Skip to content

Bootstrap cluster

Bootstrap cluster #729

name: Bootstrap cluster
on:
schedule:
- cron: '14 4 * * *'
workflow_dispatch:
env:
OC_LOGIN_TOKEN: ${{ secrets.OC_LOGIN_TOKEN }}
LOGIN_SERVER_URL: "https://api.hac-devsandbox.5unc.p1.openshiftapps.com:6443"
jobs:
bootstrap:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run bootstrap script
shell: bash
id: bootstrap
timeout-minutes: 30
env:
# getting secrets from GH
BROKER_PASSWORD: ${{ secrets.BROKER_PASSWORD }}
MY_GITHUB_TOKEN: ${{ secrets.MY_GITHUB_TOKEN }}
SHARED_SECRET: ${{ secrets.SHARED_SECRET }}
SPI_GITHUB_CLIENT_ID: ${{ secrets.SPI_GITHUB_CLIENT_ID }}
SPI_GITHUB_CLIENT_SECRET: ${{ secrets.SPI_GITHUB_CLIENT_SECRET }}
IMAGE_CONTROLLER_QUAY_TOKEN: ${{ secrets.IMAGE_CONTROLLER_QUAY_TOKEN_KONFLUX_QE }}
REDHAT_APPSTUDIO_USER_WORKLOAD: ${{ secrets.REDHAT_APPSTUDIO_USER_WORKLOAD }}
PAC_GITHUB_APP_PRIVATE_KEY: ${{ secrets.PAC_GITHUB_APP_PRIVATE_KEY_BASE64 }}
PAC_GITHUB_APP_ID: ${{ secrets.PAC_GITHUB_APP_ID }}
PAC_GITHUB_APP_WEBHOOK_SECRET: ${{ secrets.PAC_GITHUB_APP_WEBHOOK_SECRET }}
# setting variables
BROKER_USERNAME: "pactUser"
MY_GIT_FORK_REMOTE: "origin"
MY_GITHUB_ORG: "redhat-hac-qe"
IMAGE_CONTROLLER_QUAY_ORG: "redhat-appstudio-qe"
SPI_TYPE: "Github"
OC_DOWNLOAD_URL: "https://downloads-openshift-console.apps.hac-devsandbox.5unc.p1.openshiftapps.com/amd64/linux/oc.tar"
# Slashes have to be escaped as those variables are given to sed as a param
SPI_API_SERVER: "https:\\/\\/api-toolchain-host-operator.apps.hac-devsandbox.5unc.p1.openshiftapps.com"
HAS_DEFAULT_IMAGE_REPOSITORY: "quay.io\\/redhat-appstudio-qe\\/build_service"
BROKER: true
run: |
# Setup GIT access
git config --global user.name 'Katka92'
git config --global user.email 'kkanova@redhat.com'
#Setup OC and login to cluster
oc login --token=$OC_LOGIN_TOKEN --server=$LOGIN_SERVER_URL --insecure-skip-tls-verify
cp hack/preview-template.env hack/preview.env
# awk -i inplace -v old="PAC_GITHUB_APP_PRIVATE_KEY=" -v new="PAC_GITHUB_APP_PRIVATE_KEY=$PAC_GITHUB_APP_PRIVATE_KEY" '{gsub(old, new)}1' "hack/preview.env"
sed -i "s/PAC_GITHUB_APP_PRIVATE_KEY=.*/PAC_GITHUB_APP_PRIVATE_KEY=${PAC_GITHUB_APP_PRIVATE_KEY}/g" hack/preview.env
sed -i "s/PAC_GITHUB_APP_ID=.*/PAC_GITHUB_APP_ID=${PAC_GITHUB_APP_ID}/g" hack/preview.env
sed -i "s/PAC_GITHUB_APP_WEBHOOK_SECRET=.*/PAC_GITHUB_APP_WEBHOOK_SECRET=${PAC_GITHUB_APP_WEBHOOK_SECRET}/g" hack/preview.env
sed -i "s/BROKER_PASSWORD=.*/BROKER_PASSWORD=${BROKER_PASSWORD}/g" hack/preview.env
sed -i "s/MY_GITHUB_TOKEN=.*/MY_GITHUB_TOKEN=${MY_GITHUB_TOKEN}/g" hack/preview.env
sed -i "s/SHARED_SECRET=.*/SHARED_SECRET=${SHARED_SECRET}/g" hack/preview.env
sed -i "s/SPI_GITHUB_CLIENT_ID=.*/SPI_GITHUB_CLIENT_ID=${SPI_GITHUB_CLIENT_ID}/g" hack/preview.env
sed -i "s/SPI_GITHUB_CLIENT_SECRET=.*/SPI_GITHUB_CLIENT_SECRET=${SPI_GITHUB_CLIENT_SECRET}/g" hack/preview.env
sed -i "s/HAS_DEFAULT_IMAGE_REPOSITORY=.*/HAS_DEFAULT_IMAGE_REPOSITORY=${HAS_DEFAULT_IMAGE_REPOSITORY}/g" hack/preview.env
sed -i "s/SPI_API_SERVER=.*/SPI_API_SERVER=${SPI_API_SERVER}/g" hack/preview.env
sed -i "s/BROKER_USERNAME=.*/BROKER_USERNAME=${BROKER_USERNAME}/g" hack/preview.env
sed -i "s/MY_GIT_FORK_REMOTE=.*/MY_GIT_FORK_REMOTE=${MY_GIT_FORK_REMOTE}/g" hack/preview.env
sed -i "s/MY_GITHUB_ORG=.*/MY_GITHUB_ORG=${MY_GITHUB_ORG}/g" hack/preview.env
sed -i "s/IMAGE_CONTROLLER_QUAY_ORG=.*/IMAGE_CONTROLLER_QUAY_ORG=${IMAGE_CONTROLLER_QUAY_ORG}/g" hack/preview.env
