Open Jean-Baptiste-Lasselle opened 4 years ago
when
clause below) and other features using example https://github.com/UKHomeOffice/cop-performance-tests/blob/master/.drone.yml : pipeline:
synch_dev_secrets:
image: quay.io/ukhomeofficedigital/cop-secrets
environment:
- DRONE_SERVER=https://drone.acp.homeoffice.gov.uk
- DEPLOY_ENV=dev
secrets:
- source: DEV_DRONE_AWS_ACCESS_KEY_ID
target: AWS_ACCESS_KEY_ID
- source: DEV_DRONE_AWS_SECRET_ACCESS_KEY
target: AWS_SECRET_ACCESS_KEY
- source: DRONE_PUBLIC_TOKEN
target: DRONE_TOKEN
when:
environment: secrets
event: deployment
build:
image: quay.io/ukhomeofficedigital/drone-docker
commands:
- docker build -t performance-tests:$${DRONE_COMMIT_SHA} .
when:
event: push
vulnerability-scan:
image: quay.io/ukhomeofficedigital/anchore-submission:latest
dockerfile: Dockerfile
image_name: performance-tests:${DRONE_COMMIT_SHA}
local_image: true
tolerate: low
fail_on_detection: false
when:
branch: master
event: push
image_to_quay:
image: quay.io/ukhomeofficedigital/drone-docker
secrets:
- source: QUAY_USERNAME
target: DOCKER_USERNAME
- source: QUAY_PASSWORD
target: DOCKER_PASSWORD
registry: quay.io
repo: quay.io/ukhomeofficedigital/cop-performance-tests
tags: ${DRONE_COMMIT_SHA}
when:
branch: master
event: push
deploy_to_dev:
image: quay.io/ukhomeofficedigital/kd
secrets:
- source: DEV_API_REF_URL
target: REFDATA_URL
- source: DEV_KEYCLOAK_URL
target: KEYCLOAK_URL
- source: DEV_KEYCLOAK_REALM
target: KEYCLOAK_REALM
- source: DEV_KUBE_NAMESPACE_PRIVATE_COP
target: KUBE_NAMESPACE
- source: DEV_KUBE_SERVER
target: KUBE_SERVER
- source: DEV_KUBE_TOKEN
target: KUBE_TOKEN
- source: DEV_PERF_TEST_AUTH_CLIENT_ID
target: AUTH_CLIENT_ID
- source: DEV_PERF_TEST_AUTH_CLIENT_SECRET
target: AUTH_CLIENT_SECRET
- source: DEV_PERF_TEST_NAME
target: NAME
- source: DEV_PERF_TEST_POSTGREST_NAME
target: POSTGREST_NAME
- source: DEV_PERF_TEST_REFDATA_USERNAME
target: REFDATA_USERNAME
- source: DEV_PERF_TEST_REFDATA_PASSWORD
target: REFDATA_PASSWORD
- source: DEV_TESTS_REPORT_BASE_URL
target: REPORT_BASE_URL
- source: DEV_TESTS_SLACK_WEBHOOK
target: SLACK_WEB_HOOK
- source: DEV_TESTS_S3_KMS_KEY_ID
target: S3_KMS_KEY_ID
- source: DEV_TESTS_S3_ACCESS_KEY
target: S3_ACCESS_KEY
- source: DEV_TESTS_S3_BUCKET_NAME
target: S3_BUCKET_NAME
- source: DEV_TESTS_S3_SECRET_KEY
target: S3_SECRET_KEY
- source: DEV_WWW_REF_URL
target: REFDATA_BASE_URL
commands:
- export IMAGE_TAG=${DRONE_COMMIT_SHA}
- kd --insecure-skip-tls-verify -f kube/ref-data-small-dataset.yml
- kd --insecure-skip-tls-verify -f kube/ref-data-large-dataset.yml
when:
branch: master
event: [ push, deployment ]
notify:
image: plugins/slack
secrets: [ SLACK_WEBHOOK ]
channel: cop-deployments
username: Drone Build Watcher
template: >
{{#build.deployTo}}
*{{repo.name}} - Build {{build.number}} - {{uppercasefirst build.deployTo}} - {{uppercase build.status}}*
{{build.link}}
{{else}}
*{{repo.name}} - Build {{build.number}} - Development - {{uppercase build.status}}*
{{build.link}}
{{/build.deployTo}}
when:
branch: master
event: [ push, deployment ]
status: [ success, failure ]
add automated test fro the CORS configuration of an API :
ok, so :
terraform validate
, and terragrunt plan
. Will eventually add a link to the full test report, inside the pull/merge request commentsatlantis plan
, so terragrunt plan
Atlantis has very interesting features for workflows, like the [mergeable] condition on a pull/merge requests.
Terragrunt helps coding with modularity in terraform code : important to have test friendly code (code that can easily be tested).
This task is to :
Pipeline Specs
${GIT_COMMIT_ID}
, the.drone.yml
pipeline is executed.drone.yml
step - build the recipe (if needed) :.drone.yml
step.drone.yml
step - will run some unit testing frameworks for :.drone.yml
step - reset desired initial state for the deployment target :grafana
,grafana loki
,prometheus
, andcAdvisor
, to have a monitoring of the deployment target and the app inside during pipeline operations.helm install
all required components for the deployment ofGravitee
:Traefik
,Metlalb
,External DNS
PowerDNS
. Also will execute helm install to deploygrafana
,grafana loki
,prometheus
, andcAdvisor
, to have a monitoring of the deployment target and the app inside during pipeline operations.atlantis plan
andatlantis apply
.docker system prune -f --all && docker system prune -f --volumes
.k3s
cluster usingk3d
, andhelm install
all required components for the deployment of the software component (here a not just a software component, but all components of a software, namelyGravitee
) :Traefik
,Metlalb
,External DNS
PowerDNS
,Mongo Replcaset
forGravitee
. Also respawn the monitoring staclgrafana
,grafana loki
,prometheus
, andcAdvisor
..drone.yml
step - run infrastructure tests.drone.yml
step - deploy gravitee : ansible playbook for docker-compose based, helm for a kubernetes based deployment. ansible playbook can be automated using Ansible AWX (Tower),and running the helm chart can be automated using fulxcd.drone.yml
step - run gravitee stack tests :,
service,
replicasetand
deployment(100% scallable), will have just one
GET /sputnik` endpoint, which will simply return a JSON :Note there is one important part missing here : all test generate tests results, which should be collected, to generate a global tests results reporting dashboard.
The drone gravitee effect
I will deploy a private drone in my private kuberentes cluster at home :
Switch deployment targets
Well to do that, very simple : new deployement target, means new pippeline (no multyi target piplines, orchestrate pipelines instead)
So for example, I can quickly span a new pipeline that operates the deployment target :