Skip to content

Commit

Permalink
fix: Misc ephemeral deployment fixes
Browse files Browse the repository at this point in the history
`build_deploy.sh` runs container-push after container-build (fix for
parallel builds with `MAKEFLAGS` env var)

`make ephemeral-deploy` creates secrets directory, `bonfire.yaml` from
example, and fails if `secrets/private.mk` is missing.

`make ephemeral-build-deploy` fails if the `build_deploy.sh` script
fails.

`ephe-domains-token.sh` uses correct XRHID identity type. Tokens are
requested as user, not system.

Signed-off-by: Christian Heimes <[email protected]>
  • Loading branch information
tiran committed Sep 21, 2023
1 parent 5968fd0 commit 69af33c
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 6 deletions.
9 changes: 7 additions & 2 deletions .rhcicd/build_deploy.sh
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,17 @@ make registry-login \
CONTAINER_REGISTRY_TOKEN="${RH_REGISTRY_TOKEN}" \
CONTAINER_REGISTRY="registry.redhat.io"

# Build and push
make container-build container-push \
# Build container
make container-build \
CONTAINER_BUILD_OPTS=--no-cache \
CONTAINER_IMAGE_BASE="${IMAGE}" \
CONTAINER_IMAGE_TAG="${IMAGE_TAG}"

# Push container to registry
make container-push \
CONTAINER_IMAGE_BASE="${IMAGE}" \
CONTAINER_IMAGE_TAG="${IMAGE_TAG}"

# Push to logged in registries and tag for SHA
"${CONTAINER_ENGINE}" tag "${IMAGE}:${IMAGE_TAG}" "${IMAGE}:${SMOKE_TEST_TAG}"
"${CONTAINER_ENGINE}" push "${IMAGE}:${SMOKE_TEST_TAG}"
17 changes: 14 additions & 3 deletions scripts/mk/ephemeral.mk
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,16 @@ ifneq (,$(APP_TOKEN_EXPIRATION_SECONDS))
EPHEMERAL_OPTS += --set-parameter "$(APP_COMPONENT)/APP_TOKEN_EXPIRATION_SECONDS=$(APP_TOKEN_EXPIRATION_SECONDS)"
endif

EPHEMERAL_BONFIRE_PATH ?= configs/bonfire.yaml
EPHEMERAL_BONFIRE_PATH ?= $(PROJECT_DIR)/configs/bonfire.yaml
EPHEMERAL_SECRETS_DIR ?= $(PROJECT_DIR)/secrets/ephemeral

EPHEMERAL_DEPS = $(BONFIRE) $(EPHEMERAL_BONFIRE_PATH) $(EPHEMERAL_SECRETS_DIR) secrets/private.mk

$(EPHEMERAL_BONFIRE_PATH):
cp configs/bonfire.example.yaml $@

$(EPHEMERAL_SECRETS_DIR):
mkdir -p $@

# TODO Uncomment when the frontend is created
# EPHEMERAL_OPTS += --frontend true
Expand Down Expand Up @@ -95,7 +104,7 @@ $(GO_OUTPUT/get-token.py):

# NOTE Changes to config/bonfire.yaml could impact to this rule
.PHONY: ephemeral-deploy
ephemeral-deploy: $(BONFIRE) ## Deploy application using 'config/bonfire.yaml'. Set EPHEMERAL_NO_BUILD=1 to skip image build and push.
ephemeral-deploy: $(EPHEMERAL_DEPS) ## Deploy application using 'config/bonfire.yaml'. Set EPHEMERAL_NO_BUILD=y to skip image build and push.
[ "$(EPHEMERAL_NO_BUILD)" == "y" ] || $(MAKE) ephemeral-build-deploy
$(BONFIRE) deploy \
--source appsre \
Expand Down Expand Up @@ -169,7 +178,9 @@ ephemeral-namespace-describe: $(BONFIRE) ## Display information about the curren
# Tested by 'make ephemeral-build-deploy CONTAINER_IMAGE_BASE=quay.io/avisied0/hmsidm-backend'
.PHONY: ephemeral-build-deploy
ephemeral-build-deploy: ## Build and deploy image using 'build_deploy.sh' scripts; It requires to pass CONTAINER_IMAGE_BASE
IMAGE="$(CONTAINER_IMAGE_BASE)" IMAGE_TAG="$(CONTAINER_IMAGE_TAG)" ./.rhcicd/build_deploy.sh 2>&1 | tee build_deploy.log
IMAGE="$(CONTAINER_IMAGE_BASE)" IMAGE_TAG="$(CONTAINER_IMAGE_TAG)" \
set -o pipefail; \
./.rhcicd/build_deploy.sh 2>&1 | tee build_deploy.log


# FIXME This rule will require some updates but it will be something similar
Expand Down
2 changes: 1 addition & 1 deletion test/scripts/ephe-domains-token.sh
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,6 @@ CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data.
export CREDS

unset X_RH_IDENTITY
export X_RH_FAKE_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )"
export X_RH_FAKE_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )"
BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1"
./scripts/curl.sh -i -X POST -d '{"domain_type": "rhel-idm"}' "${BASE_URL}/domains/token"

0 comments on commit 69af33c

Please sign in to comment.