From faa7b5685c964d6be4e19ecf0f54ed66728c2762 Mon Sep 17 00:00:00 2001 From: Tushar <30565750+tushar5526@users.noreply.github.com> Date: Fri, 19 Jan 2024 00:10:45 +0530 Subject: [PATCH] feat: add GHAs for linting and pre-commit (#15) * feat: add GHAs for linting and pre-commit * fix: run tests on push to main * feat: run linter once on all files * feat: fix flake8 errors --- .flake8 | 4 ++ .github/workflows/lint.yml | 28 +++++++++ .github/workflows/test.yml | 57 ++++++++++--------- .pre-commit-config.yaml | 33 +++++++++++ README.md | 45 +++++++-------- docker-compose.yml | 9 ++- .../grafana/dashboards/dashboard.yml | 6 +- .../grafana/dashboards/docker_logs.json | 2 +- .../grafana/datasources/datasources.yml | 2 +- logging-config/loki/loki-config.yaml | 14 ++--- logging-config/promtail/promtail-config.yaml | 14 ++--- requirements-dev.txt | 3 +- server/utils.py | 13 ++--- tests/conftest.py | 2 +- vault/vault.json | 34 +++++------ 15 files changed, 162 insertions(+), 104 deletions(-) create mode 100644 .flake8 create mode 100644 .github/workflows/lint.yml create mode 100644 .pre-commit-config.yaml diff --git a/.flake8 b/.flake8 new file mode 100644 index 0000000..566dbc1 --- /dev/null +++ b/.flake8 @@ -0,0 +1,4 @@ +[flake8] +max-line-length = 150 +max-complexity = 10 +exclude = .git,.venv,.direnv,__pycache__,*/migrations/* \ No newline at end of file diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..acb5f60 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,28 @@ +name: Pre-commit + +on: + push: + branches: + - main + pull_request: + +jobs: + pre-commit: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: 3.8 + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install pre-commit + + - name: Run pre-commit hooks + run: pre-commit run --all-files diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d64e884..04b1049 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,38 +1,39 @@ name: Run pytest on PR on: - pull_request: push: + branches: + - main + pull_request: jobs: test: runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.11 # Choose your Python version - - - name: Cache Python dependencies - uses: actions/cache@v2 - with: - path: ~/.cache/pip - key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt') }} - restore-keys: | - ${{ runner.os }}-pip- - - - - name: Install main dependencies - run: | - python -m pip install --upgrade pip - pip install -r requirements.txt - - - name: Install development dependencies - run: pip install -r requirements-dev.txt - - - name: Run pytest - run: python -m pytest -vvv + - name: Checkout code + uses: actions/checkout@v2 + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: 3.11 # Choose your Python version + + - name: Cache Python dependencies + uses: actions/cache@v2 + with: + path: ~/.cache/pip + key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt') }} + restore-keys: | + ${{ runner.os }}-pip- + + - name: Install main dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + + - name: Install development dependencies + run: pip install -r requirements-dev.txt + + - name: Run pytest + run: python -m pytest -vvv diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..df79866 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,33 @@ +repos: + - repo: https://github.com/PyCQA/isort + rev: 5.12.0 + hooks: + - id: isort + name: isort (python) + + - repo: https://github.com/psf/black + rev: 23.7.0 + hooks: + - id: black + language_version: python3 + exclude: migrations + + - repo: https://github.com/pycqa/flake8 + rev: 6.0.0 + hooks: + - id: flake8 + name: flake8 + args: [--config, .flake8] + + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 + hooks: + - id: check-yaml + - id: check-json + - id: check-toml + + - repo: https://github.com/pre-commit/mirrors-prettier + rev: v3.0.0 + hooks: + - id: prettier + exclude: ^(frontend/|CHANGELOG.md) diff --git a/README.md b/README.md index 6f419b3..251e99e 100644 --- a/README.md +++ b/README.md @@ -1,24 +1,20 @@ - # Sarthi -[![Open Source Love