feat(deploy): Add gocd pipedream pipelines (#20)

Deploys the uptime-checker via gocd

Author: evanpurkhiser

.github/workflows/validate-pipelines.yml

@@ -0,0 +1,60 @@
+name: Validate Deployment Pipelines
+
+on:
+  pull_request:
+  push:
+      branches: [main, test-me-*]
+
+concurrency:
+    group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+    cancel-in-progress: true
+
+jobs:
+    files-changed:
+        name: files-changed
+        runs-on: ubuntu-latest
+        # Map a step output to a job output
+        outputs:
+            gocd: ${{ steps.changes.outputs.gocd }}
+        steps:
+          - uses: actions/checkout@v3
+          - name: Check for relevant file changes
+            uses: getsentry/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
+            id: changes
+            with:
+              filters: |
+                gocd:
+                  - 'gocd/**'
+                  - '.github/workflows/validate-pipelines.yml'
+
+    validate:
+        if: needs.files-changed.outputs.gocd == 'true'
+        needs: files-changed
+        name: Validate GoCD Pipelines
+        runs-on: ubuntu-latest
+
+        # required for google auth
+        permissions:
+            contents: "read"
+            id-token: "write"
+
+        steps:
+            - uses: actions/checkout@v3
+            - id: 'auth'
+              uses: google-github-actions/auth@v1
+              with:
+                workload_identity_provider: 'projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool'
+                service_account: '[email protected]'
+                token_format: 'id_token'
+                id_token_audience: '610575311308-9bsjtgqg4jm01mt058rncpopujgk3627.apps.googleusercontent.com'
+                id_token_include_email: true
+            - uses: getsentry/action-gocd-jsonnet@v1
+              with:
+                jb-install: true
+                jsonnet-dir: gocd/templates
+                generated-dir: gocd/generated-pipelines
+            - uses: getsentry/action-validate-gocd-pipelines@v1
+              with:
+                configrepo: uptime-checker__main
+                gocd_access_token: ${{ secrets.GOCD_ACCESS_TOKEN }}
+                google_oidc_token: ${{ steps.auth.outputs.id_token }}

.gitignore

@@ -1 +1,4 @@
 /target
+
+/gocd/generated-pipelines
+/gocd/templates/vendor

Makefile

@@ -0,0 +1,17 @@
+SHELL=/bin/bash
+
+gocd: ## Build GoCD pipelines
+	rm -rf ./gocd/generated-pipelines
+	mkdir -p ./gocd/generated-pipelines
+	cd ./gocd/templates && jb install && jb update
+
+  # Format
+	find . -type f \( -name '*.libsonnet' -o -name '*.jsonnet' \) -print0 | xargs -n 1 -0 jsonnetfmt -i
+  # Lint
+	find . -type f \( -name '*.libsonnet' -o -name '*.jsonnet' \) -print0 | xargs -n 1 -0 jsonnet-lint -J ./gocd/templates/vendor
+	# Build
+	cd ./gocd/templates && find . -type f \( -name '*.jsonnet' \) -print0 | xargs -n 1 -0 jsonnet --ext-code output-files=true -J vendor -m ../generated-pipelines
+
+  # Convert JSON to yaml
+	cd ./gocd/generated-pipelines && find . -type f \( -name '*.yaml' \) -print0 | xargs -n 1 -0 yq -p json -o yaml -i
+.PHONY: gocd

gocd/templates/bash/check-cloudbuild.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+/devinfra/scripts/checks/googlecloud/checkcloudbuild.py \
+	"${GO_REVISION_UPTIME_CHECKER_REPO}" \
+	"sentryio" \
+	"us-central1-docker.pkg.dev/sentryio/uptime-checker/image"

gocd/templates/bash/check-github-runs.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+/devinfra/scripts/checks/githubactions/checkruns.py \
+	"getsentry/uptime-checker" \
+	"${GO_REVISION_UPTIME_CHECKER_REPO}" \
+	"test"

gocd/templates/bash/deploy.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+eval $(/devinfra/scripts/regions/project_env_vars.py --region="${SENTRY_REGION}")
+
+/devinfra/scripts/k8s/k8stunnel &&
+	/devinfra/scripts/k8s/k8s-deploy.py \
+		--label-selector="${LABEL_SELECTOR}" \
+		--image="us-central1-docker.pkg.dev/sentryio/uptime-checker/image:${GO_REVISION_UPTIME_CHECKER_REPO}" \
+		--container-name="uptime-checker"

