From 2ffb4bc6584bb2cccd8e566db8641773cd494c8a Mon Sep 17 00:00:00 2001 From: Alejandro de Brito Fontes Date: Fri, 14 Jul 2023 15:58:46 +0000 Subject: [PATCH 01/14] Fix integration test execution --- .github/actions/setup-environment/action.yml | 13 +++---------- .github/workflows/build.yml | 1 + 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/.github/actions/setup-environment/action.yml b/.github/actions/setup-environment/action.yml index 9a071938464886..5c2da40a2b534b 100644 --- a/.github/actions/setup-environment/action.yml +++ b/.github/actions/setup-environment/action.yml @@ -26,21 +26,14 @@ runs: name: configure env variables shell: bash run: | - SA_KEY_FILE=$(mktemp) - echo "${{ inputs.sa_key }}" > "$SA_KEY_FILE" - - trap 'rm -f ${SA_KEY_FILE}' EXIT - gcloud auth configure-docker eu.gcr.io --quiet PREVIEW_ENV_DEV_SA_KEY_PATH="$GITHUB_WORKSPACE/.config/gcloud/preview-environment-dev-sa.json" + mkdir -p "$(dirname "$PREVIEW_ENV_DEV_SA_KEY_PATH")" + echo "${{ inputs.sa_key }}" > "$PREVIEW_ENV_DEV_SA_KEY_PATH" { echo "LEEWAY_SEGMENT_KEY=${{ inputs.leeway_segment_key }}" echo "LEEWAY_WORKSPACE_ROOT=$GITHUB_WORKSPACE" - echo "PREVIEW_ENV_DEV_SA_KEY_PATH=${PREVIEW_ENV_DEV_SA_KEY_PATH}" + echo "PREVIEW_ENV_DEV_SA_KEY_PATH=$PREVIEW_ENV_DEV_SA_KEY_PATH" } >> "$GITHUB_ENV" - - # Authenticate with GCP so we can use the Leeway cache - mkdir -p "$(dirname "$PREVIEW_ENV_DEV_SA_KEY_PATH")" - echo "${{ inputs.sa_key }}" > "${PREVIEW_ENV_DEV_SA_KEY_PATH}" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e16ef486e89c7d..1b914567406ab4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -424,6 +424,7 @@ jobs: leeway run dev/preview/previewctl:install echo "Setting up access to core-dev and harvester" + echo "SA file path: ${PREVIEW_ENV_DEV_SA_KEY_PATH}" previewctl get-credentials --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" previewctl install-context --branch "${PREVIEW_NAME}" --log-level debug --timeout 1m --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" From c55e3370423d35ea51a993d9b0be1c25de7cc256 Mon Sep 17 00:00:00 2001 From: Alejandro de Brito Fontes Date: Fri, 14 Jul 2023 16:21:41 +0000 Subject: [PATCH 02/14] Simplify assignment of SA --- .github/actions/setup-environment/action.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/actions/setup-environment/action.yml b/.github/actions/setup-environment/action.yml index 5c2da40a2b534b..967868e5df540d 100644 --- a/.github/actions/setup-environment/action.yml +++ b/.github/actions/setup-environment/action.yml @@ -28,12 +28,8 @@ runs: run: | gcloud auth configure-docker eu.gcr.io --quiet - PREVIEW_ENV_DEV_SA_KEY_PATH="$GITHUB_WORKSPACE/.config/gcloud/preview-environment-dev-sa.json" - mkdir -p "$(dirname "$PREVIEW_ENV_DEV_SA_KEY_PATH")" - echo "${{ inputs.sa_key }}" > "$PREVIEW_ENV_DEV_SA_KEY_PATH" - { echo "LEEWAY_SEGMENT_KEY=${{ inputs.leeway_segment_key }}" echo "LEEWAY_WORKSPACE_ROOT=$GITHUB_WORKSPACE" - echo "PREVIEW_ENV_DEV_SA_KEY_PATH=$PREVIEW_ENV_DEV_SA_KEY_PATH" + echo "PREVIEW_ENV_DEV_SA_KEY_PATH=${{ steps.auth.outputs.credentials_file_path }}" } >> "$GITHUB_ENV" From 1ca9322dca53f5bb71ac1cc39dab20649864ce50 Mon Sep 17 00:00:00 2001 From: Alejandro de Brito Fontes Date: Fri, 14 Jul 2023 18:01:51 +0000 Subject: [PATCH 03/14] Fix kubeconfig location --- dev/preview/BUILD.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/preview/BUILD.yaml b/dev/preview/BUILD.yaml index d7c48073d4f213..4eb98f1c080d11 100644 --- a/dev/preview/BUILD.yaml +++ b/dev/preview/BUILD.yaml @@ -26,7 +26,7 @@ scripts: export GOOGLE_APPLICATION_CREDENTIALS="${GOOGLE_APPLICATION_CREDENTIALS:-$PREVIEW_ENV_DEV_SA_KEY_PATH}" export GOOGLE_BACKEND_CREDENTIALS="${GOOGLE_BACKEND_CREDENTIALS:-$PREVIEW_ENV_DEV_SA_KEY_PATH}" export TF_VAR_cert_issuer="${TF_VAR_cert_issuer:-letsencrypt-issuer-gitpod-core-dev}" - export TF_VAR_dev_kube_path="${TF_VAR_dev_kube_path:-/home/gitpod/.kube/config}" + export TF_VAR_dev_kube_path="${TF_VAR_dev_kube_path:-$HOME/.kube/config}" export TF_VAR_dev_kube_context="${TF_VAR_dev_kube_context:-dev}" export TF_VAR_harvester_kube_path="${TF_VAR_harvester_kube_path:-$HOME/.kube/config}" export TF_VAR_harvester_kube_context="${TF_VAR_harvester_kube_context:-harvester}" From 2a89d62b628bbd9d15195ba8faddf2e26f1c91fa Mon Sep 17 00:00:00 2001 From: Alejandro de Brito Fontes Date: Fri, 14 Jul 2023 18:56:39 +0000 Subject: [PATCH 04/14] Cleanup --- .github/actions/delete-preview/entrypoint.sh | 6 +----- .github/actions/deploy-gitpod/entrypoint.sh | 10 +++------ .../deploy-monitoring-satellite/entrypoint.sh | 6 +----- .github/actions/preview-create/entrypoint.sh | 6 +----- .github/workflows/build.yml | 3 +-- .github/workflows/ide-integration-tests.yml | 9 ++------ .../preview-env-check-regressions.yml | 9 ++------ .github/workflows/preview-env-gc.yml | 21 +++++++------------ .../workflows/workspace-integration-tests.yml | 13 ++++-------- dev/preview/util/ssh-proxy-command.sh | 2 +- scripts/lw-scan-images.sh | 1 - 11 files changed, 24 insertions(+), 62 deletions(-) diff --git a/.github/actions/delete-preview/entrypoint.sh b/.github/actions/delete-preview/entrypoint.sh index 3f207654be1c7f..1d527391f220b1 100755 --- a/.github/actions/delete-preview/entrypoint.sh +++ b/.github/actions/delete-preview/entrypoint.sh @@ -2,15 +2,11 @@ set -euo pipefail -export HOME=/home/gitpod -export PREVIEW_ENV_DEV_SA_KEY_PATH="$HOME/.config/gcloud/preview-environment-dev-sa.json" # shellcheck disable=SC2155 -export LEEWAY_WORKSPACE_ROOT="$(pwd)" export PATH="$PATH:$HOME/bin" -mkdir $HOME/bin +mkdir "$HOME/bin" -echo "${INPUT_SA_KEY}" > "${PREVIEW_ENV_DEV_SA_KEY_PATH}" gcloud auth activate-service-account --key-file "${PREVIEW_ENV_DEV_SA_KEY_PATH}" leeway run dev/preview/previewctl:download diff --git a/.github/actions/deploy-gitpod/entrypoint.sh b/.github/actions/deploy-gitpod/entrypoint.sh index af2e69610f4b8a..a8d09e5bc340b7 100755 --- a/.github/actions/deploy-gitpod/entrypoint.sh +++ b/.github/actions/deploy-gitpod/entrypoint.sh @@ -2,23 +2,19 @@ set -euo pipefail -export HOME=/home/gitpod -export PREVIEW_ENV_DEV_SA_KEY_PATH="$HOME/.config/gcloud/preview-environment-dev-sa.json" # shellcheck disable=SC2155 -export LEEWAY_WORKSPACE_ROOT="$(pwd)" export VERSION="${INPUT_VERSION}" export PATH="$PATH:$HOME/bin" -mkdir $HOME/bin +mkdir "$HOME/bin" echo "Downloading installer for ${VERSION}" -oci-tool fetch file -o $HOME/bin/installer --platform=linux-amd64 "eu.gcr.io/gitpod-core-dev/build/installer:${VERSION}" app/installer -chmod +x $HOME/bin/installer +oci-tool fetch file -o "$HOME/bin/installer" --platform=linux-amd64 "eu.gcr.io/gitpod-core-dev/build/installer:${VERSION}" app/installer +chmod +x "$HOME/bin/installer" echo "Download versions.yaml" oci-tool fetch file -o /tmp/versions.yaml --platform=linux-amd64 "eu.gcr.io/gitpod-core-dev/build/versions:${VERSION}" versions.yaml -echo "${INPUT_SA_KEY}" > "${PREVIEW_ENV_DEV_SA_KEY_PATH}" gcloud auth activate-service-account --key-file "${PREVIEW_ENV_DEV_SA_KEY_PATH}" leeway run dev/preview/previewctl:download diff --git a/.github/actions/deploy-monitoring-satellite/entrypoint.sh b/.github/actions/deploy-monitoring-satellite/entrypoint.sh index 152b1c3feb239e..b788e58cd0d2a1 100755 --- a/.github/actions/deploy-monitoring-satellite/entrypoint.sh +++ b/.github/actions/deploy-monitoring-satellite/entrypoint.sh @@ -2,15 +2,11 @@ set -euo pipefail -export HOME=/home/gitpod -export PREVIEW_ENV_DEV_SA_KEY_PATH="$HOME/.config/gcloud/preview-environment-dev-sa.json" # shellcheck disable=SC2155 -export LEEWAY_WORKSPACE_ROOT="$(pwd)" export PATH="$PATH:$HOME/bin" -mkdir $HOME/bin +mkdir "$HOME/bin" -echo "${INPUT_SA_KEY}" > "${PREVIEW_ENV_DEV_SA_KEY_PATH}" gcloud auth activate-service-account --key-file "${PREVIEW_ENV_DEV_SA_KEY_PATH}" leeway run dev/preview/previewctl:download diff --git a/.github/actions/preview-create/entrypoint.sh b/.github/actions/preview-create/entrypoint.sh index 110272f848175e..fbccb2bd77e2d8 100755 --- a/.github/actions/preview-create/entrypoint.sh +++ b/.github/actions/preview-create/entrypoint.sh @@ -2,15 +2,11 @@ set -euo pipefail -export HOME=/home/gitpod -export PREVIEW_ENV_DEV_SA_KEY_PATH="$HOME/.config/gcloud/preview-environment-dev-sa.json" # shellcheck disable=SC2155 -export LEEWAY_WORKSPACE_ROOT="$(pwd)" export PATH="$PATH:$HOME/bin" -mkdir $HOME/bin +mkdir "$HOME/bin" -echo "${INPUT_SA_KEY}" >"${PREVIEW_ENV_DEV_SA_KEY_PATH}" gcloud auth activate-service-account --key-file "${PREVIEW_ENV_DEV_SA_KEY_PATH}" leeway run dev/preview/previewctl:download diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1b914567406ab4..9b37e02830c27d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -424,11 +424,10 @@ jobs: leeway run dev/preview/previewctl:install echo "Setting up access to core-dev and harvester" - echo "SA file path: ${PREVIEW_ENV_DEV_SA_KEY_PATH}" previewctl get-credentials --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" - previewctl install-context --branch "${PREVIEW_NAME}" --log-level debug --timeout 1m --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" + echo "Running integration tests suite..." $GITHUB_WORKSPACE/test/run.sh -s ${TEST_SUITS} delete-runner: diff --git a/.github/workflows/ide-integration-tests.yml b/.github/workflows/ide-integration-tests.yml index 9c8fa366c30d73..fc4f8b8fb729b5 100644 --- a/.github/workflows/ide-integration-tests.yml +++ b/.github/workflows/ide-integration-tests.yml @@ -117,12 +117,7 @@ jobs: run: | set -euo pipefail - export LEEWAY_WORKSPACE_ROOT="$(pwd)" - export HOME="/home/gitpod" - export PREVIEW_ENV_DEV_SA_KEY_PATH="/home/gitpod/.config/gcloud/preview-environment-dev-sa.json" - - echo "${PREVIEW_ENV_DEV_SA_KEY}" > "${PREVIEW_ENV_DEV_SA_KEY_PATH}" - gcloud auth activate-service-account --key-file "${PREVIEW_ENV_DEV_SA_KEY_PATH}" + gcloud auth activate-service-account --key-file ${{ steps.auth.outputs.credentials_file_path }} leeway run dev/preview/previewctl:install @@ -133,7 +128,7 @@ jobs: # start integration test args=() - args+=( "-kubeconfig=/home/gitpod/.kube/config" ) + args+=( "-kubeconfig=$HOME/.kube/config" ) args+=( "-namespace=default" ) [[ "$USERNAME" != "" ]] && args+=( "-username=$USERNAME" ) args+=( "-timeout=60m" ) diff --git a/.github/workflows/preview-env-check-regressions.yml b/.github/workflows/preview-env-check-regressions.yml index e642700c4ac982..92f3c6bcfa0e32 100644 --- a/.github/workflows/preview-env-check-regressions.yml +++ b/.github/workflows/preview-env-check-regressions.yml @@ -100,12 +100,7 @@ jobs: run: | set -euo pipefail - export LEEWAY_WORKSPACE_ROOT="$(pwd)" - export HOME="/home/gitpod" - export PREVIEW_ENV_DEV_SA_KEY_PATH="/home/gitpod/.config/gcloud/preview-environment-dev-sa.json" - - echo "${PREVIEW_ENV_DEV_SA_KEY}" > "${PREVIEW_ENV_DEV_SA_KEY_PATH}" - gcloud auth activate-service-account --key-file "${PREVIEW_ENV_DEV_SA_KEY_PATH}" + gcloud auth activate-service-account --key-file ${{ steps.auth.outputs.credentials_file_path }} leeway run dev/preview/previewctl:install @@ -116,7 +111,7 @@ jobs: # start integration test args=() - args+=( "-kubeconfig=/home/gitpod/.kube/config" ) + args+=( "-kubeconfig=$HOME/.kube/config" ) args+=( "-namespace=default" ) [[ "$USERNAME" != "" ]] && args+=( "-username=$USERNAME" ) args+=( "-timeout=60m" ) diff --git a/.github/workflows/preview-env-gc.yml b/.github/workflows/preview-env-gc.yml index ba484a1065cee3..9cdf8f011c8b25 100644 --- a/.github/workflows/preview-env-gc.yml +++ b/.github/workflows/preview-env-gc.yml @@ -27,23 +27,18 @@ jobs: env: PREVIEW_ENV_DEV_SA_KEY: ${{ secrets.GCP_CREDENTIALS }} run: | - set -euo pipefail + set -euo pipefail - export LEEWAY_WORKSPACE_ROOT="$(pwd)" - export HOME="/home/gitpod" - export PREVIEW_ENV_DEV_SA_KEY_PATH="/home/gitpod/.config/gcloud/preview-environment-dev-sa.json" - # Used by 'previewctl list stale' - export GOOGLE_APPLICATION_CREDENTIALS="/home/gitpod/.config/gcloud/preview-environment-dev-sa.json" + export GOOGLE_APPLICATION_CREDENTIALS=${{ steps.auth.outputs.credentials_file_path }} - echo "${PREVIEW_ENV_DEV_SA_KEY}" > "${PREVIEW_ENV_DEV_SA_KEY_PATH}" - gcloud auth activate-service-account --key-file "${PREVIEW_ENV_DEV_SA_KEY_PATH}" + gcloud auth activate-service-account --key-file ${{ steps.auth.outputs.credentials_file_path }} - leeway run dev/preview/previewctl:install + leeway run dev/preview/previewctl:install - previewctl get-credentials --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" - previewctl list stale | jq --null-input --raw-input --compact-output '[inputs | select(length>0)]' > /tmp/stale-json - echo "names=$(cat /tmp/stale-json)" >> $GITHUB_OUTPUT - echo "count=$(jq '. | length' /tmp/stale-json)" >> $GITHUB_OUTPUT + previewctl get-credentials --gcp-service-account ${{ steps.auth.outputs.credentials_file_path }} + previewctl list stale | jq --null-input --raw-input --compact-output '[inputs | select(length>0)]' > /tmp/stale-json + echo "names=$(cat /tmp/stale-json)" >> $GITHUB_OUTPUT + echo "count=$(jq '. | length' /tmp/stale-json)" >> $GITHUB_OUTPUT delete: name: "Delete preview environment" diff --git a/.github/workflows/workspace-integration-tests.yml b/.github/workflows/workspace-integration-tests.yml index b815d054b43fd0..da67f2b46addfb 100644 --- a/.github/workflows/workspace-integration-tests.yml +++ b/.github/workflows/workspace-integration-tests.yml @@ -148,23 +148,18 @@ jobs: printf -v start_time '%(%s)T' - export LEEWAY_WORKSPACE_ROOT="$(pwd)" - export HOME="/home/gitpod" - export PREVIEW_ENV_DEV_SA_KEY_PATH="/home/gitpod/.config/gcloud/preview-environment-dev-sa.json" - - echo "${PREVIEW_ENV_DEV_SA_KEY}" > "${PREVIEW_ENV_DEV_SA_KEY_PATH}" - gcloud auth activate-service-account --key-file "${PREVIEW_ENV_DEV_SA_KEY_PATH}" + gcloud auth activate-service-account --key-file ${{ steps.auth.outputs.credentials_file_path }} leeway run dev/preview/previewctl:install echo "Setting up access to core-dev and harvester" - previewctl get-credentials --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" + previewctl get-credentials --gcp-service-account ${{ steps.auth.outputs.credentials_file_path }} - previewctl install-context --branch "${PREVIEW_NAME}" --log-level debug --timeout 1m --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" + previewctl install-context --branch "${PREVIEW_NAME}" --log-level debug --timeout 1m --gcp-service-account ${{ steps.auth.outputs.credentials_file_path }} # start integration test args=() - args+=( "-kubeconfig=/home/gitpod/.kube/config" ) + args+=( "-kubeconfig=$HOME/.kube/config" ) args+=( "-namespace=default" ) [[ "$USERNAME" != "" ]] && args+=( "-username=$USERNAME" ) args+=( "-timeout=180m" ) diff --git a/dev/preview/util/ssh-proxy-command.sh b/dev/preview/util/ssh-proxy-command.sh index a64fa50df3fa9e..b1a95a5c85608b 100755 --- a/dev/preview/util/ssh-proxy-command.sh +++ b/dev/preview/util/ssh-proxy-command.sh @@ -20,7 +20,7 @@ NAMESPACE="preview-${VM_NAME}" pkill -f "kubectl --context=harvester (.