pegasus-io / this-is-gravitee

Gravitee On earth
0 stars 0 forks source link

Evolution for the CI / CD Workflows #13

Open Jean-Baptiste-Lasselle opened 4 years ago

Jean-Baptiste-Lasselle commented 4 years ago

This task is to :

Pipeline Specs

{
  "message" : "beep-beep-beep",
  "whoami": "<result of whoami command inside container processing the request>",
  "hostname": "<result of hostname command inside container processing the request>",
  "origin": "<value of the Origin HTTP Header in the request>"
}

Note there is one important part missing here : all test generate tests results, which should be collected, to generate a global tests results reporting dashboard.

The drone gravitee effect

I will deploy a private drone in my private kuberentes cluster at home :

Switch deployment targets

Well to do that, very simple : new deployement target, means new pippeline (no multyi target piplines, orchestrate pipelines instead)

So for example, I can quickly span a new pipeline that operates the deployment target :

Jean-Baptiste-Lasselle commented 4 years ago
pipeline:
  synch_dev_secrets:
    image: quay.io/ukhomeofficedigital/cop-secrets
    environment:
      - DRONE_SERVER=https://drone.acp.homeoffice.gov.uk
      - DEPLOY_ENV=dev
    secrets:
      - source: DEV_DRONE_AWS_ACCESS_KEY_ID
        target: AWS_ACCESS_KEY_ID
      - source: DEV_DRONE_AWS_SECRET_ACCESS_KEY
        target: AWS_SECRET_ACCESS_KEY
      - source: DRONE_PUBLIC_TOKEN
        target: DRONE_TOKEN
    when:
      environment: secrets
      event: deployment

  build:
    image: quay.io/ukhomeofficedigital/drone-docker
    commands:
      - docker build -t performance-tests:$${DRONE_COMMIT_SHA} .
    when:
      event: push

  vulnerability-scan:
    image: quay.io/ukhomeofficedigital/anchore-submission:latest
    dockerfile: Dockerfile
    image_name: performance-tests:${DRONE_COMMIT_SHA}
    local_image: true
    tolerate: low
    fail_on_detection: false
    when:
      branch: master
      event: push

  image_to_quay:
    image: quay.io/ukhomeofficedigital/drone-docker
    secrets:
      - source: QUAY_USERNAME
        target: DOCKER_USERNAME
      - source: QUAY_PASSWORD
        target: DOCKER_PASSWORD
    registry: quay.io
    repo: quay.io/ukhomeofficedigital/cop-performance-tests
    tags: ${DRONE_COMMIT_SHA}
    when:
      branch: master
      event: push

  deploy_to_dev:
    image: quay.io/ukhomeofficedigital/kd
    secrets:
      - source: DEV_API_REF_URL
        target: REFDATA_URL
      - source: DEV_KEYCLOAK_URL
        target: KEYCLOAK_URL
      - source: DEV_KEYCLOAK_REALM
        target: KEYCLOAK_REALM
      - source: DEV_KUBE_NAMESPACE_PRIVATE_COP
        target: KUBE_NAMESPACE
      - source: DEV_KUBE_SERVER
        target: KUBE_SERVER
      - source: DEV_KUBE_TOKEN
        target: KUBE_TOKEN
      - source: DEV_PERF_TEST_AUTH_CLIENT_ID
        target: AUTH_CLIENT_ID
      - source: DEV_PERF_TEST_AUTH_CLIENT_SECRET
        target: AUTH_CLIENT_SECRET
      - source: DEV_PERF_TEST_NAME
        target: NAME
      - source: DEV_PERF_TEST_POSTGREST_NAME
        target: POSTGREST_NAME
      - source: DEV_PERF_TEST_REFDATA_USERNAME
        target: REFDATA_USERNAME
      - source: DEV_PERF_TEST_REFDATA_PASSWORD
        target: REFDATA_PASSWORD
      - source: DEV_TESTS_REPORT_BASE_URL
        target: REPORT_BASE_URL
      - source: DEV_TESTS_SLACK_WEBHOOK
        target: SLACK_WEB_HOOK
      - source: DEV_TESTS_S3_KMS_KEY_ID
        target: S3_KMS_KEY_ID
      - source: DEV_TESTS_S3_ACCESS_KEY
        target: S3_ACCESS_KEY
      - source: DEV_TESTS_S3_BUCKET_NAME
        target: S3_BUCKET_NAME
      - source: DEV_TESTS_S3_SECRET_KEY
        target: S3_SECRET_KEY
      - source: DEV_WWW_REF_URL
        target: REFDATA_BASE_URL
    commands:
      - export IMAGE_TAG=${DRONE_COMMIT_SHA}
      - kd --insecure-skip-tls-verify -f kube/ref-data-small-dataset.yml
      - kd --insecure-skip-tls-verify -f kube/ref-data-large-dataset.yml
    when:
      branch: master
      event: [ push, deployment ]

  notify:
    image: plugins/slack
    secrets: [ SLACK_WEBHOOK ]
    channel: cop-deployments
    username: Drone Build Watcher
    template: >
      {{#build.deployTo}}
        *{{repo.name}} - Build {{build.number}} - {{uppercasefirst build.deployTo}} - {{uppercase build.status}}*
        {{build.link}}
      {{else}}
        *{{repo.name}} - Build {{build.number}} - Development - {{uppercase build.status}}*
        {{build.link}}
      {{/build.deployTo}}
    when:
      branch: master
      event: [ push, deployment ]
      status: [ success, failure ]
Jean-Baptiste-Lasselle commented 4 years ago

add automated test fro the CORS configuration of an API :

Jean-Baptiste-Lasselle commented 4 years ago

Alternatives to FluxCD

Jean-Baptiste-Lasselle commented 4 years ago

Terragrunt Terratest and Atlantis

ok, so :

Atlantis has very interesting features for workflows, like the [mergeable] condition on a pull/merge requests.

Terragrunt helps coding with modularity in terraform code : important to have test friendly code (code that can easily be tested).