Merge branch 'master' into feature/renovate

pennlabs · Mar 14, 2021 · b18309a · b18309a
2 parents 3f9e2cb + 82f28e6
commit b18309a
Show file tree

Hide file tree

Showing 114 changed files with 1,390 additions and 1,848 deletions.
diff --git a/.github/cdk/main.ts b/.github/cdk/main.ts
@@ -1,25 +1,28 @@
-import { App, Job, Stack, Workflow } from "cdkactions";
+import { App, CheckoutJob, Stack, Workflow } from "cdkactions";
 import { CDKPublishStack } from "@pennlabs/kraken"
 import { Construct } from "constructs";
 
-export class AutoApproveStack extends Stack {
+class TerraformLintStack extends Stack {
   constructor(scope: Construct, name: string) {
     super(scope, name);
 
-    const workflow = new Workflow(this, 'approve', {
-      name: 'Auto Approve dependabot PRs',
-      on: 'pullRequest',
+    const workflow = new Workflow(this, 'terraform', {
+      name: 'Lint terraform files',
+      on: {
+        push: {
+          paths: ['terraform/**.tf']
+        }
+      },
     });
 
-    new Job(workflow, 'approve', {
+    new CheckoutJob(workflow, 'lint', {
       runsOn: 'ubuntu-latest',
       steps: [
         {
-          uses: 'hmarr/auto-approve-action@v2.0.0',
-          if: "github.actor == 'dependabot[bot]'",
-          with: {
-            "github-token": "${{ secrets.BOT_GITHUB_PAT }}"
-          }
+          uses: 'hashicorp/setup-terraform@v1'
+        },
+        {
+          run: 'terraform fmt -check -recursive terraform'
         }
       ],
     });
@@ -29,5 +32,5 @@ export class AutoApproveStack extends Stack {
 const app = new App();
 new CDKPublishStack(app, 'kraken');
 new CDKPublishStack(app, 'kittyhawk');
-new AutoApproveStack(app, 'approve');
+new TerraformLintStack(app, 'terraform');
 app.synth();
diff --git a/.github/workflows/cdkactions_approve.yaml b/.github/workflows/cdkactions_approve.yaml
diff --git a/.github/workflows/cdkactions_terraform.yaml b/.github/workflows/cdkactions_terraform.yaml
@@ -0,0 +1,14 @@
+# Generated by cdkactions. Do not modify
+# Generated as part of the 'terraform' stack.
+name: Lint terraform files
+on:
+  push:
+    paths:
+      - terraform/**.tf
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: hashicorp/setup-terraform@v1
+      - run: terraform fmt -check -recursive terraform
diff --git a/atlantis.yaml b/atlantis.yaml
diff --git a/cdk/kittyhawk/package.json b/cdk/kittyhawk/package.json
@@ -48,7 +48,7 @@
     "standard-version": "^9.0.0",
     "ts-jest": "^26.4.4",
     "typedoc": "^0.19.2",
-    "typescript": "^3.9.5"
+    "typescript": "^4.1.5"
   },
   "dependencies": {
     "cdk8s": "^1.0.0-beta.5",

diff --git a/cdk/kittyhawk/yarn.lock b/cdk/kittyhawk/yarn.lock
@@ -6095,7 +6095,12 @@ typedoc@^0.19.2:
     shelljs "^0.8.4"
     typedoc-default-themes "^0.11.4"
 
-typescript@^3.9.5, typescript@~3.9.7:
+typescript@^4.1.5:
+  version "4.1.5"
+  resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.1.5.tgz#123a3b214aaff3be32926f0d8f1f6e704eb89a72"
+  integrity sha512-6OSu9PTIzmn9TCDiovULTnET6BgXtDYL4Gg4szY+cGsc3JP1dQL8qvE8kShTRx1NIw4Q9IBHlwODjkjWEtMUyA==
+
+typescript@~3.9.7:
   version "3.9.7"
   resolved "https://registry.yarnpkg.com/typescript/-/typescript-3.9.7.tgz#98d600a5ebdc38f40cb277522f12dc800e9e25fa"
   integrity sha512-BLbiRkiBzAwsjut4x/dsibSTB6yWpwT5qWmC2OfuCg3GgVQCSgMs4vEctYPhsaGtd0AeuuHMkjZ2h2WG8MSzRw==

diff --git a/cdk/kraken/CHANGELOG.md b/cdk/kraken/CHANGELOG.md
@@ -1,5 +1,21 @@
 # Changelog
 
+## 0.5.0 (2021-02-25)
+
+* Modify deploy job to deploy to AWS EKS
+
+## 0.4.12 (2021-02-17)
+
+* Hotfix deploy job part 2
+
+## 0.4.11 (2021-02-17)
+
+* Hotfix deploy job
+
+## 0.4.10 (2021-02-13)
+
+* Modify deploy script to fully fail if a single command fails
+
 ## 0.4.9 (2021-02-11)
 
 * Create an auto-approve stack for dependabot PRs

diff --git a/cdk/kraken/package.json b/cdk/kraken/package.json
@@ -46,7 +46,7 @@
     "standard-version": "^9.0.0",
     "ts-jest": "^26.4.4",
     "typedoc": "^0.19.2",
-    "typescript": "^3.9.5"
+    "typescript": "^4.1.5"
   },
   "peerDependencies": {},
   "dependencies": {
@@ -64,7 +64,7 @@
   ],
   "main": "lib/index.js",
   "license": "MIT",
-  "version": "0.4.9",
+  "version": "0.5.0",
   "jest": {
     "clearMocks": true,
     "collectCoverage": true,
@@ -97,4 +97,4 @@
   },
   "types": "lib/index.d.ts",
   "//": "~~ Generated by projen. To modify, edit .projenrc.js and run \"npx projen\"."
-}
+}
diff --git a/cdk/kraken/src/deploy.ts b/cdk/kraken/src/deploy.ts
@@ -38,7 +38,7 @@ export class DeployJob extends CheckoutJob {
     // Build config
     const fullConfig: Required<DeployJobProps> = {
       deployTag: '${{ github.sha }}',
-      image: 'pennlabs/helm-tools:c964e53d3e3e88d36677e84f5437da40a289c7a4',
+      image: 'pennlabs/helm-tools:39b60af248944898fcbc58d1fe5b0f1995420aef',
       defaultBranch: 'master',
       ...config,
     };
@@ -52,10 +52,8 @@ export class DeployJob extends CheckoutJob {
       if: `github.ref == 'refs/heads/${fullConfig.defaultBranch}'`,
       steps: [{
         name: 'Deploy',
-        run: dedent`curl -s -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $DO_AUTH_TOKEN" "https://api.digitalocean.com/v2/kubernetes/clusters/\${K8S_CLUSTER_ID}/kubeconfig" > /kubeconfig.conf
-        
-        export KUBECONFIG=/kubeconfig.conf
-        
+        run: dedent`aws eks --region us-east-1 update-kubeconfig --name production --role-arn arn:aws:iam::\${AWS_ACCOUNT_ID}:role/kubectl
+
         # get repo name (by removing owner/organization)
         RELEASE_NAME=\${REPOSITORY#*/}
 