*)${PORT}:2200" kubectl \ --context=harvester \ - --kubeconfig=/home/gitpod/.kube/config \ + --kubeconfig="$HOME/.kube/config" \ -n "${NAMESPACE}" port-forward service/proxy "${PORT}:2200" > /dev/null 2>&1 & # Wait for the port to be read diff --git a/scripts/lw-scan-images.sh b/scripts/lw-scan-images.sh index 0bdfbee786e9ca..52d1b0900c9e57 100755 --- a/scripts/lw-scan-images.sh +++ b/scripts/lw-scan-images.sh @@ -16,7 +16,6 @@ EXCLUDE_DOCKER_IO="${EXCLUDE_DOCKER_IO:-"false"}" TMP=$(mktemp -d) echo "workdir: $TMP" -HOME="/home/gitpod" BIN="$HOME/bin" mkdir -p "$BIN" From d2a8a6d2db277d7057eb88a9d2208c77c2303aca Mon Sep 17 00:00:00 2001 From: Alejandro de Brito Fontes Date: Sat, 15 Jul 2023 07:13:02 +0000 Subject: [PATCH 05/14] Remove env vars duplications --- .github/actions/delete-preview/metadata.yml | 19 +- .github/actions/deploy-gitpod/metadata.yml | 46 +-- .../deploy-monitoring-satellite/metadata.yml | 13 +- .github/actions/preview-create/metadata.yml | 41 +- .github/workflows/build.yml | 7 +- .github/workflows/ide-integration-tests.yml | 11 +- .../preview-env-check-regressions.yml | 364 +++++++++--------- .github/workflows/preview-env-delete.yml | 5 +- .github/workflows/preview-env-gc.yml | 121 +++--- .../workflows/workspace-integration-tests.yml | 11 +- 10 files changed, 323 insertions(+), 315 deletions(-) diff --git a/.github/actions/delete-preview/metadata.yml b/.github/actions/delete-preview/metadata.yml index f50f6d166495d4..06268ebbfc471d 100644 --- a/.github/actions/delete-preview/metadata.yml +++ b/.github/actions/delete-preview/metadata.yml @@ -1,15 +1,12 @@ name: "Delete preview environment" description: "Deletes a preview environment" inputs: - sa_key: - description: "The service account key to use when authenticating with GCP" - required: true - name: - description: "The name of the preview environment" - required: true - previewctl_hash: - description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt" - required: false + name: + description: "The name of the preview environment" + required: true + previewctl_hash: + description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt" + required: false runs: - using: "docker" - image: "Dockerfile" + using: "docker" + image: "Dockerfile" diff --git a/.github/actions/deploy-gitpod/metadata.yml b/.github/actions/deploy-gitpod/metadata.yml index ad842cebd7ef04..c914a30005eece 100644 --- a/.github/actions/deploy-gitpod/metadata.yml +++ b/.github/actions/deploy-gitpod/metadata.yml @@ -1,30 +1,24 @@ name: "Deploy Gitpod" description: "Deploys Gitpod to an existing preview environment" inputs: - sa_key: - description: "The service account key to use when authenticating with GCP" - required: true - name: - description: "The name of the preview environment to deploy Gitpod to" - required: false - version: - description: "The version of Gitpod to install" - required: true - previewctl_hash: - description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt" - required: false - with_dedicated_emu: - description: "Dedicated Config" - required: false - with_ee_licencse: - description: "Use EE license" - required: false - analytics: - description: "With analytics" - required: false - workspace_feature_flags: - description: "Workspace feature flags" - required: false + name: + description: "The name of the preview environment to deploy Gitpod to" + required: false + version: + description: "The version of Gitpod to install" + required: true + previewctl_hash: + description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt" + required: false + with_dedicated_emu: + description: "Dedicated Config" + required: false + analytics: + description: "With analytics" + required: false + workspace_feature_flags: + description: "Workspace feature flags" + required: false runs: - using: "docker" - image: "Dockerfile" + using: "docker" + image: "Dockerfile" diff --git a/.github/actions/deploy-monitoring-satellite/metadata.yml b/.github/actions/deploy-monitoring-satellite/metadata.yml index ab8b2977503f08..c3751f2bf9e318 100644 --- a/.github/actions/deploy-monitoring-satellite/metadata.yml +++ b/.github/actions/deploy-monitoring-satellite/metadata.yml @@ -1,12 +1,9 @@ name: "Deploy monitoring satellite" description: "Deploys monitoring satellite to an existing preview environment" inputs: - sa_key: - description: "The service account key to use when authenticating with GCP" - required: true - previewctl_hash: - description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt" - required: false + previewctl_hash: + description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt" + required: false runs: - using: "docker" - image: "Dockerfile" + using: "docker" + image: "Dockerfile" diff --git a/.github/actions/preview-create/metadata.yml b/.github/actions/preview-create/metadata.yml index 215110f48fbe98..e2d711936749ec 100644 --- a/.github/actions/preview-create/metadata.yml +++ b/.github/actions/preview-create/metadata.yml @@ -1,26 +1,23 @@ name: "Create preview environment" description: "Creates the infrastructure for a preview environment" inputs: - name: - description: "The name of the preview environment to deploy Gitpod to" - required: false - infrastructure_provider: - description: "The infrastructure provider to use" - required: true - large_vm: - description: "Whether to use a larger VM for the env" - required: true - default: false - sa_key: - description: "The service account key to use when authenticating with GCP" - required: true - previewctl_hash: - description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt" - required: false - recreate_vm: - description: "Whether to recreate the VM" - required: false - default: "false" + name: + description: "The name of the preview environment to deploy Gitpod to" + required: false + infrastructure_provider: + description: "The infrastructure provider to use" + required: true + large_vm: + description: "Whether to use a larger VM for the env" + required: true + default: false + previewctl_hash: + description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt" + required: false + recreate_vm: + description: "Whether to recreate the VM" + required: false + default: "false" runs: - using: "docker" - image: "Dockerfile" + using: "docker" + image: "Dockerfile" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9b37e02830c27d..6152eb357e4428 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -127,7 +127,6 @@ jobs: uses: ./.github/actions/preview-create with: name: ${{ github.head_ref || github.ref_name }} - sa_key: ${{ secrets.GCP_CREDENTIALS }} infrastructure_provider: ${{ needs.configuration.outputs.preview_infra_provider }} previewctl_hash: ${{ needs.build-previewctl.outputs.previewctl_hash }} large_vm: ${{ needs.configuration.outputs.with_large_vm }} @@ -340,7 +339,6 @@ jobs: with: name: ${{ github.head_ref || github.ref_name }} version: ${{needs.configuration.outputs.version}} - sa_key: ${{ secrets.GCP_CREDENTIALS }} previewctl_hash: ${{ needs.build-previewctl.outputs.previewctl_hash }} with_dedicated_emu: ${{needs.configuration.outputs.with_dedicated_emulation}} analytics: ${{needs.configuration.outputs.analytics}} @@ -379,11 +377,14 @@ jobs: cancel-in-progress: true steps: - uses: actions/checkout@v3 + - uses: ./.github/actions/setup-environment + with: + sa_key: ${{ secrets.GCP_CREDENTIALS }} + leeway_segment_key: ${{ secrets.LEEWAY_SEGMENT_KEY }} - name: Deploy monitoring satellite to the preview environment id: deploy-monitoring-satellite uses: ./.github/actions/deploy-monitoring-satellite with: - sa_key: ${{ secrets.GCP_CREDENTIALS }} previewctl_hash: ${{ needs.build-previewctl.outputs.previewctl_hash }} integration-test: diff --git a/.github/workflows/ide-integration-tests.yml b/.github/workflows/ide-integration-tests.yml index fc4f8b8fb729b5..065d69c8b0f38a 100644 --- a/.github/workflows/ide-integration-tests.yml +++ b/.github/workflows/ide-integration-tests.yml @@ -75,12 +75,15 @@ jobs: group: ${{ needs.configuration.outputs.name }}-infrastructure steps: - uses: actions/checkout@v3 + - uses: ./.github/actions/setup-environment + with: + sa_key: ${{ secrets.GCP_CREDENTIALS }} + leeway_segment_key: ${{ secrets.LEEWAY_SEGMENT_KEY }} - name: Create preview environment infrastructure id: create uses: ./.github/actions/preview-create with: name: ${{ needs.configuration.outputs.name }} - sa_key: ${{ secrets.GCP_CREDENTIALS }} infrastructure_provider: gce large_vm: true - name: Deploy Gitpod to the preview environment @@ -89,7 +92,6 @@ jobs: uses: ./.github/actions/deploy-gitpod with: name: ${{ needs.configuration.outputs.name }} - sa_key: ${{ secrets.GCP_CREDENTIALS }} version: ${{ needs.configuration.outputs.version}} check: @@ -181,11 +183,14 @@ jobs: runs-on: ${{ needs.create-runner.outputs.label }} steps: - uses: actions/checkout@v3 + - uses: ./.github/actions/setup-environment + with: + sa_key: ${{ secrets.GCP_CREDENTIALS }} + leeway_segment_key: ${{ secrets.LEEWAY_SEGMENT_KEY }} - name: Delete preview environment uses: ./.github/actions/delete-preview with: name: ${{ needs.configuration.outputs.name }} - sa_key: ${{ secrets.GCP_CREDENTIALS }} delete-runner: if: always() diff --git a/.github/workflows/preview-env-check-regressions.yml b/.github/workflows/preview-env-check-regressions.yml index 92f3c6bcfa0e32..854babd78e5030 100644 --- a/.github/workflows/preview-env-check-regressions.yml +++ b/.github/workflows/preview-env-check-regressions.yml @@ -1,185 +1,191 @@ name: "Preview environment regression check" on: - workflow_run: - workflows: ["Build"] - types: [completed] - branches: ["main"] - workflow_dispatch: - inputs: - name: - required: true - description: "The name of the preview environment" - version: - required: true - description: "The version of Gitpod to install" - infrastructure_provider: - description: "The infrastructure provider to use. Valid options: harvester, gcp" - required: false - default: gcp + workflow_run: + workflows: ["Build"] + types: [completed] + branches: ["main"] + workflow_dispatch: + inputs: + name: + required: true + description: "The name of the preview environment" + version: + required: true + description: "The version of Gitpod to install" + infrastructure_provider: + description: "The infrastructure provider to use. Valid options: harvester, gcp" + required: false + default: gcp jobs: - create-runner: - uses: ./.github/workflows/create_runner.yml - secrets: inherit - - configuration: - needs: [ create-runner ] - name: Configuration - runs-on: ${{ needs.create-runner.outputs.label }} - outputs: - skip: ${{ steps.configuration.outputs.skip }} - name: ${{ steps.configuration.outputs.name }} - version: ${{ steps.configuration.outputs.version }} - infrastructure_provider: ${{ steps.configuration.outputs.infrastructure_provider }} - steps: - - name: "Set outputs" - id: configuration - run: | - if [[ '${{ github.event.inputs.name }}' != '' ]]; then - # The workflow was triggered by workflow_dispatch - { - echo "version=${{ github.event.inputs.version }}" - echo "name=${{ github.event.inputs.name }}" - echo "infrastructure_provider=${{ github.event.inputs.infrastructure_provider }}" - echo "skip=false" - } >> $GITHUB_OUTPUT - else - # The workflow was triggered by workflow_run - { - echo "version=main-gha.${{ github.event.workflow_run.run_number }}" - echo "name=preview-regression-check-main-${{ github.run_id }}-${{ github.run_attempt }}" - echo "infrastructure_provider=harvester" - echo "skip=${{ github.event.workflow_run.conclusion == 'failure' }}" - } >> $GITHUB_OUTPUT - fi - - infrastructure: - name: Create preview environment infrastructure - needs: [ configuration, create-runner ] - runs-on: ${{ needs.create-runner.outputs.label }} - concurrency: - group: ${{ needs.configuration.outputs.name }}-infrastructure - steps: - - uses: actions/checkout@v3 - - name: Create preview environment infrastructure - id: create - uses: ./.github/actions/preview-create - with: - name: ${{ needs.configuration.outputs.name }} - sa_key: ${{ secrets.GCP_CREDENTIALS }} - infrastructure_provider: ${{ needs.configuration.outputs.infrastructure_provider }} - large_vm: false - - name: Deploy Gitpod to the preview environment - id: deploy-gitpod - uses: ./.github/actions/deploy-gitpod - with: - name: ${{ needs.configuration.outputs.name }} - sa_key: ${{ secrets.GCP_CREDENTIALS }} - version: ${{ needs.configuration.outputs.version}} - - check: - name: Check for regressions - needs: [ configuration, infrastructure, create-runner ] - if: ${{ needs.configuration.outputs.skip == 'false' }} - runs-on: ${{ needs.create-runner.outputs.label }} - container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 - volumes: - - /var/tmp:/var/tmp - - /tmp:/tmp - steps: - - uses: actions/checkout@v3 - - name: Check - shell: bash - env: - ROBOQUAT_TOKEN: ${{ secrets.GITHUB_TOKEN }} - USERNAME: ${{ secrets.IDE_INTEGRATION_TEST_USERNAME }} - USER_TOKEN: ${{ secrets.IDE_INTEGRATION_TEST_USER_TOKEN }} - PREVIEW_ENV_DEV_SA_KEY: ${{ secrets.GCP_CREDENTIALS }} - PREVIEW_NAME: ${{ needs.configuration.outputs.name }} - run: | - set -euo pipefail - - gcloud auth activate-service-account --key-file ${{ steps.auth.outputs.credentials_file_path }} - - leeway run dev/preview/previewctl:install - - echo "Setting up access to core-dev and harvester" - previewctl get-credentials --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" - - previewctl install-context --branch "${PREVIEW_NAME}" --log-level debug --timeout 1m --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" - - # start integration test - args=() - args+=( "-kubeconfig=$HOME/.kube/config" ) - args+=( "-namespace=default" ) - [[ "$USERNAME" != "" ]] && args+=( "-username=$USERNAME" ) - args+=( "-timeout=60m" ) - - TESTS_DIR="$GITHUB_WORKSPACE/test/tests/smoke-test" - - go install github.com/jstemmer/go-junit-report/v2@latest - - echo "running integration for smoke test" - - cd "${TESTS_DIR}" - set +e - go test -v ./... "${args[@]}" 2>&1 | go-junit-report -subtest-mode=exclude-parents -set-exit-code -out "TEST.xml" -iocopy - RC=${PIPESTATUS[0]} - set -e - - if [ "${RC}" -ne "0" ]; then - exit ${RC} - fi - - name: Test Summary - id: test_summary - uses: test-summary/action@v2 - with: - paths: "test/tests/**/TEST.xml" - if: always() - - id: auth - if: failure() - uses: google-github-actions/auth@v1 - with: - token_format: access_token - credentials_json: "${{ secrets.GCP_CREDENTIALS }}" - - name: Get Secrets from GCP - if: failure() - id: 'secrets' - uses: 'google-github-actions/get-secretmanager-secrets@v1' - with: - secrets: |- - devx-slack-webhook:gitpod-core-dev/devx-alerts-slack-webhook - - name: Slack Notification - uses: rtCamp/action-slack-notify@v2 - if: failure() - env: - SLACK_WEBHOOK: '${{ steps.secrets.outputs.devx-slack-webhook }}' - SLACK_COLOR: ${{ job.status }} - SLACK_MESSAGE: "`${{ needs.configuration.outputs.version}}` smoke test failed" - - delete: - name: Delete preview environment - needs: [ configuration, infrastructure, check, create-runner ] - if: always() - runs-on: ${{ needs.create-runner.outputs.label }} - steps: - - uses: actions/checkout@v3 - - name: Delete preview environment - uses: ./.github/actions/delete-preview - with: - name: ${{ needs.configuration.outputs.name }} - sa_key: ${{ secrets.GCP_CREDENTIALS }} - - delete-runner: + create-runner: + uses: ./.github/workflows/create_runner.yml + secrets: inherit + + configuration: + needs: [create-runner] + name: Configuration + runs-on: ${{ needs.create-runner.outputs.label }} + outputs: + skip: ${{ steps.configuration.outputs.skip }} + name: ${{ steps.configuration.outputs.name }} + version: ${{ steps.configuration.outputs.version }} + infrastructure_provider: ${{ steps.configuration.outputs.infrastructure_provider }} + steps: + - name: "Set outputs" + id: configuration + run: | + if [[ '${{ github.event.inputs.name }}' != '' ]]; then + # The workflow was triggered by workflow_dispatch + { + echo "version=${{ github.event.inputs.version }}" + echo "name=${{ github.event.inputs.name }}" + echo "infrastructure_provider=${{ github.event.inputs.infrastructure_provider }}" + echo "skip=false" + } >> $GITHUB_OUTPUT + else + # The workflow was triggered by workflow_run + { + echo "version=main-gha.