OPSEXP-2222 Migrate helm enterprise to kind (#998)

Alfresco · Jan 23, 2024 · b9281cb · b9281cb
1 parent ac0e630
commit b9281cb
Show file tree

Hide file tree

Showing 7 changed files with 272 additions and 65 deletions.
diff --git a/.github/workflows/helm-community.yml b/.github/workflows/helm-community.yml
@@ -14,45 +14,71 @@ on:
     branches:
       - master
       - release/**
+concurrency:
+  group: helm-com-${{ github.head_ref || github.ref_name }}
+  cancel-in-progress: true
 jobs:
   community_charts:
-    runs-on: [self-hosted, linux, X64]
+    runs-on: [self-hosted]
     steps:
       - uses: actions/checkout@v3
+
       - uses: azure/setup-helm@v3
         with:
          version: "3.12.1"
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        if: ${{ ! github.event.repository.fork }}
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
       - name: Setup cluster
         uses: Alfresco/alfresco-build-tools/.github/actions/setup-kind@v3.1.0
-      - name: Community local deployment
+
+      - name: Create registries auth secret
+        if: ${{ ! github.event.repository.fork }}
+        run: |
+          kubectl create secret generic regcred \
+          --from-file=.dockerconfigjson=$HOME/.docker/config.json \
+          --type=kubernetes.io/dockerconfigjson
+
+      - name: Helm install
         run: |
           helm dep up ./helm/alfresco-content-services
           helm install acs ./helm/alfresco-content-services \
             --set global.tracking.sharedsecret="$(openssl rand -hex 24)" \
             --set global.known_urls=http://localhost \
+            --set global.alfrescoRegistryPullSecrets=regcred \
             --wait --timeout 15m0s --values \
             test/community-integration-test-values.yaml
+
       - name: Spit cluster status
         if: always()
         run: |
           helm ls --all-namespaces
           kubectl get all --all-namespaces
           kubectl describe pod
+
       - name: Wait ACS to warm up
         run: sleep 60
-      - name: run Postman tests
-        uses: matt-ball/newman-action@v1.0.4
+
+      - uses: nick-fields/retry@v2
+        id: newman
         with:
-          globalVar: >-
-            [
-              {
-                "key":"protocol",
-                "value":"http"
-              },
-              {
-                "key":"url",
-                "value":"localhost"
-              }
-            ]
-          collection: test/postman/helm/acs-test-helm-collection.json
-          insecure: true
+          timeout_minutes: 1
+          retry_wait_seconds: 30
+          max_attempts: 5
+          command: >-
+            docker run --network=host
+            -v $(pwd)/test/postman:/etc/postman
+            -t postman/newman run /etc/postman/helm/acs-test-helm-collection.json
+            --global-var protocol=http --global-var url=localhost
+
+      - name: Spit cluster status after tests
+        if: always() && steps.newman.outcome != 'skipped'
+        run: |
+          helm ls --all-namespaces
+          kubectl get all --all-namespaces
+          kubectl describe pod
diff --git a/.github/workflows/helm-enterprise.yml b/.github/workflows/helm-enterprise.yml
@@ -14,15 +14,15 @@ on:
       - master
       - release/**
 concurrency:
-  group: ${{ github.head_ref || github.ref_name || github.run_id }}
-  cancel-in-progress: false
+  group: helm-ent-${{ github.head_ref || github.ref_name }}
+  cancel-in-progress: true
 jobs:
   build_vars:
     runs-on: ubuntu-latest
     if: >-
       github.event_name == 'push'
       || (
-        github.event.pull_request.head.user.login == 'Alfresco'
+        ! github.event.repository.fork
         && github.actor != 'dependabot[bot]'
       )
     outputs:
@@ -54,57 +54,90 @@ jobs:
         run: |
           CHARTS=$(jq -nc --argjson json '${{ env.JSON }}' '${{ env.JQ_FILTER }}')
           echo "json=$CHARTS" >> $GITHUB_OUTPUT
+
   helm_integration:
-    runs-on: [self-hosted, linux, X64]
+    runs-on: [self-hosted]
     needs:
       - build_vars
     name: Helm ${{ matrix.name }} ${{ matrix.values }}
     strategy:
       fail-fast: false
-      max-parallel: 3
       matrix:
         include: ${{ fromJSON(needs.build_vars.outputs.ver_json) }}
     steps:
       - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
+
       - uses: azure/setup-helm@v3
         with:
           version: "3.12.1"
+
       - name: Setup aws cli
         run: |
           curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
           unzip awscliv2.zip
           sudo ./aws/install
+
       - name: Setup dnsutils
         run: |
