Taskfile.yaml

version: "3"

dotenv:
  - .env

vars:
  deployment: "{{.DEPLOYMENT | default `ci`}}"
  project: "{{.PROJECT | default `kargo`}}"
  organization: "{{.ORGANIZATION | default .GITHUB_USER}}"
  pulumi_dir: "{{.PWD}}/.pulumi"
  kube_dir: "{{.PWD}}/.kube"
  kube_config_file: "{{.kube_dir}}/config"
  pulumi_stack_identifier: "{{.organization}}/{{.project}}/{{.deployment}}"
  talos_dir: "{{.PWD}}/.talos"
  talos_patch: "{{.talos_dir}}/patch/cluster.yaml"
  talos_config_file: "{{.talos_dir}}/manifest/talosconfig"
  cluster_name: "talos-kargo-docker"
  exposed_ports: "30590:30590/tcp,10443:10443/tcp"
  memory: "8192"
  arch:
    sh: |
      arch=$(uname -m)
      if [ "$arch" = "x86_64" ]; then
        echo "amd64"
      elif [ "$arch" = "aarch64" ] || [ "$arch" = "arm64" ]; then
        echo "arm64"
      else
        echo "unknown"
      fi

tasks:
  ##################################################################################
  # Meta & Utility Tasks
  # TODO: @RUNME remove `source .envrc` when runme support lands for direnv

  default:
    desc: "Run all tasks to set up and configure a Kargo Kubevirt Kubernetes Platform."
    cmds:
      - task: deploy

  printenv:
    desc: "Print environment variables."
    cmds:
      - /usr/bin/echo "{{.kube_dir}}"

  init:
    desc: "Initialize directories and configuration files."
    cmds:
      - mkdir -p .kube .pulumi .talos
      - touch {{.kube_config_file}} {{.talos_config_file}}
      - chmod 600 {{.kube_config_file}} {{.talos_config_file}}

  login:
    desc: "Authenticate with Pulumi."
    cmds:
      - task: init
      - source .envrc && pulumi login
      - source .envrc && pulumi install

  deploy:
    desc: "Deploy Kubernetes + Kargo Kubevirt PaaS IaC"
    deps:
      - iac-cancel
    cmds:
      - task: iac-deploy

  all-pods-ready:
    desc: "Wait for all Kubernetes pods in the cluster to be ready."
    cmds:
      - bash -c 'until [ "$(kubectl get pods --all-namespaces --no-headers | grep -v "Running\\|Completed\\|Succeeded" | wc -l)" -eq 0 ]; do echo "Waiting for pods..."; sleep 5; done'
      - kubectl get pods --all-namespaces --show-labels --kubeconfig {{.kube_config_file}}

  destroy:
    desc: "Clean up and destroy all Pulumi and Kubernetes resources."
    cmds:
      - task: destroy

  act:
    desc: "Test GitHub Actions locally using 'act'."
    cmds:
      - act --container-options "--privileged" --rm --var GITHUB_TOKEN=${GITHUB_TOKEN} --var PULUMI_ACCESS_TOKEN=${PULUMI_ACCESS_TOKEN}

  clean:
    desc: "Clean up all local Kargo resources."
    cmds:
      - task: iac-cancel
      - task: iac-clean

  ssh-clean:
    desc: "Clean up all local SSH known hosts."
    cmds:
      - ssh-keygen -f "/home/vscode/.ssh/known_hosts" -R "[127.0.0.1]:30590" 2>/dev/null || true
      - ssh-keygen -f "/home/vscode/.ssh/known_hosts" -R "[localhost]:30590" 2>/dev/null || true
      - ssh-keygen -f "/home/vscode/.ssh/kubevirt_known_hosts" -R "vmi/ubuntu.default" 2>/dev/null || true

  clean-all:
    desc: "Clean up all local Kargo resources."
    deps:
      - kubernetes-clean
      - ssh-clean
      - clean
    cmds:
      - rm -rf .talos/manifest/* .kube/config .ssh/known_hosts 2>/dev/null || true
      - rm ${HOME}/.pulumi ${HOME}/.kube ${HOME}/.talos 2>/dev/null || true

  stop:
    desc: "Stop the GitHub Codespace."
    cmds:
      - task: clean-all
      - gh codespace --codespace ${CODESPACE_NAME} stop

