From 59887ce048de0f30ab2e1afb07e943d176f689c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ferenc=20G=C3=A9czi?= Date: Wed, 14 Feb 2024 00:00:00 +0000 Subject: [PATCH] Add .tekton MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Ferenc Géczi --- .tekton/README.md | 272 ++++++++++++++++++ .tekton/github-interceptor-secret.yaml | 8 + .tekton/github-pr-eventlistener.yaml | 102 +++++++ .tekton/github-pr-pipeline.yaml.part | 37 +++ .tekton/github-set-status-task.yaml | 40 +++ .tekton/github-webhook-ingress.yaml | 20 ++ .tekton/pipeline.yaml | 86 ++++++ .tekton/pipelinerun.yaml | 19 ++ .tekton/run_unittests.sh | 76 +++++ .tekton/task.yaml | 177 ++++++++++++ ...triggers-eventlistener-serviceaccount.yaml | 29 ++ 11 files changed, 866 insertions(+) create mode 100644 .tekton/README.md create mode 100644 .tekton/github-interceptor-secret.yaml create mode 100644 .tekton/github-pr-eventlistener.yaml create mode 100644 .tekton/github-pr-pipeline.yaml.part create mode 100644 .tekton/github-set-status-task.yaml create mode 100644 .tekton/github-webhook-ingress.yaml create mode 100644 .tekton/pipeline.yaml create mode 100644 .tekton/pipelinerun.yaml create mode 100755 .tekton/run_unittests.sh create mode 100644 .tekton/task.yaml create mode 100644 .tekton/tekton-triggers-eventlistener-serviceaccount.yaml diff --git a/.tekton/README.md b/.tekton/README.md new file mode 100644 index 000000000..cae4bc6be --- /dev/null +++ b/.tekton/README.md @@ -0,0 +1,272 @@ +# Tekton CI for Instana Python Tracer + +## Basic Tekton setup + +### Get a cluster + +What you will need: +* Full administrator access +* Enough RAM and CPU on a cluster node to run all the pods of a single Pipelinerun on a single node. + Multiple nodes increase the number of parallel `PipelineRun` instances. + Currently one `PipelineRun` instance is capable of saturating a 8vCPU - 16GB RAM worker node. + +### Setup Tekton on your cluster + +1. Install latest stable Tekton Pipeline release +```bash + kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml +``` + +2. Install Tekton Dashboard Full (the normal is read only, and doesn't allow for example to re-run). + +````bash + kubectl apply --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/release-full.yaml +```` + +3. Access the dashboard + +```bash +kubectl proxy +``` + +Once the proxy is active, navigate your browser to the [dashboard url]( +http://localhost:8001/api/v1/namespaces/tekton-pipelines/services/tekton-dashboard:http/proxy/) + +### Setup the python-tracer-ci-pipeline + +````bash + kubectl apply --filename task.yaml && kubectl apply --filename pipeline.yaml +```` + +### Run the pipeline manually + +#### From the Dashboard +Navigate your browser to the [pipelineruns section of the dashboard]( +http://localhost:8001/api/v1/namespaces/tekton-pipelines/services/tekton-dashboard:http/proxy/#/pipelineruns) + +1. Click `Create` +2. Select the `Namespace` (where the `Pipeline` resource is created by default it is `default`) +3. Select the `Pipeline` created in the `pipeline.yaml` right now it is `python-tracer-ci-pipeline` +4. Fill in `Params`. The `revision` should be `master` for the `master` branch +4. Select the `ServiceAccount` set to `default` +5. Optionally, enter a `PipelineRun name` for example `my-master-test-pipeline`, + but if you don't then the Dashboard will generate a unique one for you. +6. As long as [the known issue with Tekton Dashboard Workspace binding]( + https://github.com/tektoncd/dashboard/issues/1283), is not resolved. + You have to go to `YAML Mode` and insert the workspace definition at the end of the file, + with the exact same indentation: + +````yaml + workspaces: + - name: python-tracer-ci-pipeline-pvc-$(params.revision) + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Mi + +```` +7. Click `Create` at the bottom of the page + + +#### From kubectl CLI +As an alternative to using the Dashboard, you can manually edit `pipelinerun.yaml` and create it with: +````bash + kubectl apply --filename pipelinerun.yaml +```` + +### Clanup PipelineRun and associated PV resources + +`PipelineRuns` and workspace `PersistentVolume` resources by default are kept indefinitely, +and repeated runs might exhaust the available resources, therefore they need to be cleaned up either +automatically or manually. + +#### Manully from the Dashboard + +Navigate to `PipelineRuns` and check the checkbox next to the pipelinerun +and then click `Delete` in the upper right corner. + +#### Manually from the CLI + +You can use either `kubectl` +````bash +kubectl get pipelinerun +kubectl delete pipelinerun +```` + +or `tkn` cli +````bash +tkn pipelinerun list +tkn pipelinerun delete +```` + +#### Automatic cleanup with a cronjob + +Install and configure resources from https://github.com/3scale-ops/tekton-pipelinerun-cleaner + + +## Integrate with GitHub + +### GitHub PR Trigger & PR Check API integration + +The GitHub integration requires further Tekton Triggers and Interceptors to be installed +````bash +kubectl apply --filename \ +https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml +kubectl apply --filename \ +https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml +```` +#### Create a ServiceAccount + +Our future GitHub PR Event listener needs a service account, +`tekton-triggers-eventlistener-serviceaccount` which authorizes it to +perform operations specified in eventlistener `Role` and `ClusteRole`. +Create the service account with the needed role bindings: + +````bash + kubectl apply --filename tekton-triggers-eventlistener-serviceaccount.yaml +```` + +#### Create the Secret for the GitHub repository webhook + +In order to authorize the incoming webhooks into our cluster, we need to share +a secret between our webhook listener, and the GitHub repo. +Generate a long, strong and random generated token, put it into `github-interceptor-secret.yaml`. +Create the secret resource: +````bash + kubectl apply --filename github-interceptor-secret.yaml +```` + +#### Create the Task and token to report PR Check status to GitHub + +The GitHub PR specific Tekton pipeline will want to send data to report the `PR Check Status`. +That [GitHub API](https://docs.github.com/en/rest/commits/statuses?apiVersion=2022-11-28#create-a-commit-status +) requires authentication, and therefore we need a token. +The user which generates the token has to have `Write` access in the target repo, +as part of the organisation. Check the repo access for this repo under +https://github.com/instana/python-sensor/settings/access. + +With the proper user: +1. Navigate to https://github.com/settings/tokens +2. Click on `Generate new token` dropdown `Generate new token (classic)`. +3. Fill in `Note` with for example `Tekton commit status`, +4. Make sure if you set an expiration, than you remember to renew the token after expiry. +5. Under `Select scopes` find `repo` and below that only select the checkbox next to `repo:status` - `Access commit status`. + click `Generate token` +6. Create the kubernetes secret with the token: + +````bash + kubectl create secret generic githubtoken --from-literal token="MY_TOKEN" +```` + +And we also make an HTTP POST with the status update data to GitHub. +This is done in a `Task` called `github-set-status`, create it as such: +````bash + kubectl apply -f github-set-status-task.yaml +```` + +#### Create the GitHub PR pipeline + +Create the new pipeline, which executes the previously created `python-tracer-ci-pipeline`, +wrapped around with GitHub Check status reporting tasks. As long as [Pipelines in Pipelines]( +https://tekton.dev/docs/pipelines/pipelines-in-pipelines/), remains an +unimplemented `alpha` feature in Tekton, +we will need the [yq](https://github.com/mikefarah/yq) (at least `4.0`) +to pull the tasks from our previous `python-tracer-ci-pipeline` into the +new pipeline `github-pr-python-tracer-ci-pipeline`. + +````bash + (cat github-pr-pipeline.yaml.part && yq '{"a": {"b": .spec.tasks}}' pipeline.yaml| tail --lines=+3) | kubectl apply -f - +```` + +#### Create the GitHub PR Event