From adf46fa618727b39bd8206f60bd2897c4bce9148 Mon Sep 17 00:00:00 2001 From: Wouter de Kort Date: Tue, 7 Jan 2025 16:12:51 +0100 Subject: [PATCH] [ASCN-400] Setup CNAB v2 for OpServer (#21) * Setup CNAB v2 * Actually tag the correct image * Some cleanup * Add bash wrapper for Octopus * Revert whitespace changes * Include Invoke-CNAB changes * We don't actually need this * Rename run.ps1 to run and fix issues * And add the wrapper script back * Set permissions * Remove unused file * Move script changes to base image * Update to latest and use the bash file * Switch release creation to tenants * Swtich to image on main --- .github/actions/build_docker/action.yml | 68 +++++++++---------- ...workflow_build_and_release_containers.yaml | 20 +++--- .gitignore | 1 + cnab/Invoke-CNAB.ps1 | 30 +++++--- cnab/app/app.ps1 | 34 +++++----- cnab/app/variables.GCP.json | 48 ------------- cnab/build/Dockerfile | 8 ++- 7 files changed, 89 insertions(+), 120 deletions(-) delete mode 100644 cnab/app/variables.GCP.json diff --git a/.github/actions/build_docker/action.yml b/.github/actions/build_docker/action.yml index 966e0ce1..2f33613b 100644 --- a/.github/actions/build_docker/action.yml +++ b/.github/actions/build_docker/action.yml @@ -25,42 +25,42 @@ inputs: required: false default: '' - runs: using: composite steps: - - name: Setup up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Docker Image Metadata - id: metadata - uses: docker/metadata-action@v5 - with: - images: ${{ inputs.image_name }} - # https://github.com/docker/metadata-action/tree/master?tab=readme-ov-file#priority-attribute - # The default priority of sha is 100, and for custom/raw tags is 200. The highest the most priority. - # We want the sha tag to be the one used for the OCI label and the version output, so we set the priority of the custom date tag to the lowest. - tags: | - type=sha,priority=100 - ${{ inputs.version }},priority=1 - type=ref,event=pr - flavor: latest=false + - name: Setup up Docker Buildx + uses: docker/setup-buildx-action@v3 - - name: Login to Docker Registry - prod - uses: docker/login-action@v3 - with: - registry: ${{ inputs.registry_prod }} - username: ${{ inputs.registry_username }} - password: ${{ inputs.registry_password }} + - name: Docker Image Metadata + id: metadata + uses: docker/metadata-action@v5 + with: + images: ${{ inputs.image_name }} + # https://github.com/docker/metadata-action/tree/master?tab=readme-ov-file#priority-attribute + # The default priority of sha is 100, and for custom/raw tags is 200. The highest the most priority. + # We want the sha tag to be the one used for the OCI label and the version output, so we set the priority of the custom date tag to the lowest. + tags: | + type=sha,priority=100 + ${{ inputs.version }},priority=1 + type=ref,event=pr + flavor: latest=false - - name: Build Image - uses: docker/build-push-action@v6 - with: - push: true - context: . - file: ${{ inputs.dockerfile_path }} - tags: ${{ steps.metadata.outputs.tags }} - labels: ${{ steps.metadata.outputs.labels }} - provenance: true - build-args: | - DOTNET_VERSION=${{ env.DOTNET_VERSION }} + - name: Login to Docker Registry - prod + uses: docker/login-action@v3 + with: + registry: ${{ inputs.registry_prod }} + username: ${{ inputs.registry_username }} + password: ${{ inputs.registry_password }} + + - name: Build Image + uses: docker/build-push-action@v6 + with: + push: true + context: . + file: ${{ inputs.dockerfile_path }} + tags: ${{ steps.metadata.outputs.tags }} + labels: ${{ steps.metadata.outputs.labels }} + provenance: true + build-args: | + DOTNET_VERSION=${{ env.DOTNET_VERSION }} + BUNDLE_VERSION=${{ inputs.version }} diff --git a/.github/workflows/workflow_build_and_release_containers.yaml b/.github/workflows/workflow_build_and_release_containers.yaml index e88532e7..c0a290eb 100644 --- a/.github/workflows/workflow_build_and_release_containers.yaml +++ b/.github/workflows/workflow_build_and_release_containers.yaml @@ -60,23 +60,25 @@ jobs: else echo "SHOULD_CREATE_RELEASE=false" >> $GITHUB_ENV fi + - name: Create Octo Release if main or deploy to sandbox label present - if: env.SHOULD_CREATE_RELEASE == 'true' + # if: env.SHOULD_CREATE_RELEASE == 'true' run: | octoSpaceId="Default" - octoProjectId="Opserver" + octoProjectId="opserver" dotnet octo create-release --project=$octoProjectId --space=$octoSpaceId --version=${{ needs.generate_date_version.outputs.version }} \ - --gitRef=main --server=${{ vars.OCTOPUS_CLOUD_URL }} --apiKey=${{ secrets.OCTOPUS_CLOUD_API_KEY }} - # Note: The gitRef param is for the Octo config repo and not the git repo for the code + --server=${{ vars.OCTOPUS_CLOUD_URL }} --apiKey=${{ secrets.OCTOPUS_CLOUD_API_KEY }} + - name: Deploy via Octopus if main or deploy to ascn-dev if label present - if: env.SHOULD_CREATE_RELEASE == 'true' + # if: env.SHOULD_CREATE_RELEASE == 'true' run: | octoSpaceId="Default" - octoProjectId="OpServer" - environmentId="${{ github.ref_name == 'main' && 'main-test' || 'ascn-dev' }}" + octoProjectId="opserver" + environmentId="${{ github.ref_name == 'main' && 'test' || 'dev' }}" + tenantId="${{ github.ref_name == 'main' && 'main' || 'ascn' }}" dotnet octo deploy-release --project=$octoProjectId --space=$octoSpaceId --version=${{ needs.generate_date_version.outputs.version }} \ - --server=${{ vars.OCTOPUS_CLOUD_URL }} --apiKey=${{ secrets.OCTOPUS_CLOUD_API_KEY }} --deployTo=$environmentId - # Note: The gitRef param is for the Octo config repo and not the git repo for the code + --server=${{ vars.OCTOPUS_CLOUD_URL }} --apiKey=${{ secrets.OCTOPUS_CLOUD_API_KEY }} --deployTo=$environmentId --tenant=$tenantId + diff --git a/.gitignore b/.gitignore index 9f1e6396..559379f5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ # These get copied locally when running Invoke-CNAB not in a container +# Temporarily including these while building out CNAB v2 support cnab/app/container-registry-discovery.ps1 cnab/app/gcp-cluster-discovery.ps1 cnab/app/run.ps1 diff --git a/cnab/Invoke-CNAB.ps1 b/cnab/Invoke-CNAB.ps1 index 8ace25af..22070379 100644 --- a/cnab/Invoke-CNAB.ps1 +++ b/cnab/Invoke-CNAB.ps1 @@ -4,12 +4,16 @@ param ( [string] $Action = "install", [bool] - $RunAsContainer = $false, + $RunAsContainer = $true, [ValidateSet("GCP", "DockerDesktop")] [string] $Target = "GCP", [bool] - $DownloadLocalScriptsForLocalDebugging = $true + $DownloadLocalScriptsForLocalDebugging = $true, + [string] + $Version = "pr-21", + [string] + $PathToDeploymentPipelineVariables = "file:///D:/code/deployment-pipeline-variables" ) # Function to check if a command exists @@ -65,14 +69,23 @@ function Setup-DockerDesktop { } } -$MetaJsonPath = "$PSScriptRoot/app/variables.