  ##################################################################################
  # Demo VM Tasks

  vm-deploy:
    desc: "Enable the built in pulumi Ubuntu vm iac feature"
    cmds:
      - source .envrc && pulumi config set --path vm.enabled true
      - source .envrc && pulumi up --yes --skip-preview --refresh --stack {{.pulumi_stack_identifier}}

  vm-destroy:
    desc: "Enable the built in pulumi Ubuntu vm iac feature"
    cmds:
      - source .envrc && pulumi config set --path vm.enabled false
      - source .envrc && pulumi up --yes --skip-preview --refresh --stack {{.pulumi_stack_identifier}}

  ##################################################################################
  # Pulumi Tasks

  configure:
    desc: "Configure Pulumi stack settings."
    cmds:
      - source .envrc && pulumi stack select --create {{.pulumi_stack_identifier}} || true
      - source .envrc && pulumi config set --path kubernetes.distribution talos
      - source .envrc && pulumi config set --path kubernetes.context admin@{{.cluster_name}}
      - source .envrc && pulumi config set --path kubernetes.kubeconfig {{.kube_config_file}}
      - source .envrc && pulumi config set --path cilium.enabled false
      - source .envrc && pulumi config set --path multus.enabled false
      - source .envrc && pulumi config set --path vm.enabled false

  install-gum:
    desc: Installs the gum utility for collecting user input
    cmds:
    - test -e /usr/bin/gum || wget -P /tmp https://github.com/charmbracelet/gum/releases/download/v0.14.5/gum_0.14.5_amd64.deb
    - test -e /usr/bin/gum || sudo dpkg -i /tmp/gum_0.14.5_amd64.deb

  install-pen:
    desc: Installs the pen utility for setting up port forwarding
    cmds:
    - |-
        if [[ -z "${GITHUB_USER}" ]]; then
          echo "Not running in GitHub CodeSpace"
        else
          echo "Running in GitHub CodeSpace"
          test -e /usr/bin/pen || sudo apt-get update
          test -e /usr/bin/pen || sudo apt-get install -y pen
        fi

  configure-openunison:
    desc: "Configure OpenUnison."

    cmds:
      - task: install-gum
      - task: install-pen
      - pen 11443 127.0.0.1:10443
      - pen 12443 127.0.0.1:10443
      - source .envrc && pulumi stack select --create {{.pulumi_stack_identifier}} || true
      - source .envrc && pulumi config set --path openunison.enabled true
      - source .envrc && pulumi config set --path kubernetes_dashboard.enabled true
      - source .envrc && pulumi config set --path openunison.github.client_id $(gum input --placeholder='GitHub OAuth2 Client Id' --header='GitHub OAuth2 Client Id')
      - source .envrc && pulumi config set --secret --path openunison.github.client_secret $(gum input --placeholder='GitHub OAuth2 Client Secret' --header='GitHub OAuth2 Client Secret')
      - source .envrc && pulumi config set --path openunison.github.teams $(gum input --placeholder='GitHub OAuth2 Teams' --header='GitHub OAuth2 Teams')
      - |-
          if [[ -z "${GITHUB_USER}" ]]; then

          else
            echo "Set your GitHub OAuth2 Application's 'Authorization callback URL' to https://$CODESPACE_NAME-10443.app.github.dev/auth/github"
          fi

  enable-kubevirt-manager:
    desc: Enables the KubeVirt Manager Web UI
    cmds:
    - task: install-gum
    - task: install-pen
    - pen 13443 127.0.0.1:10443
    - source .envrc && pulumi stack select --create {{.pulumi_stack_identifier}} || true
    - source .envrc && pulumi config set --path kubevirt_manager.enabled true

