Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pr environment, open/updated pr workflow #1640

Closed
wants to merge 1 commit into from
Closed

Pr environment, open/updated pr workflow #1640

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
150 changes: 150 additions & 0 deletions .github/workflows/pr_env.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,150 @@
name: Pull request environment

on:
pull_request:
types:
- opened
- synchronize
- labeled

env:
MANTAINERS: "[\"cdimonaco\", \"dottorblaster\", \"fabriziosestito\", \"rtorrero\", \"nelsonkopliku\", \"arbulu89\",\"jagabomb\",\"emaksy\",\"jamie-suse\"]"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we use some already predefined group instead of individual names?
We have the Developers groups for example.
Or Admins, or something like that.
Plain users don't look like the best option

PR_ENV_LABEL: env
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We would need to document this label usage

PR_NUMBER: "${{ github.event.pull_request.number }}"

jobs:
check_env_creation_privilege:
name: Check if the environment creation criteria are met, store in the job output
runs-on: ubuntu-latest
outputs:
create_env: ${{ steps.check.outputs.create_env }}
steps:
- id: check
run: echo "create_env=${{ contains(fromJson(env.MANTAINERS), github.event.sender.login) && contains(github.event.pull_request.labels.*.name, env.PR_ENV_LABEL) }}" >> "$GITHUB_OUTPUT"

build-and-push-pr-image:
needs: check_env_creation_privilege
name: Build and push pull request container image
runs-on: ubuntu-latest
if: needs.check_env_creation_privilege.outputs.create_env == 'true'
permissions:
contents: read
packages: write
env:
REGISTRY: ghcr.io
IMAGE_REPOSITORY: ghcr.io/${{ github.repository_owner }}/trento-web
IMAGE_TAG: ${{ github.event.pull_request.number }}-env
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess we should put PR_NUMBER here, or remove the declaration above if we are not going to use it.

steps:
- name: Cancel Previous Runs
uses: styfle/cancel-workflow-action@0.11.0
with:
access_token: ${{ github.token }}
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: docker/setup-buildx-action@v2
- name: Log in to the Container registry
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175
with:
images: ${{ env.IMAGE_REPOSITORY }}
- name: Build and push container image
uses: docker/build-push-action@v4
with:
context: .
push: true
tags: ${{ env.IMAGE_REPOSITORY }}:${{ env.IMAGE_TAG }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max

create_pr_environment:
name: Create or update the pr environment
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we should put pr as capital letters (PR) in the texts?
To highlight that it is an acronym

runs-on: ubuntu-latest
needs: build-and-push-pr-image
env:
PR_BASE_URL: ${{ github.event.pull_request.number }}.prenv.trento.suse.com
PR_NUMBER: ${{ github.event.pull_request.number }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to re-declare this PR_NUMBER again?

steps:
- name: Checkout ansible repo
uses: actions/checkout@v3
with:
repository: trento-project/ansible
path: ansible
ref: "temporary_fix_remove_origin_nginx_conf"
- name: Install galaxy deps
run: ansible-galaxy install -r ansible/requirements.yml
- name: Run playbook
uses: dawidd6/action-ansible-playbook@v2
with:
playbook: ansible/playbook.yml
key: ${{ secrets.SSH_PR_MACHINE_KEY }}
inventory: |
all:
vars:
ansible_user: ec2-user
children:
trento-server:
hosts:
server:
ansible_host: ${{ secrets.PR_ENV_MACHINE_IP }}
postgres-hosts:
hosts:
server:
ansible_host: ${{ secrets.PR_ENV_MACHINE_IP }}
rabbitmq-hosts:
hosts:
server:
ansible_host: ${{ secrets.PR_ENV_MACHINE_IP }}
options: |
--extra-vars "web_postgres_db='${{ env.PR_NUMBER}}db' \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's put an extra space after env.PR_NUMBER -> {{ env.PR_NUMBER }}

web_postgres_event_store='${{ env.PR_NUMBER}}edb' \
wanda_postgres_db='${{ env.PR_NUMBER}}wandadb' \
web_postgres_user='${{ env.PR_NUMBER}}web' \
wanda_postgres_user='${{ env.PR_NUMBER}}wanda' \
web_container_name='${{ env.PR_NUMBER}}web' \
web_container_image='ghcr.io/trento-project/trento-web:${{ env.PR_NUMBER}}-env' \
wanda_container_name='${{ env.PR_NUMBER}}wanda' \
docker_network_name='${{ env.PR_NUMBER}}net' \
nginx_vhost_filename='${{ env.PR_NUMBER}}' \
trento_server_name='${{ env.PR_BASE_URL}}' \
web_postgres_password='trento' \
wanda_postgres_password='wanda' \
rabbitmq_vhost='${{ env.PR_NUMBER}}' \
rabbitmq_password='trento' \
prometheus_url='http://localhost' \
web_admin_password='adminpassword' \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should put this web_admin_password in our secrets just in case

enable_api_key='false' \
nginx_vhost_listen_port='443' \
force_recreate_wanda_container='true' \
force_recreate_web_container='true' \
force_pull_images='true' \
trento_server_url='http://${{ env.PR_BASE_URL}}'"
run-photofinish-demo-env:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a new line before this job?