Listener, TriggerTemplate and TriggerBinding + +Once the new GitHub specific pipeline is created, we need a listener which starts +a new `PipelineRun` based on GitHub events. + +````bash + kubectl apply --filename github-pr-eventlistener.yaml +```` + +After this ensure that there is a pod and a service created: + +````bash + kubectl get pod | grep -i el-github-pr-eventlistener + kubectl get svc | grep -i el-github-pr-eventlistener +```` + +Do not continue if any of these missing. + +#### Create the Ingress for the GitHub Webhook to come through + +You will need an ingress controller for this. +On IKS you might want to read these resources: +* [managed ingress](https://cloud.ibm.com/docs/containers?topic=containers-managed-ingress-about) +* Or unmanaged [ingress controller howto]( +https://github.com/IBM-Cloud/iks-ingress-controller/blob/master/docs/installation.md +). + +1. Check the available `ingressclass` resources on your cluster + +````bash + kubectl get ingressclass +```` + +* On `IKS` it will be `public-iks-k8s-nginx`. +* On `EKS` with the `ALB` ingress controller, it might be just `alb` +* On self hosted [nginx controller](https://kubernetes.github.io/ingress-nginx/deploy/) + this might just be `nginx`. + +Edit and save the value of `ingressClassName:` in `github-webhook-ingress.yaml`. + +2. Find out your Ingress domain or subdomain name. + +* On `IKS`, go to `Clusters` select your cluster and then click `Overview`. + The domain name is listed under `Ingress subdomain`. + +and create the resource: + +````bash + kubectl apply --filename github-webhook-ingress.yaml +```` + +Make sure that you can use the ingress with the `/hooks` path via `https`: +````bash + curl https:///hooks +```` + +At this point this should respond this: +```json + { + "eventListener":"github-pr-eventlistener", + "namespace":"default", + "eventListenerUID":"", + "errorMessage":"Invalid event body format : unexpected end of JSON input" + } +``` + +#### Setup the webhook on GitHub + +In the GitHub repo go to `Settings` -> `Webhooks` and click `Add Webhook`. +The fields we need to set are: +* `Payload URL`: `https:///hooks` +* `Content type`: application/json +* `Secret`: XXXXXXX (the secret token from github-interceptor-secret.yaml) + +Under `SSL verification` select the radio button for `Enable SSL verification`. +Under `Which events would you like to trigger this webhook?` select +the radio button for `Let me select individual events.` and thick the checkbox next to +`Pull requests` and ensure that the rest are unthicked. + +Click `Add webhook`. + +If the webhook has been set up correctly, then GitHub sends a ping message. +Ensure that the ping is received from GitHub, and that it is filtered out so +a simple ping event does not trigger any `PipelineRun` unnecessarily. + +````bash +eventlistener_pod=$(kubectl get pods -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' | grep el-github-pr) +kubectl logs "${eventlistener_pod}" | grep 'event type ping is not allowed' +```` diff --git a/.tekton/github-interceptor-secret.yaml b/.tekton/github-interceptor-secret.yaml new file mode 100644 index 000000000..a774f812d --- /dev/null +++ b/.tekton/github-interceptor-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: github-interceptor-secret +type: Opaque +stringData: + # Always use a long, strong and random generated token + secretToken: "<--- TOKEN GOES HERE --->" diff --git a/.tekton/github-pr-eventlistener.yaml b/.tekton/github-pr-eventlistener.yaml new file mode 100644 index 000000000..f310ebb39 --- /dev/null +++ b/.tekton/github-pr-eventlistener.yaml @@ -0,0 +1,102 @@ +apiVersion: triggers.tekton.dev/v1beta1 +kind: TriggerTemplate +metadata: + name: github-pr-pipeline-template +spec: + params: + - description: The git branch name + name: git-branch + - description: The git branch name shortened and converted to RFC 1123 subdomain names + name: git-branch-normalized + - description: The full sha of the git commit + name: git-commit-sha + - description: The short 7 digit sha of the git commit + name: git-commit-short-sha + resourcetemplates: + - apiVersion: tekton.dev/v1 + kind: PipelineRun + metadata: + # After variable resolution, this has to be maximum 63 character long, + # lower case, RFC 1123 subdomain name. The regex used for validation is + # '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' + name: python-tracer-pr-$(tt.params.git-branch-normalized)-$(tt.params.git-commit-short-sha) + spec: + params: + - name: revision + value: $(tt.params.git-branch) + - name: git-commit-sha + value: $(tt.params.git-commit-sha) + pipelineRef: + name: github-pr-python-tracer-ci-pipeline + workspaces: + - name: python-tracer-ci-pipeline-pvc + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Mi +--- +apiVersion: triggers.tekton.dev/v1beta1 +kind: TriggerBinding +metadata: + name: github-pr-binding +spec: + params: + - name: git-branch + value: $(body.pull_request.head.ref) + - name: git-branch-normalized + value: $(extensions.git_branch_normalized) + - name: git-commit-sha + value: $(body.pull_request.head.sha) + - name: git-commit-short-sha + value: $(extensions.truncated_sha) +--- +apiVersion: triggers.tekton.dev/v1beta1 +kind: EventListener +metadata: + name: github-pr-eventlistener +spec: + serviceAccountName: tekton-triggers-eventlistener-serviceaccount + triggers: + - name: github-pr-trigger + interceptors: + - name: receive-github-event + ref: + name: "github" + params: + - name: "secretRef" + value: + secretName: github-interceptor-secret + secretKey: secretToken + - name: "eventTypes" + value: ["pull_request"] + - name: filter-irrelevant-events + ref: + name: "cel" + params: + - name: "filter" + # We should not trigger on 'closed', 'assigned', 'unassigned', 'converted_to_draft' + value: "body.action in ['opened', 'synchronize', 'reopened']" + - name: add-truncated-sha + ref: + name: "cel" + params: + - name: "overlays" + value: + - key: truncated_sha + expression: "body.pull_request.head.sha.truncate(7)" + - name: add-normalized-branch-name + ref: + name: "cel" + params: + - name: "overlays" + value: + - key: git_branch_normalized + # The git branch name shortened and converted to RFC 1123 subdomain names + expression: 'body.pull_request.head.ref.truncate(38).lowerAscii().translate("_", "-")' + bindings: + - ref: github-pr-binding + template: + ref: github-pr-pipeline-template diff --git a/.tekton/github-pr-pipeline.yaml.part b/.tekton/github-pr-pipeline.yaml.part new file mode 100644 index 000000000..45569b1ee --- /dev/null +++ b/.tekton/github-pr-pipeline.yaml.part @@ -0,0 +1,37 @@ +apiVersion: tekton.dev/v1 +kind: Pipeline +metadata: + name: github-pr-python-tracer-ci-pipeline +spec: + params: + - name: revision + type: string + - name: git-commit-sha + type: string + workspaces: + - name: python-tracer-ci-pipeline-pvc + tasks: + - name: github-set-check-status-to-pending + taskRef: + kind: Task + name: github-set-status + params: + - name: SHA + value: $(params.git-commit-sha) + - name: STATE + value: pending + - name: github-set-check-status-to-success-or-failure + runAfter: + - github-set-check-status-to-pending + - unittest-default + - unittest-cassandra + - unittest-couchbase + - unittest-gevent + taskRef: + kind: Task + name: github-set-status + params: + - name: SHA + value: $(params.git-commit-sha) + - name: STATE + value: success diff --git a/.tekton/github-set-status-task.yaml b/.tekton/github-set-status-task.yaml new file mode 100644 index 000000000..c13454f48 --- /dev/null +++ b/.tekton/github-set-status-task.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: github-set-status +spec: + params: + - name: SHA + - name: STATE + volumes: + - name: githubtoken + secret: + secretName: githubtoken + steps: + - name: set-status + # curlimages/curl:8.6.0 + image: curlimages/curl@sha256:f2237028bed58de91f62aea74260bb2a299cf12fbcabc23cfaf125fef276c884 + env: + - name: SHA + value: $(params.SHA) + - name: STATE + value: $(params.STATE) + volumeMounts: + - name: githubtoken + mountPath: /etc/github-set-status + script: | + #!