gocd/templates/bash/wait-canary.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sleep 300

gocd/templates/jsonnetfile.json

@@ -0,0 +1,15 @@
+{
+  "version": 1,
+  "dependencies": [
+    {
+      "source": {
+        "git": {
+          "remote": "https://github.com/getsentry/gocd-jsonnet.git",
+          "subdir": "libs"
+        }
+      },
+      "version": "v2.10.0"
+    }
+  ],
+  "legacyImports": true
+}

gocd/templates/jsonnetfile.lock.json

@@ -0,0 +1,16 @@
+{
+  "version": 1,
+  "dependencies": [
+    {
+      "source": {
+        "git": {
+          "remote": "https://github.com/getsentry/gocd-jsonnet.git",
+          "subdir": "libs"
+        }
+      },
+      "version": "74ae5728e2d7ed39fdd43cf3b2d28dde7e4567a1",
+      "sum": "AKMGYALLyaVVVjTNnZy64PoCDA8QjxTbHBe5dCnE4tE="
+    }
+  ],
+  "legacyImports": false
+}

gocd/templates/pipelines/uptime-checker.libsonnet

@@ -0,0 +1,72 @@
+local gocdtasks = import 'github.com/getsentry/gocd-jsonnet/libs/gocd-tasks.libsonnet';
+
+function(region) {
+  environment_variables: {
+    // SENTRY_REGION is used by the dev-infra scripts to connect to GKE
+    SENTRY_REGION: region,
+  },
+  materials: {
+    uptime_checker_repo: {
+      git: '[email protected]:getsentry/uptime-checker.git',
+      shallow_clone: true,
+      branch: 'main',
+      destination: 'uptime-checker',
+    },
+  },
+  lock_behavior: 'unlockWhenFinished',
+  stages: [
+    {
+      checks: {
+        fetch_materials: true,
+        jobs: {
+          checks: {
+            timeout: 1200,
+            elastic_profile_id: 'uptime-checker',
+            environment_variables: {
+              GITHUB_TOKEN: '{{SECRET:[devinfra-github][token]}}',
+            },
+            tasks: [
+              gocdtasks.script(importstr '../bash/check-github-runs.sh'),
+              gocdtasks.script(importstr '../bash/check-cloudbuild.sh'),
+            ],
+          },
+        },
+      },
+    },
+    {
+      'deploy-canary': {
+        fetch_materials: true,
+        jobs: {
+          deploy: {
+            timeout: 600,
+            elastic_profile_id: 'uptime-checker',
+            environment_variables: {
+              LABEL_SELECTOR: 'service=uptime-checker,env=canary',
+            },
+            tasks: [
+              gocdtasks.script(importstr '../bash/deploy.sh'),
+              gocdtasks.script(importstr '../bash/wait-canary.sh'),
+            ],
+          },
+        },
+      },
+    },
+    {
+      'deploy-primary': {
+        fetch_materials: true,
+        jobs: {
+          deploy: {
+            timeout: 600,
+            elastic_profile_id: 'uptime-checker',
+            environment_variables: {
+              LABEL_SELECTOR: 'service=uptime-checker',
+            },
+            tasks: [
+              gocdtasks.script(importstr '../bash/deploy.sh'),
+            ],
+          },
+        },
+      },
+    },
+  ],
+}

gocd/templates/uptime-checker.jsonnet

@@ -0,0 +1,25 @@
+local uptime_checker = import './pipelines/uptime-checker.libsonnet';
+local pipedream = import 'github.com/getsentry/gocd-jsonnet/libs/pipedream.libsonnet';
+
+// Pipedream can be configured using this object, you can learn more about the
+// configuration options here: https://github.com/getsentry/gocd-jsonnet#readme
+local pipedream_config = {
+  name: 'uptime-checker',
+  auto_deploy: true,
+  materials: {
+    uptime_checker_repo: {
+      git: '[email protected]:getsentry/uptime-checker.git',
+      shallow_clone: true,
+      branch: 'main',
+      destination: 'uptime-checker',
+    },
+  },
+  rollback: {
+    material_name: 'uptime_checker_repo',
+    stage: 'deploy-primary',
+    elastic_profile_id: 'uptime-checker',
+  },
+  exclude_regions: ['customer-1', 'customer-2', 'customer-3', 'customer-4', 'customer-6', 'customer-7'],
+};
+
+pipedream.render(pipedream_config, uptime_checker)