gitpod-io · roboquat · Mar 11, 2022 · Mar 9, 2022 · Mar 10, 2022 · ArthurSens
diff --git a/.werft/delete-preview-environments/delete-preview-environments-cron.ts b/.werft/delete-preview-environments/delete-preview-environments-cron.ts
@@ -3,6 +3,7 @@ import * as Tracing from '../observability/tracing';
 import { SpanStatusCode } from '@opentelemetry/api';
 import { wipePreviewEnvironmentAndNamespace, helmInstallName, listAllPreviewNamespaces } from '../util/kubectl';
 import { exec } from '../util/shell';
+import { previewNameFromBranchName } from '../util/preview';
 
 // Will be set once tracing has been initialized
 let werft: Werft
@@ -12,12 +13,14 @@ Tracing.initialize()
         werft = new Werft("delete-preview-environment-cron")
     })
     .then(() => deletePreviewEnvironments())
-    .then(() => werft.endAllSpans())
     .catch((err) => {
         werft.rootSpan.setStatus({
             code: SpanStatusCode.ERROR,
             message: err
         })
+    })
+    .finally(() => {
+        werft.phase("Flushing telemetry", "Flushing telemetry before stopping job")
         werft.endAllSpans()
     })
 
@@ -35,25 +38,28 @@ async function deletePreviewEnvironments() {
 
     werft.phase("Fetching branches");
     const branches = getAllBranches();
-    const expectedPreviewEnvironmentNamespaces = new Set(branches.map(branch => parseBranch(branch)));
+    // During the transition from the old preview names to the new ones we have to check for the existence of both the old or new
+    // preview name patterns before it is safe to delete a namespace.
+    const expectedPreviewEnvironmentNamespaces = new Set(branches.flatMap(branch => [parseBranch(branch), expectedNamespaceFromBranch(branch)]));
     werft.done("Fetching branches");
 
     werft.phase("Fetching previews");
-    let previews
+    let previews: string[]
     try {
         previews = listAllPreviewNamespaces({});
+        previews.forEach(previewNs => werft.log("Fetching previews", previewNs))
     } catch (err) {
         werft.fail("Fetching previews", err)
     }
     werft.done("Fetching previews");
 
-
-    werft.phase("Mapping previews => branches")
-    const previewsToDelete = previews.filter(ns => !expectedPreviewEnvironmentNamespaces.has(ns))
-
     werft.phase("deleting previews")
     try {
-        previewsToDelete.forEach(preview => wipePreviewEnvironmentAndNamespace(helmInstallName, preview, { slice: `Deleting preview ${preview}` }));
+        const previewsToDelete = previews.filter(ns => !expectedPreviewEnvironmentNamespaces.has(ns))
+        // Trigger namespace deletion in parallel
+        const promises = previewsToDelete.map(preview => wipePreviewEnvironmentAndNamespace(helmInstallName, preview, { slice: `Deleting preview ${preview}` }));
+        // But wait for all of them to finish before (or one of them to fail) before we continue
+        await Promise.all(promises)
     } catch (err) {
         werft.fail("deleting previews", err)
     }
@@ -64,9 +70,14 @@ function getAllBranches(): string[] {
     return exec(`git branch -r | grep -v '\\->' | sed "s,\\x1B\\[[0-9;]*[a-zA-Z],,g" | while read remote; do echo "\${remote#origin/}"; done`).stdout.trim().split('\n');
 }
 
+function expectedNamespaceFromBranch(branch: string): string {
+    const previewName = previewNameFromBranchName(branch)
+    return `staging-${previewName}`
+}
+
 function parseBranch(branch: string): string {
     const prefix = 'staging-';
     const parsedBranch = branch.normalize().split("/").join("-");
 
     return prefix + parsedBranch;
-}
+}
diff --git a/.werft/delete-preview-environments/delete-preview-environments.ts b/.werft/delete-preview-environments/delete-preview-environments.ts
@@ -26,6 +26,11 @@ Tracing.initialize()
 async function deletePreviewEnvironment() {
     werft.phase("preparing deletion")
     const version = parseVersion();
+
+    // TODO: This won't work, we need to compute the namespace using the function in
+    // .werft/util/preview.ts. As this job isn't executed yet I'm leaving it broken for
+    // now until we can test what information Werft makes available to the jobs that are
+    // triggered by branch deletions.
     const namespace = `staging-${version.split(".")[0]}`
     werft.log("preparing deletion", `Proceeding to delete the ${namespace} namespace`)
     werft.done("preparing deletion")
@@ -47,4 +52,4 @@ export function parseVersion() {
         version = version.substr(PREFIX_TO_STRIP.length);
     }
     return version
-}
+}
diff --git a/.werft/jobs/build/job-config.ts b/.werft/jobs/build/job-config.ts
@@ -1,6 +1,6 @@
-import { config } from "process";
 import { exec } from "../../util/shell";
 import { Werft } from "../../util/werft";
+import { previewNameFromBranchName } from "../../util/preview";
 
