diff --git a/.github/workflows/PR.yaml b/.github/workflows/PR.yaml new file mode 100644 index 000000000..9d65216a5 --- /dev/null +++ b/.github/workflows/PR.yaml @@ -0,0 +1,54 @@ +name: PR Workflow + +on: + pull_request: + types: + - opened + - synchronize + +defaults: + run: + working-directory: go/src/github.com/stackrox/infra + +jobs: + + lint: + uses: ./.github/workflows/lint.yaml + + build-and-push: + uses: ./.github/workflows/build-and-push.yaml + secrets: inherit + + create-dev-cluster: + runs-on: ubuntu-latest + steps: + - uses: stackrox/actions/infra/create-cluster@main + with: + flavor: gke-default + name: infra-pr-${{ github.event.pull_request.number }} + args: machine-type=e2-medium,nodes=1,gcp-image-type=ubuntu_containerd + lifespan: 4h + wait: true + token: ${{ secrets.INFRA_TOKEN }} + + comment-for-dev-deploy: + needs: + - build-and-push + - create-dev-cluster + runs-on: ubuntu-latest + container: + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.3.46 + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + ref: ${{ github.event.pull_request.head.sha }} + path: go/src/github.com/stackrox/infra + + - name: Add PR comment for deploy to dev + env: + GITHUB_TOKEN: ${{ secrets.ROBOT_ROX_GITHUB_TOKEN }} + run: | + ./scripts/add-PR-comment-for-deploy-to-dev.sh "${{ github.event.pull_request.html_url }}" "infra-pr-${{ github.event.pull_request.number }}" diff --git a/.github/workflows/ReleaseTagged.yaml b/.github/workflows/ReleaseTagged.yaml new file mode 100644 index 000000000..749793a24 --- /dev/null +++ b/.github/workflows/ReleaseTagged.yaml @@ -0,0 +1,18 @@ +name: Release Tagged + +on: + create: + tags: + - "[0-9]+.[0-9]+.[0-9]+" + +defaults: + run: + working-directory: go/src/github.com/stackrox/infra + +jobs: + + lint: + uses: ./.github/workflows/lint.yaml + + build-and-push: + uses: ./.github/workflows/build-and-push.yaml diff --git a/.github/workflows/lint-build-push.yaml b/.github/workflows/build-and-push.yaml similarity index 52% rename from .github/workflows/lint-build-push.yaml rename to .github/workflows/build-and-push.yaml index 28b61e899..cbe25fd36 100644 --- a/.github/workflows/lint-build-push.yaml +++ b/.github/workflows/build-and-push.yaml @@ -1,13 +1,7 @@ -name: Lint, Build, Push +name: Build & Push on: - pull_request: - types: - - opened - - synchronize - create: - tags: - - "[0-9]+.[0-9]+.[0-9]+" + workflow_call: defaults: run: @@ -15,45 +9,6 @@ defaults: jobs: - lint: - runs-on: ubuntu-latest - container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.3.46 - - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - ref: ${{ github.event.pull_request.head.sha }} - path: go/src/github.com/stackrox/infra - - - name: Setup env - run: | - GOPATH="$GITHUB_WORKSPACE/go" - echo GOPATH="${GOPATH}" >> $GITHUB_ENV - PATH="${PATH}:${GOPATH}/bin" - echo PATH="${PATH}" >> $GITHUB_ENV - - - name: Cache Go dependencies - uses: ./go/src/github.com/stackrox/infra/.github/actions/cache-go-dependencies - - - name: Install golangci-lint 1.33.0 - run: | - mkdir -p "${GOPATH}/bin" - wget -q https://github.com/golangci/golangci-lint/releases/download/v1.33.0/golangci-lint-1.33.0-linux-amd64.tar.gz - tar -xf golangci-lint-1.33.0-linux-amd64.tar.gz - install golangci-lint-1.33.0-linux-amd64/golangci-lint "${GOPATH}/bin/golangci-lint" - golangci-lint version - - - name: Generate src - run: | - make proto-generated-srcs - - - name: Lint - run: | - golangci-lint run - build-and-push: runs-on: ubuntu-latest container: @@ -75,9 +30,9 @@ jobs: - name: Setup env run: | GOPATH="$GITHUB_WORKSPACE/go" - echo GOPATH="${GOPATH}" >> $GITHUB_ENV + echo GOPATH="${GOPATH}" >> "$GITHUB_ENV" PATH="${PATH}:${GOPATH}/bin" - echo PATH="${PATH}" >> $GITHUB_ENV + echo PATH="${PATH}" >> "$GITHUB_ENV" - name: Cache Go dependencies uses: ./go/src/github.com/stackrox/infra/.github/actions/cache-go-dependencies diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 000000000..b903220f2 --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,49 @@ +name: Lint + +on: + workflow_call: + +defaults: + run: + working-directory: go/src/github.com/stackrox/infra + +jobs: + + lint: + runs-on: ubuntu-latest + container: + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.3.46 + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + ref: ${{ github.event.pull_request.head.sha }} + path: go/src/github.com/stackrox/infra + + - name: Setup env + run: | + GOPATH="$GITHUB_WORKSPACE/go" + echo GOPATH="${GOPATH}" >> "$GITHUB_ENV" + PATH="${PATH}:${GOPATH}/bin" + echo PATH="${PATH}" >> "$GITHUB_ENV" + + - name: Cache Go dependencies + uses: ./go/src/github.com/stackrox/infra/.github/actions/cache-go-dependencies + + - name: Install golangci-lint 1.33.0 + run: | + mkdir -p "${GOPATH}/bin" + wget -q https://github.com/golangci/golangci-lint/releases/download/v1.33.0/golangci-lint-1.33.0-linux-amd64.tar.gz + tar -xf golangci-lint-1.33.0-linux-amd64.tar.gz + install golangci-lint-1.33.0-linux-amd64/golangci-lint "${GOPATH}/bin/golangci-lint" + golangci-lint version + + - name: Generate src + run: | + make proto-generated-srcs + + - name: Lint + run: | + golangci-lint run diff --git a/.gitignore b/.gitignore index 36c5f12d1..c7cf79ff2 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,5 @@ configuration/ .idea/ **/*.swp tags +nohup.out + diff --git a/Makefile b/Makefile index 9d101da0c..d5a113c60 100644 --- a/Makefile +++ b/Makefile @@ -177,6 +177,11 @@ clean-render: .PHONY: render-local render-local: clean-render + @if [[ ! -e chart/infra-server/configuration ]]; then \ + echo chart/infra-server/configuration is absent. Try:; \ + echo make configuration-download; \ + exit 1; \ + fi @mkdir -p chart-rendered helm template chart/infra-server \ --output-dir chart-rendered \ @@ -308,3 +313,16 @@ update-version: @perl -p -i -e 's#image: (${image_regex}):(.*)#image: \1:${image_version}#g' \ ./chart/infra-server/static/*.yaml @git diff --name-status ./chart/infra-server/static/*.yaml + +# Assuming a local dev infra server is running and accessible via a port-forward +# i.e. nohup kubectl -n infra port-forward svc/infra-server-service 8443:8443 & +.PHONY: pull-infractl-from-dev-server +pull-infractl-from-dev-server: + @rm -f bin/infractl + set -o pipefail; \ + curl --retry 3 --insecure --silent --show-error --fail --location https://localhost:8443/v1/cli/linux/amd64/upgrade \ + | jq -r ".result.fileChunk" \ + | base64 -d \ + > bin/infractl + chmod +x bin/infractl + bin/infractl -k -e localhost:8443 version diff --git a/scripts/add-PR-comment-for-deploy-to-dev.sh b/scripts/add-PR-comment-for-deploy-to-dev.sh new file mode 100755 index 000000000..93da2450d --- /dev/null +++ b/scripts/add-PR-comment-for-deploy-to-dev.sh @@ -0,0 +1,56 @@ +#!/usr/bin/env bash + +set -euo pipefail + +add_PR_comment_for_deploy_to_dev() { + if [[ "$#" -ne 2 ]]; then + die "missing args. usage: add_PR_comment_for_deploy_to_dev " + fi + + # hub-comment is tied to Circle CI env and requires CIRCLE_PULL_REQUEST + local url="$1" + export CIRCLE_PULL_REQUEST="$url" + + export DEV_CLUSTER_NAME="$2" + + local tmpfile + tmpfile=$(mktemp) + cat > "$tmpfile" <<- EOT +A single node development cluster ({{.Env.DEV_CLUSTER_NAME}}) was allocated in production infra for this PR. + +:electric_plug: You can **connect** to this cluster with: +\`\`\` +gcloud container clusters get-credentials {{.Env.DEV_CLUSTER_NAME}} --zone us-central1-a --project srox-temp-dev-test +\`\`\` + +:rocket: And then **deploy** your development infra-server with: +\`\`\` +make render-local +make install-local +\`\`\` + +:hammer_and_wrench: And pull **infractl** from the deployed dev infra-server with: +\`\`\` +nohup kubectl -n infra port-forward svc/infra-server-service 8443:8443 & +make pull-infractl-from-dev-server +\`\`\` + +:bike: You can then **use** the dev infra instance e.g.: +\`\`\` +bin/infractl -k -e localhost:8443 whoami +\`\`\` + +:warning: ***Any clusters that you start using your dev infra instance should have a lifespan shorter +then the development cluster instance. Otherwise they will not be destroyed when the dev infra instance +ceases to exist when the development cluster is deleted.*** :warning: +EOT + + hub-comment -type deploy -template-file "$tmpfile" +} + +die() { + echo >&2 "$@" + exit 1 +} + +add_PR_comment_for_deploy_to_dev "$@"