add CD scripts & pre-commit hooks

LCOGT · Dec 12, 2023 · 8010434 · 8010434
1 parent 7b08ecd
commit 8010434
Show file tree

Hide file tree

Showing 6 changed files with 134 additions and 62 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1 +1,3 @@
 .devenv
+
+.pre-commit-config.yaml
diff --git a/README.md b/README.md
@@ -4,57 +4,66 @@ A reusable [devenv](https://devenv.sh/) w/ common tools needed for Kubernetes
 
 ## Usage
 
+For a quick one-off shell with all the tools:
+
 ```shell
 nix develop github:LCOGT/devenv-k8s --impure
 ```
 
 ### Import
 
-To import this devenv into another, add the following to your `devenv.yaml`:
+Assuming you're using flake-parts, add the following to your `flake.nix`:
 
 ```diff
-diff --git a/devenv.yaml b/devenv.yaml
-index c7cb5ce..75410d4 100644
---- a/devenv.yaml
-+++ b/devenv.yaml
-@@ -1,3 +1,8 @@
- inputs:
-   nixpkgs:
-     url: github:NixOS/nixpkgs/nixpkgs-unstable
-+  k8s:
-+    url: git+https://github.com/LCOGT/devenv-k8s
-+    flake: true
-+imports:
-+  - k8s
+diff --git a/flake.nix b/flake.nix
+index 23e54fd..070e011 100644
+--- a/flake.nix
++++ b/flake.nix
+@@ -5,10 +5,12 @@
+     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+     devenv.url = "github:cachix/devenv";
+     nix2container.url = "github:nlewo/nix2container";
+     nix2container.inputs.nixpkgs.follows = "nixpkgs";
+     mk-shell-bin.url = "github:rrbutani/nix-mk-shell-bin";
++
++    devenv-k8s.url = "github:LCOGT/devenv-k8s";
+   };
+
+   nixConfig = {
+     extra-trusted-public-keys = "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=";
+     extra-substituters = "https://devenv.cachix.org";
+@@ -24,11 +26,11 @@
+       perSystem = { config, self', inputs', pkgs, system, ... }: {
+
+         devenv.shells.default = {
+           # https://devenv.sh/reference/options/
+           packages = [
+-
++            inputs'.devenv-k8s.devShells.default
+           ];
+
+         };
+
+       };
 ```
+Next `nix develop --impure`, it will install the packages & scripts in this devenv
+in addition to any project specific ones.
 
-Or if using a flake-parts, add this repo to inputs and follow
-https://devenv.sh/guides/using-with-flake-parts/#import-a-devenv-module
-
-Next time you do `devenv shell` or `nix develop --impure`, it will install all
-packages listed in [devenv.nix](devenv.nix) in addition to any project specific ones.
-
-## Cache
-
-Some tools may require compiling. Run the following to setup the LCO Cachix Nix cache that will
-let you pull pre-built binaries. This only needs to be done once.
-
-```shell
-cachix use lco-public
-```
-
-## Updates
+### Updates
 
 To pull in changes from upstream you need to run the following in the project that imports this:
 
 ```shell
-devenv update
+nix flake update devenv-k8s
 ```
 
-Or you can declaritively lock it to a specific ref. See https://devenv.sh/reference/yaml-options/.
+## Cache
 
-For flakes,
+Some tools may require compiling. You can setup Nix to pull from a pre-built
+binary cache. This only needs to be done once:
 
 ```shell
-nix flake update devenv-k8s
+nix profile install nixpkgs#cachix
+cachix use lco-public
 ```
+
diff --git a/cd.nix b/cd.nix
@@ -0,0 +1,56 @@
+{ config, pkgs, ...}:
+{
+  config = {
+    pre-commit.hooks = {
+      kustomize-build-staging = {
+        enable = false;
+        name = "Ensure staging kustomization output is up to date";
+        pass_filenames = false;
+        raw.always_run = true;
+        entry = "${pkgs.kustomize}/bin/kustomize build staging/ --output output/staging/manifest.yaml";
+      };
+
+      kustomize-build-prod = {
+        enable = false;
+        name = "Ensure prod kustomization output is up to date";
+        pass_filenames = false;
+        raw.always_run = true;
+        entry = "${pkgs.kustomize}/bin/kustomize build prod/ --output output/prod/manifest.yaml";
+      };
+    };
+
+    scripts.kustomize-build-staging.exec = ''
+      set -xe
+      pushd $DEVENV_ROOT
+      kustomize build staging/ --output output/staging/manifest.yaml
+      popd
+    '';
+
+    scripts.cd-update-staging.exec = ''
+      set -ex
+
+      if test -z "$1"; then
+        echo "first argument should be an absolute path to the skaffold build output"
+        exit 1
+      fi
+
+      if test -z "$2"; then
+        echo "second argument should be the git commit hash"
+        exit 1
+      fi
+
+      pushd staging/
+
+      kpt pkg update base@$2
+
+      if test -f "$1"; then
+        pushd cd-set-images
+        sh -xe <(cat $1 | jq -r '.builds[] | "kustomize edit set image \(.imageName)=\(.tag)"')
+        popd
+      fi
+      popd
+
+      kustomize build staging/ --output output/staging/manifest.yaml
+    '';
+  };
+}
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -40,7 +40,7 @@
 
       systems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
 
-      perSystem = { config, self', inputs', pkgs, system, ... }: {
+      perSystem = { config, self', inputs', pkgs, system, lib, ... }: {
         # Per-system attributes can be defined here. The self' and inputs'
         # module parameters provide easy access to attributes of the same
         # system.
@@ -52,8 +52,8 @@
           name = "devenv-k8s";
 
           imports = [
-            # This is just like the imports in devenv.nix.
-            # See https://devenv.sh/guides/using-with-flake-parts/#import-a-devenv-module
+            ./skaffold-builder.nix
+            ./cd.nix
           ];
 
           # https://devenv.sh/packages/
@@ -65,27 +65,12 @@
             pkgs.kubeseal
             pkgs.kubernetes-helm
             pkgs.kustomize
+            pkgs.jq
 
             inputs'.kpt.packages.default
             inputs'.octopilot.packages.default
           ];
 
-          scripts.skaffold-builder-buildx.exec = ''
-            set -ex
-
-            args=""
-
-            if test "$PUSH_IMAGE" = true; then
-              args+="--push "
-            fi
-
-            if test -n "$PLATFORMS"; then
-              args+="--platform $PLATFORMS "
-            fi
-
-            docker buildx build "$BUILD_CONTEXT" --tag $IMAGE $args $SKAFFOLD_BUILDX_ARGS
-          '';
-
           # See full reference at https://devenv.sh/reference/options/
 
         };

diff --git a/skaffold-builder.nix b/skaffold-builder.nix
@@ -0,0 +1,20 @@
+{ ...}:
+{
+  config = {
+    scripts.skaffold-builder-buildx.exec = ''
+      set -ex
+
+      args=""
+
+      if test "$PUSH_IMAGE" = true; then
+        args+="--push "
+      fi
+
+      if test -n "$PLATFORMS"; then
+        args+="--platform $PLATFORMS "
+      fi
+
+      docker buildx build "$BUILD_CONTEXT" --tag $IMAGE $args $SKAFFOLD_BUILDX_ARGS
+    '';
+  };
+}