diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 23a8aea7..325954ba 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -299,6 +299,7 @@ gcp-stg: # Clean up even if something failed. - cd gcp/live/stg - rake display_cluster_state + - rake display_universal_image_info || true # Destroy Locust module (used for smoke tests) and its TF state - rake destroy_module[locust] || true - rake destroy_tfstate[locust] || true @@ -400,6 +401,7 @@ gcp-prd: # Clean up even if something failed. - cd gcp/live/prd - rake display_cluster_state + - rake display_universal_image_info || true # Destroy Locust module (used for smoke tests) and its TF state - rake destroy_module[locust] RAKE_REALLY_DESTROY_IN_PRD=true || true - rake destroy_tfstate[locust] RAKE_REALLY_DESTROY_IN_PRD=true || true diff --git a/gcp/README.md b/gcp/README.md index 520fda99..a94191ce 100644 --- a/gcp/README.md +++ b/gcp/README.md @@ -73,6 +73,7 @@ Users who already had an RtF email address/Google account usually have performed 1. `rake display_cluster_info` shows some helpful links. 1. `rake display_cluster_state` shows debugging info about the current state of the cluster. This output can be helpful when asking for help. +1. `rake display_universal_image_info` shows currently deployed [gpii/universal](https://github.com/GPII/universal) image SHA and link to GitHub commit that triggered the build. 1. `rake sh` opens an interactive shell inside a container on the local host that is configured to communicate with your cluster (e.g. via `kubectl` commands). * `rake sh` has some issues with interactive commands (e.g. `less` and `vi`) -- see https://issues.gpii.net/browse/GPII-3407. 1. `rake plain_sh` is like `rake sh`, but not all configuration is performed. This can be helpful for debugging (e.g. when `rake sh` does not work) and with interactive commands. @@ -97,7 +98,7 @@ Users who already had an RtF email address/Google account usually have performed 1. By default your K8s cluster and related resources will be deployed into `us-central1`. * You can use a different GCP region -- see [I want to spin up my dev environment in a different region](README.md#i-want-to-spin-up-my-dev-environment-in-a-different-region). 1. The [Google Cloud Console](https://console.cloud.google.com) includes [Google Cloud Shell](https://cloud.google.com/shell/docs/) which is an interactive terminal embedded in the GCP dashboard. To use it, click on the icon at the top right of the Console, next to the magnifier icon. - * Once the shell opens in your browser, execute the following to manage the Kubernetes cluster using the embedded `kubectl` command: + * Once the shell opens in your browser, execute the following to manage the Kubernetes cluster using the embedded `kubectl` command: 1. `gcloud container clusters get-credentials k8s-cluster --zone YOUR_INFRA_REGION` 1. `kubectl -n gpii get pods` diff --git a/shared/rakefiles/entrypoint.rake b/shared/rakefiles/entrypoint.rake index c7253062..164c7fc8 100644 --- a/shared/rakefiles/entrypoint.rake +++ b/shared/rakefiles/entrypoint.rake @@ -113,6 +113,11 @@ task :display_cluster_state => [:set_vars] do sh "#{@exekube_cmd} rake display_cluster_state" end +desc "Display gpii/universal image SHA, CI job links, and link to GitHub commit that triggered the image build" +task :display_universal_image_info => [:set_vars] do + sh "#{@exekube_cmd} rake display_universal_image_info" +end + task :check_destroy_allowed do if ["prd"].include?(@env) if ENV["RAKE_REALLY_DESTROY_IN_PRD"].nil? diff --git a/shared/rakefiles/xk_util.rake b/shared/rakefiles/xk_util.rake index b4a4abf4..8f0082eb 100644 --- a/shared/rakefiles/xk_util.rake +++ b/shared/rakefiles/xk_util.rake @@ -127,6 +127,58 @@ task :display_cluster_state => [:configure, :configure_secrets, :set_secrets] do end end +task :display_universal_image_info => [:configure] do + sh "#{@exekube_cmd} sh -c ' \ + UNIVERSAL_CI_URL=\"https://ci.gpii.net\"; + UNIVERSAL_REPO=\"https://github.com/gpii/universal\"; + RELEASE_JOB_URL=\"$UNIVERSAL_CI_URL/job/docker-gpii-universal-master-release\"; + UPSTREAM_JOB_URL=\"$UNIVERSAL_CI_URL/job/docker-gpii-universal-master\"; + LOOKUP_BUILDS=\"20\"; + + PREFERENCES_IMAGE_SHA=$(kubectl -n gpii get deployment preferences -o json 2> /dev/null | jq -r \".spec.template.spec.containers[0].image\" | grep -o \"sha256:.*\"); + if [ \"$?\" != \"0\" ]; then + echo + echo \"Unable to retrieve data from K8s cluster!\"; + echo \"Try running \\\`rake display_cluster_state\\\` for debug info.\"; + echo + exit 1; + fi + + echo + echo \"Preferences image SHA:\"; + echo \"$PREFERENCES_IMAGE_SHA\"; + RELEASE_BUILD=$(curl -f \"$RELEASE_JOB_URL/lastBuild/api/json\" 2> /dev/null | jq -r \".id\"); + RELEASE_BUILD_LIMIT=$((RELEASE_BUILD - LOOKUP_BUILDS)); + while [ \"$RELEASE_BUILD\" != \"\" ] && [ \"$RELEASE_BUILD\" -gt \"$RELEASE_BUILD_LIMIT\" ]; do + SHA_FOUND=$(curl -f \"$RELEASE_JOB_URL/$RELEASE_BUILD/consoleText\" 2> /dev/null | grep -so \"$PREFERENCES_IMAGE_SHA\" || true); + if [ \"$SHA_FOUND\" == \"$PREFERENCES_IMAGE_SHA\" ]; then + UPSTREAM_JOB_NUMBER=$(curl -f \"$RELEASE_JOB_URL/$RELEASE_BUILD/api/json\" 2> /dev/null | jq -r \".actions[] | select (.causes[0].upstreamBuild != null) | .causes[0].upstreamBuild\"); + GITHUB_LINK=\"$UNIVERSAL_REPO/commit/$(curl -f \"$UPSTREAM_JOB_URL/$UPSTREAM_JOB_NUMBER/api/json\" 2> /dev/null | jq -r \".actions[] | select (.lastBuiltRevision.SHA1 != null) | .lastBuiltRevision.SHA1\")\"; + echo + echo \"Release job that built the image:\"; + echo \"$RELEASE_JOB_URL/$RELEASE_BUILD\"; + echo + echo \"Upstream job:\"; + echo \"$UPSTREAM_JOB_URL/$UPSTREAM_JOB_NUMBER\"; + RELEASE_BUILD=1; + fi + RELEASE_BUILD=$((RELEASE_BUILD - 1)); + done + + if [ \"$GITHUB_LINK\" == \"\" ]; then + echo + echo \"Unable to get CI data for target image SHA in last $LOOKUP_BUILDS builds!\"; + echo + exit 1; + fi + + echo + echo \"Commit to gpii/universal that triggered image build:\"; + echo \"$GITHUB_LINK\"; + echo + '", verbose: false +end + # This task attaches the owner role to the current user task :grant_owner_role => [@gcp_creds_file, :configure_extra_tf_vars] do sh "