RS-574: Create a development cluster for infra PRs

.github/workflows/PR.yaml

@@ -0,0 +1,54 @@
+name: PR Workflow
+
+on:
+  pull_request:
+    types:
+    - opened
+    - synchronize
+
+defaults:
+  run:
+    working-directory: go/src/github.com/stackrox/infra
+
+jobs:
+
+  lint:
+    uses: ./.github/workflows/lint.yaml
+
+  build-and-push:
+    uses: ./.github/workflows/build-and-push.yaml
+    secrets: inherit
+
+  create-dev-cluster:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: stackrox/actions/infra/create-cluster@main
+        with:
+          flavor: gke-default
+          name: infra-pr-${{ github.event.pull_request.number }}
+          args: machine-type=e2-medium,nodes=1,gcp-image-type=ubuntu_containerd
+          lifespan: 4h
+          wait: true
+          token: ${{ secrets.INFRA_TOKEN }}
+
+  comment-for-dev-deploy:
+    needs:
+      - build-and-push
+      - create-dev-cluster
+    runs-on: ubuntu-latest
+    container:
+      image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.3.46
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+          path: go/src/github.com/stackrox/infra
+
+      - name: Add PR comment for deploy to dev
+        env:
+          GITHUB_TOKEN: ${{ secrets.ROBOT_ROX_GITHUB_TOKEN }}
+        run: |
+          ./scripts/add-PR-comment-for-deploy-to-dev.sh "${{ github.event.pull_request.html_url }}" "infra-pr-${{ github.event.pull_request.number }}"

.github/workflows/ReleaseTagged.yaml

@@ -0,0 +1,18 @@
+name: Release Tagged
+
+on:
+  create:
+    tags:
+      - "[0-9]+.[0-9]+.[0-9]+"
+
+defaults:
+  run:
+    working-directory: go/src/github.com/stackrox/infra
+
+jobs:
+
+  lint:
+    uses: ./.github/workflows/lint.yaml
+
+  build-and-push:
+    uses: ./.github/workflows/build-and-push.yaml

.github/workflows/lint-build-push.yaml → .github/workflows/build-and-push.yaml

@@ -1,59 +1,14 @@
-name: Lint, Build, Push
+name: Build & Push
 
 on:
-  pull_request:
-    types:
-    - opened
-    - synchronize
-  create:
-    tags:
-      - "[0-9]+.[0-9]+.[0-9]+"
+  workflow_call:
 
 defaults:
   run:
     working-directory: go/src/github.com/stackrox/infra
 
 jobs:
 
-  lint:
-    runs-on: ubuntu-latest
-    container:
-      image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.3.46
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-          ref: ${{ github.event.pull_request.head.sha }}
-          path: go/src/github.com/stackrox/infra
-
-      - name: Setup env
-        run: |
-          GOPATH="$GITHUB_WORKSPACE/go"
-          echo GOPATH="${GOPATH}" >> $GITHUB_ENV
-          PATH="${PATH}:${GOPATH}/bin"
-          echo PATH="${PATH}" >> $GITHUB_ENV
-
-      - name: Cache Go dependencies
-        uses: ./go/src/github.com/stackrox/infra/.github/actions/cache-go-dependencies
-
-      - name: Install golangci-lint 1.33.0
-        run: |
-          mkdir -p "${GOPATH}/bin"
-          wget -q https://github.com/golangci/golangci-lint/releases/download/v1.33.0/golangci-lint-1.33.0-linux-amd64.tar.gz
-          tar -xf golangci-lint-1.33.0-linux-amd64.tar.gz
-          install golangci-lint-1.33.0-linux-amd64/golangci-lint "${GOPATH}/bin/golangci-lint"
-          golangci-lint version
-
-      - name: Generate src
-        run: |
-          make proto-generated-srcs
-
-      - name: Lint
-        run: |
-          golangci-lint run
-
   build-and-push:
     runs-on: ubuntu-latest
     container:
@@ -75,9 +30,9 @@ jobs:
       - name: Setup env
         run: |
           GOPATH="$GITHUB_WORKSPACE/go"
-          echo GOPATH="${GOPATH}" >> $GITHUB_ENV
+          echo GOPATH="${GOPATH}" >> "$GITHUB_ENV"
           PATH="${PATH}:${GOPATH}/bin"
-          echo PATH="${PATH}" >> $GITHUB_ENV
+          echo PATH="${PATH}" >> "$GITHUB_ENV"
 
       - name: Cache Go dependencies
         uses: ./go/src/github.com/stackrox/infra/.github/actions/cache-go-dependencies

