From 3f634a875171c3e882d92555a9670c7f80f66b9a Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Mon, 18 Sep 2023 16:00:45 -0400 Subject: [PATCH] Trying to clean stuff out --- Dockerfile | 6 - Dockerfile.build | 62 ----- Dockerfile.deploy | 53 ---- Dockerfile.sync-page | 6 - .../continuous-deployment.md | 8 - .../continuous_deployment.py | 227 ------------------ continuous-deployment/failure_template.jinja | 7 - continuous-deployment/install_rhmsg.sh | 29 --- continuous-deployment/success_template.jinja | 5 - deploy.yaml | 193 +++++++++++++++ devfile.yaml | 47 ++++ openshift-build/app.yml | 139 ----------- openshift-build/index.js | 154 ------------ openshift-build/package.json | 53 ---- openshift-build/runTests.sh | 43 ---- openshift/docker-entrypoint.sh | 18 -- openshift/openshift-build-template.yaml | 165 ------------- openshift/openshift.md | 38 --- openshift/sync2jira-deploy-template.yaml | 42 ---- 19 files changed, 240 insertions(+), 1055 deletions(-) delete mode 100644 Dockerfile.build delete mode 100644 Dockerfile.deploy delete mode 100644 continuous-deployment/continuous-deployment.md delete mode 100644 continuous-deployment/continuous_deployment.py delete mode 100644 continuous-deployment/failure_template.jinja delete mode 100755 continuous-deployment/install_rhmsg.sh delete mode 100644 continuous-deployment/success_template.jinja create mode 100644 deploy.yaml create mode 100644 devfile.yaml delete mode 100644 openshift-build/app.yml delete mode 100644 openshift-build/index.js delete mode 100644 openshift-build/package.json delete mode 100755 openshift-build/runTests.sh delete mode 100644 openshift/docker-entrypoint.sh delete mode 100644 openshift/openshift-build-template.yaml delete mode 100644 openshift/openshift.md diff --git a/Dockerfile b/Dockerfile index 1c27bd1..f7d654f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,12 +37,6 @@ COPY . /usr/local/src/sync2jira # Install Sync2Jira RUN pip3 install --no-deps -v /usr/local/src/sync2jira -# To deal with JIRA issues (i.e. SSL errors) -RUN chmod g+w /etc/pki/tls/certs/ca-bundle.crt -RUN chmod 777 /usr/local/src/sync2jira/openshift/docker-entrypoint.sh - USER 1001 -ENTRYPOINT ["/usr/local/src/sync2jira/openshift/docker-entrypoint.sh"] - CMD ["/usr/local/bin/sync2jira"] diff --git a/Dockerfile.build b/Dockerfile.build deleted file mode 100644 index 16a1f21..0000000 --- a/Dockerfile.build +++ /dev/null @@ -1,62 +0,0 @@ -FROM registry.fedoraproject.org/fedora:38 -LABEL \ - name="sync2jira" \ - description="sync2jira application" \ - vendor="sync2jira developers" \ - license="GPLv2+" \ - build-date="" - -# Installing sync2jira dependencies -RUN dnf -y install \ - git \ - python3-pip \ - python3-requests \ - python3-jira \ - python3-fedmsg-core \ - python3-pygithub \ - python3-jinja2 \ - python3-pypandoc \ - python3-requests-kerberos \ - && dnf -y clean all - -ARG SYNC2JIRA_GIT_REPO=https://github.com/release-engineering/Sync2Jira.git -ARG SYNC2JIRA_GIT_REF=master -ARG SYNC2JIRA_CACERT_URL= -ARG SYNC2JIRA_VERSION= -ENV SYNC2JIRA_VERSION=$SYNC2JIRA_VERSION -ENV SYNC2JIRA_CACERT_URL=$SYNC2JIRA_CACERT_URL - -USER root - -# Create Sync2Jira folder -RUN mkdir -p /usr/local/src/sync2jira - -# Copy over our repo -COPY . /usr/local/src/sync2jira - -# To deal with JIRA issues (i.e. SSL errors) -RUN chmod g+w /etc/pki/tls/certs/ca-bundle.crt -RUN chmod 777 /usr/local/src/sync2jira/openshift/docker-entrypoint.sh - - -USER 1001 - -ENTRYPOINT ["/usr/local/src/sync2jira/openshift/docker-entrypoint.sh"] - -# OpenShift-Build Related -USER root -RUN chmod 777 /usr/local/src/sync2jira/openshift-build -RUN dnf -y install nodejs -RUN npm --prefix /usr/local/src/sync2jira/openshift-build/ install - -# Install Sync2Jira once -RUN mkdir -p /usr/local/src/sync2jira/openshift-build/temp \ - && git clone ${SYNC2JIRA_GIT_REPO} /usr/local/src/sync2jira/openshift-build/temp \ - && cd usr/local/src/sync2jira/openshift-build/temp \ - && python3 setup.py develop \ - && mkdir -p /usr/local/src/sync2jira/openshift-build/temp \ - && chgrp -R 0 /usr/local/src/sync2jira/openshift-build/temp \ - && chmod -R 777 /usr/local/src/sync2jira/openshift-build/temp - -USER 1001 -CMD ["npm", "--prefix", "/usr/local/src/sync2jira/openshift-build/", "start"] diff --git a/Dockerfile.deploy b/Dockerfile.deploy deleted file mode 100644 index 24864f0..0000000 --- a/Dockerfile.deploy +++ /dev/null @@ -1,53 +0,0 @@ -FROM registry.fedoraproject.org/fedora:38 -LABEL \ - name="sync2jira" \ - description="sync2jira application" \ - vendor="sync2jira developers" \ - license="GPLv2+" \ - build-date="" - -# Installing sync2jira dependencies -RUN dnf -y install \ - git \ - python3-pip \ - python3-requests \ - python3-jira \ - python3-fedmsg-core \ - python3-pygithub \ - python3-jinja2 \ - python3-pypandoc \ - && dnf -y clean all - -ARG SYNC2JIRA_GIT_REPO=https://github.com/release-engineering/Sync2Jira.git -ARG SYNC2JIRA_GIT_REF=master -ARG SYNC2JIRA_CACERT_URL= -ARG SYNC2JIRA_VERSION= -ENV SYNC2JIRA_VERSION=$SYNC2JIRA_VERSION -ENV SYNC2JIRA_CACERT_URL=$SYNC2JIRA_CACERT_URL - -USER root - -# Create Sync2Jira folder -RUN mkdir -p /usr/local/src/sync2jira - -# Copy over our repo -COPY . /usr/local/src/sync2jira - -# We also need to install requests_kerberos -RUN dnf -y install python3-requests-kerberos - -# Install Sync2Jira -RUN pip3 install --no-deps -v /usr/local/src/sync2jira - -# To deal with JIRA issues (i.e. SSL errors) -RUN chmod g+w /etc/pki/tls/certs/ca-bundle.crt -RUN chmod 777 /usr/local/src/sync2jira/openshift/docker-entrypoint.sh - -# Continuous Deployment Info -ARG RCM_TOOLS_REPO -RUN chmod 777 /usr/local/src/sync2jira/continuous-deployment/install_rhmsg.sh -RUN ./usr/local/src/sync2jira/continuous-deployment/install_rhmsg.sh $RCM_TOOLS_REPO - -USER 1001 -ENTRYPOINT ["/usr/local/src/sync2jira/openshift/docker-entrypoint.sh"] -CMD ["python3", "/usr/local/src/sync2jira/continuous-deployment/continuous_deployment.py"] \ No newline at end of file diff --git a/Dockerfile.sync-page b/Dockerfile.sync-page index 321a9e6..f02ff5a 100644 --- a/Dockerfile.sync-page +++ b/Dockerfile.sync-page @@ -38,12 +38,6 @@ COPY . /usr/local/src/sync2jira # Install Sync2Jira RUN pip3 install --no-deps -v /usr/local/src/sync2jira -# To deal with JIRA issues (i.e. SSL errors) -RUN chmod g+w /etc/pki/tls/certs/ca-bundle.crt -RUN chmod 777 /usr/local/src/sync2jira/openshift/docker-entrypoint.sh - USER 1001 -ENTRYPOINT ["/usr/local/src/sync2jira/openshift/docker-entrypoint.sh"] - CMD ["python3", "/usr/local/src/sync2jira/sync-page/event-handler.py"] diff --git a/continuous-deployment/continuous-deployment.md b/continuous-deployment/continuous-deployment.md deleted file mode 100644 index c97b766..0000000 --- a/continuous-deployment/continuous-deployment.md +++ /dev/null @@ -1,8 +0,0 @@ -# Continuous Deployment - -## TLDR -We use a message bus configured to listen to a topic pushed by [RepoTracker](https://github.com/release-engineering/repotracker). Once we find a message that indicates a change in any of the branches we're watching, we tag the new image in OpenShift which triggers a new deployment. - - -## Where can I learn more? -You can check our documentation [here](https://sync2jira.readthedocs.io/en/latest/continuous_deployment.html) to learn more about how to configure this feature in your project. \ No newline at end of file diff --git a/continuous-deployment/continuous_deployment.py b/continuous-deployment/continuous_deployment.py deleted file mode 100644 index 658c795..0000000 --- a/continuous-deployment/continuous_deployment.py +++ /dev/null @@ -1,227 +0,0 @@ -# Built-In Modules -import os -import requests -import json -import traceback -import logging - -# 3rd Party Modules -import jinja2 -from rhmsg.activemq.consumer import AMQConsumer - -# Local Modules -from sync2jira.mailer import send_mail -from sync2jira.main import load_config - -# Global Variables -handlers = [ - 'repotracker.container.tag.updated' -] -# Logging -log = logging.getLogger(__name__) -# OpenShift Related -TOKEN = os.environ['TOKEN'] -STAGE_TOKEN = os.environ['STAGE_TOKEN'] -ENDPOINT = os.environ['ENDPOINT'] -# Message Bus Related -CERT = os.environ['CERT'] -KEY = os.environ['KEY'] -CA_CERTS = os.environ['CA_CERTS'] -ACTIVEMQ_QUERY = os.environ['ACTIVEMQ_QUERY'] -ACTIVEMQ_URL_1 = os.environ['ACTIVEMQ_URL_1'] -ACTIVEMQ_URL_2 = os.environ['ACTIVEMQ_URL_2'] -# Message Bus Query Related -ACTIVEMQ_REPO_NAME = os.environ['ACTIVEMQ_REPO_NAME'] -# SEND_EMAILS -SEND_EMAILS = os.environ['SEND_EMAILS'] - -def main(): - """ - Main function to start listening - """ - try: - - # Create our consumer - log.info("Connecting to ACTIVEMQ as a consumer...") - c = AMQConsumer( - urls=(ACTIVEMQ_URL_1, ACTIVEMQ_URL_2), - certificate=CERT, - private_key=KEY, - trusted_certificates=CA_CERTS - ) - # Start listening - log.info('Starting up CD service...') - c.consume( - ACTIVEMQ_QUERY, - lambda msg, data: handle_message(msg, data) - ) - - except Exception as e : - log.error(f"Error!\nException {e}\nSending email..") - report_email('failure', 'Continuous-Deployment-Main', traceback.format_exc()) - - -def handle_message(msg, data): - """ - Handle incoming message - :param Dict msg: Incoming message - :param Dict data: Incoming data, if any - :return: - """ - msg_dict = json.loads(msg.body) - log.info(f"Encountered message: {msg_dict}") - status = None - if msg_dict['repo'] == ACTIVEMQ_REPO_NAME: - if msg_dict['tag'] == "master": - status, ret = update_tag(master=True) - elif msg_dict['tag'] == "stage": - status, ret = update_tag(stage=True) - elif msg_dict['tag'] == "openshift-build": - status, ret = update_tag(openshift_build=True) - elif msg_dict['tag'] == "sync-page": - status, ret = update_tag(sync_page=True) - else: - return - if status: - report_email('success', namespace=msg_dict['tag']) - else: - report_email('failure', data=msg_dict) - - -def update_tag(master=False, stage=False, openshift_build=False, sync_page=False): - """ - Update OpenShift master image when fedmsg topic comes in. - - :param Bool master: If we are tagging master - :param Bool stage: If we are tagging stage - :param Bool openshift_build: If we are tagging openshift-build - :param Bool sync_page: If we are tagging sync_page - :rtype (Bool, response): - :return: (Indication if we updated out image on OpenShift, API call response) - """ - # Format the URL - # Note: Here we assume that we have a pod for openshift-build running under the pod for stage. - if master: - umb_url = f"https://{ENDPOINT}/apis/image.openshift.io/v1/namespaces/sync2jira/imagestreamtags/sync2jira:latest" - namespace = 'sync2jira' - name = 'sync2jira:latest' - tag = 'latest' - elif sync_page: - umb_url = f"https://{ENDPOINT}/apis/image.openshift.io/v1/namespaces/sync2jira/imagestreamtags/sync2jira-sync-page:latest" - namespace = 'sync2jira' - name = 'sync2jira-sync-page:latest' - tag = 'sync-page' - elif stage: - umb_url = f"https://{ENDPOINT}/apis/image.openshift.io/v1/namespaces/sync2jira-stage/imagestreamtags/sync2jira-stage:latest" - namespace = 'sync2jira-stage' - name = 'sync2jira-stage:latest' - tag = 'stage' - elif openshift_build: - umb_url = f"https://{ENDPOINT}/apis/image.openshift.io/v1/namespaces/sync2jira-stage/imagestreamtags/openshift\-build:latest" - namespace = 'sync2ijra-stage' - name = 'openshift-build:latest' - tag = 'openshift-build' - else: - raise Exception("No type passed") - - # Make our put call - try: - ret = requests.put(umb_url, - headers=create_header(namespace), - data=json.dumps({ - "kind": "ImageStreamTag", - "apiVersion": "image.openshift.io/v1", - "metadata": { - "name": name, - "namespace": namespace, - "creationTimestamp": None - }, - "tag": { - "name": "", - "annotations": None, - "from": { - "kind": "DockerImage", - "name": f"quay.io/redhat-aqe/sync2jira:{tag}" - }, - "generation": 0, - "importPolicy": {}, - "referencePolicy": { - "type": "Source" - } - }, - "generation": 0, - "lookupPolicy": { - "local": False - }, - "image": { - "metadata": { - "creationTimestamp": None - }, - "dockerImageMetadata": None, - "dockerImageLayers": None - } - })) - except Exception as e: - log.error(f"Failure updating image stream tag.\nException: {e}") - report_email('failure', namespace, e) - if ret.status_code == 200: - log.info(f"Tagged new image for {name}") - return True, ret - else: - log.error(f"Failure updating image stream tag.\nResponse: {ret}") - return False, ret - - -def report_email(type, namespace=None, data=None): - """ - Helper function to alert admins in case of failure. - - :param String type: Type to be used - :param String namespace: Namespace being used - :param String data: Data being used - """ - if SEND_EMAILS == '0': - log.info(f"SEND_EMAILS set to 0 not sending email. Type: {type}. Namespace: {namespace}, Data: {data}") - return - # Load in the Sync2Jira config - config = load_config() - - # Email our admins with the traceback - templateLoader = jinja2.FileSystemLoader(searchpath='usr/local/src/sync2jira/continuous-deployment') - templateEnv = jinja2.Environment(loader=templateLoader) - - # Load in the type of template - if type is 'failure': - template = templateEnv.get_template('failure_template.jinja') - html_text = template.render(namespace=namespace, response=data) - elif type is 'success': - template = templateEnv.get_template('success_template.jinja') - html_text = template.render(namespace=namespace) - - # Send mail - send_mail(recipients=[config['sync2jira']['mailing-list']], - cc=None, - subject=f"Sync2Jira Build Image Update Status: {type}!", - text=html_text) - - -def create_header(namespace): - """ - Helper function to create default header - :param string namespace: Namespace to indicate which token to use - :rtype Dict: - :return: Default header - """ - if namespace in ['sync2jira-stage']: - token = STAGE_TOKEN - else: - token = TOKEN - return { - 'Authorization': f'Bearer {token.strip()}', - 'Accept': 'application/json', - 'Content-Type': 'application/json', - } - - -if __name__ == '__main__': - main() diff --git a/continuous-deployment/failure_template.jinja b/continuous-deployment/failure_template.jinja deleted file mode 100644 index 4100a3f..0000000 --- a/continuous-deployment/failure_template.jinja +++ /dev/null @@ -1,7 +0,0 @@ - - -

Looks like updating the Sync2Jira {{ namespace }} on OpenShift failed!