/bin/sh + curl -L \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $(cat /etc/github-set-status/token)" \ + -H "Content-Type: application/json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + "https://api.github.com/repos/instana/python-sensor/statuses/${SHA}" \ + -d '{ + "state":"'${STATE}'", + "target_url":"http://localhost:8001/api/v1/namespaces/tekton-pipelines/services/tekton-dashboard:http/proxy/#/namespaces/default/pipelineruns/", + "description":"Tekton build is in state: '${STATE}'", + "context":"Tekton" + }' diff --git a/.tekton/github-webhook-ingress.yaml b/.tekton/github-webhook-ingress.yaml new file mode 100644 index 000000000..2fd617eda --- /dev/null +++ b/.tekton/github-webhook-ingress.yaml @@ -0,0 +1,20 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: github-webhook-ingress +spec: + ingressClassName: public-iks-k8s-nginx + tls: + - hosts: + - + rules: + - host: + http: + paths: + - path: /hooks + pathType: Exact + backend: + service: + name: el-github-pr-eventlistener + port: + number: 8080 diff --git a/.tekton/pipeline.yaml b/.tekton/pipeline.yaml new file mode 100644 index 000000000..64748bdbc --- /dev/null +++ b/.tekton/pipeline.yaml @@ -0,0 +1,86 @@ +apiVersion: tekton.dev/v1 +kind: Pipeline +metadata: + name: python-tracer-ci-pipeline +spec: + params: + - name: revision + type: string + workspaces: + - name: python-tracer-ci-pipeline-pvc + tasks: + - name: clone + params: + - name: revision + value: $(params.revision) + taskRef: + name: python-tracer-clone-task + workspaces: + - name: task-pvc + workspace: python-tracer-ci-pipeline-pvc + - name: unittest-default + runAfter: + - clone + matrix: + params: + - name: imageDigest + value: + # 3.7.17-bookworm + - "sha256:2011a37d2a08fe83dd9ff923e0f83bfd7290152e2e6afe359bde1453170d9bdc" + # 3.8.18-bookworm + - "sha256:625008535504ab68868ca06d1bdd868dee92a9878d5b55fc240af7ceb38b7183" + # 3.9.18-bookworm + - "sha256:530d4ba717be787c0e2d011aa107edac6d721f8c06fe6d44708d4aa5e9bc5ec9" + # 3.10.13-bookworm + - "sha256:c970ff53939772f47b0672e380328afb50d8fd1c0568ed4f82c22effc54244fc" + # 3.11.8-bookworm + - "sha256:72afb375030b13c8c9cb72ba1d8c410f25307c2dbbd7d59f9c6ccea5cb152ff9" + # 3.12.2-bookworm + - "sha256:35eff340c0acd837b7962f77ee4b8869385dd6fe7d3928375a08f0a3bdd18beb" + taskRef: + name: python-tracer-unittest-default-task + workspaces: + - name: task-pvc + workspace: python-tracer-ci-pipeline-pvc + - name: unittest-cassandra + runAfter: + - clone + matrix: + params: + - name: imageDigest + value: + # 3.9.18-bookworm + - "sha256:530d4ba717be787c0e2d011aa107edac6d721f8c06fe6d44708d4aa5e9bc5ec9" + taskRef: + name: python-tracer-unittest-cassandra-task + workspaces: + - name: task-pvc + workspace: python-tracer-ci-pipeline-pvc + - name: unittest-couchbase + runAfter: + - clone + matrix: + params: + - name: imageDigest + value: + # 3.9.18-bookworm + - "sha256:530d4ba717be787c0e2d011aa107edac6d721f8c06fe6d44708d4aa5e9bc5ec9" + taskRef: + name: python-tracer-unittest-couchbase-task + workspaces: + - name: task-pvc + workspace: python-tracer-ci-pipeline-pvc + - name: unittest-gevent + runAfter: + - clone + matrix: + params: + - name: imageDigest + value: + # 3.9.18-bookworm + - "sha256:530d4ba717be787c0e2d011aa107edac6d721f8c06fe6d44708d4aa5e9bc5ec9" + taskRef: + name: python-tracer-unittest-gevent-task + workspaces: + - name: task-pvc + workspace: python-tracer-ci-pipeline-pvc diff --git a/.tekton/pipelinerun.yaml b/.tekton/pipelinerun.yaml new file mode 100644 index 000000000..c77b65202 --- /dev/null +++ b/.tekton/pipelinerun.yaml @@ -0,0 +1,19 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + name: python-tracer-ci-pipeline-run +spec: + params: + - name: revision + value: "tekton" + pipelineRef: + name: python-tracer-ci-pipeline + workspaces: + - name: python-tracer-ci-pipeline-pvc + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Mi diff --git a/.tekton/run_unittests.sh b/.tekton/run_unittests.sh new file mode 100755 index 000000000..cd63a9bad --- /dev/null +++ b/.tekton/run_unittests.sh @@ -0,0 +1,76 @@ +#!