@@ -65,16 +63,26 @@ export class DeployJob extends CheckoutJob {
             echo "Could not find deploy tag"
             exit 1
         fi
-        
+
         helm repo add pennlabs https://helm.pennlabs.org/
-        
         for i in {1..10}; do
-          helm upgrade --install --atomic --set=image_tag=$IMAGE_TAG -f k8s/values.yaml --version "\${DEPLOY_TAG}" $RELEASE_NAME pennlabs/icarus && exit 0
+          # This is bash soup, but it'll do.
+          # 1. Attempt to install with helm
+          # 2. If this succeeds, exit with a success status code
+          # 3. If it fails, mark the command as succeeded so that '-e' doesn't kick us out
+          # 4. Wait 10s and try again
+          helm upgrade --install --atomic --set=image_tag=$IMAGE_TAG -f k8s/values.yaml --version "\${DEPLOY_TAG}" $RELEASE_NAME pennlabs/icarus && exit 0 || true
           sleep 10s
           echo "Retrying deploy for $i times"
-        done`,
+        done
+
+        # If we get here, all helm installs failed so our command should fail
+        exit 1`,
         env: {
           IMAGE_TAG: fullConfig.deployTag,
+          AWS_ACCOUNT_ID: '${{ secrets.AWS_ACCOUNT_ID }}',
+          AWS_ACCESS_KEY_ID: '${{ secrets.GH_AWS_ACCESS_KEY_ID }}',
+          AWS_SECRET_ACCESS_KEY: '${{ secrets.GH_AWS_SECRET_ACCESS_KEY }}',
           DO_AUTH_TOKEN: '${{ secrets.DO_AUTH_TOKEN }}',
           K8S_CLUSTER_ID: '${{ secrets.K8S_CLUSTER_ID }}',
           REPOSITORY: '${{ github.repository }}',

diff --git a/cdk/kraken/src/postintegrationimagepublishjob.ts b/cdk/kraken/src/postintegrationimagepublishjob.ts
@@ -81,8 +81,8 @@ export class PostIntegrationPublishJob extends CheckoutJob {
           },
         },
         {
-          name: 'Load docker images',
-          run: fullConfig.dockerImages.map(image => `docker push ${image}`).join('\n'),
+          name: 'Push docker images',
+          run: fullConfig.dockerImages.map(image => `docker push -a ${image}`).join('\n'),
         },
       ],
       ...overrides,

diff --git a/cdk/kraken/test/__snapshots__/custom.test.ts.snap b/cdk/kraken/test/__snapshots__/custom.test.ts.snap
@@ -5,7 +5,7 @@ Object {
   "jobs": Object {
     "deploy": Object {
       "container": Object {
-        "image": "pennlabs/helm-tools:c964e53d3e3e88d36677e84f5437da40a289c7a4",
+        "image": "pennlabs/helm-tools:39b60af248944898fcbc58d1fe5b0f1995420aef",
       },
       "if": "github.ref == 'refs/heads/master'",
       "needs": Array [
@@ -21,15 +21,16 @@ Object {
         },
         Object {
           "env": Object {
+            "AWS_ACCESS_KEY_ID": "\${{ secrets.GH_AWS_ACCESS_KEY_ID }}",
+            "AWS_ACCOUNT_ID": "\${{ secrets.AWS_ACCOUNT_ID }}",
+            "AWS_SECRET_ACCESS_KEY": "\${{ secrets.GH_AWS_SECRET_ACCESS_KEY }}",
             "DO_AUTH_TOKEN": "\${{ secrets.DO_AUTH_TOKEN }}",
             "IMAGE_TAG": "\${{ github.sha }}",
             "K8S_CLUSTER_ID": "\${{ secrets.K8S_CLUSTER_ID }}",
             "REPOSITORY": "\${{ github.repository }}",
           },
           "name": "Deploy",
-          "run": "curl -s -X GET -H \\"Content-Type: application/json\\" -H \\"Authorization: Bearer $DO_AUTH_TOKEN\\" \\"https://api.digitalocean.com/v2/kubernetes/clusters/\${K8S_CLUSTER_ID}/kubeconfig\\" > /kubeconfig.conf
-
-export KUBECONFIG=/kubeconfig.conf
+          "run": "aws eks --region us-east-1 update-kubeconfig --name production --role-arn arn:aws:iam::\${AWS_ACCOUNT_ID}:role/kubectl
 
