From dd9acbc9142154cf200c3c9e957576e68a4f510a Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Thu, 11 Jan 2024 18:12:05 +0100 Subject: [PATCH 1/5] create-coco-aks: remove unused flags Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- packages/create-coco-aks.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/packages/create-coco-aks.sh b/packages/create-coco-aks.sh index 5266a7b9a..7f0a05a83 100755 --- a/packages/create-coco-aks.sh +++ b/packages/create-coco-aks.sh @@ -41,8 +41,6 @@ az aks create \ --os-sku AzureLinux \ --node-vm-size Standard_DC4as_cc_v5 \ --node-count 1 \ - --enable-oidc-issuer \ - --enable-workload-identity \ --generate-ssh-keys az aks nodepool add \ From d8c51675b5a5c4d4fda85957675f88f018fba67d Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Fri, 12 Jan 2024 15:09:49 +0100 Subject: [PATCH 2/5] flake: add golangci-lint for vscode Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- flake.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 9021c0775..248bbb913 100644 --- a/flake.nix +++ b/flake.nix @@ -31,7 +31,10 @@ packages = import ./packages { inherit pkgs version; }; devShells.default = pkgs.mkShell { - packages = with pkgs; [ just ]; + packages = with pkgs; [ + golangci-lint + just + ]; shellHook = ''alias make=just''; }; From 9014099e9a674e8acca9825805bfe014e77a6713 Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Fri, 12 Jan 2024 15:09:59 +0100 Subject: [PATCH 3/5] vscode: add setttings Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- .vscode/settings.json | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 000000000..1dd5f0d90 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,15 @@ +{ + "files.trimTrailingWhitespace": true, + "files.trimFinalNewlines": true, + "files.insertFinalNewline": true, + "gopls": { + "formatting.gofumpt": true, + }, + "go.lintTool": "golangci-lint", + "go.lintFlags": [ + "--fast", + ], + "go.testFlags": [ + "-race" + ], +} From 54435b5d0671e062772ae94d7bb5dab434f9333b Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Fri, 12 Jan 2024 15:10:53 +0100 Subject: [PATCH 4/5] destroy-coco-aks: don't delete resource group Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- justfile | 2 +- packages/default.nix | 2 +- packages/destroy-coco-aks.sh | 33 +++++++++++++++++++++++++++++++++ 3 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 packages/destroy-coco-aks.sh diff --git a/justfile b/justfile index b3ce7a8f2..5c2418cf4 100644 --- a/justfile +++ b/justfile @@ -84,7 +84,7 @@ get-credentials: # Destroy a running AKS cluster. destroy: - nix run .#destroy-coco-aks -- "$azure_resource_group" + nix run .#destroy-coco-aks -- --name="$azure_resource_group" # Run code generators. codegen: diff --git a/packages/default.nix b/packages/default.nix index 8b4d602aa..4d0866395 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -112,7 +112,7 @@ rec { destroy-coco-aks = writeShellApplication { name = "destroy-coco-aks"; runtimeInputs = [ azure-cli-with-extensions ]; - text = ''az group delete --name "$1"''; + text = builtins.readFile ./destroy-coco-aks.sh; }; generate = writeShellApplication { diff --git a/packages/destroy-coco-aks.sh b/packages/destroy-coco-aks.sh new file mode 100644 index 000000000..7c7786b66 --- /dev/null +++ b/packages/destroy-coco-aks.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash + +set -euo pipefail +set -x + +for i in "$@"; do + case $i in + --name=*) + name="${i#*=}" + shift + ;; + *) + echo "Unknown option $i" + exit 1 + ;; + esac +done + +exitcode=0 + +az aks nodepool delete \ + --resource-group "${name}" \ + --name nodepool2 \ + --cluster-name "${name}" || + exitcode=$? + +az aks delete \ + --resource-group "${name}" \ + --name "${name}" \ + --yes || + exitcode=$? + +exit "${exitcode}" From 63fb179b326e85c18e93350adc7ae5b931fd29a4 Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Fri, 12 Jan 2024 16:24:37 +0100 Subject: [PATCH 5/5] ci: add cluster recreate action Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- .github/workflows/cluster_recreate.yml | 28 ++++++++++++++++++++++++++ packages/create-coco-aks.sh | 5 ++++- 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/cluster_recreate.yml diff --git a/.github/workflows/cluster_recreate.yml b/.github/workflows/cluster_recreate.yml new file mode 100644 index 000000000..250d8874c --- /dev/null +++ b/.github/workflows/cluster_recreate.yml @@ -0,0 +1,28 @@ +name: recreate ci cluster + +on: + workflow_dispatch: + +env: + azure_resource_group: nunki-ci + +jobs: + recreate: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 + with: + github_access_token: ${{ secrets.GITHUB_TOKEN }} + - uses: DeterminateSystems/magic-nix-cache-action@8a218f9e264e9c3803c9a1ee1c30d8e4ab55be63 #v2 + - name: Login to Azure + uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 + with: + creds: ${{ secrets.NUNKI_CI_INFRA_AZURE }} + - name: Cleanup .azure dir + run: rm $HOME/.azure/{commandIndex.json,versionCheck.json} + - name: Destroy existing CI cluster + continue-on-error: true + run: nix run .#destroy-coco-aks -- --name="$azure_resource_group" + - name: Create CI cluster + run: nix run .#create-coco-aks -- --name="$azure_resource_group" diff --git a/packages/create-coco-aks.sh b/packages/create-coco-aks.sh index 7f0a05a83..b56258d65 100755 --- a/packages/create-coco-aks.sh +++ b/packages/create-coco-aks.sh @@ -30,9 +30,12 @@ for i in "$@"; do esac done +# Will always fail in CI due to lack of permissions. +# In GH actions, CI=true is part of the environment. az group create \ --name "${name}" \ - --location "${location:-westeurope}" + --location "${location:-westeurope}" || + $CI az aks create \ --resource-group "${name}" \