/usr/bin/env bash +set -e + +if [[ -z "${TEST_CONFIGURATION}" ]]; then + echo "The TEST_CONFIGURATION environment variable is missing." >&2 + echo "This should have been provided by the Tekton Task or the developer" >&2 + exit 1 +fi + +if [[ -z "${PYTHON_VERSION}" ]]; then + echo "The PYTHON_VERSION environment variable is missing." >&2 + echo "This is a built-in variable in the official python container images" >&2 + exit 2 +fi + +PYTHON_MINOR_VERSION="$(echo "${PYTHON_VERSION}" | cut -d'.' -f 2)" + +case "${TEST_CONFIGURATION}" in +default) + case "${PYTHON_MINOR_VERSION}" in + 7) + export REQUIREMENTS='requirements-307.txt' ;; + 10 | 11) + export REQUIREMENTS='requirements-310.txt' ;; + 12) + export REQUIREMENTS='requirements-312.txt' ;; + *) + export REQUIREMENTS='requirements.txt' ;; + esac + export TESTS='tests' ;; +cassandra) + export REQUIREMENTS='requirements-cassandra.txt' + export TESTS='tests/clients/test_cassandra-driver.py' + export CASSANDRA_TEST='true' ;; +couchbase) + export REQUIREMENTS='requirements-couchbase.txt' + export TESTS='tests/clients/test_couchbase.py' + export COUCHBASE_TEST='true' ;; +gevent) + export REQUIREMENTS='requirements-gevent.txt' + export TESTS='tests/frameworks/test_gevent.py' + export GEVENT_TEST='true' ;; +*) + echo "ERROR \$TEST_CONFIGURATION='${TEST_CONFIGURATION}' is unsupported " \ + "not in (default|cassandra|couchbase|gevent)" >&2 + exit 3 ;; +esac + +echo -n "Configuration is '${TEST_CONFIGURATION}' on ${PYTHON_VERSION} " +echo "with dependencies in '${REQUIREMENTS}'" +export INSTANA_TEST='true' +ls -lah . +if [[ -n "${COUCHBASE_TEST}" ]]; then + echo "Install Couchbase Dependencies" + # Even if we use bookworm for running this, we need to add the bionic repo + # See: https://forums.couchbase.com/ + # t/installing-libcouchbase-dev-on-ubuntu-20-focal-fossa/25955/3 + wget -O - http://packages.couchbase.com/ubuntu/couchbase.key | apt-key add - + echo "deb http://packages.couchbase.com/ubuntu bionic bionic/main" \ + > /etc/apt/sources.list.d/couchbase.list + apt update + apt install libcouchbase-dev -y +fi +python -m venv /tmp/venv +# shellcheck disable=SC1091 +source /tmp/venv/bin/activate +pip install --upgrade pip "$([[ -n ${COUCHBASE_TEST} ]] && echo wheel || echo pip)" +pip install -e . +pip install -r "tests/${REQUIREMENTS}" + +coverage run \ + --source=instana \ + --data-file=".coverage-${PYTHON_VERSION}-${TEST_CONFIGURATION}" \ + --module \ + pytest \ + --verbose --junitxml=test-results "${TESTS}" # pytest options (not coverage options anymore) diff --git a/.tekton/task.yaml b/.tekton/task.yaml new file mode 100644 index 000000000..03970fb09 --- /dev/null +++ b/.tekton/task.yaml @@ -0,0 +1,177 @@ +--- +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: python-tracer-clone-task +spec: + params: + - name: revision + type: string + workspaces: + - name: task-pvc + mountPath: /workspace + steps: + - name: clone + # alpine/git:2.43.0 + image: alpine/git@sha256:6ff4de047dcc8f0c7d75d2efff63fbc189e87d2f458305f2cc8f165ff83309cf + script: | + #!/bin/sh + echo "Cloning repo" + cd /workspace && git clone --depth 1 -b $(params.revision) https://github.com/instana/python-sensor + ls -lah /workspace +--- +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: python-tracer-unittest-cassandra-task +spec: + sidecars: + - name: cassandra + # cassandra:3.11.16-jammy + image: cassandra@sha256:7d32a79e9adb4ca8c26f798e4a44ec8438da99c6bda2969410ea46cbdb0b4b94 + env: + - name: MAX_HEAP_SIZE + value: 2048m + - name: HEAP_NEWSIZE + value: 512m + readinessProbe: + exec: + command: + - cqlsh + - -e + - 'describe cluster' + initialDelaySeconds: 20 + params: + - name: imageDigest + type: string + workspaces: + - name: task-pvc + mountPath: /workspace + steps: + - name: unittest + image: python@$(params.imageDigest) + env: + - name: TEST_CONFIGURATION + value: cassandra + workingDir: /workspace/python-sensor/ + command: + - /workspace/python-sensor/.tekton/run_unittests.sh +--- +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: python-tracer-unittest-couchbase-task +spec: + sidecars: + - name: couchbase + # couchbase/server-sandbox:5.5.1 + image: couchbase/server-sandbox@sha256:d04302ea7782a0f53c3f371971138b339097d5e41f4154def5bdecc5bbb2e1da + readinessProbe: + httpGet: + path: /ui/index.html + port: 8091 + # This Couchbase image recommends 60sec waiting for initial configuration + # Starting the tests too soon may result in + # "Error during initial configuration - aborting container" + # apparently because "vbucket map not available yet" + initialDelaySeconds: 60 + params: + - name: imageDigest + type: string + workspaces: + - name: task-pvc + mountPath: /workspace + steps: + - name: unittest + image: python@$(params.imageDigest) + env: + - name: TEST_CONFIGURATION + value: couchbase + workingDir: /workspace/python-sensor/ + command: + - /workspace/python-sensor/.tekton/run_unittests.sh +--- +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: python-tracer-unittest-gevent-task +spec: + params: + - name: imageDigest + type: string + workspaces: + - name: task-pvc + mountPath: /workspace + steps: + - name: unittest + image: python@$(params.imageDigest) + env: + - name: TEST_CONFIGURATION + value: gevent + workingDir: /workspace/python-sensor/ + command: + - /workspace/python-sensor/.tekton/run_unittests.sh +--- +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: python-tracer-unittest-default-task +spec: + sidecars: + - name: google-cloud-pubsub + # egymgmbh/pubsub-emulator:gh-mb117 + image: egymgmbh/pubsub-emulator@sha256:88897fa72337b22a8edabf17a8b30bf9d9c6388b7c7e6d8c2b5e5c96d73fede1 + command: + - /init.sh + - test-project + - test-topic + - test-subscription + - name: mariadb + # mariadb:11.3.2 + image: mariadb@sha256:851f05fe1e4cb290442c1b12b7108436a33fd8f6a733d4989950322d06d45c65 + env: + - name: MYSQL_ROOT_PASSWORD # or MARIADB_ROOT_PASSWORD + value: passw0rd + - name: MYSQL_DATABASE # or MARIADB_DATABASE + value: instana_test_db + - name: mongo + # mongo:7.0.6 + image: mongo@sha256:125bda8abe859bcebc47e4a7e0921508d3bcb47725d261f0a2bcf4ea5c837dd5 + - name: postgres + # postgres:16.2-bookworm + image: postgres@sha256:3bfb87432e26badf72d727a0c5f5bb7b81438cd9baec5be8531c70a42b07adc6 + env: + - name: POSTGRES_USER + value: root + - name: POSTGRES_PASSWORD + value: passw0rd + - name: POSTGRES_DB + value: instana_test_db + readinessProbe: + exec: + command: + - sh + - -c + - pg_isready --host 127.0.0.1 --port 5432 --dbname=${POSTGRES_DB} + timeoutSeconds: 10 + - name: redis + # redis:7.2.4-bookworm + image: redis@sha256:fe98b2d39d462d06a7360e2860dd6ceff930745e3731eccb3c1406dd0dd7f744 + - name: rabbitmq + # rabbitmq:3.13.0 + image: rabbitmq@sha256:27819d7be883b8aea04b9a244460181ef97427a98f8323b39402d65e6eb2ce6f + params: + - name: imageDigest + type: string + workspaces: + - name: task-pvc + mountPath: /workspace + steps: + - name: unittest + image: python@$(params.imageDigest) + env: + - name: TEST_CONFIGURATION + value: default + workingDir: /workspace/python-sensor/ + command: + - /workspace/python-sensor/.tekton/run_unittests.sh diff --git a/.tekton/tekton-triggers-eventlistener-serviceaccount.yaml b/.tekton/tekton-triggers-eventlistener-serviceaccount.yaml new file mode 100644 index 000000000..e4576c3c1 --- /dev/null +++ b/.tekton/tekton-triggers-eventlistener-serviceaccount.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-triggers-eventlistener-serviceaccount +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-triggers-eventlistener-serviceaccount-binding +subjects: +- kind: ServiceAccount + name: tekton-triggers-eventlistener-serviceaccount +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-triggers-eventlistener-roles +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-triggers-eventlistener-serviceaccount-clusterbinding +subjects: +- kind: ServiceAccount + name: tekton-triggers-eventlistener-serviceaccount + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-triggers-eventlistener-clusterroles