           sudo apt update
           sudo apt install -y dnsutils
-      - name: compute version as expected by deployment script
-        id: values_to_version
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Login to Quay.io
+        uses: docker/login-action@v2
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+
+      - name: Setup cluster
+        uses: Alfresco/alfresco-build-tools/.github/actions/setup-kind@v3.1.0
+
+      - name: Create registries auth secret
         run: |
-          VFILE="${{ matrix.values }}"
-          if [ "${VFILE}" == 'values.yaml' ]; then V='latest'
-          else V=${VFILE%_values.yaml}
-          fi
-          SANITIZED_V=$(echo ${{ matrix.name }} | sed -r 's/[[:punct:]]?(.)[[:alnum:]]*/\1/g')-${V//./}
-          SANITIZED_V=${SANITIZED_V,,}
-          echo "Release prefix to $SANITIZED_V"
-          echo "app_version=$V" >> $GITHUB_OUTPUT
-          echo "app_prefix=${SANITIZED_V}" >> $GITHUB_OUTPUT
-      - uses: >-
-          Alfresco/alfresco-build-tools/.github/actions/dbp-charts/verify-helm@v3.1.0
+          kubectl create secret generic regcred \
+          --from-file=.dockerconfigjson=$HOME/.docker/config.json \
+          --type=kubernetes.io/dockerconfigjson
+
+      - name: Helm install
+        run: |
+          helm dep up ./helm/alfresco-content-services
+          helm install acs ./helm/alfresco-content-services \
+            --set global.tracking.sharedsecret="$(openssl rand -hex 24)" \
+            --set global.known_urls=http://localhost \
+            --set global.alfrescoRegistryPullSecrets=regcred \
+            --set 'global.registryPullSecrets[0]=regcred' \
+            --wait --timeout 15m0s \
+            --values helm/${{ matrix.name }}/${{ matrix.values }} \
+            --values test/enterprise-integration-test-values.yaml
+
+      - name: Spit cluster status after install
+        if: always()
+        run: |
+          helm ls --all-namespaces
+          kubectl get all --all-namespaces
+          kubectl describe pod
+
+      - uses: nick-fields/retry@v2
+        id: newman
         with:
-          skip_checkout: "true"
-          test_newman: "true"
-          chart_name: ${{ matrix.name }}
-          release_prefix: ${{ steps.values_to_version.outputs.app_prefix }}
-          acs_version: ${{ steps.values_to_version.outputs.app_version }}
-          aws_access_key_id: ${{ secrets.ACS_CLUSTER_AWS_ACCESS_KEY_ID }}
-          aws_secret_access_key: ${{ secrets.ACS_CLUSTER_AWS_SECRET_ACCESS_KEY }}
-          docker_username: ${{ secrets.DOCKER_USERNAME }}
-          docker_password: ${{ secrets.DOCKER_PASSWORD }}
-          quay_username: ${{ secrets.QUAY_USERNAME }}
-          quay_password: ${{ secrets.QUAY_PASSWORD }}
-          acm_certificate: ${{ secrets.ACM_CERTIFICATE }}
-          aws_sg: ${{ secrets.AWS_SG }}
+          timeout_minutes: 1
+          retry_wait_seconds: 30
+          max_attempts: 5
+          command: >-
+            docker run --network=host
+            -v $(pwd)/test/postman:/etc/postman
+            -t postman/newman run /etc/postman/helm/acs-test-helm-collection.json
+            --global-var protocol=http --global-var url=localhost
+
+      - name: Spit cluster status after tests
+        if: always() && steps.newman.outcome != 'skipped'
+        run: |
+          helm ls --all-namespaces
+          kubectl get all --all-namespaces
+          kubectl describe pod
diff --git a/helm/alfresco-content-services/Chart.lock b/helm/alfresco-content-services/Chart.lock
@@ -13,7 +13,7 @@ dependencies:
   version: 7.11.0
 - name: activemq
   repository: https://alfresco.github.io/alfresco-helm-charts/
-  version: 3.2.0
+  version: 3.3.0
 - name: alfresco-transform-service
   repository: https://alfresco.github.io/alfresco-helm-charts/
   version: 0.2.0
@@ -38,5 +38,5 @@ dependencies:
 - name: alfresco-ai-transformer
   repository: https://alfresco.github.io/alfresco-helm-charts/
   version: 0.3.0
-digest: sha256:7d87e48347f65a83de9f44e7a22d3e55d94f34b6b1d84bbb36e3c9b65e6aecdb
-generated: "2023-08-23T09:36:14.216027+02:00"
+digest: sha256:6ad76091912aee0b130d5eef18bb86666eedabe0eb708d2b964c47ef5afe4fb6
+generated: "2023-08-29T09:00:00.411365+02:00"
diff --git a/helm/alfresco-content-services/Chart.yaml b/helm/alfresco-content-services/Chart.yaml
@@ -36,7 +36,7 @@ dependencies:
     condition: >-
       alfresco-digital-workspace.enabled
   - name: activemq
-    version: 3.2.0
+    version: 3.3.0
     repository: https://alfresco.github.io/alfresco-helm-charts/
     condition: activemq.enabled
   - name: alfresco-transform-service

