From da24f2212d5ecf57994001c8413d5d7fb27c52a8 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Thu, 21 Sep 2023 09:47:45 +0200 Subject: [PATCH] fix: Misc ephemeral deployment fixes `build_deploy.sh` runs container-push after container-build (fix for parallel builds with `MAKEFLAGS` env var) `make ephemeral-deploy` creates secrets directory, `bonfire.yaml` from example, and fails if `secrets/private.mk` is missing. `make ephemeral-build-deploy` fails if the `build_deploy.sh` script fails. `ephe-domains-token.sh` uses correct XRHID identity type. Tokens are requested as user, not system. Signed-off-by: Christian Heimes --- .rhcicd/build_deploy.sh | 9 +++++++-- scripts/mk/ephemeral.mk | 17 ++++++++++++++--- test/scripts/ephe-domains-token.sh | 2 +- 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/.rhcicd/build_deploy.sh b/.rhcicd/build_deploy.sh index de5d2eb2..3a059c08 100755 --- a/.rhcicd/build_deploy.sh +++ b/.rhcicd/build_deploy.sh @@ -31,12 +31,17 @@ make registry-login \ CONTAINER_REGISTRY_TOKEN="${RH_REGISTRY_TOKEN}" \ CONTAINER_REGISTRY="registry.redhat.io" -# Build and push -make container-build container-push \ +# Build container +make container-build \ CONTAINER_BUILD_OPTS=--no-cache \ CONTAINER_IMAGE_BASE="${IMAGE}" \ CONTAINER_IMAGE_TAG="${IMAGE_TAG}" +# Push container to registry +make container-push \ + CONTAINER_IMAGE_BASE="${IMAGE}" \ + CONTAINER_IMAGE_TAG="${IMAGE_TAG}" + # Push to logged in registries and tag for SHA "${CONTAINER_ENGINE}" tag "${IMAGE}:${IMAGE_TAG}" "${IMAGE}:${SMOKE_TEST_TAG}" "${CONTAINER_ENGINE}" push "${IMAGE}:${SMOKE_TEST_TAG}" diff --git a/scripts/mk/ephemeral.mk b/scripts/mk/ephemeral.mk index 0cd76b8c..89ad6e7c 100644 --- a/scripts/mk/ephemeral.mk +++ b/scripts/mk/ephemeral.mk @@ -58,7 +58,16 @@ ifneq (,$(APP_TOKEN_EXPIRATION_SECONDS)) EPHEMERAL_OPTS += --set-parameter "$(APP_COMPONENT)/APP_TOKEN_EXPIRATION_SECONDS=$(APP_TOKEN_EXPIRATION_SECONDS)" endif -EPHEMERAL_BONFIRE_PATH ?= configs/bonfire.yaml +EPHEMERAL_BONFIRE_PATH ?= $(PROJECT_DIR)/configs/bonfire.yaml +EPHEMERAL_SECRETS_DIR ?= $(PROJECT_DIR)/secrets/ephemeral + +EPHEMERAL_DEPS = $(BONFIRE) $(EPHEMERAL_BONFIRE_PATH) $(EPHEMERAL_SECRETS_DIR) secrets/private.mk + +$(EPHEMERAL_BONFIRE_PATH): + cp configs/bonfire.example.yaml $@ + +$(EPHEMERAL_SECRETS_DIR): + mkdir -p $@ # TODO Uncomment when the frontend is created # EPHEMERAL_OPTS += --frontend true @@ -95,7 +104,7 @@ $(GO_OUTPUT/get-token.py): # NOTE Changes to config/bonfire.yaml could impact to this rule .PHONY: ephemeral-deploy -ephemeral-deploy: $(BONFIRE) ## Deploy application using 'config/bonfire.yaml'. Set EPHEMERAL_NO_BUILD=1 to skip image build and push. +ephemeral-deploy: $(EPHEMERAL_DEPS) ## Deploy application using 'config/bonfire.yaml'. Set EPHEMERAL_NO_BUILD=y to skip image build and push. [ "$(EPHEMERAL_NO_BUILD)" == "y" ] || $(MAKE) ephemeral-build-deploy $(BONFIRE) deploy \ --source appsre \ @@ -169,7 +178,9 @@ ephemeral-namespace-describe: $(BONFIRE) ## Display information about the curren # Tested by 'make ephemeral-build-deploy CONTAINER_IMAGE_BASE=quay.io/avisied0/hmsidm-backend' .PHONY: ephemeral-build-deploy ephemeral-build-deploy: ## Build and deploy image using 'build_deploy.sh' scripts; It requires to pass CONTAINER_IMAGE_BASE - IMAGE="$(CONTAINER_IMAGE_BASE)" IMAGE_TAG="$(CONTAINER_IMAGE_TAG)" ./.rhcicd/build_deploy.sh 2>&1 | tee build_deploy.log + IMAGE="$(CONTAINER_IMAGE_BASE)" IMAGE_TAG="$(CONTAINER_IMAGE_TAG)" \ + set -o pipefail; \ + ./.rhcicd/build_deploy.sh 2>&1 | tee build_deploy.log # FIXME This rule will require some updates but it will be something similar diff --git a/test/scripts/ephe-domains-token.sh b/test/scripts/ephe-domains-token.sh index e04aeb31..14a6a5be 100755 --- a/test/scripts/ephe-domains-token.sh +++ b/test/scripts/ephe-domains-token.sh @@ -6,6 +6,6 @@ CREDS="${CREDS}:$( oc get secrets/env-${NAMESPACE}-keycloak -o jsonpath='{.data. export CREDS unset X_RH_IDENTITY -export X_RH_FAKE_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 system -cn "6f324116-b3d2-11ed-8a37-482ae3863d30" -cert-type system | base64 -w0 )" +export X_RH_FAKE_IDENTITY="$( ./tools/bin/xrhidgen -org-id 12345 user -is-active=true -is-org-admin=true -user-id test -username test | base64 -w0 )" BASE_URL="https://$( oc get routes -l app=idmsvc-backend -o jsonpath='{.items[0].spec.host}' )/api/idmsvc/v1" ./scripts/curl.sh -i -X POST -d '{"domain_type": "rhel-idm"}' "${BASE_URL}/domains/token"