 # get repo name (by removing owner/organization)
 RELEASE_NAME=\${REPOSITORY#*/}
@@ -42,12 +43,19 @@ if [ \\"$DEPLOY_TAG\\" = \\"null\\" ]; then
 fi
 
 helm repo add pennlabs https://helm.pennlabs.org/
-
 for i in {1..10}; do
-  helm upgrade --install --atomic --set=image_tag=$IMAGE_TAG -f k8s/values.yaml --version \\"\${DEPLOY_TAG}\\" $RELEASE_NAME pennlabs/icarus && exit 0
+  # This is bash soup, but it'll do.
+  # 1. Attempt to install with helm
+  # 2. If this succeeds, exit with a success status code
+  # 3. If it fails, mark the command as succeeded so that '-e' doesn't kick us out
+  # 4. Wait 10s and try again
+  helm upgrade --install --atomic --set=image_tag=$IMAGE_TAG -f k8s/values.yaml --version \\"\${DEPLOY_TAG}\\" $RELEASE_NAME pennlabs/icarus && exit 0 || true
   sleep 10s
   echo \\"Retrying deploy for $i times\\"
-done",
+done
+
+# If we get here, all helm installs failed so our command should fail
+exit 1",
         },
       ],
     },

diff --git a/cdk/kraken/test/__snapshots__/integration-tests.test.ts.snap b/cdk/kraken/test/__snapshots__/integration-tests.test.ts.snap
@@ -94,8 +94,8 @@ done",
           },
         },
         Object {
-          "name": "Load docker images",
-          "run": "docker push image",
+          "name": "Push docker images",
+          "run": "docker push -a image",
         },
       ],
     },

diff --git a/cdk/kraken/test/__snapshots__/labs-application.test.ts.snap b/cdk/kraken/test/__snapshots__/labs-application.test.ts.snap
@@ -135,15 +135,13 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     container:
-      image: pennlabs/helm-tools:c964e53d3e3e88d36677e84f5437da40a289c7a4
+      image: pennlabs/helm-tools:39b60af248944898fcbc58d1fe5b0f1995420aef
     if: github.ref == 'refs/heads/master'
     steps:
       - uses: actions/checkout@v2
       - name: Deploy
         run: |-
-          curl -s -X GET -H \\"Content-Type: application/json\\" -H \\"Authorization: Bearer $DO_AUTH_TOKEN\\" \\"https://api.digitalocean.com/v2/kubernetes/clusters/\${K8S_CLUSTER_ID}/kubeconfig\\" > /kubeconfig.conf
-
-          export KUBECONFIG=/kubeconfig.conf
+          aws eks --region us-east-1 update-kubeconfig --name production --role-arn arn:aws:iam::\${AWS_ACCOUNT_ID}:role/kubectl
 
           # get repo name (by removing owner/organization)
           RELEASE_NAME=\${REPOSITORY#*/}
@@ -156,14 +154,24 @@ jobs:
           fi
 