-

Here is some more info:

- {{ response }} - - \ No newline at end of file diff --git a/continuous-deployment/install_rhmsg.sh b/continuous-deployment/install_rhmsg.sh deleted file mode 100755 index 2e04ae5..0000000 --- a/continuous-deployment/install_rhmsg.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/bash - -main() { - if [ -n "$RCM_TOOLS_REPO" ]; then - repo_file=/usr/local/src/sync2jira/continuous-deployment/rcm-tools-fedora.repo - curl -L -o $repo_file $RCM_TOOLS_REPO - # Since we don't trust any internal CAs at this point, we must connect over - # http - sed -i 's/https:/http:/g' $repo_file - - # Install dnf-plugins core to allow for config-manager - yum install dnf-plugins-core -y - echo "Installed dnf-plugins-core" - - # Add our .repo file using config-manager - dnf config-manager --add-repo $repo_file - echo "Added .repo file" - - # Install python3-rhmsg - dnf install -y \ - --setopt=deltarpm=0 \ - --setopt=install_weak_deps=false \ - --setopt=tsflags=nodocs \ - python3-rhmsg - dnf clean all - echo "Installed rhmsg" - fi -} -main diff --git a/continuous-deployment/success_template.jinja b/continuous-deployment/success_template.jinja deleted file mode 100644 index f20e5f8..0000000 --- a/continuous-deployment/success_template.jinja +++ /dev/null @@ -1,5 +0,0 @@ - - -

Sync2Jira {{ namespace }} was successfully updated!

- - \ No newline at end of file diff --git a/deploy.yaml b/deploy.yaml new file mode 100644 index 0000000..489cf4a --- /dev/null +++ b/deploy.yaml @@ -0,0 +1,193 @@ +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: sync-page + name: sync-page +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + service: sync-page +--- +apiVersion: apps.openshift.io/v1 +kind: DeploymentConfig +metadata: + labels: + app: sync2jira-sync-page + name: sync2jira-sync-page +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + service: sync2jira-sync-page + strategy: + activeDeadlineSeconds: 21600 + resources: {} + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + spec: + containers: + - env: + - name: SYNC2JIRA_PNTJIRA_PASS + valueFrom: + secretKeyRef: + key: jira_pnt_pass + name: sync2jira-secret + - name: SYNC2JIRA_OMEGAPRIME_PASS + valueFrom: + secretKeyRef: + key: jira_omegaprime_pass + name: sync2jira-secret + - name: SYNC2JIRA_GITHUB_TOKEN + valueFrom: + secretKeyRef: + key: github_token + name: sync2jira-secret + image: quay.io/redhat-aqe/sync2jira@sha256:eb705702ffe519e5066a3ae5d0f84224be25e3ea07940f084a9db3bed8438fd2 + imagePullPolicy: Always + name: sync2jira-sync-page-container + ports: + - containerPort: 5000 + name: http + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/fedmsg.d + name: fedmsgd-volume + readOnly: true + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + volumes: + - configMap: + defaultMode: 420 + name: fedmsgd + name: fedmsgd-volume + test: false + triggers: + - imageChangeParams: + automatic: true + containerNames: + - sync2jira-sync-page-container + from: + kind: ImageStreamTag + name: sync2jira-sync-page:latest + namespace: exd-sp-guild-process-tools--sync2jira + lastTriggeredImage: quay.io/redhat-aqe/sync2jira@sha256:eb705702ffe519e5066a3ae5d0f84224be25e3ea07940f084a9db3bed8438fd2 + type: ImageChange + - type: ConfigChange +--- +apiVersion: apps.openshift.io/v1 +kind: DeploymentConfig +metadata: + labels: + app: sync2jira + name: sync2jira +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + service: sync2jira + strategy: + activeDeadlineSeconds: 21600 + resources: {} + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + spec: + containers: + - env: + - name: SYNC2JIRA_PNTJIRA_PASS + valueFrom: + secretKeyRef: + key: jira_pnt_pass + name: sync2jira-secret + - name: SYNC2JIRA_OMEGAPRIME_PASS + valueFrom: + secretKeyRef: + key: jira_omegaprime_pass + name: sync2jira-secret + - name: SYNC2JIRA_GITHUB_TOKEN + valueFrom: + secretKeyRef: + key: github_token + name: sync2jira-secret + image: quay.io/redhat-aqe/sync2jira@sha256:a2518b5ab7b0f6c503aedd09700baeb02c198883f1a9dd16bd14b726a79ca236 + imagePullPolicy: Always + name: sync2jira-container + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/fedmsg.d + name: fedmsgd-volume + readOnly: true + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + volumes: + - configMap: + defaultMode: 420 + name: fedmsgd + name: fedmsgd-volume + test: false + triggers: + - imageChangeParams: + automatic: true + containerNames: + - sync2jira-container + from: + kind: ImageStreamTag + name: sync2jira:latest + namespace: exd-sp-guild-process-tools--sync2jira + lastTriggeredImage: quay.io/redhat-aqe/sync2jira@sha256:a2518b5ab7b0f6c503aedd09700baeb02c198883f1a9dd16bd14b726a79ca236 + type: ImageChange + - type: ConfigChange +status: + availableReplicas: 1 + conditions: + - lastTransitionTime: "2023-09-15T15:58:24Z" + lastUpdateTime: "2023-09-15T15:58:29Z" + message: replication controller "sync2jira-28" successfully rolled out + reason: NewReplicationControllerAvailable + status: "True" + type: Progressing + - lastTransitionTime: "2023-09-18T18:25:09Z" + lastUpdateTime: "2023-09-18T18:25:09Z" + message: Deployment config has minimum availability. + status: "True" + type: Available + details: + causes: + - imageTrigger: + from: + kind: DockerImage + name: quay.io/redhat-aqe/sync2jira@sha256:a2518b5ab7b0f6c503aedd09700baeb02c198883f1a9dd16bd14b726a79ca236 + type: ImageChange + message: image change + latestVersion: 28 + observedGeneration: 29 + readyReplicas: 1 + replicas: 1 + unavailableReplicas: 0 + updatedReplicas: 1 diff --git