fail-fast to false * Sets disable_openapi_validation to true * Waits for sccs to be deleted * Updates validate deploy logic
cloud-native-toolkit · Jun 25, 2020 · 7dd08b0 · 7dd08b0
1 parent 8a6f826
commit 7dd08b0
Show file tree

Hide file tree

Showing 31 changed files with 470 additions and 319 deletions.
diff --git a/.github/.release-it.yaml b/.github/.release-it.yaml
diff --git a/.github/release-drafter.yaml b/.github/release-drafter.yaml
@@ -1,18 +1,18 @@
 name-template: 'v$RESOLVED_VERSION'
 tag-template: 'v$RESOLVED_VERSION'
+change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
 categories:
-  - title: '🚀 Features'
+  - title: 'Features'
     labels:
       - 'feature'
       - 'enhancement'
-  - title: '🐛 Bug Fixes'
+  - title: 'Bug Fixes'
     labels:
       - 'fix'
       - 'bugfix'
       - 'bug'
-  - title: '🧰 Maintenance'
+  - title: 'Maintenance'
     label: 'chore'
-change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
 version-resolver:
   major:
     labels:
@@ -25,6 +25,4 @@ version-resolver:
       - 'patch'
   default: patch
 template: |
-  ## Changes
-
-  $CHANGES
+  $CHANGES
diff --git a/test/setup/scripts/apply.sh → .github/scripts/apply.sh b/test/setup/scripts/apply.sh → .github/scripts/apply.sh
diff --git a/.github/scripts/capture-cluster-state.sh b/.github/scripts/capture-cluster-state.sh
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+PLATFORM="$1"
+INFILE_DIR="$2"
+OUTFILE_DIR="$3"
+
+mkdir -p "${OUTFILE_DIR}"
+
+resources="deployment,statefulset,service,ingress,configmap,secret,serviceaccount"
+if [[ "$PLATFORM" == "ocp3" ]] || [[ "$PLATFORM" == "ocp4" ]]; then
+  resources="${resources},route"
+
+  if [[ "$PLATFORM" == "ocp4" ]]; then
+    resources="${resources},consolelink"
+  fi
+fi
+
+ls "${INFILE_DIR}" | while read infile; do
+  NAMESPACE="${infile//.out/}"
+  OUTFILE="${OUTFILE_DIR}/${infile}"
+
+  echo "Checking on namespace - ${NAMESPACE}"
+
+  if kubectl get namespace "${NAMESPACE}" 1> /dev/null 2> /dev/null; then
+    echo "Listing resources in namespace - ${resources}"
+
+    kubectl get -n "${NAMESPACE}" "${resources}" -o jsonpath='{range .items[*]}{.metadata.namespace}{"/"}{.kind}{"/"}{.metadata.name}{"\n"}{end}' | \
+      tr '[:upper:]' '[:lower:]' > "${OUTFILE}"
+  else
+    echo "Namespace does not exist - ${NAMESPACE}"
+    touch "${OUTFILE}"
+  fi
+
+  if kubectl get subscription -n "${NAMESPACE}" 1> /dev/null 2> /dev/null; then
+    kubectl get -n "${NAMESPACE}" subscription -o jsonpath='{range .items[*]}{.metadata.namespace}{"/"}{.kind}{"/"}{.metadata.name}{"\n"}{end}' 2> /dev/null | \
+      tr '[:upper:]' '[:lower:]' >> "${OUTFILE}"
+  fi
+
+  cat "${OUTFILE}"
+done
diff --git a/test/setup/scripts/destroy.sh → .github/scripts/destroy.sh b/test/setup/scripts/destroy.sh → .github/scripts/destroy.sh
diff --git a/.github/scripts/validate-deploy.sh b/.github/scripts/validate-deploy.sh
@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+