 export interface JobConfig {
     analytics: string
@@ -95,10 +95,10 @@ export function jobConfig(werft: Werft, context: any): JobConfig {
     }
     const withVM = ("with-vm" in buildConfig || repository.branch.includes("with-vm")) && !mainBuild;
 
-    const previewDestName = version.split(".")[0];
-    const previewEnvironmentNamespace = withVM ? `default` : `staging-${previewDestName}`;
+    const previewName = previewNameFromBranchName(repository.branch)
+    const previewEnvironmentNamespace = withVM ? `default` : `staging-${previewName}`;
     const previewEnvironment = {
-        destname: previewDestName,
+        destname: previewName,
         namespace: previewEnvironmentNamespace
     }
 

diff --git a/.werft/jobs/build/validate-changes.ts b/.werft/jobs/build/validate-changes.ts
@@ -13,11 +13,15 @@ export async function validateChanges(werft: Werft, config: JobConfig) {
     werft.done('validate-changes');
 }
 
-// Branch names cannot be longer than 20 characters.
-// We plan to remove this limitation once we move to previews on Harvester VMs.
+// Branch names cannot be longer than 45 characters.
+//
+// The branch name is used as part of the Werft job name. The job name is used for the name of the pod
+// and k8s has a limit of 63 characters. We use 13 characters for the "gitpod-build-" prefix and 5
+// more for the ".<BUILD NUMBER>" ending. That leaves us 45 characters for the branch name.
+// See Werft source https://github.com/csweichel/werft/blob/057cfae0fd7bb1a7b05f89d1b162348378d74e71/pkg/werft/service.go#L376
 async function branchNameCheck(werft: Werft, config: JobConfig) {
     if (!config.noPreview) {
-        const maxBranchNameLength = 20;
+        const maxBranchNameLength = 45;
         werft.log("check-branchname", `Checking if branch name is shorter than ${maxBranchNameLength} characters.`)
 
         if (config.previewEnvironment.destname.length > maxBranchNameLength) {

diff --git a/.werft/util/preview.ts b/.werft/util/preview.ts
@@ -0,0 +1,32 @@
+import { createHash } from "crypto";
+
+/**
+ * Based on the current branch name this will compute the name of the associated
+ * preview environment.
+ *
+ * NOTE: This needs to produce the same result as the function in dev/preview/util/preview-name-from-branch.sh
+ */
+export function previewNameFromBranchName(branchName: string): string {
+    // Due to various limitations we have to ensure that we only use 20 characters
+    // for the preview environment name.
+    //
+    // If the branch name is 20 characters or less we just use it.
+    //
+    // Otherwise:
+    //
+    // We use the first 10 chars of the sanitized branch name
+    // and then the 10 first chars of the hash of the sanitized branch name
+    //
+    // That means collisions can happen. If they do, two jobs would try to deploy to the same
+    // environment.
+    //
+    // see https://github.com/gitpod-io/ops/issues/1252 for details.
+    const sanitizedBranchName = branchName.replace(/^refs\/heads\//, "").toLocaleLowerCase().replace(/[^-a-z0-9]/g, "-")
+
+    if (sanitizedBranchName.length <= 20) {
+        return sanitizedBranchName
+    }
+
+    const hashed = createHash('sha256').update(sanitizedBranchName).digest('hex')
+    return `${sanitizedBranchName.substring(0, 10)}${hashed.substring(0,10)}`
+}
diff --git a/dev/preview/install-k3s-kubeconfig.sh b/dev/preview/install-k3s-kubeconfig.sh
@@ -2,7 +2,9 @@
 
 set -euo pipefail
 
-VM_NAME="$(git symbolic-ref HEAD 2>&1 | awk '{ sub(/^refs\/heads\//, ""); $0 = tolower($0); gsub(/[^-a-z0-9]/, "-"); print }')"
+source ./dev/preview/util/preview-name-from-branch.sh
+
+VM_NAME="$(preview-name-from-branch)"
 