${{ github.event.workflow_run.run_number }}" + echo "name=preview-regression-check-main-${{ github.run_id }}-${{ github.run_attempt }}" + echo "infrastructure_provider=harvester" + echo "skip=${{ github.event.workflow_run.conclusion == 'failure' }}" + } >> $GITHUB_OUTPUT + fi + + infrastructure: + name: Create preview environment infrastructure + needs: [configuration, create-runner] + runs-on: ${{ needs.create-runner.outputs.label }} + concurrency: + group: ${{ needs.configuration.outputs.name }}-infrastructure + steps: + - uses: actions/checkout@v3 + - uses: ./.github/actions/setup-environment + with: + sa_key: ${{ secrets.GCP_CREDENTIALS }} + leeway_segment_key: ${{ secrets.LEEWAY_SEGMENT_KEY }} + - name: Create preview environment infrastructure + id: create + uses: ./.github/actions/preview-create + with: + name: ${{ needs.configuration.outputs.name }} + infrastructure_provider: ${{ needs.configuration.outputs.infrastructure_provider }} + large_vm: false + - name: Deploy Gitpod to the preview environment + id: deploy-gitpod + uses: ./.github/actions/deploy-gitpod + with: + name: ${{ needs.configuration.outputs.name }} + version: ${{ needs.configuration.outputs.version}} + + check: + name: Check for regressions + needs: [configuration, infrastructure, create-runner] + if: ${{ needs.configuration.outputs.skip == 'false' }} + runs-on: ${{ needs.create-runner.outputs.label }} + container: + image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 + volumes: + - /var/tmp:/var/tmp + - /tmp:/tmp + steps: + - uses: actions/checkout@v3 + - name: Check + shell: bash + env: + ROBOQUAT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + USERNAME: ${{ secrets.IDE_INTEGRATION_TEST_USERNAME }} + USER_TOKEN: ${{ secrets.IDE_INTEGRATION_TEST_USER_TOKEN }} + PREVIEW_ENV_DEV_SA_KEY: ${{ secrets.GCP_CREDENTIALS }} + PREVIEW_NAME: ${{ needs.configuration.outputs.name }} + run: | + set -euo pipefail + + gcloud auth activate-service-account --key-file ${{ steps.auth.outputs.credentials_file_path }} + + leeway run dev/preview/previewctl:install + + echo "Setting up access to core-dev and harvester" + previewctl get-credentials --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" + + previewctl install-context --branch "${PREVIEW_NAME}" --log-level debug --timeout 1m --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" + + # start integration test + args=() + args+=( "-kubeconfig=$HOME/.kube/config" ) + args+=( "-namespace=default" ) + [[ "$USERNAME" != "" ]] && args+=( "-username=$USERNAME" ) + args+=( "-timeout=60m" ) + + TESTS_DIR="$GITHUB_WORKSPACE/test/tests/smoke-test" + + go install github.com/jstemmer/go-junit-report/v2@latest + + echo "running integration for smoke test" + + cd "${TESTS_DIR}" + set +e + go test -v ./... "${args[@]}" 2>&1 | go-junit-report -subtest-mode=exclude-parents -set-exit-code -out "TEST.xml" -iocopy + RC=${PIPESTATUS[0]} + set -e + + if [ "${RC}" -ne "0" ]; then + exit ${RC} + fi + - name: Test Summary + id: test_summary + uses: test-summary/action@v2 + with: + paths: "test/tests/**/TEST.xml" if: always() - needs: - - create-runner - - configuration - - infrastructure - - check - - delete - uses: ./.github/workflows/remove_runner.yml - secrets: inherit + - id: auth + if: failure() + uses: google-github-actions/auth@v1 + with: + token_format: access_token + credentials_json: "${{ secrets.GCP_CREDENTIALS }}" + - name: Get Secrets from GCP + if: failure() + id: "secrets" + uses: "google-github-actions/get-secretmanager-secrets@v1" + with: + secrets: |- + devx-slack-webhook:gitpod-core-dev/devx-alerts-slack-webhook + - name: Slack Notification + uses: rtCamp/action-slack-notify@v2 + if: failure() + env: + SLACK_WEBHOOK: "${{ steps.secrets.outputs.devx-slack-webhook }}" + SLACK_COLOR: ${{ job.status }} + SLACK_MESSAGE: "`${{ needs.configuration.outputs.version}}` smoke test failed" + + delete: + name: Delete preview environment + needs: [configuration, infrastructure, check, create-runner] + if: always() + runs-on: ${{ needs.create-runner.outputs.label }} + steps: + - uses: actions/checkout@v3 + - uses: ./.github/actions/setup-environment + with: + sa_key: ${{ secrets.GCP_CREDENTIALS }} + leeway_segment_key: ${{ secrets.LEEWAY_SEGMENT_KEY }} + + - name: Delete preview environment + uses: ./.github/actions/delete-preview with: - runner-label: ${{ needs.create-runner.outputs.label }} + name: ${{ needs.configuration.outputs.name }} + + delete-runner: + if: always() + needs: + - create-runner + - configuration + - infrastructure + - check + - delete + uses: ./.github/workflows/remove_runner.yml + secrets: inherit + with: + runner-label: ${{ needs.create-runner.outputs.label }} diff --git a/.github/workflows/preview-env-delete.yml b/.github/workflows/preview-env-delete.yml index 5f57e22927167c..3aa6798e039ea1 100644 --- a/.github/workflows/preview-env-delete.yml +++ b/.github/workflows/preview-env-delete.yml @@ -18,11 +18,14 @@ jobs: needs: [create-runner] steps: - uses: actions/checkout@v3 + - uses: ./.github/actions/setup-environment + with: + sa_key: ${{ secrets.GCP_CREDENTIALS }} + leeway_segment_key: ${{ secrets.LEEWAY_SEGMENT_KEY }} - name: Delete preview environment uses: ./.github/actions/delete-preview with: name: ${{ github.event.inputs.name || github.event.ref}} - sa_key: ${{ secrets.GCP_CREDENTIALS }} delete-runner: if: always() diff --git a/.github/workflows/preview-env-gc.yml b/.github/workflows/preview-env-gc.yml index 9cdf8f011c8b25..11da99a5fdaa34 100644 --- a/.github/workflows/preview-env-gc.yml +++ b/.github/workflows/preview-env-gc.yml @@ -1,69 +1,72 @@ name: "Preview environment garbage collection" on: - workflow_dispatch: - schedule: - - cron: "0 */4 * * *" + workflow_dispatch: + schedule: + - cron: "0 */4 * * *" jobs: - create-runner: - uses: ./.github/workflows/create_runner.yml - secrets: inherit + create-runner: + uses: ./.github/workflows/create_runner.yml + secrets: inherit - stale: - name: "Find stale preview environments" - runs-on: ${{ needs.create-runner.outputs.label }} - needs: [ create-runner ] - container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 - outputs: - names: ${{ steps.set-matrix.outputs.names }} - count: ${{ steps.set-matrix.outputs.count }} - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Compute matrix - id: set-matrix - shell: bash - env: - PREVIEW_ENV_DEV_SA_KEY: ${{ secrets.GCP_CREDENTIALS }} - run: | - set -euo pipefail - - export GOOGLE_APPLICATION_CREDENTIALS=${{ steps.auth.outputs.credentials_file_path }} + stale: + name: "Find stale preview environments" + runs-on: ${{ needs.create-runner.outputs.label }} + needs: [create-runner] + container: + image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 + outputs: + names: ${{ steps.set-matrix.outputs.names }} + count: ${{ steps.set-matrix.outputs.count }} + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Compute matrix + id: set-matrix + shell: bash + env: + PREVIEW_ENV_DEV_SA_KEY: ${{ secrets.GCP_CREDENTIALS }} + run: | + set -euo pipefail - gcloud auth activate-service-account --key-file ${{ steps.auth.outputs.credentials_file_path }} + export GOOGLE_APPLICATION_CREDENTIALS=${{ steps.auth.outputs.credentials_file_path }} - leeway run dev/preview/previewctl:install + gcloud auth activate-service-account --key-file ${{ steps.auth.outputs.credentials_file_path }} - previewctl get-credentials --gcp-service-account ${{ steps.auth.outputs.credentials_file_path }} - previewctl list stale | jq --null-input --raw-input --compact-output '[inputs | select(length>0)]' > /tmp/stale-json - echo "names=$(cat /tmp/stale-json)" >> $GITHUB_OUTPUT - echo "count=$(jq '. | length' /tmp/stale-json)" >> $GITHUB_OUTPUT + leeway run dev/preview/previewctl:install - delete: - name: "Delete preview environment" - needs: [ stale, create-runner ] - runs-on: ${{ needs.create-runner.outputs.label }} - if: ${{ needs.stale.outputs.count > 0 }} - strategy: - fail-fast: false - matrix: - name: ${{ fromJSON(needs.stale.outputs.names) }} - steps: - - uses: actions/checkout@v3 - - name: Delete preview environment ${{ matrix.name }} - uses: ./.github/actions/delete-preview - with: - name: ${{ matrix.name }} - sa_key: ${{ secrets.GCP_CREDENTIALS }} + previewctl get-credentials --gcp-service-account ${{ steps.auth.outputs.credentials_file_path }} + previewctl list stale | jq --null-input --raw-input --compact-output '[inputs | select(length>0)]' > /tmp/stale-json + echo "names=$(cat /tmp/stale-json)" >> $GITHUB_OUTPUT + echo "count=$(jq '. | length' /tmp/stale-json)" >> $GITHUB_OUTPUT - delete-runner: - if: always() - needs: - - create-runner - - stale - - delete - uses: ./.github/workflows/remove_runner.yml - secrets: inherit + delete: + name: "Delete preview environment" + needs: [stale, create-runner] + runs-on: ${{ needs.create-runner.outputs.label }} + if: ${{ needs.stale.outputs.count > 0 }} + strategy: + fail-fast: false + matrix: + name: ${{ fromJSON(needs.stale.outputs.names) }} + steps: + - uses: actions/checkout@v3 + - uses: ./.github/actions/setup-environment with: - runner-label: ${{ needs.create-runner.outputs.label }} + sa_key: ${{ secrets.GCP_CREDENTIALS }} + leeway_segment_key: ${{ secrets.LEEWAY_SEGMENT_KEY }} + - name: Delete preview environment ${{ matrix.name }} + uses: ./.github/actions/delete-preview + with: + name: ${{ matrix.name }} + + delete-runner: + if: always() + needs: + - create-runner + - stale + - delete + uses: ./.github/workflows/remove_runner.yml + secrets: inherit + with: + runner-label: ${{ needs.create-runner.outputs.label }} diff --git a/.github/workflows/workspace-integration-tests.yml b/.github/workflows/workspace-integration-tests.yml index da67f2b46addfb..d8e6c0984dd2d6 100644 --- a/.github/workflows/workspace-integration-tests.yml +++ b/.github/workflows/workspace-integration-tests.yml @@ -94,12 +94,15 @@ jobs: group: ${{ needs.configuration.outputs.name }}-infrastructure steps: - uses: actions/checkout@v3 + - uses: ./.github/actions/setup-environment + with: + sa_key: ${{ secrets.GCP_CREDENTIALS }} + leeway_segment_key: ${{ secrets.LEEWAY_SEGMENT_KEY }} - name: Create preview environment infrastructure id: create uses: ./.github/actions/preview-create with: name: ${{ needs.configuration.outputs.name }} - sa_key: ${{ secrets.GCP_CREDENTIALS }} infrastructure_provider: gce large_vm: true - name: Deploy Gitpod to the preview environment @@ -108,7 +111,6 @@ jobs: uses: ./.github/actions/deploy-gitpod with: name: ${{ needs.configuration.outputs.name }} - sa_key: ${{ secrets.GCP_CREDENTIALS }} version: ${{ needs.configuration.outputs.version}} check: @@ -227,11 +229,14 @@ jobs: image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 steps: - uses: actions/checkout@v3 + - uses: ./.github/actions/setup-environment + with: + sa_key: ${{ secrets.GCP_CREDENTIALS }} + leeway_segment_key: ${{ secrets.LEEWAY_SEGMENT_KEY }} - name: Delete preview environment uses: ./.github/actions/delete-preview with: name: ${{ needs.configuration.outputs.name }} - sa_key: ${{ secrets.GCP_CREDENTIALS }} delete-runner: if: always() From 71fb611b2e19c16b52d6e67cfe21e5ddb643821e Mon Sep 17 00:00:00 2001 From: Alejandro de Brito Fontes Date: Sat, 15 Jul 2023 07:20:35 +0000 Subject: [PATCH 06/14] Remove hardcoded path from container image --- dev/image/Dockerfile | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/dev/image/Dockerfile b/dev/image/Dockerfile index 405433dfd07b6b..c0ce66c29a901c 100644 --- a/dev/image/Dockerfile +++ b/dev/image/Dockerfile @@ -4,7 +4,7 @@ FROM eu.gcr.io/gitpod-core-dev/dev/dev-environment:base -ENV TRIGGER_REBUILD 40 +ENV TRIGGER_REBUILD 41 USER root @@ -261,10 +261,6 @@ RUN bash -c "echo . \<\(gpctl completion bash\) >> ~/.bashrc" ENV PATH=$PATH:/workspace/bin -# Setting the environment variable here so that it will be accessible to all tasks and -# terminal sessions in Gitpod workspaces. -ENV PREVIEW_ENV_DEV_SA_KEY_PATH=/home/gitpod/.config/gcloud/preview-environment-dev-sa.json - # So we can parse the report.html output by leeway, and remove the output produced by this image build # why? it's too verbose, exceeding the Github Actions summary limit RUN go install github.com/ericchiang/pup@v0.4.0 From 9a4904efc39cadf25691c5c04ffe36aaf900639a Mon Sep 17 00:00:00 2001 From: Alejandro de Brito Fontes Date: Sun, 16 Jul 2023 06:40:33 +0000 Subject: [PATCH 07/14] Refactoring --- .github/actions/delete-preview/Dockerfile | 9 ---- .github/actions/delete-preview/action.yml | 32 ++++++++++++ .github/actions/delete-preview/entrypoint.sh | 21 -------- .github/actions/delete-preview/metadata.yml | 12 ----- .github/actions/deploy-gitpod/metadata.yml | 3 ++ .../deploy-monitoring-satellite/metadata.yml | 3 ++ .github/actions/preview-create/Dockerfile | 9 ---- .github/actions/preview-create/action.yml | 52 +++++++++++++++++++ .github/actions/preview-create/entrypoint.sh | 30 ----------- .github/actions/preview-create/metadata.yml | 23 -------- .github/actions/setup-environment/action.yml | 28 +++++++--- .github/workflows/build.yml | 16 +++++- .github/workflows/code-nightly.yml | 2 - 13 files changed, 124 insertions(+), 116 deletions(-) delete mode 100644 .github/actions/delete-preview/Dockerfile create mode 100644 .github/actions/delete-preview/action.yml delete mode 100755 .github/actions/delete-preview/entrypoint.sh delete mode 100644 .github/actions/delete-preview/metadata.yml delete mode 100644 .github/actions/preview-create/Dockerfile create mode 100644 .github/actions/preview-create/action.yml delete mode 100755 .github/actions/preview-create/entrypoint.sh delete mode 100644 .github/actions/preview-create/metadata.yml diff --git a/.github/actions/delete-preview/Dockerfile b/.github/actions/delete-preview/Dockerfile deleted file mode 100644 index e15825ce67ede1..00000000000000 --- a/.github/actions/delete-preview/Dockerfile +++ /dev/null @@ -1,9 +0,0 @@ -FROM eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 - -USER root -ENV OCI_TOOL_VERSION="0.2.0" -RUN curl -fsSL https://github.com/csweichel/oci-tool/releases/download/v${OCI_TOOL_VERSION}/oci-tool_${OCI_TOOL_VERSION}_linux_amd64.tar.gz | tar xz -C /usr/local/bin && chmod +x /usr/local/bin/oci-tool -USER gitpod - -COPY entrypoint.sh /entrypoint.sh -ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/actions/delete-preview/action.yml b/.github/actions/delete-preview/action.yml new file mode 100644 index 00000000000000..b90d28f69e2df0 --- /dev/null +++ b/.github/actions/delete-preview/action.yml @@ -0,0 +1,32 @@ +name: Delete preview environment + +inputs: + sa_key: + description: "The service account key to use when authenticating with GCP" + required: true + name: + description: "The name of the preview environment" + required: true + previewctl_hash: + description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt" + required: false + +runs: + using: "composite" + steps: + - uses: actions/checkout@v3 + - name: Deletes a preview environment + shell: bash + run: | + gcloud auth activate-service-account --key-file "${PREVIEW_ENV_DEV_SA_KEY_PATH}" + + leeway run dev/preview/previewctl:download + + previewctl get-credentials --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" + + export TF_INPUT=0 + export TF_IN_AUTOMATION=true + TF_VAR_preview_name="$(previewctl get-name --branch "${INPUT_NAME}")" + export TF_VAR_preview_name + + leeway run dev/preview:delete-preview diff --git a/.github/actions/delete-preview/entrypoint.sh b/.github/actions/delete-preview/entrypoint.sh deleted file mode 100755 index 1d527391f220b1..00000000000000 --- a/.github/actions/delete-preview/entrypoint.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -# shellcheck disable=SC2155 -export PATH="$PATH:$HOME/bin" - -mkdir "$HOME/bin" - -gcloud auth activate-service-account --key-file "${PREVIEW_ENV_DEV_SA_KEY_PATH}" - -leeway run dev/preview/previewctl:download - -previewctl get-credentials --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" - -export TF_INPUT=0 -export TF_IN_AUTOMATION=true -TF_VAR_preview_name="$(previewctl get-name --branch "${INPUT_NAME}")" -export TF_VAR_preview_name - -leeway run dev/preview:delete-preview diff --git a/.github/actions/delete-preview/metadata.yml b/.github/actions/delete-preview/metadata.yml deleted file mode 100644 index 06268ebbfc471d..00000000000000 --- a/.github/actions/delete-preview/metadata.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: "Delete preview environment" -description: "Deletes a preview environment" -inputs: - name: - description: "The name of the preview environment" - required: true - previewctl_hash: - description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt" - required: false -runs: - using: "docker" - image: "Dockerfile" diff --git a/.github/actions/deploy-gitpod/metadata.yml b/.github/actions/deploy-gitpod/metadata.yml index c914a30005eece..ffdb4689061ae7 100644 --- a/.github/actions/deploy-gitpod/metadata.yml +++ b/.github/actions/deploy-gitpod/metadata.yml @@ -1,6 +1,9 @@ name: "Deploy Gitpod" description: "Deploys Gitpod to an existing preview environment" inputs: + sa_key: + description: "The service account key to use when authenticating with GCP" + required: true name: description: "The name of the preview environment to deploy Gitpod to" required: false diff --git a/.github/actions/deploy-monitoring-satellite/metadata.yml b/.github/actions/deploy-monitoring-satellite/metadata.yml index c3751f2bf9e318..8c835a6237c94f 100644 --- a/.github/actions/deploy-monitoring-satellite/metadata.yml +++ b/.github/actions/deploy-monitoring-satellite/metadata.yml @@ -1,6 +1,9 @@ name: "Deploy monitoring satellite" description: "Deploys monitoring satellite to an existing preview environment" inputs: + sa_key: + description: "The service account key to use when authenticating with GCP" + required: true previewctl_hash: description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt" required: false diff --git a/.github/actions/preview-create/Dockerfile b/.github/actions/preview-create/Dockerfile deleted file mode 100644 index e15825ce67ede1..00000000000000 --- a/.github/actions/preview-create/Dockerfile +++ /dev/null @@ -1,9 +0,0 @@ -FROM eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 - -USER root -ENV OCI_TOOL_VERSION="0.2.0" -RUN curl -fsSL https://github.com/csweichel/oci-tool/releases/download/v${OCI_TOOL_VERSION}/oci-tool_${OCI_TOOL_VERSION}_linux_amd64.tar.gz | tar xz -C /usr/local/bin && chmod +x /usr/local/bin/oci-tool -USER gitpod - -COPY entrypoint.sh /entrypoint.sh -ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/actions/preview-create/action.yml b/.github/actions/preview-create/action.yml new file mode 100644 index 00000000000000..1e1a7cbbfc98d6 --- /dev/null +++ b/.github/actions/preview-create/action.yml @@ -0,0 +1,52 @@ +name: Create preview environment + +inputs: + sa_key: + description: "The service account key to use when authenticating with GCP" + required: true + name: + description: "The name of the preview environment to deploy Gitpod to" + required: false + infrastructure_provider: + description: "The infrastructure provider to use" + required: true + large_vm: + description: "Whether to use a larger VM for the env" + required: true + default: false + previewctl_hash: + description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt" + required: false + recreate_vm: + description: "Whether to recreate the VM" + required: false + default: "false" + +runs: + using: "composite" + steps: + - uses: actions/checkout@v3 + - name: Create preview environment + shell: bash + run: | + gcloud auth activate-service-account --key-file "${PREVIEW_ENV_DEV_SA_KEY_PATH}" + + leeway run dev/preview/previewctl:download + previewctl get-credentials --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" + + replace="module.preview_gce[0].google_compute_instance.default" + if [[ "${INPUT_INFRASTRUCTURE_PROVIDER}" = "harvester " ]]; then + replace="module.preview_harvester[0].harvester_virtualmachine.harvester" + fi + + if [[ "${INPUT_RECREATE_VM:-x}" == "true" ]]; then + export TF_CLI_ARGS_plan="-replace=${replace}" + fi + + TF_VAR_preview_name="$(previewctl get-name --branch "${INPUT_NAME}")" + export TF_VAR_preview_name + export TF_VAR_infra_provider="${INPUT_INFRASTRUCTURE_PROVIDER}" + export TF_VAR_with_large_vm="${INPUT_LARGE_VM}" + export TF_INPUT=0 + export TF_IN_AUTOMATION=true + leeway run dev/preview:create-preview diff --git a/.github/actions/preview-create/entrypoint.sh b/.github/actions/preview-create/entrypoint.sh deleted file mode 100755 index fbccb2bd77e2d8..00000000000000 --- a/.github/actions/preview-create/entrypoint.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -# shellcheck disable=SC2155 -export PATH="$PATH:$HOME/bin" - -mkdir "$HOME/bin" - -gcloud auth activate-service-account --key-file "${PREVIEW_ENV_DEV_SA_KEY_PATH}" - -leeway run dev/preview/previewctl:download -previewctl get-credentials --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" - -replace="module.preview_gce[0].google_compute_instance.default" -if [[ "${INPUT_INFRASTRUCTURE_PROVIDER}" = "harvester " ]]; then - replace="module.preview_harvester[0].harvester_virtualmachine.harvester" -fi - -if [[ "${INPUT_RECREATE_VM:-x}" == "true" ]]; then - export TF_CLI_ARGS_plan="-replace=${replace}" -fi - -TF_VAR_preview_name="$(previewctl get-name --branch "${INPUT_NAME}")" -export TF_VAR_preview_name -export TF_VAR_infra_provider="${INPUT_INFRASTRUCTURE_PROVIDER}" -export TF_VAR_with_large_vm="${INPUT_LARGE_VM}" -export TF_INPUT=0 -export TF_IN_AUTOMATION=true -leeway run dev/preview:create-preview diff --git a/.github/actions/preview-create/metadata.yml b/.github/actions/preview-create/metadata.yml deleted file mode 100644 index e2d711936749ec..00000000000000 --- a/.github/actions/preview-create/metadata.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: "Create preview environment" -description: "Creates the infrastructure for a preview environment" -inputs: - name: - description: "The name of the preview environment to deploy Gitpod to" - required: false - infrastructure_provider: - description: "The infrastructure provider to use" - required: true - large_vm: - description: "Whether to use a larger VM for the env" - required: true - default: false - previewctl_hash: - description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt" - required: false - recreate_vm: - description: "Whether to recreate the VM" - required: false - default: "false" -runs: - using: "docker" - image: "Dockerfile" diff --git a/.github/actions/setup-environment/action.yml b/.github/actions/setup-environment/action.yml index 967868e5df540d..f63d4e26557c95 100644 --- a/.github/actions/setup-environment/action.yml +++ b/.github/actions/setup-environment/action.yml @@ -22,14 +22,26 @@ runs: shell: bash run: | gcloud auth activate-service-account --key-file ${{ steps.auth.outputs.credentials_file_path }} - - id: env-vars - name: configure env variables + gcloud auth configure-docker eu.gcr.io --quiet + - id: create-env-file + name: Create .env file shell: bash run: | - gcloud auth configure-docker eu.gcr.io --quiet + ENV_DIRECTORY=$(mktemp -d) + + cp "${{ steps.auth.outputs.credentials_file_path }}" "$ENV_DIRECTORY" - { - echo "LEEWAY_SEGMENT_KEY=${{ inputs.leeway_segment_key }}" - echo "LEEWAY_WORKSPACE_ROOT=$GITHUB_WORKSPACE" - echo "PREVIEW_ENV_DEV_SA_KEY_PATH=${{ steps.auth.outputs.credentials_file_path }}" - } >> "$GITHUB_ENV" + echo "creating .env file" + cat <$ENV_DIRECTORY/.env + LEEWAY_SEGMENT_KEY=${{ inputs.leeway_segment_key }} + LEEWAY_WORKSPACE_ROOT=$GITHUB_WORKSPACE + PREVIEW_ENV_DEV_SA_KEY_PATH=$ENV_DIRECTORY/$(basename ${{ steps.auth.outputs.credentials_file_path }}) + EOF + + echo "ENV_DIRECTORY=$ENV_DIRECTORY" >> "$GITHUB_ENV" + - id: load-env-file + name: Load .env file + uses: xom9ikk/dotenv@v2 + with: + path: ${{ env.ENV_DIRECTORY }} + load-mode: strict diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6152eb357e4428..7b3fb4369bf6ae 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -122,6 +122,10 @@ jobs: cancel-in-progress: true steps: - uses: actions/checkout@v3 + - uses: ./.github/actions/setup-environment + with: + sa_key: ${{ secrets.GCP_CREDENTIALS }} + leeway_segment_key: ${{ secrets.LEEWAY_SEGMENT_KEY }} - name: Create preview environment infrastructure id: create uses: ./.github/actions/preview-create @@ -131,7 +135,8 @@ jobs: previewctl_hash: ${{ needs.build-previewctl.outputs.previewctl_hash }} large_vm: ${{ needs.configuration.outputs.with_large_vm }} recreate_vm: ${{ inputs.recreate_vm }} - + sa_key: ${{ steps.auth.outputs.credentials_file_path }} + leeway_segment_key: ${{ secrets.LEEWAY_SEGMENT_KEY }} build-gitpod: name: Build Gitpod needs: [configuration, create-runner] @@ -333,6 +338,10 @@ jobs: cancel-in-progress: ${{ needs.configuration.outputs.is_main_branch == 'false' }} steps: - uses: actions/checkout@v3 + - uses: ./.github/actions/setup-environment + with: + sa_key: ${{ secrets.GCP_CREDENTIALS }} + leeway_segment_key: ${{ secrets.LEEWAY_SEGMENT_KEY }} - name: Deploy Gitpod to the preview environment id: deploy-gitpod uses: ./.github/actions/deploy-gitpod @@ -343,6 +352,8 @@ jobs: with_dedicated_emu: ${{needs.configuration.outputs.with_dedicated_emulation}} analytics: ${{needs.configuration.outputs.analytics}} workspace_feature_flags: ${{needs.configuration.outputs.workspace_feature_flags}} + leeway_segment_key: ${{ secrets.LEEWAY_SEGMENT_KEY }} + sa_key: ${{ steps.auth.outputs.credentials_file_path }} - uses: actions/github-script@v6 if: needs.configuration.outputs.pr_number != '' && contains(needs.configuration.outputs.pr_body, 'gitpod:summary') with: @@ -386,7 +397,8 @@ jobs: uses: ./.github/actions/deploy-monitoring-satellite with: previewctl_hash: ${{ needs.build-previewctl.outputs.previewctl_hash }} - + sa_key: ${{ steps.auth.outputs.credentials_file_path }} + leeway_segment_key: ${{ secrets.LEEWAY_SEGMENT_KEY }} integration-test: name: "Run integration test" needs: diff --git a/.github/workflows/code-nightly.yml b/.github/workflows/code-nightly.yml index 7794ea60b419e0..ff2a9b7c0af854 100644 --- a/.github/workflows/code-nightly.yml +++ b/.github/workflows/code-nightly.yml @@ -27,8 +27,6 @@ jobs: PR_DESC: "${{ steps.pr-details.outputs.pr_body }}" MAIN_BRANCH: ${{ (github.head_ref || github.ref) == 'refs/heads/main' }} run: | - export LEEWAY_WORKSPACE_ROOT=$GITHUB_WORKSPACE - gcloud auth configure-docker --quiet codeHeadCommit=$(curl -H 'Accept: application/vnd.github.VERSION.sha' https://api.github.com/repos/gitpod-io/openvscode-server/commits/gp-code/main) From 6f0baaad4d2111da32a6fff9f341d15173fc173e Mon Sep 17 00:00:00 2001 From: Alejandro de Brito Fontes Date: Sun, 16 Jul 2023 18:36:22 +0000 Subject: [PATCH 08/14] Cleanup --- .github/actions/preview-create/Dockerfile | 9 ++++ .github/actions/preview-create/action.yml | 52 -------------------- .github/actions/preview-create/entrypoint.sh | 25 ++++++++++ .github/actions/preview-create/metadata.yml | 30 +++++++++++ .github/workflows/build.yml | 6 +-- dev/preview/previewctl/BUILD.yaml | 4 +- 6 files changed, 67 insertions(+), 59 deletions(-) create mode 100644 .github/actions/preview-create/Dockerfile delete mode 100644 .github/actions/preview-create/action.yml create mode 100755 .github/actions/preview-create/entrypoint.sh create mode 100644 .github/actions/preview-create/metadata.yml diff --git a/.github/actions/preview-create/Dockerfile b/.github/actions/preview-create/Dockerfile new file mode 100644 index 00000000000000..e15825ce67ede1 --- /dev/null +++ b/.github/actions/preview-create/Dockerfile @@ -0,0 +1,9 @@ +FROM eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 + +USER root +ENV OCI_TOOL_VERSION="0.2.0" +RUN curl -fsSL https://github.com/csweichel/oci-tool/releases/download/v${OCI_TOOL_VERSION}/oci-tool_${OCI_TOOL_VERSION}_linux_amd64.tar.gz | tar xz -C /usr/local/bin && chmod +x /usr/local/bin/oci-tool +USER gitpod + +COPY entrypoint.sh /entrypoint.sh +ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/actions/preview-create/action.yml b/.github/actions/preview-create/action.yml deleted file mode 100644 index 1e1a7cbbfc98d6..00000000000000 --- a/.github/actions/preview-create/action.