search

cncf-tags / green-reviews-tooling

Project Repository for the WG Green Reviews which is part of the CNCF TAG Environmental Sustainability
https://github.com/cncf/tag-env-sustainability/tree/main/working-groups/green-reviews
Apache License 2.0
27 stars 14 forks source link

[ACTION] Proposal 1: Trigger and Deploy #84

Closed dipankardas011 closed 5 months ago

dipankardas011 commented 7 months ago

Task Description

Goals to achieve

AntonioDiTuri commented 7 months ago

Could you rename it to [ACTION] Proposal: Trigger and Deploy?

Since this would be the chronological order. Could you also add this to the high level goals?

Under goals to achieve you could already give an high level overview:

Thanks in advance!

dipankardas011 commented 7 months ago

Under goals to achieve you could already give an high level overview:

are we planning for each goal as a workable issue and a PR?

AntonioDiTuri commented 7 months ago

This is just an action issue to draft the proposal. Sorry I have mistyped in slack. Could you also rename the title of the issue to reflect the ACTION issue?

We first need to draft the proposal with the proposal document: https://github.com/cncf-tags/green-reviews-tooling/blob/main/docs/proposals/proposal-000-template.md

You can also add this to the description.

In the proposal we can define the different user stories with an issue each that can reflect the 4 goals :)

rossf7 commented 7 months ago

@AntonioDiTuri thank you for suggesting the goals. I reviewed them too and came up with this list with some minor changes.

Goals

Non-Goals**

@dipankardas011 Could you start creating the proposal and open a draft PR with the goals filled in?

If you think we're missing any goals feel free to add. Let's leave user stories for now. We can add later if needed.

Triggering GitHub Action

For triggering the workflow AIUI we could use a webhook to trigger a workflow_dispatch event. https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch

It allows providing custom inputs and as a minimum I think we need the name of the CNCF project and the version to be deployed. https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#providing-inputs

It would be good to try this out and add the curl command to the proposal.

We could use the existing tofu workflow for testing but its probably safer to add a new workflow that just logs the inputs. WDYT?

Deploying Falco

For deploying Falco with Flux I think we could change the repo structure so the current Falco kustomization is not reconciled by source-controller. Instead we create it in the github action workflow and delete it when the workflow completes.

AntonioDiTuri commented 7 months ago

Hi @rossf7 thanks for refining the goals and non goals.

Few considerations:

  1. It would be nice to have first version of the GH that we can trigger ourself manually.
  2. After that is working we could implement the trigger via web-hook.

Do you think you can already contact the Falco team to discuss how to implement a v.0.1 of the trigger via web-hook on their side?

I am not an expert of Webhook but I asked GPT and it is giving me this as an example:

name: Trigger Green Reviews

on:
  workflow_run:
    workflows: Falco-manual-trigger // to decide what event will trigger the green reviews in a first version
    types:
      - completed

jobs:
  trigger_green_review:
    steps:
      - name: Trigger Green Review GH
        uses: actions/github-script@v4 // not sure if this is relevant
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { owner, repo } = context.repo;
            const workflow_id = 'Name of your workflow in Green Reviews';
            const ref = 'main'; // Or whatever branch you want to trigger
            const response = await octokit.actions.createWorkflowDispatch({
              owner,
              repo,
              workflow_id,
              ref
            });
            console.log(response);

It can be improved a lot but at least it made me think about the token, do you think we need to create one? Do you also think it could be enough to show Falco what we would like to achieve?

rossf7 commented 7 months ago

It would be nice to have first version of the GH that we can trigger ourself manually.

@AntonioDiTuri Agree, that will help with testing.

Do you think you can already contact the Falco team to discuss how to implement a v.0.1 of the trigger via web-hook on their side?

I'd prefer we research a bit more first to present a working solution. I think we will need a token but I haven't had time to investigate that yet.

We could use the github-script action to trigger. I've also seen examples with curl. If we use an action the version will need to be updated from time to time. I'd go with whichever option involves the least maintenance.

AntonioDiTuri commented 7 months ago

Yes sure that was just an example to be taken as "pseudocode". Take a moment to think a better solution but I would say let's not over-engineer it. It is enough to show Falco the high level idea. In this way we will enable to start the discussion on their hand and we can work out the implementation details in the meanwhile.
WDYT?

dipankardas011 commented 7 months ago

@rossf7 should we create a single PR or multiple PR for each sub-goals?

or can you create a main feature branch to which we can create a PR instead of main branch?

dipankardas011 commented 7 months ago

for now I am going with a new branch for each sub-goal

rossf7 commented 7 months ago

should we create a single PR or multiple PR for each sub-goals?

@dipankardas011 sorry for late reply but please create a single PR.

Separate PRs means more work to review and the proposal should be a few pages of markdown at most. We can always split later if needed and we can create separate issues to implement

dipankardas011 commented 7 months ago

Creating cluster nodes on demand

rossf7 commented 7 months ago

@dipankardas011 thanks for creating the draft PR. I left feedback there.

To try things out I created an action that just echoes out the 3 inputs.

curl -X POST \
     -H "Accept: application/vnd.github.v3+json" \
     -H "Authorization: token $GITHUB_PAT" \
     https://api.github.com/repos/rossf7/green-reviews-tooling/actions/workflows/trigger_test.yaml/dispatches \
     -d '{"ref":"main", "inputs": {"cncf_project": "falco", "cncf_project_sub": "modern-ebpf","version":"0.37.0"}}'

I used a fine grained PAT that has

We'll need to create that and provide it to the Falco team.

Feedback welcome and Dipankar if it makes sense you could add the curl and token details to the proposal?

As a next step I'll create a discussion in the Falco repo to get feedback. I should be able to do that later today or tomorrow.

dipankardas011 commented 7 months ago

@dipankardas011 thanks for creating the draft PR. I left feedback there.

To try things out I created an action that just echoes out the 3 inputs.

curl -X POST \
     -H "Accept: application/vnd.github.v3+json" \
     -H "Authorization: token $GITHUB_PAT" \
     https://api.github.com/repos/rossf7/green-reviews-tooling/actions/workflows/trigger_test.yaml/dispatches \
     -d '{"ref":"main", "inputs": {"cncf_project": "falco", "cncf_project_sub": "modern-ebpf","version":"0.37.0"}}'

I used a fine grained PAT that has

  • Read access to code and metadata
  • Read write access to actions

We'll need to create that and provide it to the Falco team.

Feedback welcome and Dipankar if it makes sense you could add the curl and token details to the proposal?

As a next step I'll create a discussion in the Falco repo to get feedback. I should be able to do that later today or tomorrow.

thanks that is interesting

rossf7 commented 6 months ago

Proposal PR is ready for review https://github.com/cncf-tags/green-reviews-tooling/pull/88 and I've started a discussion to get feedback from the Falco team https://github.com/falcosecurity/cncf-green-review-testing/discussions/17