.github/workflows/lint.yaml

@@ -0,0 +1,49 @@
+name: Lint
+
+on:
+  workflow_call:
+
+defaults:
+  run:
+    working-directory: go/src/github.com/stackrox/infra
+
+jobs:
+
+  lint:
+    runs-on: ubuntu-latest
+    container:
+      image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.3.46
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+          path: go/src/github.com/stackrox/infra
+
+      - name: Setup env
+        run: |
+          GOPATH="$GITHUB_WORKSPACE/go"
+          echo GOPATH="${GOPATH}" >> "$GITHUB_ENV"
+          PATH="${PATH}:${GOPATH}/bin"
+          echo PATH="${PATH}" >> "$GITHUB_ENV"
+
+      - name: Cache Go dependencies
+        uses: ./go/src/github.com/stackrox/infra/.github/actions/cache-go-dependencies
+
+      - name: Install golangci-lint 1.33.0
+        run: |
+          mkdir -p "${GOPATH}/bin"
+          wget -q https://github.com/golangci/golangci-lint/releases/download/v1.33.0/golangci-lint-1.33.0-linux-amd64.tar.gz
+          tar -xf golangci-lint-1.33.0-linux-amd64.tar.gz
+          install golangci-lint-1.33.0-linux-amd64/golangci-lint "${GOPATH}/bin/golangci-lint"
+          golangci-lint version
+
+      - name: Generate src
+        run: |
+          make proto-generated-srcs
+
+      - name: Lint
+        run: |
+          golangci-lint run

.gitignore

@@ -19,3 +19,5 @@ configuration/
 .idea/
 **/*.swp
 tags
+nohup.out
+

Makefile

@@ -177,6 +177,11 @@ clean-render:
 
 .PHONY: render-local
 render-local: clean-render
+	@if [[ ! -e chart/infra-server/configuration ]]; then \
+		echo chart/infra-server/configuration is absent. Try:; \
+		echo make configuration-download; \
+		exit 1; \
+	fi
 	@mkdir -p chart-rendered
 	helm template chart/infra-server \
 	    --output-dir chart-rendered \
@@ -308,3 +313,16 @@ update-version:
 	@perl -p -i -e 's#image: (${image_regex}):(.*)#image: \1:${image_version}#g' \
 		./chart/infra-server/static/*.yaml
 	@git diff --name-status ./chart/infra-server/static/*.yaml
+
+# Assuming a local dev infra server is running and accessible via a port-forward
+# i.e. nohup kubectl -n infra port-forward svc/infra-server-service 8443:8443 &
+.PHONY: pull-infractl-from-dev-server
+pull-infractl-from-dev-server:
+	@rm -f bin/infractl
+	set -o pipefail; \
+	curl --retry 3 --insecure --silent --show-error --fail --location https://localhost:8443/v1/cli/linux/amd64/upgrade \
+          | jq -r ".result.fileChunk" \
+          | base64 -d \
+          > bin/infractl
+	chmod +x bin/infractl
+	bin/infractl -k -e localhost:8443 version

scripts/add-PR-comment-for-deploy-to-dev.sh

@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+add_PR_comment_for_deploy_to_dev() {
+    if [[ "$#" -ne 2 ]]; then
+        die "missing args. usage: add_PR_comment_for_deploy_to_dev <PR URL> <dev cluster name>"
+    fi
+
+    # hub-comment is tied to Circle CI env and requires CIRCLE_PULL_REQUEST
+    local url="$1"
+    export CIRCLE_PULL_REQUEST="$url"
+
+    export DEV_CLUSTER_NAME="$2"
+
+    local tmpfile
+    tmpfile=$(mktemp)
+    cat > "$tmpfile" <<- EOT
+A single node development cluster ({{.Env.DEV_CLUSTER_NAME}}) was allocated in production infra for this PR.
+
+:electric_plug: You can **connect** to this cluster with:
+\`\`\`
+gcloud container clusters get-credentials {{.Env.DEV_CLUSTER_NAME}} --zone us-central1-a --project srox-temp-dev-test
+\`\`\`
+
+:rocket: And then **deploy** your development infra-server with:
+\`\`\`
+make render-local
+make install-local
+\`\`\`
+
+:hammer_and_wrench: And pull **infractl** from the deployed dev infra-server with:
+\`\`\`
+nohup kubectl -n infra port-forward svc/infra-server-service 8443:8443 &
+make pull-infractl-from-dev-server
+\`\`\`
+
+:bike: You can then **use** the dev infra instance e.g.:
+\`\`\`
+bin/infractl -k -e localhost:8443 whoami
+\`\`\`
+
+:warning: ***Any clusters that you start using your dev infra instance should have a lifespan shorter 
+then the development cluster instance. Otherwise they will not be destroyed when the dev infra instance 
+ceases to exist when the development cluster is deleted.*** :warning:
+EOT
+
+    hub-comment -type deploy -template-file "$tmpfile"
+}
+
+die() {
+    echo >&2 "$@"
+    exit 1
+}
+
+add_PR_comment_for_deploy_to_dev "$@"