  enable-prometheus:
    desc: Enables Prometheus
    cmds:
    - task: install-gum
    - task: install-pen
    - pen 14443 127.0.0.1:10443
    - pen 15443 127.0.0.1:10443
    - pen 16443 127.0.0.1:10443
    - source .envrc && pulumi stack select --create {{.pulumi_stack_identifier}} || true
    - source .envrc && pulumi config set --path prometheus.enabled true



  iac-deploy:
    desc: "Deploy Pulumi infrastructure."
    cmds:
      - task: iac-cancel
      - source .envrc && pulumi up --yes --skip-preview --refresh --continue-on-error --stack {{.pulumi_stack_identifier}} || true
      - task: all-pods-ready
      - source .envrc && pulumi up --yes --skip-preview --refresh --stack {{.pulumi_stack_identifier}}
      - task: all-pods-ready

  iac-destroy:
    desc: "Destroy Pulumi infrastructure."
    cmds:
      - task: iac-cancel
      - |
        source .envrc
        pulumi down --yes --skip-preview --refresh --stack {{.pulumi_stack_identifier}} || true
        pulumi down --yes --skip-preview --refresh --stack {{.pulumi_stack_identifier}}

  iac-cancel:
    desc: "Cancel the Pulumi update."
    cmds:
      - source .envrc && pulumi cancel --yes --stack {{.pulumi_stack_identifier}} 2>/dev/null || true

  iac-clean:
    desc: "Clean up all Pulumi resources."
    cmds:
      - task: iac-cancel
      - source .envrc && pulumi down --yes --skip-preview --refresh --stack {{.pulumi_stack_identifier}} 2>/dev/null || true

  ##################################################################################
  # Talos Tasks

  kubernetes-gen-config:
    desc: "Generate Talos cluster configuration."
    cmds:
      - talosctl gen config {{.project}} https://10.0.5.2:6443 --config-patch @{{.talos_patch}} --force --output .talos/manifest --context {{.cluster_name}}

  kubernetes-deploy:
    desc: "Deploy Kubernetes cluster."
    cmds:
      - task: init
      - |
        talosctl cluster create \
          --arch={{.arch}} \
          --provisioner docker \
          --init-node-as-endpoint \
          --config-patch @{{.talos_patch}} \
          --controlplanes 1 \
          --memory {{.memory}} \
          --exposed-ports {{.exposed_ports}} \
          --context {{.cluster_name}} \
          --name {{.cluster_name}} \
          --workers 0 --crashdump

  kubernetes-ready:
    desc: "Wait for the Talos cluster control plane components to be ready."
    cmds:
      - bash -c 'until kubectl --kubeconfig {{.kube_config_file}} wait --for=condition=Ready pod -l k8s-app=kube-scheduler --namespace=kube-system --timeout=180s; do echo "Waiting for kube-scheduler..."; sleep 5; done' || true
      - bash -c 'until kubectl --kubeconfig {{.kube_config_file}} wait --for=condition=Ready pod -l k8s-app=kube-controller-manager --namespace=kube-system --timeout=180s; do echo "Waiting for kube-controller-manager..."; sleep 5; done' || true
      - bash -c 'until kubectl --kubeconfig {{.kube_config_file}} wait --for=condition=Ready pod -l k8s-app=kube-apiserver --namespace=kube-system --timeout=180s; do echo "Waiting for kube-apiserver..."; sleep 5; done' || true

  kubernetes-clean:
    desc: "Clean up all Kubernetes resources."
    cmds:
      - talosctl cluster destroy --name {{.cluster_name}} 2>/dev/null || true
      - docker rm --force {{.cluster_name}}-controlplane-1 2>/dev/null || true

  kubernetes:
    desc: "Complete setup and configuration of a Kubernetes cluster."
    deps:
      - clean
      - kubernetes-clean
    cmds:
      - task: init
      - task: kubernetes-gen-config
      - task: kubernetes-deploy
      - task: kubernetes-ready
      - task: all-pods-ready