svg1](https://badges.frapsoft.com/os/v1/open-source.svg?v=103)](https://github.com/ellerbrock/open-source-badges/) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com) ![contributions welcome](https://img.shields.io/static/v1.svg?label=Contributions&message=Welcome&color=0059b3&style=flat-square) ![GitHub contributors](https://img.shields.io/github/contributors-anon/tushar5526/sarthi) +[![Open Source Love svg1](https://badges.frapsoft.com/os/v1/open-source.svg?v=103)](https://github.com/ellerbrock/open-source-badges/) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com) ![contributions welcome](https://img.shields.io/static/v1.svg?label=Contributions&message=Welcome&color=0059b3&style=flat-square) ![GitHub contributors](https://img.shields.io/github/contributors-anon/tushar5526/sarthi) -Self-host Ephemeral (Preview) Environments with ease and forget about server management. +Self-host Ephemeral (Preview) Environments with ease and forget about server management. Sarthi uses other open-source projects to export logs, enable monitoring, manage secrets and create preview environments. It is meant to be used along with [sarthi-deploy](https://github.com/tushar5526/sarthi-deploy) GitHub Action for setting up preview environments in your project. Every time there is a new branch or a PR created, Sarthi GHA will create a preview environment for that. It also takes care of cleaning up preview environments when respective branches or PRs are merged. -Pre-requisites 🛠️ -------------------- +## Pre-requisites 🛠️ 1. Dockerized projects with a `docker-compose`. - - It is **MANDATORY** to have a `docker-compose` file at the root of the project's folder. -2. A public Linux machine (preferred Ubuntu 20+ LTS versions) and user with root access. -3. A wildcard subdomain pointing to the above machine (*.sarthi.your-domain.io) + - It is **MANDATORY** to have a `docker-compose` file at the root of the project's folder. +2. A public Linux machine (preferred Ubuntu 20+ LTS versions) and user with root access. +3. A wildcard subdomain pointing to the above machine (\*.sarthi.your-domain.io) - -General Flow ------------- +## General Flow 1. Create a public machine (preferred 4GB RAM, Ubuntu 20+ LTS versions) and map a [wildcard domain](https://docs.digitalocean.com/glossary/wildcard-record/) to it. 2. Set up the project using the [setup-sarthi.sh](https://github.com/tushar5526/sarthi/blob/main/setup-sarthi.sh) script present in the root folder. @@ -33,17 +29,16 @@ General Flow
Sarthi-Deploy GHA will not clutter your PR with comments - it will keep updating its earlier comment
+## Setup Instructions ⚙️ +1. SSH into your server and clone the project. -Setup Instructions ⚙️ ------------------------- - -1. SSH into your server and clone the project. ```commandline git clone https://github.com/tushar5526/sarthi.git ``` 2. Run the setup script. + ```commandline chmod +x setup-sarthi.sh chmod +x setup-vault.sh @@ -53,34 +48,32 @@ sudo ./setup-sarthi.sh 3. Follow the prompts and specify the values, you will be requested to specify the wild card domain name created earlier. (using localhost is possible, but that would require setting up `dnsmaq`) -Services Installed 🤖 ---------------------- +## Services Installed 🤖 The following services are exposed: 1. [Grafana](https://grafana.com/) + [Loki](https://grafana.com/oss/loki/) to export service logs from the deployed environments. [http://grafana.sarthi.your_domain.io](http://grafana.sarthi.your_domain.io) - A dashboard named `Service Logs` is pre-seeded in Grafana. You can use this to filter service logs based on deployments, containers etc. - - -2. [Portainer](https://www.portainer.io/) for admin access to manage deployments if needed. [http://portainer.sarthi.your_domain.io](http://portainer.sarthi.your_domain.io) + +2. [Portainer](https://www.portainer.io/) for admin access to manage deployments if needed. [http://portainer.sarthi.your_domain.io](http://portainer.sarthi.your_domain.io) 3. [Hashicorp Vault](https://www.vaultproject.io/) to specify environment secrets. [http://hashicorp.sarthi.your_domain.io](http://hashicorp.sarthi.your_domain.io) + - For