 PRIVATE_KEY=$HOME/.ssh/vm_id_rsa
 PUBLIC_KEY=$HOME/.ssh/vm_id_rsa.pub

diff --git a/dev/preview/portforward-monitoring-satellite-core-dev.sh b/dev/preview/portforward-monitoring-satellite-core-dev.sh
@@ -3,8 +3,10 @@
 # Exposes Prometheus and Grafana's UI
 #
 
-VM_NAME="$(git symbolic-ref HEAD 2>&1 | awk '{ sub(/^refs\/heads\//, ""); $0 = tolower($0); gsub(/[^-a-z0-9]/, "-"); print }')"
-NAMESPACE="staging-${VM_NAME}"
+source ./dev/preview/util/preview-name-from-branch.sh
+
+PREVIEW_NAME="$(preview-name-from-branch)"
+NAMESPACE="staging-${PREVIEW_NAME}"
 
 function log {
     echo "[$(date)] $*"

diff --git a/dev/preview/portforward-monitoring-satellite-harvester.sh b/dev/preview/portforward-monitoring-satellite-harvester.sh
@@ -3,7 +3,9 @@
 # Exposes Prometheus and Grafana's UI
 #
 
-VM_NAME="$(git symbolic-ref HEAD 2>&1 | awk '{ sub(/^refs\/heads\//, ""); $0 = tolower($0); gsub(/[^-a-z0-9]/, "-"); print }')"
+source ./dev/preview/util/preview-name-from-branch.sh
+
+VM_NAME="$(preview-name-from-branch)"
 NAMESPACE="preview-${VM_NAME}"
 
 function log {

diff --git a/dev/preview/ssh-proxy-command.sh b/dev/preview/ssh-proxy-command.sh
@@ -1,6 +1,8 @@
 #!/usr/bin/env bash
 
-VM_NAME="$(git symbolic-ref HEAD 2>&1 | awk '{ sub(/^refs\/heads\//, ""); $0 = tolower($0); gsub(/[^-a-z0-9]/, "-"); print }')"
+source ./dev/preview/util/preview-name-from-branch.sh
+
+VM_NAME="$(preview-name-from-branch)"
 NAMESPACE="preview-${VM_NAME}"
 
 while getopts n:p: flag

diff --git a/dev/preview/ssh-vm.sh b/dev/preview/ssh-vm.sh
@@ -5,7 +5,9 @@
 
 set -euo pipefail
 
-VM_NAME="$(git symbolic-ref HEAD 2>&1 | awk '{ sub(/^refs\/heads\//, ""); $0 = tolower($0); gsub(/[^-a-z0-9]/, "-"); print }')"
+source ./dev/preview/util/preview-name-from-branch.sh
+
+VM_NAME="$(preview-name-from-branch)"
 NAMESPACE="preview-${VM_NAME}"
 
 PRIVATE_KEY=$HOME/.ssh/vm_id_rsa

diff --git a/dev/preview/util/preview-name-from-branch.sh b/dev/preview/util/preview-name-from-branch.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+#
+# Based on the name of the current branch this will compute the name of the associated
+# preview environment.
+#
+# NOTE: This needs to produce the same result as the function in .werft/util/preview.ts
+#        See the file for implementation notes.
+#
+function preview-name-from-branch {
+    branch_name=$(git symbolic-ref HEAD 2>&1) || error "Cannot get current branch"
+    sanitizedd_branch_name=$(echo "$branch_name" | awk '{ sub(/^refs\/heads\//, ""); $0 = tolower($0); gsub(/[^-a-z0-9]/, "-"); print }')
+    length=$(echo -n "$sanitizedd_branch_name" | wc -c)
+
+    if [ "$length" -gt 20 ]; then
+        hashed=$(echo -n "${sanitizedd_branch_name}" | sha256sum)
+        echo "${sanitizedd_branch_name:0:10}${hashed:0:10}"
+    else
+        echo "${sanitizedd_branch_name}"
+    fi
+}
diff --git a/scripts/branch-namespace.sh b/scripts/branch-namespace.sh
@@ -1,8 +1,9 @@
 #!/bin/bash
 
-branch=$(git symbolic-ref HEAD 2>&1) || error "cannot set kubectl namespace: no branch"
+source ./dev/preview/util/preview-name-from-branch.sh
+
 currentContext=$(kubectl config current-context 2>&1) || error "cannot set kubectl namespace: no current context"
-namespace=staging-$(echo "$branch" | awk '{ sub(/^refs\/heads\//, ""); $0 = tolower($0); gsub(/[^-a-z0-9]/, "-"); print }')
+namespace="staging-$(preview-name-from-branch)"
 
 echo "Setting kubectl namespace: $namespace"
 kubectl config set-context "$currentContext" --namespace "$namespace"