           helm repo add pennlabs https://helm.pennlabs.org/
-
           for i in {1..10}; do
-            helm upgrade --install --atomic --set=image_tag=$IMAGE_TAG -f k8s/values.yaml --version \\"\${DEPLOY_TAG}\\" $RELEASE_NAME pennlabs/icarus && exit 0
+            # This is bash soup, but it'll do.
+            # 1. Attempt to install with helm
+            # 2. If this succeeds, exit with a success status code
+            # 3. If it fails, mark the command as succeeded so that '-e' doesn't kick us out
+            # 4. Wait 10s and try again
+            helm upgrade --install --atomic --set=image_tag=$IMAGE_TAG -f k8s/values.yaml --version \\"\${DEPLOY_TAG}\\" $RELEASE_NAME pennlabs/icarus && exit 0 || true
             sleep 10s
             echo \\"Retrying deploy for $i times\\"
           done
+
+          # If we get here, all helm installs failed so our command should fail
+          exit 1
         env:
           IMAGE_TAG: \${{ github.sha }}
+          AWS_ACCOUNT_ID: \${{ secrets.AWS_ACCOUNT_ID }}
+          AWS_ACCESS_KEY_ID: \${{ secrets.GH_AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: \${{ secrets.GH_AWS_SECRET_ACCESS_KEY }}
           DO_AUTH_TOKEN: \${{ secrets.DO_AUTH_TOKEN }}
           K8S_CLUSTER_ID: \${{ secrets.K8S_CLUSTER_ID }}
           REPOSITORY: \${{ github.repository }}
@@ -372,23 +380,21 @@ jobs:
         with:
           username: \${{ secrets.DOCKER_USERNAME }}
           password: \${{ secrets.DOCKER_PASSWORD }}
-      - name: Load docker images
+      - name: Push docker images
         run: |-
-          docker push pennlabs/example-backend
-          docker push pennlabs/example-frontend
+          docker push -a pennlabs/example-backend
+          docker push -a pennlabs/example-frontend
     needs: integration-tests
   deploy:
     runs-on: ubuntu-latest
     container:
-      image: pennlabs/helm-tools:c964e53d3e3e88d36677e84f5437da40a289c7a4
+      image: pennlabs/helm-tools:39b60af248944898fcbc58d1fe5b0f1995420aef
     if: github.ref == 'refs/heads/master'
     steps:
       - uses: actions/checkout@v2
       - name: Deploy
         run: |-
-          curl -s -X GET -H \\"Content-Type: application/json\\" -H \\"Authorization: Bearer $DO_AUTH_TOKEN\\" \\"https://api.digitalocean.com/v2/kubernetes/clusters/\${K8S_CLUSTER_ID}/kubeconfig\\" > /kubeconfig.conf
-
-          export KUBECONFIG=/kubeconfig.conf
+          aws eks --region us-east-1 update-kubeconfig --name production --role-arn arn:aws:iam::\${AWS_ACCOUNT_ID}:role/kubectl
 
           # get repo name (by removing owner/organization)
           RELEASE_NAME=\${REPOSITORY#*/}
@@ -401,14 +407,24 @@ jobs:
           fi
 
           helm repo add pennlabs https://helm.pennlabs.org/
-
           for i in {1..10}; do
-            helm upgrade --install --atomic --set=image_tag=$IMAGE_TAG -f k8s/values.yaml --version \\"\${DEPLOY_TAG}\\" $RELEASE_NAME pennlabs/icarus && exit 0
+            # This is bash soup, but it'll do.
+            # 1. Attempt to install with helm
+            # 2. If this succeeds, exit with a success status code
+            # 3. If it fails, mark the command as succeeded so that '-e' doesn't kick us out
+            # 4. Wait 10s and try again
+            helm upgrade --install --atomic --set=image_tag=$IMAGE_TAG -f k8s/values.yaml --version \\"\${DEPLOY_TAG}\\" $RELEASE_NAME pennlabs/icarus && exit 0 || true
             sleep 10s
             echo \\"Retrying deploy for $i times\\"
           done
+
+          # If we get here, all helm installs failed so our command should fail
+          exit 1
         env:
           IMAGE_TAG: \${{ github.sha }}
+          AWS_ACCOUNT_ID: \${{ secrets.AWS_ACCOUNT_ID }}
+          AWS_ACCESS_KEY_ID: \${{ secrets.GH_AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: \${{ secrets.GH_AWS_SECRET_ACCESS_KEY }}
           DO_AUTH_TOKEN: \${{ secrets.DO_AUTH_TOKEN }}
           K8S_CLUSTER_ID: \${{ secrets.K8S_CLUSTER_ID }}
           REPOSITORY: \${{ github.repository }}

diff --git a/cdk/kraken/version.json b/cdk/kraken/version.json
@@ -1,3 +1,3 @@
 {
-  "version": "0.4.9"
+  "version": "0.5.0"
 }