each deployed branch/PR a path will be created by default in the vault where developers can specify branch-specific secrets. - 👉 PS: Hashicorp vault gets sealed on restarts. Unseal keys are generated by the setup script and stored in a `keys.txt` on the server. There is no RBAC yet and the root token is used to modify the env vars for different deployments. Root tokens can be found in `keys.txt` - + 4. [Sarthi](https://github.com/tushar5526/sarthi) Backend for GHA. [http://api.sarthi.your_domain.io](http://api.sarthi.your_domain.io) -Tips 💡 -------- +## Tips 💡 + 1. Use `docker-compose's` service discovery to connect within the same services in your projects. -High-Level Architecture ------------------------ +## High-Level Architecture ![sarthi](https://github.com/tushar5526/sarthi/assets/30565750/d08cf07e-f235-457c-952d-2406920319cb) - ### License 📄 + This action is licensed under some specific terms. Check [here](LICENSE) for more information. diff --git a/docker-compose.yml b/docker-compose.yml index 2e59881..4e71b79 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,6 @@ -version: '3' +version: "3" services: - nginx: image: nginx:latest restart: always @@ -41,7 +40,7 @@ services: SECRET_TEXT: ${SECRET_TEXT} depends_on: - vault - + loki: image: grafana/loki:latest restart: always @@ -58,7 +57,7 @@ services: restart: always volumes: - /var/log:/var/log - - ./logging-config/promtail:/etc/promtail + - ./logging-config/promtail:/etc/promtail command: -config.file=/etc/promtail/promtail-config.yaml grafana: @@ -105,4 +104,4 @@ services: volumes: grafana: portainer_data: - vault-secrets: \ No newline at end of file + vault-secrets: diff --git a/logging-config/grafana/dashboards/dashboard.yml b/logging-config/grafana/dashboards/dashboard.yml index 3eb36b6..b02e33c 100644 --- a/logging-config/grafana/dashboards/dashboard.yml +++ b/logging-config/grafana/dashboards/dashboard.yml @@ -1,12 +1,12 @@ apiVersion: 1 providers: - - name: 'Loki' + - name: "Loki" orgId: 1 - folder: '' + folder: "" type: file disableDeletion: false editable: true allowUiUpdates: true options: - path: /etc/grafana/provisioning/dashboards \ No newline at end of file + path: /etc/grafana/provisioning/dashboards diff --git a/logging-config/grafana/dashboards/docker_logs.json b/logging-config/grafana/dashboards/docker_logs.json index 71626bf..2a4bcf5 100644 --- a/logging-config/grafana/dashboards/docker_logs.json +++ b/logging-config/grafana/dashboards/docker_logs.json @@ -185,4 +185,4 @@ "uid": "c9398592-6dc7-48c7-9d19-fba0afa195d0", "version": 7, "weekStart": "" -} \ No newline at end of file +} diff --git a/logging-config/grafana/datasources/datasources.yml b/logging-config/grafana/datasources/datasources.yml index 8d64e92..9a07fef 100644 --- a/logging-config/grafana/datasources/datasources.yml +++ b/logging-config/grafana/datasources/datasources.yml @@ -8,4 +8,4 @@ datasources: url: http://loki:3100 basicAuth: false isDefault: true - editable: true \ No newline at end of file + editable: true diff --git a/logging-config/loki/loki-config.yaml b/logging-config/loki/loki-config.yaml index a270bd7..4102315 100644 --- a/logging-config/loki/loki-config.yaml +++ b/logging-config/loki/loki-config.yaml @@ -15,11 +15,11 @@ ingester: store: inmemory replication_factor: 1 final_sleep: 0s - chunk_idle_period: 1h # Any chunk not receiving new logs in this time will be flushed - max_chunk_age: 1h # All chunks will be flushed when they hit this age, default is 1h - chunk_target_size: 1048576 # Loki will attempt to build chunks up to 1.5MB, flushing first if chunk_idle_period or max_chunk_age is reached first - chunk_retain_period: 30s # Must be greater than index read cache TTL if using an index cache (Default index read cache TTL is 5m) - max_transfer_retries: 0 # Chunk transfers disabled + chunk_idle_period: 1h # Any chunk not receiving new logs in this time will be flushed + max_chunk_age: 1h # All chunks will be flushed when they hit this age, default is 1h + chunk_target_size: 1048576 # Loki will attempt to build chunks up to 