Merge pull request #94 from datalab-mi/enh/kube

Add Kubernetes deployment for preprod

.github/workflows/change-values-kube.yml

@@ -0,0 +1,115 @@
+on:
+  workflow_call:
+    inputs:
+      secret_name:
+        required: false
+        type: string
+        description: "Secret name in kubernetes cluster"
+        default: "basegun-secret"
+      namespace:
+        required: true
+        type: string
+        description: "Namespace name in kubernetes cluster"
+        default: "basegun"
+      domain:
+        required: true
+        type: string
+        description: "Nom de domaine utilisé par l'application"
+        default: "basegun.fr"
+      branch:
+        required: true
+        type: string
+        description: "Branche de déploiement"
+    secrets:
+      KUBECONFIG:
+        description: 'Service account secret (run kubectl get serviceaccounts <service-account-name> -o yaml and copy the service-account-secret-name)'
+        required: true
+      X_OVH_TOKEN:
+        required: true
+      API_OVH_TOKEN:
+        required: true
+      OS_PASSWORD:
+        required: true
+      OS_PROJECT_NAME:
+        required: true
+      OS_USERNAME:
+        required: true
+      JOB_GITHUB_TOKEN:
+        required: true
+
+jobs:
+  deployment:
+    name: Update deployment
+    runs-on: ubuntu-20.04
+    steps:
+    - name: Checkout branch
+      uses: actions/checkout@v2
+      with:
+        ref: ${{ inputs.branch }}
+
+    - uses: azure/k8s-set-context@v3
+      with:
+        method: kubeconfig
+        kubeconfig: ${{ secrets.KUBECONFIG }}
+
+    - name: Create secret for Kubernetes
+      uses: azure/k8s-create-secret@v4
+      with:
+        namespace: ${{ inputs.namespace }}
+        secret-type: 'generic'
+        secret-name: ${{ inputs.secret_name }}
+        string-data: |
+          {
+          "OS_PASSWORD": "${{ secrets.OS_PASSWORD }}",
+          "OS_PROJECT_NAME": "${{ secrets.OS_PROJECT_NAME }}",
+          "OS_USERNAME": "${{ secrets.OS_USERNAME }}",
+          "X_OVH_TOKEN": "${{ secrets.X_OVH_TOKEN }}",
+          "API_OVH_TOKEN": "${{ secrets.API_OVH_TOKEN }}"
+          }
+
+    - name: Install yq
+      run: |
+        sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && sudo chmod +x /usr/bin/yq
+
+    - name: Update Infra Version
+      run: |
+        export TAG=$(make get-current-tag)
+        yq -i '.backend.image.tag = strenv(TAG)' ./infra/kube/helm/values.yaml
+        yq -i '.frontend.image.tag = strenv(TAG)' ./infra/kube/helm/values.yaml
+
+    - name: Update ingress domaine
+      run: |
+        export DOMAIN="${{ inputs.domain }}"
+        yq -i '.ingress.hosts[0].host = strenv(DOMAIN)' ./infra/kube/helm/values.yaml
+
+    - name: Commit and push changes
+      uses: devops-infra/[email protected]
+      with:
+        github_token: ${{ secrets.JOB_GITHUB_TOKEN }}
+        commit_prefix: "[skip ci]"
+        commit_message: "Version updated"
+
+# To generate a kubeconfig, fill this file with informations available in theses commands:
+#  - ${token} and ${ca}
+#    kubectl get secret -n <namespace> -o yaml <secret-service-account>
+#  - ${server}
+#    kubectl config view --minify -o 'jsonpath={.clusters[0].cluster.server}'
+
+# apiVersion: v1
+# kind: Config
+# clusters:
+# - name: default-cluster
+#   cluster:
+#     certificate-authority-data: ${ca}
+#     server: ${server}
+# contexts:
+# - name: default-context
+#   context:
+#     cluster: default-cluster
+#     namespace: default
+#     user: default-user
+# current-context: default-context
+# users:
+# - name: default-user
+#   user:
+#     token: ${token}

.github/workflows/pr.yml

@@ -18,26 +18,11 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   build-and-test:
-    runs-on: ubuntu-latest
-    env:
-      BUILD_TARGET: 'test'
-      TAG: '2.0'
-    steps:
-      - uses: actions/checkout@v2
-      - name: Build for tests
-        run: |
-            echo "Building containers"
-            docker compose --profile e2e -f docker-compose-dev.yml config
-            docker compose --profile e2e -f docker-compose-dev.yml build
-            echo "Containers built"
-      - name: Run backend tests
-        run: make test-backend
-        env:
-          OS_USERNAME: ${{ secrets.OS_USERNAME }}
-          OS_PASSWORD: ${{ secrets.OS_PASSWORD }}
-          OS_PROJECT_NAME: ${{ secrets.OS_PROJECT_NAME }}
-      - name: Test frontend is alive
-        run: make test-frontend-alive
-      - name: Run frontend end-to-end tests
-        run: docker compose --profile e2e -f docker-compose-dev.yml up --abort-on-container-exit --exit-code-from cypress
-
+    uses: ./.github/workflows/test-on-kube.yml
+    needs: tag-pr
+    secrets:
+      API_OVH_TOKEN: ${{ secrets.API_OVH_TOKEN }}
+      OS_PASSWORD: ${{ secrets.OS_PASSWORD }}
+      OS_PROJECT_NAME: ${{ secrets.OS_PROJECT_NAME }}
+      OS_USERNAME: ${{ secrets.OS_USERNAME }}
+      X_OVH_TOKEN: ${{ secrets.PREPROD_OVH_TOKEN }}

