From 203fc980ab569ce3aa77c5957ef73c263b8ffdfd Mon Sep 17 00:00:00 2001 From: josh Date: Mon, 19 Dec 2022 15:00:07 -0800 Subject: [PATCH] cd: add gocd deployment pipeline (#108) --- .github/workflows/lint-pipelines.sh | 10 +++ .github/workflows/lint-pipelines.yml | 36 ++++++++ gocd/pipelines/atlas.yaml | 120 +++++++++++++++++++++++++++ 3 files changed, 166 insertions(+) create mode 100755 .github/workflows/lint-pipelines.sh create mode 100644 .github/workflows/lint-pipelines.yml create mode 100644 gocd/pipelines/atlas.yaml diff --git a/.github/workflows/lint-pipelines.sh b/.github/workflows/lint-pipelines.sh new file mode 100755 index 0000000..11ef1ce --- /dev/null +++ b/.github/workflows/lint-pipelines.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +# gocd-cli does not catch all errors, but does catch some simple issues. +# A better solution may be: https://github.com/GaneshSPatil/gocd-mergeable + +echo "GoCD YAML Linting" + +find "gocd" -name "*.yaml" -type f \ + -exec printf "\nšŸ”Ž Linting {}\n\t" \; \ + -exec ./gocd-cli configrepo syntax --yaml --raw "{}" \; diff --git a/.github/workflows/lint-pipelines.yml b/.github/workflows/lint-pipelines.yml new file mode 100644 index 0000000..6a22a6c --- /dev/null +++ b/.github/workflows/lint-pipelines.yml @@ -0,0 +1,36 @@ +name: Lint Deployment Pipelines + +on: + pull_request: + push: + branches: [main, test-me-*] + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: cache bin + id: cache-bin + uses: actions/cache@v3 + with: + path: ${HOME}/.local/bin + # Bump this key if you're changing gocd-cli versions. + key: ${{ runner.os }}-bin + + - name: Install gocd-cli + run: | + # this is on github runner's PATH but it isn't created, lol + mkdir -p "${HOME}/.local/bin" + bin="${HOME}/.local/bin/gocd-cli" + curl -L -o "$bin" 'https://sentry-dev-infra-assets.storage.googleapis.com/gocd-085ab00-linux-amd64' + echo "11d517c0c0058d1204294d01bfac987c0eaf9e37ba533ad54107b0949403321e ${bin}" | sha256sum -c - + chmod +x "$bin" + + - name: Lint Pipelines with gocd-cli + run: ./.github/workflows/lint-pipelines.sh diff --git a/gocd/pipelines/atlas.yaml b/gocd/pipelines/atlas.yaml new file mode 100644 index 0000000..af0f3ba --- /dev/null +++ b/gocd/pipelines/atlas.yaml @@ -0,0 +1,120 @@ +# More information on gocd-flavor YAML can be found here: +# - https://github.com/tomzo/gocd-yaml-config-plugin#pipeline +# - https://www.notion.so/sentry/GoCD-New-Service-Quickstart-6d8db7a6964049b3b0e78b8a4b52e25d +format_version: 10 +pipelines: + atlas: + environment_variables: + GCP_PROJECT: internal-sentry + GKE_CLUSTER: zdpwkxst + GKE_REGION: us-central1 + GKE_CLUSTER_ZONE: b + GKE_BASTION_ZONE: b + group: internal-sentry + lock_behavior: unlockWhenFinished + materials: + atlas_repo: + git: git@github.com:getsentry/atlas.git + shallow_clone: true + branch: master + destination: atlas + stages: + - preliminary-checks: + fetch_materials: true + jobs: + preliminary-checks: + elastic_profile_id: atlas + timeout: 1800 + tasks: + - script: | + /devinfra/scripts/checks/googlecloud/checkcloudbuild.py \ + ${GO_REVISION_ATLAS_REPO} \ + "${GCP_PROJECT}" \ + "us.gcr.io/internal-sentry/atlas-backend" + - script: | + /devinfra/scripts/checks/googlecloud/checkcloudbuild.py \ + ${GO_REVISION_ATLAS_REPO} \ + "${GCP_PROJECT}" \ + "us.gcr.io/internal-sentry/atlas-frontend" + - atlas-canary: + fetch_materials: true + approval: + type: manual + jobs: + atlas-canary: + elastic_profile_id: atlas + timeout: 1800 # 30 mins + tasks: + - script: | + USE_GKE_GCLOUD_AUTH_PLUGIN=True \ + gcloud --project "$GCP_PROJECT" \ + container clusters get-credentials "$GKE_CLUSTER" \ + --zone "${GKE_REGION}-${GKE_CLUSTER_ZONE}" + - script: | + tmpdir=$(mktemp -d) \ + && ssh-keygen -q -t ed25519 -N '' -f "${tmpdir}/google_compute_engine" \ + && gcloud compute ssh "dicd-gkehop-${GKE_CLUSTER}" \ + --ssh-key-file="${tmpdir}/google_compute_engine" \ + --tunnel-through-iap \ + "--project=${GCP_PROJECT}" \ + "--zone=${GKE_REGION}-${GKE_BASTION_ZONE}" \ + -- -4 -L8888:127.0.0.1:8888 -N -q -f + - script: | + /devinfra/scripts/k8s/k8sdeploy.py \ + --context="gke_${GCP_PROJECT}_${GKE_REGION}-${GKE_CLUSTER_ZONE}_${GKE_CLUSTER}" \ + --label-selector="service=atlas,env=canary" \ + --image="us.gcr.io/internal-sentry/atlas-frontend:${GO_REVISION_ATLAS_REPO}" \ + --container-name="frontend" + - script: | + /devinfra/scripts/k8s/k8sdeploy.py \ + --context="gke_${GCP_PROJECT}_${GKE_REGION}-${GKE_CLUSTER_ZONE}_${GKE_CLUSTER}" \ + --label-selector="service=atlas,env=canary" \ + --image="us.gcr.io/internal-sentry/atlas-backend:${GO_REVISION_ATLAS_REPO}" \ + --container-name="backend" + - script: | + /devinfra/scripts/k8s/k8sdeploy.py \ + --context="gke_${GCP_PROJECT}_${GKE_REGION}-${GKE_CLUSTER_ZONE}_${GKE_CLUSTER}" \ + --label-selector="service=atlas,env=canary" \ + --image="us.gcr.io/internal-sentry/atlas-backend:${GO_REVISION_ATLAS_REPO}" \ + --container-name="worker" + - atlas-primary: + fetch_materials: true + approval: + type: manual + jobs: + atlas-primary: + elastic_profile_id: atlas + timeout: 1800 # 30 mins + tasks: + - script: | + USE_GKE_GCLOUD_AUTH_PLUGIN=True \ + gcloud --project "$GCP_PROJECT" \ + container clusters get-credentials "$GKE_CLUSTER" \ + --zone "${GKE_REGION}-${GKE_CLUSTER_ZONE}" + - script: | + tmpdir=$(mktemp -d) \ + && ssh-keygen -q -t ed25519 -N '' -f "${tmpdir}/google_compute_engine" \ + && gcloud compute ssh "dicd-gkehop-${GKE_CLUSTER}" \ + --ssh-key-file="${tmpdir}/google_compute_engine" \ + --tunnel-through-iap \ + "--project=${GCP_PROJECT}" \ + "--zone=${GKE_REGION}-${GKE_BASTION_ZONE}" \ + -- -4 -L8888:127.0.0.1:8888 -N -q -f + - script: | + /devinfra/scripts/k8s/k8sdeploy.py \ + --context="gke_${GCP_PROJECT}_${GKE_REGION}-${GKE_CLUSTER_ZONE}_${GKE_CLUSTER}" \ + --label-selector="service=atlas" \ + --image="us.gcr.io/internal-sentry/atlas-frontend:${GO_REVISION_ATLAS_REPO}" \ + --container-name="frontend" + - script: | + /devinfra/scripts/k8s/k8sdeploy.py \ + --context="gke_${GCP_PROJECT}_${GKE_REGION}-${GKE_CLUSTER_ZONE}_${GKE_CLUSTER}" \ + --label-selector="service=atlas" \ + --image="us.gcr.io/internal-sentry/atlas-backend:${GO_REVISION_ATLAS_REPO}" \ + --container-name="backend" + - script: | + /devinfra/scripts/k8s/k8sdeploy.py \ + --context="gke_${GCP_PROJECT}_${GKE_REGION}-${GKE_CLUSTER_ZONE}_${GKE_CLUSTER}" \ + --label-selector="service=atlas" \ + --image="us.gcr.io/internal-sentry/atlas-backend:${GO_REVISION_ATLAS_REPO}" \ + --container-name="worker"