name: Use photofinish to push mock data to the pr environment
runs-on: ubuntu-20.04
needs: create_pr_environment
env:
TRENTO_PR_ENV_URL: "${{ github.event.pull_request.number }}.prenv.trento.suse.com"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could declare this on top of the file, to avoid re-declaring for each job

steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install photofinish
uses: jaxxstorm/action-install-gh-release@v1.10.0
with:
repo: trento-project/photofinish
tag: v1.2.2
cache: enable
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Give executable permissions to photofinish
run: chmod +x $(whereis photofinish | cut -d" " -f2)
- name: Push data
run: photofinish run healthy-27-node-SAP-cluster -u "https://$TRENTO_PR_ENV_URL/api/v1/collect"
120 changes: 120 additions & 0 deletions .github/workflows/pr_env_close.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
name: Pull request environment cleanup

on:
pull_request:
types:
- closed

env:
MANTAINERS: "[\"cdimonaco\", \"dottorblaster\", \"fabriziosestito\", \"rtorrero\", \"nelsonkopliku\", \"arbulu89\",\"jagabomb\",\"emaksy\",\"jamie-suse\"]"
PR_ENV_LABEL: env
PR_NUMBER: "${{ github.event.pull_request.number }}"

jobs:
check_env_creation_privilege:
name: Check if the environment deletion criteria are met, store in the job output
runs-on: ubuntu-latest
outputs:
create_env: ${{ steps.check.outputs.create_env }}
steps:
- id: check
run: echo "create_env=${{ contains(github.event.pull_request.labels.*.name, env.PR_ENV_LABEL) }}" >> "$GITHUB_OUTPUT"

delete-pr-image:
needs: check_env_creation_privilege
name: Build and push pull request container image
runs-on: ubuntu-latest
if: needs.check_env_creation_privilege.outputs.create_env == 'true'
permissions:
contents: read
packages: write
env:
REGISTRY: ghcr.io
IMAGE_REPOSITORY: ghcr.io/${{ github.repository_owner }}/trento-web
IMAGE_TAG: ${{ github.event.pull_request.number }}-env
steps:
- name: Cancel Previous Runs
uses: styfle/cancel-workflow-action@0.11.0
with:
access_token: ${{ github.token }}
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: docker/setup-buildx-action@v2
- name: Log in to the Container registry
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Delete the container image
uses: bots-house/ghcr-delete-image-action@v1.1.0
with:
name: ${{ env.IMAGE_REPOSITORY }}
tag: ${{ env.IMAGE_TAG }}
owner: ${{ github.actor }}
token: ${{ secrets.GITHUB_TOKEN }}

delete_pr_environment:
name: Delete the pr environment
runs-on: ubuntu-latest
needs: build-and-push-pr-image
steps:
- name: Checkout ansible repo
uses: actions/checkout@v3
with:
repository: trento-project/ansible
path: ansible
- name: Add pipx_bin to path
if: ${{ env.ACT }}
run: echo '/opt/pipx_bin' >> $GITHUB_PATH
- name: Install galaxy deps
run: ansible-galaxy install -r ansible/requirements.yml
- name: Run playbook
uses: dawidd6/action-ansible-playbook@v2
with:
playbook: ansible/playbook.cleanup.yml
key: ${{ secrets.SSH_PR_MACHINE_KEY }}
inventory: |
all:
vars:
ansible_user: ec2-user
children:
trento-server:
hosts:
server:
ansible_host: ${{ secrets.PR_ENV_MACHINE_IP }}
postgres-hosts:
hosts:
server:
ansible_host: ${{ secrets.PR_ENV_MACHINE_IP }}
rabbitmq-hosts:
hosts:
server:
ansible_host: ${{ secrets.PR_ENV_MACHINE_IP }}
options: |
--extra-vars "web_postgres_db='${{ env.PR_NUMBER}}db' \
web_postgres_event_store='${{ env.PR_NUMBER}}edb' \
wanda_postgres_db='${{ env.PR_NUMBER}}wandadb' \
web_postgres_user='${{ env.PR_NUMBER}}web' \
wanda_postgres_user='${{ env.PR_NUMBER}}wanda' \
web_container_name='${{ env.PR_NUMBER}}web' \
web_container_image='ghcr.io/trento-project/trento-web:${{ env.PR_NUMBER}}-env' \
wanda_container_name='${{ env.PR_NUMBER}}wanda' \
docker_network_name='${{ env.PR_NUMBER}}net' \
nginx_vhost_filename='${{ env.PR_NUMBER}}' \
trento_server_name='${{ env.PR_BASE_URL}}' \
web_postgres_password='trento' \
wanda_postgres_password='wanda' \
rabbitmq_vhost='${{ env.PR_NUMBER}}' \
rabbitmq_password='trento' \
prometheus_url='http://localhost' \
web_admin_password='adminpassword' \
enable_api_key='false' \
nginx_vhost_listen_port='443' \
force_recreate_wanda_container='true' \
force_recreate_web_container='true' \
web_upstream_name='${{ env.PR_NUMBER}}web' \
wanda_upstream_name='${{ env.PR_NUMBER}}wanda' \
grafana_upstream_name='${{ env.PR_NUMBER}}grafana' \
trento_server_url='http://${{ env.PR_BASE_URL}}'"