+SCRIPT_DIR=$(cd $(dirname $0); pwd -P)
+
+CLUSTER_TYPE="$1"
+NAMESPACE="$2"
+NAME="$3"
+
+if [[ -z "${NAME}" ]]; then
+  NAME=$(echo "${NAMESPACE}" | sed "s/tools-//")
+fi
+
+echo "Verifying resources in ${NAMESPACE} namespace for module ${NAME}"
+
+PODS=$(kubectl get -n "${NAMESPACE}" pods -o jsonpath='{range .items[*]}{.status.phase}{": "}{.kind}{"/"}{.metadata.name}{"\n"}{end}' | grep -v "Running" | grep -v "Succeeded")
+POD_STATUSES=$(echo "${PODS}" | sed -E "s/(.*):.*/\1/g")
+if [[ -n "${POD_STATUSES}" ]]; then
+  echo "  Pods have non-success statuses: ${PODS}"
+  exit 1
+fi
+
+set -e
+
+if [[ "${CLUSTER_TYPE}" == "kubernetes" ]] || [[ "${CLUSTER_TYPE}" =~ iks.* ]]; then
+  ENDPOINTS=$(kubectl get ingress -n "${NAMESPACE}" -o jsonpath='{range .items[*]}{range .spec.rules[*]}{"https://"}{.host}{"\n"}{end}{end}')
+else
+  ENDPOINTS=$(kubectl get route -n "${NAMESPACE}" -o jsonpath='{range .items[*]}{"https://"}{.spec.host}{"\n"}{end}')
+fi
+
+echo "Validating endpoints:\n${ENDPOINTS}"
+
+echo "${ENDPOINTS}" | while read endpoint; do
+  if [[ -n "${endpoint}" ]]; then
+    ${SCRIPT_DIR}/waitForEndpoint.sh "${endpoint}" 10 10
+  fi
+done
+
+CONFIG_URLS=$(kubectl get configmap -n "${NAMESPACE}" -l grouping=garage-cloud-native-toolkit -l app.kubernetes.io/component=tools -o json | jq '.items[].data | to_entries | select(.[].key | endswith("_URL")) | .[].value' | sed "s/\"//g")
+
+echo "${CONFIG_URLS}" | while read url; do
+  if [[ -n "${url}" ]]; then
+    ${SCRIPT_DIR}/waitForEndpoint.sh "${url}" 10 10
+  fi
+done
+
+if [[ "${CLUSTER_TYPE}" == "ocp4" ]]; then
+  echo "Validating consolelink"
+  if [[ $(kubectl get consolelink "toolkit-${NAME}" | wc -l) -eq 0 ]]; then
+    echo "   ConsoleLink not found"
+    exit 1
+  fi
+fi
+
+exit 0
diff --git a/.github/scripts/validate-destroy.sh b/.github/scripts/validate-destroy.sh
@@ -0,0 +1,95 @@
+#!/usr/bin/env bash
+
+CLUSTER_TYPE="$1"
+
+OUTER_LENGTH=$(yq r ./resources.yaml --length)
+
+outer_index=0
+
+while [ $outer_index -lt "${OUTER_LENGTH}" ]; do
+  NAMESPACE=$(yq read ./resources.yaml "[$outer_index].namespace")
+
+  echo "Verifying resources in $NAMESPACE namespace"
+
+  LENGTH=$(yq r ./resources.yaml "[$outer_index].resources" --length)
+
+  index=0
+  while [ $index -lt "${LENGTH}" ]; do
+    kind=$(yq r ./resources.yaml "[$outer_index].resources[$index].kind")
+    name=$(yq r ./resources.yaml "[$outer_index].resources[$index].name")
+    label=$(yq r ./resources.yaml "[$outer_index].resources[$index].label")
+
+    destroy=$(yq r ./resources.yaml "[$outer_index].resources[$index].destroy")
+    when_field=$(yq r ./resources.yaml "[$outer_index].resources[$index].when.field")
+    when_operation=$(yq r ./resources.yaml "[$outer_index].resources[$index].when.operation")
+    when_value=$(yq r ./resources.yaml "[$outer_index].resources[$index].when.value")
+
+    if [[ -z "$when_operation" ]]; then
+      when_operation="equal"
+    fi
+
+    index=$((index + 1))
+