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: Create preview environment - -inputs: - sa_key: - description: "The service account key to use when authenticating with GCP" - required: true - name: - description: "The name of the preview environment to deploy Gitpod to" - required: false - infrastructure_provider: - description: "The infrastructure provider to use" - required: true - large_vm: - description: "Whether to use a larger VM for the env" - required: true - default: false - previewctl_hash: - description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt" - required: false - recreate_vm: - description: "Whether to recreate the VM" - required: false - default: "false" - -runs: - using: "composite" - steps: - - uses: actions/checkout@v3 - - name: Create preview environment - shell: bash - run: | - gcloud auth activate-service-account --key-file "${PREVIEW_ENV_DEV_SA_KEY_PATH}" - - leeway run dev/preview/previewctl:download - previewctl get-credentials --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" - - replace="module.preview_gce[0].google_compute_instance.default" - if [[ "${INPUT_INFRASTRUCTURE_PROVIDER}" = "harvester " ]]; then - replace="module.preview_harvester[0].harvester_virtualmachine.harvester" - fi - - if [[ "${INPUT_RECREATE_VM:-x}" == "true" ]]; then - export TF_CLI_ARGS_plan="-replace=${replace}" - fi - - TF_VAR_preview_name="$(previewctl get-name --branch "${INPUT_NAME}")" - export TF_VAR_preview_name - export TF_VAR_infra_provider="${INPUT_INFRASTRUCTURE_PROVIDER}" - export TF_VAR_with_large_vm="${INPUT_LARGE_VM}" - export TF_INPUT=0 - export TF_IN_AUTOMATION=true - leeway run dev/preview:create-preview diff --git a/.github/actions/preview-create/entrypoint.sh b/.github/actions/preview-create/entrypoint.sh new file mode 100755 index 00000000000000..5ce68ca4c8c6d1 --- /dev/null +++ b/.github/actions/preview-create/entrypoint.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash + +set -euo pipefail + +leeway run dev/preview/previewctl:download + +previewctl get-credentials --gcp-service-account "${INPUT_SA_KEY}" + +replace="module.preview_gce[0].google_compute_instance.default" +if [[ "${INPUT_INFRASTRUCTURE_PROVIDER}" = "harvester " ]]; then + replace="module.preview_harvester[0].harvester_virtualmachine.harvester" +fi + +if [[ "${INPUT_RECREATE_VM:-x}" == "true" ]]; then + export TF_CLI_ARGS_plan="-replace=${replace}" +fi + +TF_VAR_preview_name="$(previewctl get-name --branch "${INPUT_NAME}")" +export TF_VAR_preview_name +export TF_VAR_infra_provider="${INPUT_INFRASTRUCTURE_PROVIDER}" +export TF_VAR_with_large_vm="${INPUT_LARGE_VM}" +export TF_INPUT=0 +export TF_IN_AUTOMATION=true + +leeway run dev/preview:create-preview diff --git a/.github/actions/preview-create/metadata.yml b/.github/actions/preview-create/metadata.yml new file mode 100644 index 00000000000000..6c195679a57689 --- /dev/null +++ b/.github/actions/preview-create/metadata.yml @@ -0,0 +1,30 @@ +name: "Deploy monitoring satellite" +description: "Deploys monitoring satellite to an existing preview environment" +inputs: + name: + description: "The name of the preview environment to deploy Gitpod to" + required: false + infrastructure_provider: + description: "The infrastructure provider to use" + required: true + large_vm: + description: "Whether to use a larger VM for the env" + required: true + default: false + previewctl_hash: + description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt" + required: false + recreate_vm: + description: "Whether to recreate the VM" + required: false + default: "false" + sa_key: + description: "GCP service account" + required: true + leeway_segment_key: + description: "leeway analytics key" + required: true + +runs: + using: "docker" + image: "Dockerfile" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7b3fb4369bf6ae..5765db1540f8f9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -135,7 +135,7 @@ jobs: previewctl_hash: ${{ needs.build-previewctl.outputs.previewctl_hash }} large_vm: ${{ needs.configuration.outputs.with_large_vm }} recreate_vm: ${{ inputs.recreate_vm }} - sa_key: ${{ steps.auth.outputs.credentials_file_path }} + sa_key: ${{ secrets.GCP_CREDENTIALS }} leeway_segment_key: ${{ secrets.LEEWAY_SEGMENT_KEY }} build-gitpod: name: Build Gitpod @@ -352,8 +352,6 @@ jobs: with_dedicated_emu: ${{needs.configuration.outputs.with_dedicated_emulation}} analytics: ${{needs.configuration.outputs.analytics}} workspace_feature_flags: ${{needs.configuration.outputs.workspace_feature_flags}} - leeway_segment_key: ${{ secrets.LEEWAY_SEGMENT_KEY }} - sa_key: ${{ steps.auth.outputs.credentials_file_path }} - uses: actions/github-script@v6 if: needs.configuration.outputs.pr_number != '' && contains(needs.configuration.outputs.pr_body, 'gitpod:summary') with: @@ -397,8 +395,6 @@ jobs: uses: ./.github/actions/deploy-monitoring-satellite with: previewctl_hash: ${{ needs.build-previewctl.outputs.previewctl_hash }} - sa_key: ${{ steps.auth.outputs.credentials_file_path }} - leeway_segment_key: ${{ secrets.LEEWAY_SEGMENT_KEY }} integration-test: name: "Run integration test" needs: diff --git a/dev/preview/previewctl/BUILD.yaml b/dev/preview/previewctl/BUILD.yaml index 647bc1824d8eea..5f33ebb58f91f6 100644 --- a/dev/preview/previewctl/BUILD.yaml +++ b/dev/preview/previewctl/BUILD.yaml @@ -58,5 +58,5 @@ scripts: fi echo "Downloading previewctl for $PREVIEWCTL_IMAGE" - oci-tool fetch file -o $HOME/bin/previewctl --platform=linux-amd64 "$PREVIEWCTL_IMAGE" app/previewctl - chmod +x $HOME/bin/previewctl + sudo oci-tool fetch file -o /usr/local/bin/previewctl --platform=linux-amd64 "$PREVIEWCTL_IMAGE" app/previewctl + sudo chmod +x /usr/local/bin/previewctl From 9b95ab44ebfa2b388c02933aadf9c2f18af77a10 Mon Sep 17 00:00:00 2001 From: Alejandro de Brito Fontes Date: Sun, 16 Jul 2023 20:19:10 +0000 Subject: [PATCH 09/14] Install oci-tool and previewctl in the dev-environment image --- .github/actions/deploy-gitpod/Dockerfile | 5 ---- .github/workflows/build.yml | 38 ++---------------------- dev/image/Dockerfile | 9 ++++++ dev/preview/previewctl/BUILD.yaml | 20 ------------- 4 files changed, 11 insertions(+), 61 deletions(-) diff --git a/.github/actions/deploy-gitpod/Dockerfile b/.github/actions/deploy-gitpod/Dockerfile index e15825ce67ede1..36c526bf22b8d5 100644 --- a/.github/actions/deploy-gitpod/Dockerfile +++ b/.github/actions/deploy-gitpod/Dockerfile @@ -1,9 +1,4 @@ FROM eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 -USER root -ENV OCI_TOOL_VERSION="0.2.0" -RUN curl -fsSL https://github.com/csweichel/oci-tool/releases/download/v${OCI_TOOL_VERSION}/oci-tool_${OCI_TOOL_VERSION}_linux_amd64.tar.gz | tar xz -C /usr/local/bin && chmod +x /usr/local/bin/oci-tool -USER gitpod - COPY entrypoint.sh /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5765db1540f8f9..1957930b4ae70a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -83,35 +83,8 @@ jobs: echo "leeway_cache_bucket=$([[ "$MAIN_BRANCH" = "true" ]] && echo "gitpod-core-leeway-cache-main" || echo "gitpod-core-leeway-cache-branch")" } >> $GITHUB_OUTPUT - build-previewctl: - name: Build previewctl - if: | - (needs.configuration.outputs.pr_no_diff_skip != 'true') && - (needs.configuration.outputs.preview_enable == 'true') - needs: [configuration, create-runner] - concurrency: - group: ${{ github.ref == 'refs/heads/main' && github.run_id || github.sha }}-build-previewctl - cancel-in-progress: ${{ needs.configuration.outputs.is_main_branch == 'false' }} - runs-on: ${{ needs.create-runner.outputs.label }} - container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 - outputs: - previewctl_hash: ${{ steps.build.outputs.previewctl_hash }} - steps: - - uses: actions/checkout@v3 - - uses: ./.github/actions/setup-environment - with: - sa_key: ${{ secrets.GCP_CREDENTIALS }} - leeway_segment_key: ${{ secrets.LEEWAY_SEGMENT_KEY }} - - name: Build previewctl - id: build - shell: bash - run: | - leeway build dev/preview/previewctl:docker -Dversion="${{needs.configuration.outputs.version}}" - echo "previewctl_hash=$(leeway describe dev/preview/previewctl:docker -Dversion="${{needs.configuration.outputs.version}}" -t '{{ .Metadata.Version }}')" >> $GITHUB_OUTPUT - infrastructure: - needs: [configuration, build-previewctl, create-runner] + needs: [configuration, create-runner] if: | (needs.configuration.outputs.pr_no_diff_skip != 'true') && (needs.configuration.outputs.preview_enable == 'true') && @@ -132,7 +105,6 @@ jobs: with: name: ${{ github.head_ref || github.ref_name }} infrastructure_provider: ${{ needs.configuration.outputs.preview_infra_provider }} - previewctl_hash: ${{ needs.build-previewctl.outputs.previewctl_hash }} large_vm: ${{ needs.configuration.outputs.with_large_vm }} recreate_vm: ${{ inputs.recreate_vm }} sa_key: ${{ secrets.GCP_CREDENTIALS }} @@ -328,7 +300,6 @@ jobs: name: "Install Gitpod" needs: - configuration - - build-previewctl - build-gitpod - infrastructure - create-runner @@ -348,7 +319,6 @@ jobs: with: name: ${{ github.head_ref || github.ref_name }} version: ${{needs.configuration.outputs.version}} - previewctl_hash: ${{ needs.build-previewctl.outputs.previewctl_hash }} with_dedicated_emu: ${{needs.configuration.outputs.with_dedicated_emulation}} analytics: ${{needs.configuration.outputs.analytics}} workspace_feature_flags: ${{needs.configuration.outputs.workspace_feature_flags}} @@ -378,7 +348,7 @@ jobs: monitoring: name: "Install Monitoring Satellite" - needs: [infrastructure, build-previewctl, create-runner] + needs: [infrastructure, create-runner] runs-on: ${{ needs.create-runner.outputs.label }} if: needs.configuration.outputs.with_monitoring == 'true' concurrency: @@ -393,13 +363,10 @@ jobs: - name: Deploy monitoring satellite to the preview environment id: deploy-monitoring-satellite uses: ./.github/actions/deploy-monitoring-satellite - with: - previewctl_hash: ${{ needs.build-previewctl.outputs.previewctl_hash }} integration-test: name: "Run integration test" needs: - configuration - - build-previewctl - build-gitpod - infrastructure - install @@ -444,7 +411,6 @@ jobs: needs: - create-runner - configuration - - build-previewctl - infrastructure - build-gitpod - install-app diff --git a/dev/image/Dockerfile b/dev/image/Dockerfile index c0ce66c29a901c..c7fc287dba3393 100644 --- a/dev/image/Dockerfile +++ b/dev/image/Dockerfile @@ -264,3 +264,12 @@ ENV PATH=$PATH:/workspace/bin # So we can parse the report.html output by leeway, and remove the output produced by this image build # why? it's too verbose, exceeding the Github Actions summary limit RUN go install github.com/ericchiang/pup@v0.4.0 + +ENV OCI_TOOL_VERSION="0.2.0" +RUN curl -fsSL https://github.com/csweichel/oci-tool/releases/download/v${OCI_TOOL_VERSION}/oci-tool_${OCI_TOOL_VERSION}_linux_amd64.tar.gz | sudo tar xz -C /usr/local/bin && sudo chmod +x /usr/local/bin/oci-tool + +# Install the latest previewctl available in the container registry +# here the trade-off is to build previewctl in CI all the time or once when previewctl changes, rebuilding this image +ENV PREVIEWCTL_IMAGE=eu.gcr.io/gitpod-core-dev/build/previewctl:aledbf-token-gha.13622 +RUN sudo oci-tool fetch file -o /usr/local/bin/previewctl --platform=linux-amd64 "$PREVIEWCTL_IMAGE" app/previewctl \ + && sudo chmod +x /usr/local/bin/previewctl diff --git a/dev/preview/previewctl/BUILD.yaml b/dev/preview/previewctl/BUILD.yaml index 5f33ebb58f91f6..1862e86a36ba66 100644 --- a/dev/preview/previewctl/BUILD.yaml +++ b/dev/preview/previewctl/BUILD.yaml @@ -40,23 +40,3 @@ scripts: description: Build and install previewctl into the current environment script: leeway build dev/preview/previewctl:install -Dno-cache=$RANDOM --dont-test --cache=remote-pull - - name: download - description: - script: | - if [[ -z "$INPUT_PREVIEWCTL_HASH" ]]; then - # If a specific hash isn't provided we'll use the latest image off main - PREVIEWCTL_VERSION=$(\ - gcloud container images list-tags eu.gcr.io/gitpod-core-dev/build/previewctl \ - --filter="tags:main-gha.*" \ - --limit=1 \ - --format=json \ - | jq --raw-output '.[0].tags[0]' \ - ) - PREVIEWCTL_IMAGE="eu.gcr.io/gitpod-core-dev/build/previewctl:$PREVIEWCTL_VERSION" - else - PREVIEWCTL_IMAGE="eu.gcr.io/gitpod-core-dev/build/previewctl:hash-$INPUT_PREVIEWCTL_HASH" - fi - - echo "Downloading previewctl for $PREVIEWCTL_IMAGE" - sudo oci-tool fetch file -o /usr/local/bin/previewctl --platform=linux-amd64 "$PREVIEWCTL_IMAGE" app/previewctl - sudo chmod +x /usr/local/bin/previewctl From 98b8d3c06c629069477b7c91167116a537e9aeaf Mon Sep 17 00:00:00 2001 From: Alejandro de Brito Fontes Date: Sun, 16 Jul 2023 21:54:30 +0000 Subject: [PATCH 10/14] Update dev-environment image --- .github/actions/deploy-gitpod/Dockerfile | 2 +- .github/actions/deploy-monitoring-satellite/Dockerfile | 2 +- .github/actions/preview-create/Dockerfile | 2 +- .github/workflows/build.yml | 4 ++-- .github/workflows/code-nightly.yml | 2 +- .github/workflows/ide-integration-tests.yml | 4 ++-- .github/workflows/lacework-inline-scanner.yml | 2 +- .github/workflows/preview-env-check-regressions.yml | 2 +- .github/workflows/preview-env-gc.yml | 2 +- .github/workflows/workspace-integration-tests.yml | 6 +++--- .gitpod.yml | 2 +- .werft/build.yaml | 2 +- .werft/cleanup-installer-tests.yaml | 2 +- .werft/debug.yaml | 2 +- .werft/platform-trigger-werft-cleanup.yaml | 2 +- 15 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/actions/deploy-gitpod/Dockerfile b/.github/actions/deploy-gitpod/Dockerfile index 36c526bf22b8d5..809f185ef2e1f7 100644 --- a/.github/actions/deploy-gitpod/Dockerfile +++ b/.github/actions/deploy-gitpod/Dockerfile @@ -1,4 +1,4 @@ -FROM eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 +FROM eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 COPY entrypoint.sh /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/actions/deploy-monitoring-satellite/Dockerfile b/.github/actions/deploy-monitoring-satellite/Dockerfile index e15825ce67ede1..e72333454dd68c 100644 --- a/.github/actions/deploy-monitoring-satellite/Dockerfile +++ b/.github/actions/deploy-monitoring-satellite/Dockerfile @@ -1,4 +1,4 @@ -FROM eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 +FROM eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 USER root ENV OCI_TOOL_VERSION="0.2.0" diff --git a/.github/actions/preview-create/Dockerfile b/.github/actions/preview-create/Dockerfile index e15825ce67ede1..e72333454dd68c 100644 --- a/.github/actions/preview-create/Dockerfile +++ b/.github/actions/preview-create/Dockerfile @@ -1,4 +1,4 @@ -FROM eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 +FROM eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 USER root ENV OCI_TOOL_VERSION="0.2.0" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1957930b4ae70a..d9ca8c8cb16e07 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -125,7 +125,7 @@ jobs: ports: - 23306:23306 container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 + image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 env: DB_HOST: "mysql" DB_PORT: "23306" @@ -373,7 +373,7 @@ jobs: - create-runner runs-on: ${{ needs.create-runner.outputs.label }} container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 + image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 if: needs.configuration.outputs.with_integration_tests != '' concurrency: group: ${{ github.ref == 'refs/heads/main' && github.run_id || github.sha }}-integration-test diff --git a/.github/workflows/code-nightly.yml b/.github/workflows/code-nightly.yml index ff2a9b7c0af854..698c43fba2492f 100644 --- a/.github/workflows/code-nightly.yml +++ b/.github/workflows/code-nightly.yml @@ -14,7 +14,7 @@ jobs: runs-on: ${{ needs.create-runner.outputs.label }} needs: [create-runner] container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 + image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 steps: - uses: actions/checkout@v3 - name: Set up Google Cloud SDK diff --git a/.github/workflows/ide-integration-tests.yml b/.github/workflows/ide-integration-tests.yml index 065d69c8b0f38a..f45f9221a590e7 100644 --- a/.github/workflows/ide-integration-tests.yml +++ b/.github/workflows/ide-integration-tests.yml @@ -29,7 +29,7 @@ jobs: runs-on: ${{ needs.create-runner.outputs.label }} needs: [create-runner] container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 + image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 outputs: name: ${{ steps.configuration.outputs.name }} version: ${{ steps.configuration.outputs.version }} @@ -99,7 +99,7 @@ jobs: needs: [configuration, infrastructure, create-runner] runs-on: ${{ needs.create-runner.outputs.label }} container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 + image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 volumes: - /var/tmp:/var/tmp - /tmp:/tmp diff --git a/.github/workflows/lacework-inline-scanner.yml b/.github/workflows/lacework-inline-scanner.yml index 0090fcccf70fed..2bb6e249faadb8 100644 --- a/.github/workflows/lacework-inline-scanner.yml +++ b/.github/workflows/lacework-inline-scanner.yml @@ -49,7 +49,7 @@ jobs: needs: [configuration,create-runner] if: ${{ needs.configuration.outputs.skip == 'false' }} container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 + image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 steps: # Most of this is taken over from the Build workflow/preview-env-check-regressions workflow - uses: actions/checkout@v3 diff --git a/.github/workflows/preview-env-check-regressions.yml b/.github/workflows/preview-env-check-regressions.yml index 854babd78e5030..2948bcfeaba3ee 100644 --- a/.github/workflows/preview-env-check-regressions.yml +++ b/.github/workflows/preview-env-check-regressions.yml @@ -85,7 +85,7 @@ jobs: if: ${{ needs.configuration.outputs.skip == 'false' }} runs-on: ${{ needs.create-runner.outputs.label }} container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 + image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 volumes: - /var/tmp:/var/tmp - /tmp:/tmp diff --git a/.github/workflows/preview-env-gc.yml b/.github/workflows/preview-env-gc.yml index 11da99a5fdaa34..4f2d0dcf604707 100644 --- a/.github/workflows/preview-env-gc.yml +++ b/.github/workflows/preview-env-gc.yml @@ -13,7 +13,7 @@ jobs: runs-on: ${{ needs.create-runner.outputs.label }} needs: [create-runner] container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 + image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 outputs: names: ${{ steps.set-matrix.outputs.names }} count: ${{ steps.set-matrix.outputs.count }} diff --git a/.github/workflows/workspace-integration-tests.yml b/.github/workflows/workspace-integration-tests.yml index d8e6c0984dd2d6..5caba3ccea4c48 100644 --- a/.github/workflows/workspace-integration-tests.yml +++ b/.github/workflows/workspace-integration-tests.yml @@ -29,7 +29,7 @@ jobs: runs-on: ${{ needs.create-runner.outputs.label }} needs: [create-runner] container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 + image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 outputs: name: ${{ steps.configuration.outputs.name }} version: ${{ steps.configuration.outputs.version }} @@ -118,7 +118,7 @@ jobs: needs: [configuration, infrastructure, create-runner] runs-on: ${{ needs.create-runner.outputs.label }} container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 + image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 steps: - uses: actions/checkout@v3 - id: auth @@ -226,7 +226,7 @@ jobs: if: github.event.inputs.skip_delete != 'true' && always() runs-on: ${{ needs.create-runner.outputs.label }} container: - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 + image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 steps: - uses: actions/checkout@v3 - uses: ./.github/actions/setup-environment diff --git a/.gitpod.yml b/.gitpod.yml index e45ef7ac31d130..fc3c4369778b0e 100644 --- a/.gitpod.yml +++ b/.gitpod.yml @@ -1,4 +1,4 @@ -image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 +image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 workspaceLocation: gitpod/gitpod-ws.code-workspace checkoutLocation: gitpod ports: diff --git a/.werft/build.yaml b/.werft/build.yaml index 72f035bc929d11..64d117d339c1f6 100644 --- a/.werft/build.yaml +++ b/.werft/build.yaml @@ -64,7 +64,7 @@ pod: - name: MYSQL_TCP_PORT value: 23306 - name: build - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 + image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 workingDir: /workspace imagePullPolicy: IfNotPresent resources: diff --git a/.werft/cleanup-installer-tests.yaml b/.werft/cleanup-installer-tests.yaml index b362d6b63744c0..020d18dc1b46f3 100644 --- a/.werft/cleanup-installer-tests.yaml +++ b/.werft/cleanup-installer-tests.yaml @@ -25,7 +25,7 @@ pod: secretName: aks-credentials containers: - name: nightly-test - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 + image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 workingDir: /workspace imagePullPolicy: Always volumeMounts: diff --git a/.werft/debug.yaml b/.werft/debug.yaml index 569b7045e21805..906734790db06b 100644 --- a/.werft/debug.yaml +++ b/.werft/debug.yaml @@ -48,7 +48,7 @@ pod: - name: MYSQL_TCP_PORT value: 23306 - name: build - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 + image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 workingDir: /workspace imagePullPolicy: IfNotPresent volumeMounts: diff --git a/.werft/platform-trigger-werft-cleanup.yaml b/.werft/platform-trigger-werft-cleanup.yaml index f03072157d6f08..9631868930b0ca 100644 --- a/.werft/platform-trigger-werft-cleanup.yaml +++ b/.werft/platform-trigger-werft-cleanup.yaml @@ -22,7 +22,7 @@ pod: secretName: gcp-sa-gitpod-dev-deployer containers: - name: build - image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-new-dev-image-gha.13182 + image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 workingDir: /workspace imagePullPolicy: IfNotPresent volumeMounts: From 47bb5baae87c8ff7b7faf093acb103abf65a93b8 Mon Sep 17 00:00:00 2001 From: Alejandro de Brito Fontes Date: Sun, 16 Jul 2023 21:59:33 +0000 Subject: [PATCH 11/14] Cleanup --- .github/actions/delete-preview/action.yml | 5 ---- .github/actions/deploy-gitpod/entrypoint.sh | 2 -- .github/actions/deploy-gitpod/metadata.yml | 3 --- .../deploy-monitoring-satellite/Dockerfile | 5 ---- .../deploy-monitoring-satellite/entrypoint.sh | 2 -- .../deploy-monitoring-satellite/metadata.yml | 4 +--- .github/actions/preview-create/Dockerfile | 5 ---- .github/actions/preview-create/entrypoint.sh | 19 +++++++-------- .github/actions/preview-create/metadata.yml | 10 -------- .github/pull_request_template.md | 3 --- .github/workflows/build.yml | 6 ----- .github/workflows/ide-integration-tests.yml | 3 --- ...brains-update-plugin-platform-template.yml | 4 ---- .github/workflows/jetbrains-updates.yml | 2 -- .../preview-env-check-regressions.yml | 10 -------- .github/workflows/preview-env-gc.yml | 2 -- .../workflows/workspace-integration-tests.yml | 3 --- .werft/jobs/build/prepare.ts | 1 - .../infrastructure/modules/gce/variables.tf | 6 ----- dev/preview/infrastructure/modules/gce/vm.tf | 4 ++-- .../modules/harvester/variables.tf | 6 ----- .../infrastructure/modules/harvester/vm.tf | 4 ++-- dev/preview/infrastructure/outputs.tf | 3 --- dev/preview/infrastructure/preview.tf | 23 +------------------ dev/preview/infrastructure/variables.tf | 12 ---------- test/README.md | 2 +- 26 files changed, 17 insertions(+), 132 deletions(-) diff --git a/.github/actions/delete-preview/action.yml b/.github/actions/delete-preview/action.yml index b90d28f69e2df0..18454923b781ad 100644 --- a/.github/actions/delete-preview/action.yml +++ b/.github/actions/delete-preview/action.yml @@ -7,9 +7,6 @@ inputs: name: description: "The name of the preview environment" required: true - previewctl_hash: - description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt" - required: false runs: using: "composite" @@ -20,8 +17,6 @@ runs: run: | gcloud auth activate-service-account --key-file "${PREVIEW_ENV_DEV_SA_KEY_PATH}" - leeway run dev/preview/previewctl:download - previewctl get-credentials --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" export TF_INPUT=0 diff --git a/.github/actions/deploy-gitpod/entrypoint.sh b/.github/actions/deploy-gitpod/entrypoint.sh index a8d09e5bc340b7..a3d9be69436e3f 100755 --- a/.github/actions/deploy-gitpod/entrypoint.sh +++ b/.github/actions/deploy-gitpod/entrypoint.sh @@ -17,8 +17,6 @@ oci-tool fetch file -o /tmp/versions.yaml --platform=linux-amd64 "eu.gcr.io/gitp gcloud auth activate-service-account --key-file "${PREVIEW_ENV_DEV_SA_KEY_PATH}" -leeway run dev/preview/previewctl:download - echo "Setting up access to core-dev and harvester" previewctl get-credentials --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" diff --git a/.github/actions/deploy-gitpod/metadata.yml b/.github/actions/deploy-gitpod/metadata.yml index ffdb4689061ae7..1acb75cc4b9535 100644 --- a/.github/actions/deploy-gitpod/metadata.yml +++ b/.github/actions/deploy-gitpod/metadata.yml @@ -10,9 +10,6 @@ inputs: version: description: "The version of Gitpod to install" required: true - previewctl_hash: - description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt" - required: false with_dedicated_emu: description: "Dedicated Config" required: false diff --git a/.github/actions/deploy-monitoring-satellite/Dockerfile b/.github/actions/deploy-monitoring-satellite/Dockerfile index e72333454dd68c..809f185ef2e1f7 100644 --- a/.github/actions/deploy-monitoring-satellite/Dockerfile +++ b/.github/actions/deploy-monitoring-satellite/Dockerfile @@ -1,9 +1,4 @@ FROM eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 -USER root -ENV OCI_TOOL_VERSION="0.2.0" -RUN curl -fsSL https://github.com/csweichel/oci-tool/releases/download/v${OCI_TOOL_VERSION}/oci-tool_${OCI_TOOL_VERSION}_linux_amd64.tar.gz | tar xz -C /usr/local/bin && chmod +x /usr/local/bin/oci-tool -USER gitpod - COPY entrypoint.sh /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/actions/deploy-monitoring-satellite/entrypoint.sh b/.github/actions/deploy-monitoring-satellite/entrypoint.sh index b788e58cd0d2a1..8e1f807f02c2e7 100755 --- a/.github/actions/deploy-monitoring-satellite/entrypoint.sh +++ b/.github/actions/deploy-monitoring-satellite/entrypoint.sh @@ -9,8 +9,6 @@ mkdir "$HOME/bin" gcloud auth activate-service-account --key-file "${PREVIEW_ENV_DEV_SA_KEY_PATH}" -leeway run dev/preview/previewctl:download - echo "previewctl get-credentials" previewctl get-credentials --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" diff --git a/.github/actions/deploy-monitoring-satellite/metadata.yml b/.github/actions/deploy-monitoring-satellite/metadata.yml index 8c835a6237c94f..aec8bb42659704 100644 --- a/.github/actions/deploy-monitoring-satellite/metadata.yml +++ b/.github/actions/deploy-monitoring-satellite/metadata.yml @@ -4,9 +4,7 @@ inputs: sa_key: description: "The service account key to use when authenticating with GCP" required: true - previewctl_hash: - description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt" - required: false + runs: using: "docker" image: "Dockerfile" diff --git a/.github/actions/preview-create/Dockerfile b/.github/actions/preview-create/Dockerfile index e72333454dd68c..809f185ef2e1f7 100644 --- a/.github/actions/preview-create/Dockerfile +++ b/.github/actions/preview-create/Dockerfile @@ -1,9 +1,4 @@ FROM eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-token-gha.13623 -USER root -ENV OCI_TOOL_VERSION="0.2.0" -RUN curl -fsSL https://github.com/csweichel/oci-tool/releases/download/v${OCI_TOOL_VERSION}/oci-tool_${OCI_TOOL_VERSION}_linux_amd64.tar.gz | tar xz -C /usr/local/bin && chmod +x /usr/local/bin/oci-tool -USER gitpod - COPY entrypoint.sh /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/actions/preview-create/entrypoint.sh b/.github/actions/preview-create/entrypoint.sh index 5ce68ca4c8c6d1..108c1ab34a1490 100755 --- a/.github/actions/preview-create/entrypoint.sh +++ b/.github/actions/preview-create/entrypoint.sh @@ -1,24 +1,25 @@ #!/usr/bin/env bash +# shellcheck disable=SC2155 set -euo pipefail +set -x -leeway run dev/preview/previewctl:download +mkdir -p "$HOME/.kube" -previewctl get-credentials --gcp-service-account "${INPUT_SA_KEY}" +CREDENTIALS_FILE=$(mktemp) +echo "${INPUT_SA_KEY}" >> "${CREDENTIALS_FILE}" +export PREVIEW_ENV_DEV_SA_KEY_PATH="${CREDENTIALS_FILE}" + +gcloud auth activate-service-account --key-file "${CREDENTIALS_FILE}" +previewctl get-credentials --gcp-service-account "${CREDENTIALS_FILE}" replace="module.preview_gce[0].google_compute_instance.default" -if [[ "${INPUT_INFRASTRUCTURE_PROVIDER}" = "harvester " ]]; then - replace="module.preview_harvester[0].harvester_virtualmachine.harvester" -fi if [[ "${INPUT_RECREATE_VM:-x}" == "true" ]]; then export TF_CLI_ARGS_plan="-replace=${replace}" fi -TF_VAR_preview_name="$(previewctl get-name --branch "${INPUT_NAME}")" -export TF_VAR_preview_name -export TF_VAR_infra_provider="${INPUT_INFRASTRUCTURE_PROVIDER}" -export TF_VAR_with_large_vm="${INPUT_LARGE_VM}" +export TF_VAR_preview_name="$(previewctl get-name --branch "${INPUT_NAME}")" export TF_INPUT=0 export TF_IN_AUTOMATION=true diff --git a/.github/actions/preview-create/metadata.yml b/.github/actions/preview-create/metadata.yml index 6c195679a57689..4a7c501b333894 100644 --- a/.github/actions/preview-create/metadata.yml +++ b/.github/actions/preview-create/metadata.yml @@ -4,16 +4,6 @@ inputs: name: description: "The name of the preview environment to deploy Gitpod to" required: false - infrastructure_provider: - description: "The infrastructure provider to use" - required: true - large_vm: - description: "Whether to use a larger VM for the env" - required: true - default: false - previewctl_hash: - description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt" - required: false recreate_vm: description: "Whether to recreate the VM" required: false diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 736ec40df74e49..fee454ebd760da 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -56,9 +56,6 @@ gitpod:summary - [ ] /werft with-local-preview If enabled this will build `install/preview` - [ ] /werft with-preview -- [ ] /werft with-large-vm -- [ ] /werft with-gce-vm - If enabled this will create the environment on GCE infra - [ ] with-integration-tests=all Valid options are `all`, `workspace`, `webapp`, `ide`, `jetbrains`, `vscode`, `ssh` - [ ] with-monitoring diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d9ca8c8cb16e07..062c592a6a5110 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -30,10 +30,8 @@ jobs: is_main_branch: ${{ (github.head_ref || github.ref) == 'refs/heads/main' }} version: ${{ steps.branches.outputs.sanitized-branch-name }}-gha.${{github.run_number}} preview_enable: ${{ contains( steps.pr-details.outputs.pr_body, '[x] /werft with-preview') }} - preview_infra_provider: ${{ contains( steps.pr-details.outputs.pr_body, '[x] /werft with-gce-vm') && 'gce' || 'harvester' }} build_no_cache: ${{ contains( steps.pr-details.outputs.pr_body, '[x] leeway-no-cache') }} build_no_test: ${{ contains( steps.pr-details.outputs.pr_body, '[x] /werft no-test') }} - with_large_vm: ${{ contains( steps.pr-details.outputs.pr_body, '[X] /werft with-large-vm') }} publish_to_npm: ${{ contains( steps.pr-details.outputs.pr_body, '[X] /werft publish-to-npm') }} publish_to_jbmp: ${{ contains( steps.pr-details.outputs.pr_body, '[X] /werft publish-to-jb-marketplace') }} with_dedicated_emulation: ${{ contains( steps.pr-details.outputs.pr_body, '[X] with-dedicated-emulation') }} @@ -104,8 +102,6 @@ jobs: uses: ./.github/actions/preview-create with: name: ${{ github.head_ref || github.ref_name }} - infrastructure_provider: ${{ needs.configuration.outputs.preview_infra_provider }} - large_vm: ${{ needs.configuration.outputs.with_large_vm }} recreate_vm: ${{ inputs.recreate_vm }} sa_key: ${{ secrets.GCP_CREDENTIALS }} leeway_segment_key: ${{ secrets.LEEWAY_SEGMENT_KEY }} @@ -397,8 +393,6 @@ jobs: TEST_BUILD_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} TEST_BUILD_REF: ${{ github.head_ref || github.ref }} run: | - leeway run dev/preview/previewctl:install - echo "Setting up access to core-dev and harvester" previewctl get-credentials --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" previewctl install-context --branch "${PREVIEW_NAME}" --log-level debug --timeout 1m --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" diff --git a/.github/workflows/ide-integration-tests.yml b/.github/workflows/ide-integration-tests.yml index f45f9221a590e7..a586eced235d52 100644 --- a/.github/workflows/ide-integration-tests.yml +++ b/.github/workflows/ide-integration-tests.yml @@ -84,7 +84,6 @@ jobs: uses: ./.github/actions/preview-create with: name: ${{ needs.configuration.outputs.name }} - infrastructure_provider: gce large_vm: true - name: Deploy Gitpod to the preview environment id: deploy-gitpod @@ -121,8 +120,6 @@ jobs: gcloud auth activate-service-account --key-file ${{ steps.auth.outputs.credentials_file_path }} - leeway run dev/preview/previewctl:install - echo "Setting up access to core-dev and harvester" previewctl get-credentials --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" diff --git a/.github/workflows/jetbrains-update-plugin-platform-template.yml b/.github/workflows/jetbrains-update-plugin-platform-template.yml index 2a294c9c067d5c..fc6dc702e72b08 100644 --- a/.github/workflows/jetbrains-update-plugin-platform-template.yml +++ b/.github/workflows/jetbrains-update-plugin-platform-template.yml @@ -102,8 +102,6 @@ jobs: ## Werft options: - [x] /werft publish-to-jb-marketplace - [x] /werft with-preview - - [x] /werft with-large-vm - - [x] /werft with-gce-vm - [x] with-integration-tests=jetbrains - [x] latest-ide-version=${{ contains(inputs.pluginId, 'latest') }} @@ -145,8 +143,6 @@ jobs: ## Werft options: - [x] /werft with-preview - - [x] /werft with-large-vm - - [x] /werft with-gce-vm - [x] with-integration-tests=jetbrains - [x] latest-ide-version=${{ contains(inputs.pluginId, 'latest') }} diff --git a/.github/workflows/jetbrains-updates.yml b/.github/workflows/jetbrains-updates.yml index 76db1d0cbedfe9..eac292f7a9c707 100644 --- a/.github/workflows/jetbrains-updates.yml +++ b/.github/workflows/jetbrains-updates.yml @@ -63,8 +63,6 @@ jobs: * with-preview - whether to create a preview environment for this PR --> - [x] /werft with-preview - - [x] /werft with-large-vm - - [x] /werft with-gce-vm - [x] with-integration-tests=jetbrains - [x] latest-ide-version=false diff --git a/.github/workflows/preview-env-check-regressions.yml b/.github/workflows/preview-env-check-regressions.yml index 2948bcfeaba3ee..8e038cd783c793 100644 --- a/.github/workflows/preview-env-check-regressions.yml +++ b/.github/workflows/preview-env-check-regressions.yml @@ -12,10 +12,6 @@ on: version: required: true description: "The version of Gitpod to install" - infrastructure_provider: - description: "The infrastructure provider to use. Valid options: harvester, gcp" - required: false - default: gcp jobs: create-runner: @@ -30,7 +26,6 @@ jobs: skip: ${{ steps.configuration.outputs.skip }} name: ${{ steps.configuration.outputs.name }} version: ${{ steps.configuration.outputs.version }} - infrastructure_provider: ${{ steps.configuration.outputs.infrastructure_provider }} steps: - name: "Set outputs" id: configuration @@ -40,7 +35,6 @@ jobs: { echo "version=${{ github.event.inputs.version }}" echo "name=${{ github.event.inputs.name }}" - echo "infrastructure_provider=${{ github.event.inputs.infrastructure_provider }}" echo "skip=false" } >> $GITHUB_OUTPUT else @@ -48,7 +42,6 @@ jobs: { echo "version=main-gha.${{ github.event.workflow_run.run_number }}" echo "name=preview-regression-check-main-${{ github.run_id }}-${{ github.run_attempt }}" - echo "infrastructure_provider=harvester" echo "skip=${{ github.event.workflow_run.conclusion == 'failure' }}" } >> $GITHUB_OUTPUT fi @@ -70,7 +63,6 @@ jobs: uses: ./.github/actions/preview-create with: name: ${{ needs.configuration.outputs.name }} - infrastructure_provider: ${{ needs.configuration.outputs.infrastructure_provider }} large_vm: false - name: Deploy Gitpod to the preview environment id: deploy-gitpod @@ -104,8 +96,6 @@ jobs: gcloud auth activate-service-account --key-file ${{ steps.auth.outputs.credentials_file_path }} - leeway run dev/preview/previewctl:install - echo "Setting up access to core-dev and harvester" previewctl get-credentials --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" diff --git a/.github/workflows/preview-env-gc.yml b/.github/workflows/preview-env-gc.yml index 4f2d0dcf604707..2531a94b123bc2 100644 --- a/.github/workflows/preview-env-gc.yml +++ b/.github/workflows/preview-env-gc.yml @@ -33,8 +33,6 @@ jobs: gcloud auth activate-service-account --key-file ${{ steps.auth.outputs.credentials_file_path }} - leeway run dev/preview/previewctl:install - previewctl get-credentials --gcp-service-account ${{ steps.auth.outputs.credentials_file_path }} previewctl list stale | jq --null-input --raw-input --compact-output '[inputs | select(length>0)]' > /tmp/stale-json echo "names=$(cat /tmp/stale-json)" >> $GITHUB_OUTPUT diff --git a/.github/workflows/workspace-integration-tests.yml b/.github/workflows/workspace-integration-tests.yml index 5caba3ccea4c48..1c51b2a0d9bee0 100644 --- a/.github/workflows/workspace-integration-tests.yml +++ b/.github/workflows/workspace-integration-tests.yml @@ -103,7 +103,6 @@ jobs: uses: ./.github/actions/preview-create with: name: ${{ needs.configuration.outputs.name }} - infrastructure_provider: gce large_vm: true - name: Deploy Gitpod to the preview environment if: github.event.inputs.skip_deploy != 'true' @@ -152,8 +151,6 @@ jobs: gcloud auth activate-service-account --key-file ${{ steps.auth.outputs.credentials_file_path }} - leeway run dev/preview/previewctl:install - echo "Setting up access to core-dev and harvester" previewctl get-credentials --gcp-service-account ${{ steps.auth.outputs.credentials_file_path }} diff --git a/.werft/jobs/build/prepare.ts b/.werft/jobs/build/prepare.ts index 22058fd82d8da1..aa1e0b3bd1b9b6 100644 --- a/.werft/jobs/build/prepare.ts +++ b/.werft/jobs/build/prepare.ts @@ -49,7 +49,6 @@ async function createVM(werft: Werft, config: JobConfig) { "GOOGLE_APPLICATION_CREDENTIALS": GCLOUD_SERVICE_ACCOUNT_PATH, "TF_VAR_cert_issuer": config.certIssuer, "TF_VAR_preview_name": config.previewEnvironment.destname, - "TF_VAR_with_large_vm": `${config.withLargeVM}`, "TF_VAR_infra_provider": `${infra}`, } diff --git a/dev/preview/infrastructure/modules/gce/variables.tf b/dev/preview/infrastructure/modules/gce/variables.tf index cd6fcc7a572a8f..a016b9c56ea17b 100644 --- a/dev/preview/infrastructure/modules/gce/variables.tf +++ b/dev/preview/infrastructure/modules/gce/variables.tf @@ -64,9 +64,3 @@ variable "use_spot" { default = true description = "Flag to decide whether to use spot instances" } - -variable "with_large_vm" { - type = bool - default = false - description = "Flag to decide whether to use a larger VM" -} diff --git a/dev/preview/infrastructure/modules/gce/vm.tf b/dev/preview/infrastructure/modules/gce/vm.tf index 4394cda7e16dc3..0bf494fcebcf46 100644 --- a/dev/preview/infrastructure/modules/gce/vm.tf +++ b/dev/preview/infrastructure/modules/gce/vm.tf @@ -23,7 +23,7 @@ resource "google_compute_instance" "default" { # allowing us to e.g. run more e2e tests in parallel without # running into node disk pressure. dynamic "scratch_disk" { - for_each = var.with_large_vm == true ? [1, 2] : [] + for_each = [1, 2] content { interface = "NVME" } @@ -100,5 +100,5 @@ locals { ssh_authorized_keys = var.ssh_key }) - machine_type = var.with_large_vm ? "n2d-standard-32" : var.vm_type + machine_type = "n2d-standard-16" } diff --git a/dev/preview/infrastructure/modules/harvester/variables.tf b/dev/preview/infrastructure/modules/harvester/variables.tf index 7dd24faad13c0d..10020b8b8af267 100644 --- a/dev/preview/infrastructure/modules/harvester/variables.tf +++ b/dev/preview/infrastructure/modules/harvester/variables.tf @@ -53,9 +53,3 @@ variable "gcp_project_dns" { default = "gitpod-core-dev" description = "The GCP project in which to create DNS records" } - -variable "with_large_vm" { - type = bool - default = false - description = "Flag to decide whether to use a larger VM" -} diff --git a/dev/preview/infrastructure/modules/harvester/vm.tf b/dev/preview/infrastructure/modules/harvester/vm.tf index e770eedc52a5ea..53611cea5805be 100644 --- a/dev/preview/infrastructure/modules/harvester/vm.tf +++ b/dev/preview/infrastructure/modules/harvester/vm.tf @@ -100,6 +100,6 @@ locals { }) }) - vm_cpu = var.with_large_vm ? 12 : 6 - vm_memory = var.with_large_vm ? "24Gi" : "12Gi" + vm_cpu = 12 + vm_memory = "24Gi" } diff --git a/dev/preview/infrastructure/outputs.tf b/dev/preview/infrastructure/outputs.tf index 7f9f6dbcbdac7f..e69de29bb2d1d6 100644 --- a/dev/preview/infrastructure/outputs.tf +++ b/dev/preview/infrastructure/outputs.tf @@ -1,3 +0,0 @@ -output "infra_provider" { - value = var.infra_provider -} diff --git a/dev/preview/infrastructure/preview.tf b/dev/preview/infrastructure/preview.tf index 223cf8add956f6..ad34c55915086b 100644 --- a/dev/preview/infrastructure/preview.tf +++ b/dev/preview/infrastructure/preview.tf @@ -1,5 +1,5 @@ module "preview_gce" { - count = var.infra_provider == "gce" ? 1 : 0 + count = 1 source = "./modules/gce" preview_name = var.preview_name @@ -7,7 +7,6 @@ module "preview_gce" { preview_namespace = kubernetes_namespace.preview_namespace.metadata[0].name ssh_key = local.ssh_key use_spot = var.gce_use_spot - with_large_vm = var.with_large_vm vm_type = var.vm_type providers = { @@ -19,26 +18,6 @@ module "preview_gce" { } } -module "preview_harvester" { - count = var.infra_provider == "harvester" ? 1 : 0 - source = "./modules/harvester" - - preview_name = var.preview_name - cert_issuer = var.cert_issuer - preview_namespace = kubernetes_namespace.preview_namespace.metadata[0].name - ssh_key = local.ssh_key - with_large_vm = var.with_large_vm - - providers = { - google = google, - acme.letsencrypt = acme.letsencrypt, - acme.zerossl = acme.zerossl, - k8s.dev = k8s.dev - k8s.harvester = k8s.harvester - harvester.harvester = harvester.harvester - } -} - module "dns" { source = "./modules/dns" diff --git a/dev/preview/infrastructure/variables.tf b/dev/preview/infrastructure/variables.tf index 293daa740e13fa..38b7895e2b5891 100644 --- a/dev/preview/infrastructure/variables.tf +++ b/dev/preview/infrastructure/variables.tf @@ -1,9 +1,3 @@ -variable "infra_provider" { - type = string - default = "harvester" - description = "the provider for the infra: [harvester, gce]" -} - variable "preview_name" { type = string description = "The preview environment's name" @@ -55,9 +49,3 @@ variable "gce_use_spot" { default = true description = "Flag to decide whether to use spot instances" } - -variable "with_large_vm" { - type = bool - default = false - description = "Flag to decide whether to use a larger VM" -} diff --git a/test/README.md b/test/README.md index 7612c89e9aadb3..fd35ab221b7efd 100644 --- a/test/README.md +++ b/test/README.md @@ -39,7 +39,7 @@ werft job run github -a with-preview=true -a with-integration-tests=webapp -f You may want to run tests to assert whether a Gitpod installation is successfully integrated. > Use a preview environment with a large VM to run the tests. The tests run in parallel and can consume a large amount of recources. Create one as follows: -> `TF_VAR_with_large_vm=true leeway run dev:preview` +> `leeway run dev:preview` ### Go test From 71c3c78cc9f2f1f56f45e0fde4bcac0c6093a7ea Mon Sep 17 00:00:00 2001 From: Alejandro de Brito Fontes Date: Mon, 17 Jul 2023 06:11:39 +0000 Subject: [PATCH 12/14] Remove harvester --- .werft/jobs/build/prepare.ts | 2 +- .../modules/harvester/cloudinit.yaml | 54 --------- .../infrastructure/modules/harvester/lb.tf | 65 ----------- .../modules/harvester/outputs.tf | 7 -- .../modules/harvester/provider.tf | 26 ----- .../infrastructure/modules/harvester/svc.tf | 27 ----- .../modules/harvester/variables.tf | 55 --------- .../infrastructure/modules/harvester/vm.tf | 105 ------------------ dev/preview/infrastructure/preview.tf | 6 +- 9 files changed, 3 insertions(+), 344 deletions(-) delete mode 100644 dev/preview/infrastructure/modules/harvester/cloudinit.yaml delete mode 100644 dev/preview/infrastructure/modules/harvester/lb.tf delete mode 100644 dev/preview/infrastructure/modules/harvester/outputs.tf delete mode 100644 dev/preview/infrastructure/modules/harvester/provider.tf delete mode 100644 dev/preview/infrastructure/modules/harvester/svc.tf delete mode 100644 dev/preview/infrastructure/modules/harvester/variables.tf delete mode 100644 dev/preview/infrastructure/modules/harvester/vm.tf diff --git a/.werft/jobs/build/prepare.ts b/.werft/jobs/build/prepare.ts index aa1e0b3bd1b9b6..70f70180f0fbbe 100644 --- a/.werft/jobs/build/prepare.ts +++ b/.werft/jobs/build/prepare.ts @@ -41,7 +41,7 @@ async function decideHarvesterVMCreation(werft: Werft, config: JobConfig) { // Readiness is not guaranted. async function createVM(werft: Werft, config: JobConfig) { const infra = config.withGceVm ? "gce" : "harvester" - const replace = config.withGceVm ? "module.preview_gce[0].google_compute_instance.default" : "module.preview_harvester[0].harvester_virtualmachine.harvester" + const replace = "module.preview_gce[0].google_compute_instance.default" const environment = { // We pass the GCP credentials explicitly, otherwise for some reason TF doesn't pick them up diff --git a/dev/preview/infrastructure/modules/harvester/cloudinit.yaml b/dev/preview/infrastructure/modules/harvester/cloudinit.yaml deleted file mode 100644 index 097c3f38beff37..00000000000000 --- a/dev/preview/infrastructure/modules/harvester/cloudinit.yaml +++ /dev/null @@ -1,54 +0,0 @@ -#cloud-config -users: -- name: ubuntu - sudo: "ALL=(ALL) NOPASSWD: ALL" - ssh_authorized_keys: - - ${ssh_authorized_keys} -chpasswd: - list: | - ubuntu:ubuntu - expire: False -write_files: - - path: /etc/disable-services.sh - permissions: '0755' - content: | - #!/bin/bash - systemctl disable google-guest-agent & - systemctl disable google-startup-scripts & - systemctl disable google-osconfig-agent & - systemctl disable google-oslogin-cache.timer & - systemctl disable google-shutdown-scripts & - systemctl stop google-guest-agent & - systemctl stop google-startup-scripts & - systemctl stop google-osconfig-agent & - systemctl stop google-oslogin-cache.timer & - systemctl stop google-shutdown-scripts & - - path: /etc/ssh/sshd_config.d/101-change-ssh-port.conf - permissions: '0644' - owner: root - content: 'Port 2200' - - - path: /usr/local/bin/bootstrap.sh - permissions: '0744' - owner: root - content: | - #!/bin/bash - - set -eo pipefail - - cat <> /etc/containerd/config.toml - [plugins."io.containerd.grpc.v1.cri".registry.configs."registry-1.docker.io".auth] - username = "${dockerhub_user}" - password = "${dockerhub_passwd}" - EOF - sudo systemctl restart containerd.service - - - path: /usr/local/bin/bootstrap-k3s.sh - permissions: '0744' - owner: root - content: | - ${indent(6, install-k3s)} -runcmd: - - bash /etc/disable-services.sh - - bash /usr/local/bin/bootstrap.sh - - bash /usr/local/bin/bootstrap-k3s.sh diff --git a/dev/preview/infrastructure/modules/harvester/lb.tf b/dev/preview/infrastructure/modules/harvester/lb.tf deleted file mode 100644 index c40caf0725ecfe..00000000000000 --- a/dev/preview/infrastructure/modules/harvester/lb.tf +++ /dev/null @@ -1,65 +0,0 @@ -resource "kubernetes_deployment" "dev-loadbalancer" { - provider = k8s.dev - - metadata { - name = "lb-${var.preview_name}" - namespace = "loadbalancers" - labels = { - "gitpod.io/lbName" = var.preview_name - } - } - - spec { - replicas = 1 - - selector { - match_labels = { - "gitpod.io/lbName" = var.preview_name - } - } - - template { - metadata { - name = "lb" - labels = { - "gitpod.io/lbName" = var.preview_name - } - } - - spec { - service_account_name = "proxy" - enable_service_links = false - - volume { - name = "kubeconfig" - secret { - secret_name = "harvester-kubeconfig" - } - } - - container { - image = "bitnami/kubectl:1.25.2" - name = "kubectl" - args = [ - "port-forward", - "--kubeconfig", - "/mnt/kubeconfig/harvester-kubeconfig.yml", - "-n", - var.preview_namespace, - "--address=0.0.0.0", - "--pod-running-timeout=2m", - "svc/proxy", - "4430:443", - "2200:22", - ] - - volume_mount { - mount_path = "/mnt/kubeconfig/" - name = "kubeconfig" - read_only = true - } - } - } - } - } -} diff --git a/dev/preview/infrastructure/modules/harvester/outputs.tf b/dev/preview/infrastructure/modules/harvester/outputs.tf deleted file mode 100644 index 025bba6b8d4edf..00000000000000 --- a/dev/preview/infrastructure/modules/harvester/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -output "workspace_ip" { - value = kubernetes_service.dev-svc.status[0].load_balancer[0].ingress[0].ip -} - -output "preview_ip" { - value = var.harvester_ingress_ip -} diff --git a/dev/preview/infrastructure/modules/harvester/provider.tf b/dev/preview/infrastructure/modules/harvester/provider.tf deleted file mode 100644 index c1cffca9b41808..00000000000000 --- a/dev/preview/infrastructure/modules/harvester/provider.tf +++ /dev/null @@ -1,26 +0,0 @@ -terraform { - required_version = ">= 1.2" - - required_providers { - harvester = { - source = "harvester/harvester" - version = "=0.5.3" - configuration_aliases = [harvester.harvester] - } - k8s = { - source = "hashicorp/kubernetes" - version = ">= 2.0" - configuration_aliases = [k8s.dev, k8s.harvester] - } - google = { - source = "hashicorp/google" - version = ">=4.40.0" - configuration_aliases = [google] - } - acme = { - source = "vancluever/acme" - version = "~> 2.0" - configuration_aliases = [acme.letsencrypt, acme.zerossl] - } - } -} diff --git a/dev/preview/infrastructure/modules/harvester/svc.tf b/dev/preview/infrastructure/modules/harvester/svc.tf deleted file mode 100644 index 43e191d35b44d3..00000000000000 --- a/dev/preview/infrastructure/modules/harvester/svc.tf +++ /dev/null @@ -1,27 +0,0 @@ -# Load balancer in the DEV cluster -resource "kubernetes_service" "dev-svc" { - provider = k8s.dev - wait_for_load_balancer = true - metadata { - name = "lb-${var.preview_name}" - namespace = "loadbalancers" - } - spec { - port { - name = "ssh-gateway" - protocol = "TCP" - port = 22 - target_port = 2200 - } - port { - name = "https" - protocol = "TCP" - port = 443 - target_port = 4430 - } - selector = { - "gitpod.io/lbName" = var.preview_name - } - type = "LoadBalancer" - } -} diff --git a/dev/preview/infrastructure/modules/harvester/variables.tf b/dev/preview/infrastructure/modules/harvester/variables.tf deleted file mode 100644 index 10020b8b8af267..00000000000000 --- a/dev/preview/infrastructure/modules/harvester/variables.tf +++ /dev/null @@ -1,55 +0,0 @@ -variable "preview_name" { - type = string - description = "The preview environment's name" -} - -variable "kubeconfig_path" { - type = string - default = "/home/gitpod/.kube/config" - description = "The path to the kubernetes config" -} - -variable "harvester_kube_context" { - type = string - default = "harvester" - description = "The name of the harvester kube context" -} - -variable "preview_namespace" { - type = string -} - -variable "dev_kube_context" { - type = string - default = "dev" - description = "The name of the dev kube context" -} - -variable "ssh_key" { - type = string - description = "ssh public key used for access to the vm" -} - -variable "vm_image" { - type = string - description = "The VM image" - default = "gitpod-k3s-202306121532" -} - -variable "harvester_ingress_ip" { - type = string - default = "159.69.172.117" - description = "Ingress IP in Harvester cluster" -} - -variable "cert_issuer" { - type = string - default = "letsencrypt-issuer-gitpod-core-dev" - description = "Certificate issuer" -} - -variable "gcp_project_dns" { - type = string - default = "gitpod-core-dev" - description = "The GCP project in which to create DNS records" -} diff --git a/dev/preview/infrastructure/modules/harvester/vm.tf b/dev/preview/infrastructure/modules/harvester/vm.tf deleted file mode 100644 index 53611cea5805be..00000000000000 --- a/dev/preview/infrastructure/modules/harvester/vm.tf +++ /dev/null @@ -1,105 +0,0 @@ -locals { - vm_storage_class = format("longhorn-%s-onereplica", var.vm_image) -} - -resource "harvester_virtualmachine" "harvester" { - provider = harvester.harvester - name = var.preview_name - namespace = var.preview_namespace - restart_after_update = true - - tags = { - ssh-user = "ubuntu" - os = "ubuntu" - } - - ssh_keys = [ - harvester_ssh_key.harvester_ssh_key.id - ] - - cpu = local.vm_cpu - memory = local.vm_memory - - run_strategy = "RerunOnFailure" - machine_type = "q35" - - network_interface { - name = "default" - type = "masquerade" - model = "virtio" - } - - disk { - name = "system" - type = "disk" - size = "200Gi" - bus = "scsi" - boot_order = 1 - - access_mode = "ReadWriteOnce" - volume_mode = "Block" - storage_class_name = local.vm_storage_class - auto_delete = true - } - - disk { - name = "storage" - type = "disk" - size = "30Gi" - bus = "virtio" - - access_mode = "ReadWriteOnce" - volume_mode = "Block" - storage_class_name = "longhorn-onereplica" - auto_delete = true - } - - cloudinit { - user_data_secret_name = kubernetes_secret.cloudinit.metadata[0].name - network_data_secret_name = kubernetes_secret.cloudinit.metadata[0].name - } -} - -resource "harvester_ssh_key" "harvester_ssh_key" { - provider = harvester.harvester - name = "${var.preview_name}-ssh-key" - namespace = var.preview_namespace - - public_key = var.ssh_key -} - -resource "kubernetes_secret" "cloudinit" { - provider = k8s.harvester - metadata { - name = local.vm_cloud_init_secret_name - namespace = var.preview_namespace - } - - data = { - networkdata = "" - userdata = local.cloudinit_user_data - } -} - -data "kubernetes_secret" "harvester-k3s-dockerhub-pull-account" { - provider = k8s.dev - metadata { - name = "harvester-k3s-dockerhub-pull-account" - namespace = "werft" - } -} - -locals { - vm_cloud_init_secret_name = "userdata-${var.preview_name}" - cloudinit_user_data = templatefile("${path.module}/cloudinit.yaml", { - dockerhub_user = data.kubernetes_secret.harvester-k3s-dockerhub-pull-account.data["username"] - dockerhub_passwd = data.kubernetes_secret.harvester-k3s-dockerhub-pull-account.data["password"] - ssh_authorized_keys = var.ssh_key - install-k3s = templatefile("${path.module}/../../scripts/bootstrap-k3s.sh", { - vm_name = var.preview_name - }) - }) - - vm_cpu = 12 - vm_memory = "24Gi" -} diff --git a/dev/preview/infrastructure/preview.tf b/dev/preview/infrastructure/preview.tf index ad34c55915086b..92a24bf3799e50 100644 --- a/dev/preview/infrastructure/preview.tf +++ b/dev/preview/infrastructure/preview.tf @@ -27,16 +27,14 @@ module "dns" { preview_ip = join( "", [ - length(module.preview_gce) > 0 ? module.preview_gce[0].preview_ip : "", - length(module.preview_harvester) > 0 ? module.preview_harvester[0].preview_ip : "" + module.preview_gce[0].preview_ip ], ) workspace_ip = join( "", [ - length(module.preview_gce) > 0 ? module.preview_gce[0].workspace_ip : "", - length(module.preview_harvester) > 0 ? module.preview_harvester[0].workspace_ip : "" + module.preview_gce[0].workspace_ip ], ) From 1518172d20c9faad5e83398d3e420e4b996e0fb1 Mon Sep 17 00:00:00 2001 From: Alejandro de Brito Fontes Date: Mon, 17 Jul 2023 06:28:19 +0000 Subject: [PATCH 13/14] 24 --- .github/actions/preview-create/entrypoint.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/actions/preview-create/entrypoint.sh b/.github/actions/preview-create/entrypoint.sh index 108c1ab34a1490..1f7b0a2ed5141e 100755 --- a/.github/actions/preview-create/entrypoint.sh +++ b/.github/actions/preview-create/entrypoint.sh @@ -11,7 +11,9 @@ echo "${INPUT_SA_KEY}" >> "${CREDENTIALS_FILE}" export PREVIEW_ENV_DEV_SA_KEY_PATH="${CREDENTIALS_FILE}" gcloud auth activate-service-account --key-file "${CREDENTIALS_FILE}" + previewctl get-credentials --gcp-service-account "${CREDENTIALS_FILE}" +previewctl install-context --gcp-service-account "${CREDENTIALS_FILE}" --timeout 10m replace="module.preview_gce[0].google_compute_instance.default" From 40a2f791f30a58c71117443a9bf5f91090a6854d Mon Sep 17 00:00:00 2001 From: Alejandro de Brito Fontes Date: Mon, 17 Jul 2023 06:34:10 +0000 Subject: [PATCH 14/14] 25 --- .github/actions/preview-create/entrypoint.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/preview-create/entrypoint.sh b/.github/actions/preview-create/entrypoint.sh index 1f7b0a2ed5141e..753f7584a2ba90 100755 --- a/.github/actions/preview-create/entrypoint.sh +++ b/.github/actions/preview-create/entrypoint.sh @@ -5,6 +5,7 @@ set -euo pipefail set -x mkdir -p "$HOME/.kube" +export KUBECONFIG="$HOME/.kube/config" CREDENTIALS_FILE=$(mktemp) echo "${INPUT_SA_KEY}" >> "${CREDENTIALS_FILE}"