a/devfile.yaml b/devfile.yaml new file mode 100644 index 0000000..20d4eba --- /dev/null +++ b/devfile.yaml @@ -0,0 +1,47 @@ +schemaVersion: 2.2.0 +metadata: + name: python + projectType: Python + displayName: sync2jira + language: Python + version: 0.0.1 + attributes: + alpha.dockerimage-port: 80 +parent: + id: python + registryUrl: 'https://registry.devfile.io' +components: + - name: image-build + image: + imageName: python-image:latest + dockerfile: + uri: docker/Dockerfile + buildContext: . + rootRequired: false + - name: kubernetes-deploy + attributes: + deployment/replicas: 1 + deployment/cpuRequest: 10m + deployment/memoryRequest: 50Mi + deployment/container-port: 80 + kubernetes: + uri: deploy.yaml + endpoints: + - name: http-80 + targetPort: 80 + path: / +commands: + - id: build-image + apply: + component: image-build + - id: deployk8s + apply: + component: kubernetes-deploy + - id: deploy + composite: + commands: + - build-image + - deployk8s + group: + kind: deploy + isDefault: true diff --git a/openshift-build/app.yml b/openshift-build/app.yml deleted file mode 100644 index 58775e3..0000000 --- a/openshift-build/app.yml +++ /dev/null @@ -1,139 +0,0 @@ -# This is a GitHub App Manifest. These settings will be used by default when -# initially configuring your GitHub App. -# -# NOTE: changing this file will not update your GitHub App settings. -# You must visit github.com/settings/apps/your-app-name to edit them. -# -# Read more about configuring your GitHub App: -# https://probot.github.io/docs/development/#configuring-a-github-app -# -# Read more about GitHub App Manifests: -# https://developer.github.com/apps/building-github-apps/creating-github-apps-from-a-manifest/ - -# The list of events the GitHub App subscribes to. -# Uncomment the event names below to enable them. -default_events: -- check_run -- check_suite -# - commit_comment -# - create -# - delete -# - deployment -# - deployment_status -# - fork -# - gollum -# - issue_comment -# - issues -# - label -# - milestone -# - member -# - membership -# - org_block -# - organization -# - page_build -# - project -# - project_card -# - project_column -# - public -# - pull_request -# - pull_request_review -# - pull_request_review_comment -# - push -# - release -# - repository -# - repository_import -# - status -# - team -# - team_add -# - watch - -# The set of permissions needed by the GitHub App. The format of the object uses -# the permission name for the key (for example, issues) and the access type for -# the value (for example, write). -# Valid values are `read`, `write`, and `none` -default_permissions: - # Repository creation, deletion, settings, teams, and collaborators. - # https://developer.github.com/v3/apps/permissions/#permission-on-administration - # administration: read - - # Checks on code. - # https://developer.github.com/v3/apps/permissions/#permission-on-checks - checks: write - - # Repository contents, commits, branches, downloads, releases, and merges. - # https://developer.github.com/v3/apps/permissions/#permission-on-contents - # contents: read - - # Deployments and deployment statuses. - # https://developer.github.com/v3/apps/permissions/#permission-on-deployments - # deployments: read - - # Issues and related comments, assignees, labels, and milestones. - # https://developer.github.com/v3/apps/permissions/#permission-on-issues - # issues: read - - # Search repositories, list collaborators, and access repository metadata. - # https://developer.github.com/v3/apps/permissions/#metadata-permissions - metadata: read - - # Retrieve Pages statuses, configuration, and builds, as well as create new builds. - # https://developer.github.com/v3/apps/permissions/#permission-on-pages - # pages: read - - # Pull requests and related comments, assignees, labels, milestones, and merges. - # https://developer.github.com/v3/apps/permissions/#permission-on-pull-requests - # pull_requests: read - - # Manage the post-receive hooks for a repository. - # https://developer.github.com/v3/apps/permissions/#permission-on-repository-hooks - # repository_hooks: read - - # Manage repository projects, columns, and cards. - # https://developer.github.com/v3/apps/permissions/#permission-on-repository-projects - # repository_projects: read - - # Retrieve security vulnerability alerts. - # https://developer.github.com/v4/object/repositoryvulnerabilityalert/ - # vulnerability_alerts: read - - # Commit statuses. - # https://developer.github.com/v3/apps/permissions/#permission-on-statuses - # statuses: read - - # Organization members and teams. - # https://developer.github.com/v3/apps/permissions/#permission-on-members - # members: read - - # View and manage users blocked by the organization. - # https://developer.github.com/v3/apps/permissions/#permission-on-organization-user-blocking - # organization_user_blocking: read - - # Manage organization projects, columns, and cards. - # https://developer.github.com/v3/apps/permissions/#permission-on-organization-projects - # organization_projects: read - - # Manage team discussions and related comments. - # https://developer.github.com/v3/apps/permissions/#permission-on-team-discussions - # team_discussions: read - - # Manage the post-receive hooks for an organization. - # https://developer.github.com/v3/apps/permissions/#permission-on-organization-hooks - # organization_hooks: read - - # Get notified of, and update, content references. - # https://developer.github.com/v3/apps/permissions/ - # organization_administration: read - - -# The name of