.github/workflows/preprod.yml

@@ -1,4 +1,8 @@
-on: workflow_dispatch
+on:
+  push:
+    branches:
+      - develop
+  workflow_dispatch:
 name: CI for preprod
 jobs:
   build-push:
@@ -42,22 +46,20 @@ jobs:
         prune-untagged: true
 
   deploy-preprod:
-    uses: ./.github/workflows/deploy.yml
+    uses: ./.github/workflows/change-values-kube.yml
     needs: build-push
     with:
-      image_version: "develop"
       branch: ${{ github.ref_name }}
-      volume_size: 10
-      flavor: "s1-2"
-      workspace: "preprod"
+      namespace: basegun-preprod
+      domain: preprod.basegun.fr
     secrets:
       API_OVH_TOKEN: ${{ secrets.API_OVH_TOKEN }}
-      SERVER_IP: ${{ secrets.PREPROD_SERVER_IP }}
       OS_PASSWORD: ${{ secrets.OS_PASSWORD }}
-      OS_PROJECT_ID: ${{ secrets.OS_PROJECT_ID }}
       OS_PROJECT_NAME: ${{ secrets.OS_PROJECT_NAME }}
       OS_USERNAME: ${{ secrets.OS_USERNAME }}
       X_OVH_TOKEN: ${{ secrets.PREPROD_OVH_TOKEN }}
+      JOB_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      KUBECONFIG: ${{ secrets.PREPROD_K8_CONFIG }}
 
   test:
     runs-on: ubuntu-latest

.github/workflows/test-on-kube.yml

@@ -0,0 +1,108 @@
+name: Test on kubernetes
+
+on:
+  workflow_call:
+    secrets:
+      API_OVH_TOKEN:
+        required: true
+      OS_PASSWORD:
+        required: true
+      OS_PROJECT_NAME:
+        required: true
+      OS_USERNAME:
+        required: true
+      X_OVH_TOKEN:
+        required: true
+
+
+jobs:
+  test-app-k8s:
+    runs-on: ubuntu-latest
+    env:
+      LOCAL_DOMAIN: basegun.kubernetes.local
+    steps:
+      - name: Checkout to code
+        uses: actions/checkout@v3
+
+      - name: Create k8s Kind Cluster
+        uses: helm/[email protected]
+        with:
+          cluster_name: basegun-testing
+          config: ./infra/kube/kind/kind-config.yml
+          wait: 60s
+          verbosity: 2
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.11.2
+
+      - name: Set up ingress controller 
+        run: |
+          helm repo add traefik https://traefik.github.io/charts && helm repo update
+          helm install --namespace ingress-traefik --create-namespace traefik traefik/traefik --values ./infra/kube/kind/traefik-values.yml 
+
+      - name: Add hosts to /etc/hosts
+        run: |
+          sudo echo "127.0.0.1 $LOCAL_DOMAIN" | sudo tee -a /etc/hosts
+      # we are forced to attribute a DNS to kube cluster for it to work properly
+
+      - name: Build and install basegun with helm, and test if deployment is successful
+        id: tests
+        run: |
+          TAG=$(make get-current-tag) BUILD_TARGET=test docker-compose -f docker-compose-prod.yml build backend
+          TAG=$(make get-current-tag) docker-compose -f docker-compose-prod.yml build frontend
+          kind load docker-image \
+            basegun-backend:$(make get-current-tag)-prod \
+            basegun-frontend:$(make get-current-tag)-prod \
+            --name basegun-testing
+          helm upgrade --install basegun ./infra/kube/helm/  \
+            --set ingress.hosts[0].host="$LOCAL_DOMAIN" \
+            --set ingress.hosts[0].paths[0].path="/" \
+            --set ingress.hosts[0].paths[0].pathType="Prefix"  \
+            --set backend.image.repository="basegun-backend" \
+            --set backend.image.tag="$(make get-current-tag)-prod" \
+            --set frontend.image.repository="basegun-frontend" \
+            --set frontend.image.tag="$(make get-current-tag)-prod" \
+            --set backend.secret.create="true" \
+            --set-string backend.secret.values.OS_USERNAME="${{ secrets.OS_USERNAME }}" \
+            --set-string backend.secret.values.OS_PASSWORD="${{ secrets.OS_PASSWORD }}" \
+            --set-string backend.secret.values.OS_PROJECT_NAME="${{ secrets.OS_PROJECT_NAME }}" \
+            --set-string backend.secret.values.X_OVH_TOKEN="${{ secrets.X_OVH_TOKEN }}" \
+            --set-string backend.secret.values.API_OVH_TOKEN="${{ secrets.API_OVH_TOKEN }}"
+          for i in $(kubectl get deploy -o name); do kubectl rollout status $i -w --timeout=130s; done
+
+      - name: Display pod logs on failure
+        if: failure() && steps.tests.outcome == 'failure'
+        run: |
+          kubectl describe pods
+          kubectl logs deploy/basegun-backend --all-containers --ignore-errors
+          kubectl logs deploy/basegun-frontend --all-containers --ignore-errors
+
+      - name: Test unitests on backend
+        run : |
+          kubectl exec deploy/basegun-backend -c basegun-backend -- python -m unittest discover -v
+
+      - name: Setup nodejs (for cypress)
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18
+          check-latest: true
+          cache: "npm"
+          cache-dependency-path: "frontend/package-lock.json"
+
+      - name: Install npm packages (for cypress)
+        run: npm ci
+        working-directory: ./frontend
+
+      - name: Test end to end (cypress)
+        run: FRONTEND_HOST=$LOCAL_DOMAIN FRONTEND_PORT=80 npm run test:e2e-ci
+        working-directory: ./frontend
+
+      - name: Send artifacts
+        uses: actions/upload-artifact@v3
+        if: ${{ failure() }}
+        with:
+          name: cypress-screenshots
+          path: |
+            ./frontend/cypress/screenshots/