$Target.json" +$env:PIPELINE_CONFIG_URI=$PathToDeploymentPipelineVariables + +Write-Host "Rendering pipeline variables for CNAB" +$TempFilePath = [System.IO.Path]::GetTempFileName() +$MetaJsonPath = [System.IO.Path]::ChangeExtension($TempFilePath, ".json") + +pipeline-variables render "opserver" --cloud "gcp" --product "pubplat" --env "dev" --deployment-group "ascn" --output $MetaJsonPath --json if (-not (Test-Path $MetaJsonPath)) { - Write-Error "File not found: $MetaJsonPath" + Write-Error "File not found: $MetaJsonPath. Something went wrong rendering pipeline variables." exit 1 } if ($Target -eq "DockerDesktop") { + + Write-Error "Docker Desktop is currently not supported for CNAB v2. For now, please target GCP until we've added back support for Docker Desktop" + exit 1 Setup-DockerDesktop # Build local app images for Docker Desktop @@ -115,7 +128,7 @@ if ($RunAsContainer) { $CNABImage = "$appName-cnab:local" # Build a local copy of CNAB image - docker build -t $CNABImage -f $PSScriptRoot/build/Dockerfile . + docker build -t $CNABImage -f $PSScriptRoot/build/Dockerfile --build-arg BUNDLE_VERSION=$Version . $dockerRunArgs = @() @@ -128,8 +141,6 @@ if ($RunAsContainer) { ) } elseif ($Target -eq "DockerDesktop") { - - if ($IsWindows) { $kubeConfigPath = "$env:USERPROFILE\.kube\config" } @@ -147,7 +158,7 @@ if ($RunAsContainer) { "-v", "$($MetaJsonPath):/variables.json", "--env", "CNAB_ACTION=$Action", "--env", "INSTALLATION_METADATA=/variables.json", - "--rm", "$CNABImage", "/cnab/app/run.ps1" + "--rm", "$CNABImage", "/cnab/app/run" ) docker run $dockerRunArgs @@ -156,7 +167,8 @@ else { $env:CNAB_ACTION = $Action $env:INSTALLATION_METADATA = $MetaJsonPath - + $env:BUNDLE_VERSION = $Version + if ($DownloadLocalScriptsForLocalDebugging) { # Read the CNAB base image from the Dockerfile $DockerfilePath = "$PSScriptRoot/build/Dockerfile" diff --git a/cnab/app/app.ps1 b/cnab/app/app.ps1 index 46a860da..c6b0dbef 100644 --- a/cnab/app/app.ps1 +++ b/cnab/app/app.ps1 @@ -11,12 +11,12 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag Write-MajorStep "Generating Helm values" $values = @{ tier = $environment - replicaCount = $vars.vars.replicaCount - aspnetcoreEnvironment = $vars.vars.aspnetcoreEnvironment + replicaCount = $vars.replicaCount + aspnetcoreEnvironment = $vars.aspnetcoreEnvironment product = "pubplat" db = @{ - exceptionalDbName = $vars.vars.exceptionalDbName; + exceptionalDbName = $vars.exceptionalDbName; } images = @{ @@ -27,27 +27,27 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag } requests = @{ - cpu = $vars.vars.requestsCPU - memory = $vars.vars.requestsMemory + cpu = $vars.requestsCPU + memory = $vars.requestsMemory } limits = @{ - memory = $vars.vars.limitsMemory + memory = $vars.limitsMemory } podDisruptionBudget = @{ - minAvailable = $vars.vars.podDisruptionBudgetMinAvailable + minAvailable = $vars.podDisruptionBudgetMinAvailable } exceptional = @{ store = @{ - type = $vars.vars.exceptionalStoreType + type = $vars.exceptionalStoreType } } datadog = @{ - agentHost = $vars.vars.datadogAgentHost - agentPort = $vars.vars.datadogAgentPort + agentHost = $vars.datadogAgentHost + agentPort = $vars.datadogAgentPort } kestrel = @{ @@ -60,7 +60,7 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag } secretStore = @{ - fake = $vars.runtime.local + fake = $vars.useFakeSecretStore } image = @{ @@ -70,23 +70,23 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag ingress = @{ className = "nginx-internal" certIssuer = "letsencrypt-dns-prod" - host = $vars.vars.opserverSettings.hostUrl - enabled = $vars.vars.includeIngress + host = $vars.opserverSettings.hostUrl + enabled = $vars.includeIngress secretName = "opserver-tls" createTlsCert = $true } sqlExternalSecret = @{ - storeRefName = $vars.vars.secretStore + storeRefName = $vars.secretStore } opserverExternalSecret = @{ - storeRefName = $vars.vars.secretStore + storeRefName = $vars.secretStore } - opserverSettings = $vars.vars.opserverSettings + opserverSettings = $vars.opserverSettings - adminRolebindingGroupId = $vars.vars.adminRolebindingGroupId + adminRolebindingGroupId = $vars.adminRolebindingGroupId } # Helm expects a YAML file but YAML is also a superset of JSON, so we can use ConvertTo-Json here diff --git a/cnab/app/variables.GCP.json b/cnab/app/variables.GCP.json deleted file mode 100644 index dfc85d38..00000000 --- a/cnab/app/variables.GCP.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "pipeline": { - "environment": "dev", - "product": "pubplat", - "project": "opserver", - "releaseTag": "pr-22" - }, - "runtime": { - "cd": false, - "local": false, - "name": "GCP" - }, - "deploymentDiscovery": { - "deploymentGroupFilter": "labels.env=dev AND labels.project=base AND labels.product=pubplat AND labels.instance=ascn-dev", - "deploymentTargetFilter": "resourceLabels.deployment_target=true AND resourceLabels.os=linux" - }, - "vars": { - "secretStore": "cluster-secrets", - "imagePullPolicy": "Always", - "replicaCount": "1", - "aspnetcoreEnvironment": "Dev", - "exceptionalStoreType": "SQL", - "exceptionalDbName": "Dev.Exceptions", - "datadogAgentHost": "127.0.0.1", - "datadogAgentPort": "8125", - "includeIngress": "true", - "adminRolebindingGroupId": "", - "requestsCPU": "", - "requestsMemory": "", - "limitsMemory": "", - "isHADRPrimary": "true", - "podDisruptionBudgetMinAvailable": "1", - "opserverSettings": { - "hostUrl": "opserver.ascn-dev.int.gcp.stackoverflow.net", - "sql": [ - { "name": "db.db" } - ], - "exceptions": [ - { "serverName": "db.db", "database": "Dev.Exceptions" } - ], - "security": { - "adminGroups": "OpserverDev-Admin", - "viewGroups": "OpserverDev-View", - "provider": "OIDC" - } - } - } -} \ No newline at end of file diff --git a/cnab/build/Dockerfile b/cnab/build/Dockerfile index 93b8f2b2..6246c242 100644 --- a/cnab/build/Dockerfile +++ b/cnab/build/Dockerfile @@ -1,7 +1,9 @@ -FROM cr.stackoverflow.software/so-pubplat-cnab:2024.10.16.174409-276.1@sha256:36cf26cd2d2ea251ce46edcc966174ab1ed95ccf2818cdc763ba58a384328177 +FROM cr.stackoverflow.software/so-pubplat-cnab:2025.1.7.92116@sha256:e1c7397eaa8b5d6b11db49b1150290782675b3dfae2b886770e5a2048b2fa745 COPY ./cnab/app /cnab/app COPY ./charts /cnab/app/charts -RUN chmod 755 /cnab/app/run.ps1 -CMD ["/cnab/app/run.ps1"] \ No newline at end of file +ARG BUNDLE_VERSION +ENV BUNDLE_VERSION=${BUNDLE_VERSION} + +CMD ["/cnab/app/run"] \ No newline at end of file