the GitHub App. Defaults to the name specified in package.json -# name: My Probot App - -# The homepage of your GitHub App. -# url: https://example.com/ - -# A description of the GitHub App. -# description: A description of my awesome app - -# Set to true when your GitHub App is available to the public or false when it is only accessible to the owner of the app. -# Default: true -# public: false diff --git a/openshift-build/index.js b/openshift-build/index.js deleted file mode 100644 index 1840bc6..0000000 --- a/openshift-build/index.js +++ /dev/null @@ -1,154 +0,0 @@ -// Global Variables -APP_NAME=process.env.APP_NAME; -TEST_COMMAND=process.env.TEST_COMMAND; -const fs = require('fs'); -const childProcess = require("child_process"); - -module.exports = app => { - // When a Pull Request is opened or Re-Opened - app.on(['pull_request.opened', 'pull_request.reopened', 'pull_request.synchronize'], pull_request); - async function pull_request (context) { - // Identify start time - const startTime = new Date(); - - // Extract relevant information - const pr = context.payload.pull_request; - const headBranch = pr.head.ref; - const headSha = pr.head.sha; - - // Mark the check as pending - await context.github.checks.create(context.repo({ - name: APP_NAME, - head_branch: headBranch, - head_sha: headSha, - status: 'in_progress', - started_at: startTime, - })); - - try { - console.log("Running tests..."); - await childProcess.exec("/usr/local/src/sync2jira/openshift-build/runTests.sh " + headSha + " \"" + TEST_COMMAND + "\"", function(error, standardOutput, standardError) { - console.log("Ran tests. " + standardOutput); - - // Check if failure file exists - let passed = 'failure'; - if(fs.existsSync('/usr/local/src/sync2jira/openshift-build/temp/failure.sync2jira')) { - console.log("The failure file exists."); - childProcess.exec("rm /usr/local/src/sync2jira/openshift-build/temp/failure.sync2jira", function(error, standardOutput, standardError) { - console.log("Deleting sync2jira.failure..."); - console.log(standardOutput); - console.log(standardError); - }); - } else { - console.log('The failure file does not exist.'); - passed = 'success' - } - - console.log("Pushing results of test..."); - return context.github.checks.create(context.repo({ - name: APP_NAME, - head_branch: headBranch, - head_sha: headSha, - status: 'completed', - started_at: startTime, - conclusion: passed, - completed_at: new Date(), - output: { - title: passed, - summary: standardOutput.toString() - } - })) - }); - } - catch { - return await context.github.checks.create(context.repo({ - name: APP_NAME, - head_branch: headBranch, - head_sha: headSha, - status: 'completed', - started_at: startTime, - conclusion: passed, - completed_at: new Date(), - output: { - title: passed, - summary: 'Error when cloning or running tests.' - } - })) - } - } - - // When someone adds a commit to a Pull Request - app.on(['check_suite.requested', 'check_run.rerequested'], check_suite); - async function check_suite (context) { - // Identify start time - const startTime = new Date(); - - // Extract relevant information - let pr = context.payload.check_suite; - if (typeof pr == 'undefined') { - pr = context.payload.check_run - } - const headBranch = pr.head_branch; - const headSha = pr.head_sha; - - // Mark the check as pending - await context.github.checks.create(context.repo({ - name: APP_NAME, - head_branch: headBranch, - head_sha: headSha, - status: 'in_progress', - started_at: startTime, - })); - - try { - console.log("Running Tests..."); - await childProcess.exec("/usr/local/src/sync2jira/openshift-build/runTests.sh " + headSha + " \"" + TEST_COMMAND + "\"", function(error, standardOutput, standardError) { - console.log("Ran tests. " + standardOutput); - - // Check if failure file exists - let passed = 'failure'; - if(fs.existsSync('/usr/local/src/sync2jira/openshift-build/temp/failure.sync2jira')) { - console.log("The failure file exists."); - childProcess.exec("rm /usr/local/src/sync2jira/openshift-build/temp/failure.sync2jira", function(error, standardOutput, standardError) { - console.log("Deleting sync2jira.failure..."); - console.log(standardOutput); - console.log(standardError); - }); - } else { - console.log('The failure file does not exist.'); - passed = 'success' - } - - console.log("Pushing results of test..."); - return context.github.checks.create(context.repo({ - name: APP_NAME, - head_branch: headBranch, - head_sha: headSha, - status: 'completed', - started_at: startTime, - conclusion: passed, - completed_at: new Date(), - output: { - title: passed, - summary: standardOutput.toString() - } - })) - }); - } - catch { - return await context.github.checks.create(context.repo({ - name: APP_NAME, - head_branch: headBranch, - head_sha: headSha, - status: 'completed', - started_at: startTime, - conclusion: passed, - completed_at: new Date(), - output: { - title: passed, - summary: 'Error when cloning or running tests.' - } - })) - } - } -}; diff --git a/openshift-build/package.json b/openshift-build/package.json deleted file mode 100644 index bef54e8..0000000 --- a/openshift-build/package.json +++ /dev/null @@ -1,53 +0,0 @@ -{ - "name": "openshift-build", - "version": "1.0.0", - "private": true, - "description": "Build and test GitHub code in OpenShift", - "author": "Sidhartha Premkumar ", - "license": "ISC", - "repository": "https://github.com/sidpremkumar/openshift-build.git", - "homepage": "https://github.com/sidpremkumar/openshift-build", - "bugs": "https://github.com/sidpremkumar/openshift-build/issues", - "keywords": [ - "probot", - "github", - "probot-app" - ], - "scripts": { - "dev": "nodemon", - "start": "probot run ./index.js", - "lint": "standard --fix", - "test": "jest && standard", - "test:watch": "jest --watch --notify --notifyMode=change --coverage" - }, - "dependencies": { - "probot": "^9.5.3", - "rimraf": "^3.0.0", - "shelljs": "^0.8.3" - }, - "devDependencies": { - "jest": "^24.9.0", - "nock": "^11.4.0", - "nodemon": "^2.0.0", - "smee-client": "^1.1.0", - "standard": "^14.3.1" - }, - "engines": { - "node": ">= 8.3.0" - }, - "standard": { - "env": [ - "jest" - ] - }, - "nodemonConfig": { - "exec": "npm start", - "watch": [ - ".env", - "." - ] - }, - "jest": { - "testEnvironment": "node" - } -} diff --git a/openshift-build/runTests.sh b/openshift-build/runTests.sh deleted file mode 100755 index aae9442..0000000 --- a/openshift-build/runTests.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash -set -ex - -# Arguments -HEAD_SHA=$1 -TEST_COMMAND=$2 - -# cd into our temp repo -cd /usr/local/src/sync2jira/openshift-build/temp - -run_tests() { - echo "**Using:**" - echo "**HEAD_SHA:** ${HEAD_SHA}" - echo "**TEST_COMMAND:** ${TEST_COMMAND}" - - # Declare our name - git config user.email "sync2jira@redhat.com" - git config user.name "Red User" - - # Checkout to a new branch with our new sha - echo "**Moving to sha ${HEAD_SHA}**" - git fetch --all - git reset --hard ${HEAD_SHA} - - # Run our commands, if failure touch a file - echo "**Running test command...**" - ${TEST_COMMAND} || touch failure.sync2jira - - # Display the results of our test - echo "**Integration log:**" - INTEGRATION_LOG=$(cat integration_test.log) - echo "$INTEGRATION_LOG" - - echo "**Main log:**" - MAIN_LOG=$(cat sync2jira_main.log) - echo "$MAIN_LOG" - - # Delete our logs - rm integration_test.log - rm sync2jira_main.log -} - -run_tests || touch failure.sync2jira diff --git a/openshift/docker-entrypoint.sh b/openshift/docker-entrypoint.sh deleted file mode 100644 index 1f316cf..0000000 --- a/openshift/docker-entrypoint.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -set -e - -# CA_URL is the URL of a custom root CA certificate to be installed at run-time -: ${CA_URL:=} - -main() { - # installing CA certificate - if [ -n "${CA_URL}" ] && [ ! -f "/tmp/.ca-imported" ]; then - # Since update-ca-trust doesn't work as a non-root user, let's just append to the bundle directly - curl --silent --show-error --location "${CA_URL}" >> /etc/pki/tls/certs/ca-bundle.crt - # Create a file so we know not to import it again if the container is restarted - touch /tmp/.ca-imported - fi -} - -main -exec "$@" diff --git a/openshift/openshift-build-template.yaml b/openshift/openshift-build-template.yaml deleted file mode 100644 index e1b69b0..0000000 --- a/openshift/openshift-build-template.yaml +++ /dev/null @@ -1,165 +0,0 @@ -apiVersion: v1 -kind: Template -metadata: - name: openshift-build-template - app: openshift-build -labels: - app: openshift-build -parameters: -- name: IMAGE_URL - displayName: Image URL:TAG to pull from - required: true - value: "quay.io/redhat-aqe/sync2jira:openshift-build" -- name: PRIVATE_KEY - displayName: Private Key to use (base64) - requiered: true -- name: LOG_LEVEL - displayName: Log level to use for our server - requiered: true - value: "debug" -- name: WEBHOOK_PROXY_URL - displayName: Our Smee.io proxy URL that our GitHub project is configured to push to - requiered: true -- name: WEBHOOK_SECRET - displayName: Our GitHub webhook secret (base64) - requiered: true -- name: APP_ID - displayName: Our GitHub App ID - requiered: true -- name: APP_NAME - displayName: Our GitHub App Name - requiered: true -- name: TEST_COMMAND - displayName: Test command that should be executed - requiered: true - value: "python3 tests/integration_tests/integration_test.py" -- name: JIRA_STAGE_URL - displayName: JIRA Stage URL to use for testing - requiered: true -- name: JIRA_USER - displayName: JIRA user to use for testing - requiered: true -- name: INITIALIZE - displayName: Flag to initialize sync2jira - value: "1" -- name: DEFAULT_SERVER - displayName: Default server to use for mailing - required: true -- name: DEFAULT_FROM - displayName: Default from to use for mailing - required: true -- name: CA_URL - displayName: CA URL to use to download certs - required: true -objects: -- apiVersion: v1 - kind: ImageStream - metadata: - labels: - app: openshift-build - annotations: - openshift.io/display-name: openshift-build - name: openshift-build - spec: - lookupPolicy: - local: false - tags: - - from: - kind: DockerImage - name: ${IMAGE_URL} - name: latest - referencePolicy: - type: Source -- apiVersion: v1 - kind: Secret - metadata: - name: openshift-build-secret - labels: - app: openshift-build - data: - webhook-secret: |- - ${WEBHOOK_SECRET} - private-key: |- - ${PRIVATE_KEY} -- apiVersion: v1 - kind: DeploymentConfig - metadata: - name: openshift-build - labels: - app: openshift-build - spec: - selector: - service: openshift-build - template: - metadata: - labels: - app: openshift-build - service: openshift-build - spec: - containers: - - name: openshift-build-container - image: openshift-build:latest - imagePullPolicy: Always - volumeMounts: - - name: fedmsgd-volume - mountPath: /etc/fedmsg.d - readOnly: true - env: - - name: JIRA_PASS - valueFrom: - secretKeyRef: - key: jira_pnt_pass - name: sync2jira-secret - - name: PRIVATE_KEY - valueFrom: - secretKeyRef: - key: private-key - name: openshift-build-secret - - name: SYNC2JIRA_GITHUB_TOKEN - valueFrom: - secretKeyRef: - key: github_token - name: sync2jira-secret - - name: DEFAULT_FROM - value: ${DEFAULT_FROM} - - name: DEFAULT_SERVER - value: ${DEFAULT_SERVER} - - name: CA_URL - value: ${CA_URL} - - name: LOG_LEVEL - value: ${LOG_LEVEL} - - name: WEBHOOK_PROXY_URL - value: ${WEBHOOK_PROXY_URL} - - name: APP_ID - value: ${APP_ID} - - name: APP_NAME - value: ${APP_NAME} - - name: WEBHOOK_SECRET - valueFrom: - secretKeyRef: - key: webhook-secret - name: openshift-build-secret - - name: TEST_COMMAND - value: ${TEST_COMMAND} - - name: JIRA_STAGE_URL - value: ${JIRA_STAGE_URL} - - name: JIRA_USER - value: ${JIRA_USER} - - name: INITIALIZE - value: ${INITIALIZE} - - name: CONFLUENCE_SPACE - value: mock_confluence_space - volumes: - - name: fedmsgd-volume - configMap: - name: fedmsgd - triggers: - - type: ConfigChange - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - openshift-build-container - from: - kind: ImageStreamTag - name: openshift-build:latest diff --git a/openshift/openshift.md b/openshift/openshift.md deleted file mode 100644 index 0dbda32..0000000 --- a/openshift/openshift.md +++ /dev/null @@ -1,38 +0,0 @@ -# OpenShift Deployment -Sync2Jira is designed to be deployed on OpenShift (although it isn't required). We have provided the OpenShift templates -needed to deploy [Sync2Jira](sync2jira-template.yaml) and the [Continuous-Deployment](sync2jira-deploy-template.yaml) -feature of Sync2Jira. - -The templates assumes the following: - -1. You have an ImageStream called 'sync2jira'. It can be created on OpenShift in your project with the following command: - ```shell script - oc create imagestream sync2jira - ``` -2. You have a config map called fedmsgd where you load your config `sync2jira.py` file. - ```shell script - oc create configmap fedmsgd --from-file=sync2jira.py - ``` -3. You deployed `sync2jira-stage-template.yaml` BEFORE `sync2jira-deploy-template.yaml` - -## Continuous Deployment -To use the continuous-deployment feature you have to have service accounts on your stage and namespace. You can create -them and get their token with the following commands: -```shell script -oc create sa sync2jira-deploy -oc policy add-role-to-user edit -z sync2jira-deploy -oc sa get-token sync2jira-deploy -``` -You will then have to set the `INITILIZE` environmental variable in your stage and prod deployment to 0 as you will enable CD - -You will also have to build the image in OpenShift. You will need to pass a URL (RCM_TOOLS_REPO) to a .repo file to -install rhmsg which is what we use to listen for repo changes. - -## OpenShift-Build -Sync2Jira uses [OpenShift-Build](https://github.com/sidpremkumar/OpenShift-Build) to achieve integration tests against -real values. You can use the [openshift-build-template.yml](openshift-build-template.yaml) to deploy an instance of -OpenShift build in your namespace. Make sure to configure your GitHub repo to push checks and pull requests to a -[Smee.io](https://smeel.io) url. See the documentation under [OpenShift-Build](https://github.com/sidpremkumar/OpenShift-Build) -to learn more. - -Note: To deploy OpenShift build you must have the fedmsg.d config map \ No newline at end of file diff --git a/openshift/sync2jira-deploy-template.yaml b/openshift/sync2jira-deploy-template.yaml index 612782c..3e0075a 100644 --- a/openshift/sync2jira-deploy-template.yaml +++ b/openshift/sync2jira-deploy-template.yaml @@ -6,24 +6,6 @@ metadata: labels: app: sync2jira-deploy parameters: -- name: CERT - displayName: Cert to be used to access ACTIVEMQ (base64) - required: true -- name: KEY - displayName: Key to be used to access ACTIVEMQ (base64) - required: true -- name: ACTIVEMQ_QUERY - displayName: Query that we should be using - required: true -- name: ACTIVEMQ_URL_1 - displayName: Message Bus URL are tuple, this is the first part of that tuple - required: true -- name: ACTIVEMQ_URL_2 - displayName: Message Bus URL are tuple, this is the second part of that tuple - required: true -- name: ACTIVEMQ_REPO_NAME - displayName: Repo (or topic/category) that we should be listening for - required: true - name: ENDPOINT displayName: Openshift endpoint required: true @@ -34,21 +16,9 @@ parameters: displayName: Flag to send emails (0/1) required: true value: '1' -- name: RCM_TOOLS_REPO - displayName: RCM Toold Repo URL - required: true -- name: CA_URL - displayName: CA_URL that points to ca_certs - required: true - name: GITHUB_URL displayName: GitHub .git URL to our Sync2Jira repo requiered: true -- name: OPENSHIFT_TOKEN - displayName: OpenShift-prod token to be used to tag new images (base64) - required: true -- name: OPENSHIFT_TOKEN_STAGE - displayName: OpenShift-stage token to be used to tag new images (base64) - required: true - name: DEFAULT_SERVER displayName: Default server to use for mailing required: true @@ -139,16 +109,6 @@ objects: value: usr/local/src/sync2jira/docs/deploy.crt - name: KEY value: usr/local/src/sync2jira/docs/deploy.key - - name: CA_CERTS - value: /etc/pki/tls/certs/ca-bundle.crt # Downloaded during docker-entrypoint.sh - - name: ACTIVEMQ_QUERY - value: ${ACTIVEMQ_QUERY} - - name: ACTIVEMQ_URL_1 - value: ${ACTIVEMQ_URL_1} - - name: ACTIVEMQ_URL_2 - value: ${ACTIVEMQ_URL_2} - - name: ACTIVEMQ_REPO_NAME - value: ${ACTIVEMQ_REPO_NAME} - name: TOKEN valueFrom: secretKeyRef: @@ -171,8 +131,6 @@ objects: value: ${RCM_TOOLS_REPO} - name: CONFLUENCE_SPACE value: mock_confluence_space - - name: CA_URL - value: ${CA_URL} - name: SYNC2JIRA_PNTJIRA_PASS valueFrom: secretKeyRef: