A Hubot CI/CD Pipeline Bot for Openshift Container Platform (OCP) with Mattermost adapter.
The goal of this project is to automate our CI/CD pipelines for Applications built and deployed on Openshift Container Platform in order to increase deployment velocity. A ChatOps approach increases visibility and gives distributed developers more freedom to test and deploy.
This project is based on a Dev, Test, Stage, Prod deployment model to meet our needs, but could be adapted to any workflow.
This document will break down the build config and deployment steps required to run pipeline-bot.
Currently defined in post deploy script This script will define any ocp jobs that are required to run post deployment. OCP jobs are defined as Env Var from config map. This is a temporary solution for now.
Currently defined in test script This script will define any ocp jobs that are required to run test. OCP jobs are defined as Env Var from config map. This is a temporary solution for now.
Step by step how to build Hubot instance from start
HINT see below for build and deploy from this repo as boilerplate
brew install node
npm install -g yo generator-hubot
mkdir pipeline-bot
cd pipeline-bot
yo hubot
$ Owner 'my.email@domain.bc.ca'
$ Bot name 'pipeline-bot'
$ Description 'CI/CD Pipeline Bot'
$ Bot adapter 'matteruser'
git
on local project dircreate new imagestream in OCP
oc create imagestream pipeline-bot
create tag for imagestream in OCP
oc tag pipeline-bot pipeline-bot:latest
create new build using Source Build Strategy in OCP
oc new-build nodejs:10~https://github.com/bcgov/pipeline-bot.git -l app=bot
MATTERMOST_HOST= <url-to-mattermost>
MATTERMOST_GROUP= <mattermost-group>
MATTERMOST_USER= <mattermost-username>
MATTERMOST_PASSWORD= <mattermost-password>
HUBOT_MATTERMOST_CHANNEL= <mattermost-channel>
HUBOT_OCPAPIKEY= <ocp-token>
HUBOT_OCPDOMAIN= <ocp-domain>
HUBOT_ACL= <conifg for access control list> # see Access Control
HUBOT_DEV_APITEST_TEMPLATE= <url-to-test-template.json>
HUBOT_TEST_APITEST_TEMPLATE= <url-to-test-template.json>
HUBOT_TEST_POSTDEPLOY_TEMPLATE= <url-to-post-template.json>
HUBOT_STAGE_POSTDEPLOY_TEMPLATE= <url-to-post-template.json>
HUBOT_TEST_NAMESPACE= <ocp-namespace-to-run-test-in>
HUBOT_CONFIG_PATH= <url-to-config-map> # see Pipeline Config
HUBOT_GITHUB_TOKEN= <github token for repo access>
HUBOT_JENKINS_URL= <url to jenkins instance>
HUBOT_JENKINS_AUTH= <user:token>
first time deploy in OCP
oc new-app pipeline-bot:latest
12 . set up github action on repo:
BOT_KEY= <gateway token>
BOT_URL= <url to Bot instance>
Example: github action to send to Hubot
```
name: dev_push
on:
push:
branches:
- dev
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
with:
ref: dev
- name: Send Payload
run: |
curl -X POST -H "Content-Type: application/json" -H "apikey: ${{ secrets.BOT_KEY }}" -d @$GITHUB_EVENT_PATH https://${{ secrets.BOT_URL }}/hubot/github/dev
```
https://github.com/emptywee/acl-hubot
define config map in OCP and injected as env var HUBOT_ACL
required for scripts/acl.coffee
{
"groups":
{
"admins": [ "<mattermost-username-1>", "mattermost-username-2", "mattermost-username-3"]
},
"commands":
{
"restricted":
{
"build": [ "admins" ],
"deploy": [ "admins" ],
"brain": [ "admins" ],
"buildanddeploy": [ "admins" ]
}
}
}
Hubot will reference this file to lookup buildconfig and deployment configs, and namespaces required to make the api calls to OCP or Jenkins Job Name.
Please see Reference Config File
Example:
{
"pipelines": [
{
"name": "<appName>",
"repo": "<user/repo>",
"prToMasterAfter": "test",
"dev": {
"build": {
"buildconfig": "<ocp-bc-name>",
"namespace": "<ocp-bc-namespace>"
},
"deploy": {
"deployconfig": "<ocp-dc-name>",
"namespace": "<ocp-dc-namespace>"
}
},
"test": {
"build": {
"buildconfig": "<ocp-bc-name>",
"namespace": "<ocp-bc-namespace>"
},
"deploy": {
"deployconfig": "<ocp-dc-name>",
"namespace": "<ocp-dc-namespace>"
}
},
"prod": {
"build": {
"jenkinsjob":"job/jenkins-job-path/"
}
}
}
]
}
dockerfile in this repo is for local build development only and not to be used for production.
currently used for test scripts and example test routes for local testing and examples only.
payload examples for references from github and OCP sources, includes readme with curl examples.
Hubot allows us to create custom responders to interact directly with the bot.
defined in scripts/responders.coffee
A list of commands are available by running cmd <hubotname> help
Steps to deploy directly from fork of this repo:
change bot name update -name argument in both files
exec node_modules/.bin/hubot --name "<my-bot-name>" "$@"
create new build using Source Build Strategy in OCP
oc new-build nodejs:10~https://github.com/<forked/repo>.git -l app=bot
first time deploy in OCP
oc new-app pipeline-bot:latest