1.5MB, flushing first if chunk_idle_period or max_chunk_age is reached first + chunk_retain_period: 30s # Must be greater than index read cache TTL if using an index cache (Default index read cache TTL is 5m) + max_transfer_retries: 0 # Chunk transfers disabled schema_config: configs: @@ -35,7 +35,7 @@ storage_config: boltdb_shipper: active_index_directory: /tmp/loki/boltdb-shipper-active cache_location: /tmp/loki/boltdb-shipper-cache - cache_ttl: 24h # Can be increased for faster performance over longer query periods, uses more disk space + cache_ttl: 24h # Can be increased for faster performance over longer query periods, uses more disk space shared_store: filesystem filesystem: directory: /tmp/loki/chunks @@ -65,4 +65,4 @@ ruler: ring: kvstore: store: inmemory - enable_api: true \ No newline at end of file + enable_api: true diff --git a/logging-config/promtail/promtail-config.yaml b/logging-config/promtail/promtail-config.yaml index c2bcbfe..bbbff83 100644 --- a/logging-config/promtail/promtail-config.yaml +++ b/logging-config/promtail/promtail-config.yaml @@ -9,10 +9,10 @@ clients: - url: http://loki:3100/loki/api/v1/push scrape_configs: -- job_name: system - static_configs: - - targets: - - localhost - labels: - job: varlogs - __path__: /var/log/*log \ No newline at end of file + - job_name: system + static_configs: + - targets: + - localhost + labels: + job: varlogs + __path__: /var/log/*log diff --git a/requirements-dev.txt b/requirements-dev.txt index ae936e0..32dfbae 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,2 +1,3 @@ pytest==7.4.4 -pytest-mock==3.12.0 \ No newline at end of file +pytest-mock==3.12.0 +pre-commit==3.6.0 \ No newline at end of file diff --git a/server/utils.py b/server/utils.py index 0b09f82..7e25993 100644 --- a/server/utils.py +++ b/server/utils.py @@ -6,7 +6,7 @@ import socket import subprocess import typing -from dataclasses import dataclass, fields +from dataclasses import dataclass import requests import yaml @@ -35,7 +35,7 @@ class ComposeHelper: nginx: image: nginx restart: always - ports: + ports: - '%s:80' volumes: - %s:/etc/nginx/conf.d/default.conf @@ -140,7 +140,6 @@ class NginxHelper: server_name %s; %s } - """ ROUTES_BLOCK_TEMPLATE: typing.Final[ @@ -161,7 +160,7 @@ class NginxHelper: server { listen 80; server_name %s; - + location / { proxy_pass http://%s:%s; proxy_set_header Host $host; @@ -169,7 +168,7 @@ class NginxHelper: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } - } + } """ def __init__( @@ -210,7 +209,7 @@ def find_free_port(self) -> str: self._port = current_port return current_port - raise RuntimeError(f"Could not find a free port in the specified range.") + raise RuntimeError("Could not find a free port in the specified range") def generate_outer_proxy_conf_file(self, port: str) -> str: port = port or self._port @@ -259,7 +258,7 @@ def generate_project_proxy_conf_file( def _test_nginx_config(self): try: - command = subprocess.run( + subprocess.run( ["docker", "exec", "sarthi_nginx", "nginx", "-t"], check=True, capture_output=True, diff --git a/tests/conftest.py b/tests/conftest.py index c171082..e6a7e18 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -5,7 +5,7 @@ @pytest.fixture def compose_helper(mocker): - test_compose_file = """ + test_compose_file = """ # Test Docker compose to be used in tests version: '3' diff --git a/vault/vault.json b/vault/vault.json index ba37ced..dd38942 100644 --- a/vault/vault.json +++ b/vault/vault.json @@ -1,18 +1,18 @@ { - "listener": { - "tcp": { - "address": "0.0.0.0:8200", - "tls_disable": 1 - } - }, - "backend": { - "file": { - "path": "/vault/file" - } - }, - "default_lease_ttl": "168h", - "max_lease_ttl": "0h", - "api_addr": "http://0.0.0.0:8200", - "ui": "true", - "disable_mlock": "true" - } \ No newline at end of file + "listener": { + "tcp": { + "address": "0.0.0.0:8200", + "tls_disable": 1 + } + }, + "backend": { + "file": { + "path": "/vault/file" + } + }, + "default_lease_ttl": "168h", + "max_lease_ttl": "0h", + "api_addr": "http://0.0.0.0:8200", + "ui": "true", + "disable_mlock": "true" +}