.gitlab-ci.yml

@@ -0,0 +1,82 @@
+include:
+  - local: '/templates/docker.yml'
+  - local: '/templates/vault.yml'
+
+default:
+  image: python:3.9-slim-buster
+
+
+variables:
+  http_proxy: $http_proxy
+  https_proxy: $http_proxy
+  no_proxy: $no_proxy
+  HTTP_PROXY: $http_proxy
+  HTTPS_PROXY: $http_proxy
+  NO_PROXY: $no_proxy
+  PROJECT_NAME: "basegun"
+  PROJECT_REPOSITORY: "basegun"
+  PROJECT_ORGANISATION: "ministere-interieur"
+  BUILD_CONFIG_FILE: $BUILD_CONFIG
+  REGISTRY_URL: "${QUAY_ROOT_URL}/${PROJECT_ORGANISATION}-${PROJECT_NAME}"
+  TAG: "1.5"
+  #TAG: "${CI_COMMIT_REF_SLUG}"
+  DOCKERFILE: 'Dockerfile'
+
+# GIT_CURL_VERBOSE: "1"
+# GIT_DEBUG_LOOKUP: "1"
+# GIT_TRANSLOOP_DEBUG: "1"
+# GIT_TRANSPORT_HELPER_DEBUG: "1"
+
+stages:
+  - read-secret
+  - test-app
+  - build-docker
+
+read_secret:
+  stage: read-secret
+  extends:
+    - .vault:read_secret
+
+test:
+  image: python:3.9-slim-buster
+  stage: test-app
+  variables:
+    OS_USERNAME: data
+    OS_PASSWORD: data
+    OS_PROJECT_NAME: data
+  script:
+    - pip install --upgrade pip && pip install --no-cache-dir -f https://download.pytorch.org/whl/cpu/torch_stable.html -r backend/requirements.txt
+    - python -m unittest discover -v -s ./backend
+  allow_failure: true
+
+build_docker_front:
+  variables:
+    WORKING_DIR: 'frontend'
+    IMAGE_NAME: 'frontend'
+    DOCKERFILE: 'Dockerfile-dso'
+  stage: build-docker
+  extends:
+    - .kaniko:build
+
+build_docker_back:
+  variables:
+    WORKING_DIR: 'backend'
+    IMAGE_NAME: 'backend'
+    DOCKERFILE: 'Dockerfile-dso'
+  stage: build-docker
+  extends:
+    - .kaniko:build
+
+build_docker_logs:
+  variables:
+    WORKING_DIR: 'logs'
+    IMAGE_NAME: 'logs'
+    DOCKERFILE: 'Dockerfile-dso'
+    NO_PROXY: "*,gitlab-op.apps.ocp4-8.infocepo.com,dindservice,quay.apps.ocp4-8.infocepo.com"
+    no_proxy: "*,gitlab-op.apps.ocp4-8.infocepo.com,dindservice,quay.apps.ocp4-8.infocepo.com"
+  stage: build-docker
+  extends:
+    - .docker:build
+  tags:
+    - docker
+    - vms