sed -i "s/IMAGE_CONTROLLER_QUAY_TOKEN=.*/IMAGE_CONTROLLER_QUAY_TOKEN=${IMAGE_CONTROLLER_QUAY_TOKEN}/g" hack/preview.env
export PATH=${PATH}:/home/runner/go/bin
# Bootstrap the cluster
hack/bootstrap-cluster.sh preview --toolchain --keycloak
# Set the docker secret to push HAS images to quay if doesn't exist yet
if [[ ! $(oc get secrets -n build-templates | grep redhat-appstudio-user-workload) ]]; then
echo $REDHAT_APPSTUDIO_USER_WORKLOAD >> docker.config
oc create secret docker-registry redhat-appstudio-user-workload -n build-templates --from-file=.dockerconfigjson=docker.config
fi
# Deploy proxy plugin to enable tekton-results
if [[ ! $(oc get proxyplugins -n toolchain-host-operator | grep tekton-results) ]]; then
echo "Deploying proxy plugin for tekton-results"
cat .github/proxyplugin.yml | oc apply -f -
fi
- name: Unseal vault if sealed
if: failure()
env:
POD_NAME: "vault-0"
run: |
oc project spi-vault
status=$(oc get pod $POD_NAME -o=jsonpath='{.status.phase}')
if [ "$status" != "Running" ]; then
echo "Status of a pod ${POD_NAME} is ${status}. Executing poststart.sh."
oc exec $POD_NAME -- sh /vault/userconfig/scripts/poststart.sh
else
echo "Status of a pod ${POD_NAME} is ${status}."
fi
- name: Check Application statuses
id: statuscheck
if: failure()
run: |
oc project openshift-gitops
echo "Checking Apps statuses till they're Healthy and Synced."
echo "10 attempts with 3 minute waits."
healthyAndSynced=false
for i in {1..10}; do
echo "$i. try, checking app statuses."
unhealthy=$(oc get applications.argoproj.io --no-headers | { grep -v "Healthy" || true; } )
unsynced=$(oc get applications.argoproj.io --no-headers | { grep -v "Synced" || true; } )
if [[ $unhealthy == "" && $unsynced == "" ]]; then
echo "All apps are healthy and synced".
healthyAndSynced=true
break
else
echo "Some apps are not ready:"
oc get applications.argoproj.io
echo "Sleeping for 3 minutes and retrying."
sleep 180
fi
done
echo "healthy_and_synced=${healthyAndSynced}" >> $GITHUB_OUTPUT
- name: Send a message to Slack
shell: bash
if: always()
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
BOOTSTRAP_JOB_STATUS: ${{ steps.bootstrap.outcome }}
HEALTHY_AND_SYNCED: ${{ steps.statuscheck.outputs.healthy_and_synced }}
CHANNEL_ID: "C04U7TA1BT8" # forum-rhtap-test-execution-alerts
ACTION_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
run: |
if [[ $HEALTHY_AND_SYNCED == true ]]; then
statusMessage="Bootstrap script failed but application statuses seem ok. Cluster is probably not updated or Vault was not unsealed."
icon=":failed:"
elif [[ $HEALTHY_AND_SYNCED == "" ]]; then
statusMessage="Bootstrap script succeeded, cluster is OK."
icon=":done-circle-check:"
else
statusMessage="Bootstrap script failed and applications are not healthy. Cluster is probably broken."
icon=":failed:"
fi;
curl -H "Authorization: Bearer ${SLACK_BOT_TOKEN}" -d "text=${icon} Job *bootstrap* ended. ${statusMessage} <$ACTION_URL|View logs>" -d "channel=${CHANNEL_ID}" -X POST https://slack.com/api/chat.postMessage
cleanup:
runs-on: ubuntu-latest
steps:
- name: Prune user signups
run: |
oc login --token=$OC_LOGIN_TOKEN --server=$LOGIN_SERVER_URL --insecure-skip-tls-verify
echo "Prune any user spaces older than 2 days"
oc project toolchain-host-operator
oc get usersignup -o json | jq -r --argjson timestamp 172800 '.items[] | select ((.metadata.creationTimestamp | fromdateiso8601 < now - $timestamp) and (.metadata.name != "user1")).metadata.name' | xargs -r -L1 oc delete usersignup