+    if [[ -n $when_field ]] && [[ -n $when_value ]]; then
+      if [[ "$when_operation" == "equal" ]]; then
+        if [[ "${!when_field}" != "$when_value" ]]; then
+          continue
+        fi
+      else
+        if [[ "${!when_field}" == "$when_value" ]]; then
+          continue
+        fi
+      fi
+    fi
+
+    if [[ "${NAMESPACE}" == "*" ]]; then
+      namespace="--all-namespaces"
+    else
+      namespace="-n ${NAMESPACE}"
+    fi
+
+    if [[ "$destroy" == "false" ]]; then
+      destroy_description="no destroy"
+    else
+      destroy_description="destroy"
+    fi
+
+    if [[ -n $name ]]; then
+      echo "  Verifying $destroy_description of $kind/$name"
+
+      if kubectl get $namespace $kind $name 1> /dev/null 2> /dev/null; then
+        if [[ "$destroy" != "false" ]]; then
+          echo "    Error: Found unexpected resources after destroy: $kind/$name"
+          exit 1
+        fi
+      elif [[ "$destroy" == "false" ]]; then
+        echo "    Error: Missing expected resource(s) after destroy: $kind/$name"
+        exit 1
+      fi
+    else
+      description=""
+      command_args=""
+      if [[ -n $label ]]; then
+        description="with label=$label"
+        command_args="-l $label"
+      fi
+
+      echo "  Verifying $destroy_description of $kind $description"
+
+      resource_count=$(kubectl get $namespace $kind $command_args -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' | wc -l)
+
+      if [[ "$resource_count" -gt 0 ]]; then
+        if [[ "$destroy" != "false" ]]; then
+          echo "    Error: Found unexpected resources after destroy: $kind $command_args"
+          kubectl get $namespace $kind $command_args
+          exit 1
+        fi
+      elif [[ "$destroy" == "false" ]]; then
+        echo "    Error: Missing expected resource(s) after destroy: $kind $command_args"
+        exit 1
+      fi
+    fi
+  done
+
+  outer_index=$((outer_index + 1))
+done
diff --git a/.github/scripts/waitForEndpoint.sh b/.github/scripts/waitForEndpoint.sh
@@ -0,0 +1,31 @@
+URL="$1"
+WAIT_TIME=$2
+WAIT_COUNT=$3
+
+if [[ -z "${WAIT_TIME}" ]]; then
+  WAIT_TIME=15
+fi
+
+if [[ -z "${WAIT_COUNT}" ]]; then
+  WAIT_COUNT=20
+fi
+
+count=0
+
+sleep 20
+
+until [[ $(curl -X GET -Iq --insecure "${URL}" | grep -E "403|200") ]] || \
+  [[ $count -eq ${WAIT_COUNT} ]]
+do
+    echo ">>> waiting for ${URL} to be available"
+    sleep ${WAIT_TIME}
+    count=$((count + 1))
+done
+
+if [[ $count -eq ${WAIT_COUNT} ]]; then
+  echo ">>> Retry count exceeded. ${URL} not avilable"
+  exit 1
+else
+  echo ">>> ${URL} is avilable"
+fi
+
diff --git a/.github/workflows/verify.yaml b/.github/workflows/verify.yaml
@@ -12,14 +12,15 @@ on:
 jobs:
   verify:
     # The type of runner that the job will run on
+    if: "!contains(github.event.commits[0].message, '[skip ci]')"
     runs-on: ubuntu-latest
-    container: ibmgaragecloud/cli-tools:0.3.0-lite
+    container: ibmgaragecloud/cli-tools:0.4.0-lite
 
     strategy:
       matrix:
-        platform: [iks, ocp3, ocp4]
-#      max-parallel: 1
-#      fail-fast: false
+        platform: [iks118_vpc, ocp3, ocp4]
+    #      max-parallel: 1
+      fail-fast: false
 
     env:
       HOME: /home/devops
@@ -31,11 +32,14 @@ jobs:
       TF_VAR_region: ${{ secrets.TEST_REGION }}
       TF_VAR_cluster_name: ${{ secrets[format('TEST_CLUSTER_{0}', matrix.platform)] }}
       TF_VAR_cluster_type: ${{ matrix.platform }}
+      TF_VAR_vpc_cluster: ${{ endswith(matrix.platform, 'vpc') }}
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       - name: Validate config
         run: |
+          echo "Github sha: ${{ github.sha }}"
+          echo "Github ref: ${{ github.ref }}"
           if [ -z "${NAMESPACE}" ]; then
             echo "The NAMESPACE secret has not been set within the Git repo"
             exit 1
@@ -48,33 +52,34 @@ jobs:
       - name: Setup ${{ matrix.platform }}
         run: |
           ls -lA
-          mkdir -p /tmp/workspace/${{ matrix.platform }}
-          cp -R ./test/setup/stages/* /tmp/workspace/${{ matrix.platform }}
-          cp -R ./test/setup/scripts/* /tmp/workspace/${{ matrix.platform }}
+          mkdir -p /tmp/workspace/module
+          cp -R ./.github/scripts/* /tmp/workspace
+          cp -R ./test/stages/* /tmp/workspace
+          cp -R . /tmp/workspace/module
 
       # Deploy
       - name: Deploy ${{ matrix.platform }}
         run: |
-          cd /tmp/workspace/${{ matrix.platform }}
+          cd /tmp/workspace
           ./apply.sh
 
       # Test deploy
       - name: Validate deploy ${{ matrix.platform }}
         run: |
-          cd /tmp/workspace/${{ matrix.platform }}
-          ./validate-deploy.sh ${{ matrix.platform }} ${{ env.TF_VAR_tools_namespace }}
+          cd /tmp/workspace
+          ./validate-deploy.sh ${{ matrix.platform }} ${{ env.NAMESPACE }}
 
       # Destroy
       - name: Destroy ${{ matrix.platform }}
         run: |
-          cd /tmp/workspace/${{ matrix.platform }}
+          cd /tmp/workspace
           ./destroy.sh
 
       # Test destroy
       - name: Validate destroy ${{ matrix.platform }}
         run: |
-          cd /tmp/workspace/${{ matrix.platform }}
-          ./capture-cluster-state.sh ${{ matrix.platform }} ${{ env.NAMESPACE }} $PWD/cluster-state/after/${{ env.NAMESPACE }}.out
+          cd /tmp/workspace
+          ./capture-cluster-state.sh ${{ matrix.platform }} $PWD/cluster-state/before $PWD/cluster-state/after
           if diff -q $PWD/cluster-state/before $PWD/cluster-state/after 1> /dev/null; then
             echo "Destroy completed successfully"
           else
@@ -84,37 +89,18 @@ jobs:
           fi
 
   release:
-#    if: ${{ github.event_name == 'push' }}
+    #    if: ${{ github.event_name == 'push' }}
     needs: verify
     runs-on: ubuntu-latest
-    container: ubuntu:latest
     if: ${{ github.event_name == 'push' }}
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      - name: Setup
-        run: |
-          apt-get update
-          apt-get install -y git
-          apt-get clean
-
-      - name: Checkout
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-
-      - name: Setup node
-        uses: actions/setup-node@v2-beta
-        with:
-          node-version: '12'
-
-      - name: Install release-it
-        run: npm i -g release-it
-
       # Drafts your next Release notes as Pull Requests are merged into "master"
-      - name: Release
-        run: |
-          echo ${{ github.event_name }}
-          release-it --ci minor -c .github/.release-it.yaml
+      - uses: release-drafter/release-drafter@v5
+        with:
+          # (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml
+          config-name: release-drafter.yaml
+          publish: true
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}