diff --git a/helm/alfresco-content-services/README.md b/helm/alfresco-content-services/README.md
@@ -18,7 +18,7 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
 |------------|------|---------|
 | https://activiti.github.io/activiti-cloud-helm-charts | alfresco-control-center(common) | 7.11.0 |
 | https://activiti.github.io/activiti-cloud-helm-charts | alfresco-digital-workspace(common) | 7.11.0 |
-| https://alfresco.github.io/alfresco-helm-charts/ | activemq | 3.2.0 |
+| https://alfresco.github.io/alfresco-helm-charts/ | activemq | 3.3.0 |
 | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-ai-transformer | 0.3.0 |
 | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 2.1.0 |
 | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-connector-ms365 | 0.4.0 |

diff --git a/test/community-integration-test-values.yaml b/test/community-integration-test-values.yaml
@@ -5,6 +5,7 @@ repository:
       cpu: "0.01"
       memory: "1024Mi"
     limits:
+      cpu: "2"
       memory: "1560Mi"
   edition: Community
   replicaCount: 1
@@ -19,7 +20,14 @@ share:
       cpu: "0.01"
       memory: "256Mi"
     limits:
+      cpu: "2"
       memory: "512Mi"
+  readinessProbe:
+    initialDelaySeconds: 60
+    timeoutSeconds: 45
+  livenessProbe:
+    initialDelaySeconds: 60
+    timeoutSeconds: 45
   image:
     repository: alfresco/alfresco-share
 alfresco-search:
@@ -28,70 +36,71 @@ alfresco-search:
       cpu: "0.01"
       memory: "512Mi"
     limits:
+      cpu: "2"
       memory: "1280Mi"
   searchServicesImage:
     repository: alfresco/alfresco-search-services
 alfresco-transform-service:
   enabled: true
-  pdfrenderer: &ats-pdf
+  pdfrenderer:
     livenessProbe:
       initialDelaySeconds: 30
     resources:
       requests:
         cpu: "0.01"
         memory: "256Mi"
       limits:
+        cpu: "2"
         memory: "512Mi"
     replicaCount: 1
-  imagemagick: &ats-im
+  imagemagick:
     livenessProbe:
       initialDelaySeconds: 30
     resources:
       requests:
         cpu: "0.01"
         memory: "256Mi"
       limits:
+        cpu: "2"
         memory: "512Mi"
     replicaCount: 1
-  libreoffice: &ats-lo
+  libreoffice:
     livenessProbe:
       initialDelaySeconds: 30
     resources:
       requests:
         cpu: "0.01"
         memory: "512Mi"
       limits:
+        cpu: "2"
         memory: "1024Mi"
     replicaCount: 1
-  tika: &ats-tika
+  tika:
     livenessProbe:
       initialDelaySeconds: 30
     resources:
       requests:
         cpu: "0.01"
         memory: "256Mi"
       limits:
+        cpu: "2"
         memory: "512Mi"
     replicaCount: 1
-  transformmisc: &ats-misc
+  transformmisc:
     livenessProbe:
       initialDelaySeconds: 30
     resources:
       requests:
         cpu: "0.01"
         memory: "256Mi"
       limits:
+        cpu: "2"
         memory: "512Mi"
     replicaCount: 1
   transformrouter:
     enabled: false
   filestore:
     enabled: false
-pdfrenderer: *ats-pdf
-imagemagick: *ats-im
-libreoffice: *ats-lo
-tika: *ats-tika
-transformmisc: *ats-misc
 # Disable features
 alfresco-digital-workspace:
   enabled: false
@@ -102,6 +111,10 @@ postgresql:
     resources:
       requests:
         cpu: "0.01"
+        memory: "512Mi"
+      limits:
+        cpu: "2"
+        memory: "1Gi"
 ai:
   enabled: false
 s3connector: