Merge pull request #8 from UWIT-IAM/template-updates

Template updates

Author: miker985

.github/workflows/deploy.template.yml

@@ -38,7 +38,6 @@ jobs:
       - name: Install and configure poetry
         run: |
           pipx install poetry
-          poetry config virtualenvs.create false
 
       - if: github.event.inputs.cluster == 'prod'
         run: |
@@ -51,19 +50,40 @@ jobs:
       - name: Install package
         run: poetry install
 
-      - name: Install jq for fingerprinter
-        run: sudo apt-get -y install jq
-
       - name: Update env with promotion version that was provided
         if: github.event.inputs.version
         run: echo "target_version=${{ github.event.inputs.version }}" >> $GITHUB_ENV
 
       - name: Update env with promotion version if not provided
         if: '! env.target_version'
+        shell: bash
         run: |
-          source ./scripts/globals.sh
-          target_version=$(get_promotion_version ${{ github.event.inputs.cluster }})
-          echo "target_version=${target_version}" >> $GITHUB_ENV
+          # $1 will be package name, $2 will be current version
+          set $(poetry version)
+
+          case "${{ github.event.inputs.cluster }}" in
+            dev)
+              version="$2"
+              echo "Would set version to '$version' (from poetry version)"
+              ;;
+            eval)
+              # substitute '_' for '-' in APP_NAME
+              url="https://${1//_/-}.iamdev.s.uw.edu/status"
+              version=$(curl --silent $url | python -c "import json, sys; print(json.load(sys.stdin)['version'])")
+              echo "After consulting dev the eval version will be ${version}"
+              ;;
+            prod)
+              # substitute '_' for '-' in APP_NAME
+              url="https://${1//_/-}.iameval.s.uw.edu/status"
+              version=$(curl --silent $url | python -c "import json, sys; print(json.load(sys.stdin)['version'])")
+              echo "After consulting eval the prod version will be ${version}"
+              ;;
+            *)
+              echo "Invalid cluster! Pick one of dev|eval|prod"
+              exit 1
+              ;;
+          esac
+          echo "target_version=${version}" >> $GITHUB_ENV
 
       - name: Auth to Google Cloud
         # important! this 'auth' is referenced as `steps.auth` on the next job
@@ -80,10 +100,14 @@ jobs:
         run: |-
           echo '${{ steps.auth.outputs.access_token }}' | docker login -u oauth2accesstoken --password-stdin https://us-docker.pkg.dev
 
-      - name: Deploy version ${{ env.target_version }}
+      - name: Tag version ${{ env.target_version }} for ${{ github.event.inputs.cluster }}
         id: deploy
         run: |
-          echo "::notice::Deploying appid version ${{ env.target_version }} to ${{ github.event.inputs.cluster }}"
-          ./scripts/build.sh \
-            --deploy ${{ inputs.cluster }} \
-            -dversion ${{ env.target_version }}
+          # timestamp and deploy_tag are not DRY - see also release-on-push-to-main.yaml
+          timestamp=$(date --utc +%Y.%m.%d.%H.%M.%S)
+          deploy_tag="deploy-${{ github.event.inputs.cluster }}.${timestamp}.v${{ env.target_version }}"
+          echo "::notice::Deploying appid version ${{ env.target_version }} to ${{ github.event.inputs.cluster }} as ${deploy_tag}"
+          # this will create a new tag (deploy_tag) on an existing tag (env.target_version)
+          docker buildx imagetools create \
+            --tag us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name_hyphen}:${deploy_tag} \
+            us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name_hyphen}:${{ env.target_version }}

.github/workflows/finalize-template.yaml

@@ -3,7 +3,7 @@ name: Finalize Template
 on:
   workflow_dispatch:
     inputs:
-      app-name:
+      app_name:
         required: false
         description: >
           This is the name of your app; if left blank, it will match the

.github/workflows/pull-request.template.yml

@@ -71,7 +71,7 @@ jobs:
           file: ./Dockerfile
           push: true
           target: dependencies
-          tags: us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name}.dependencies:${{ env.pr_tag }}
+          tags: us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name_hyphen}.dependencies:${{ env.pr_tag }}
           secret-files: |
             "gcloud_auth_credentials=${{ steps.auth.outputs.credentials_file_path }}"
 
@@ -82,7 +82,7 @@ jobs:
           file: ./Dockerfile
           push: true
           target: app
-          tags: us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name}.app:${{ env.pr_tag }}
+          tags: us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name_hyphen}.app:${{ env.pr_tag }}
 
       - name: Build and push Docker image (tests)
         uses: docker/build-push-action@v5
@@ -91,11 +91,11 @@ jobs:
           file: ./Dockerfile
           push: true
           target: tests
-          tags: us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name}.tests:${{ env.pr_tag }}
+          tags: us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name_hyphen}.tests:${{ env.pr_tag }}
 
       - uses: mshick/add-pr-comment@v2
         env:
-          image: us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name}.app:${{ env.pr_tag }}
+          image: us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name_hyphen}.app:${{ env.pr_tag }}
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           allow-repeats: false

.github/workflows/release-on-push-to-main.template.yaml

@@ -56,17 +56,14 @@ jobs:
 
       - name: Build and push Docker image
         uses: docker/build-push-action@v5
-        env:
-          DEPLOYMENT_ID: deploy-dev.${{ steps.get-version.outputs.timestamp }}.v${{ steps.get-version.outputs.version }}
         with:
-          build-args: DEPLOYMENT_ID=${{ env.DEPLOYMENT_ID }}
           context: .
           file: ./Dockerfile
           push: true
           target: app
           tags: |
-            us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name}:${{ steps.get-version.outputs.version }}
-            us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name}:${{ env.DEPLOYMENT_ID }}
+            us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name_hyphen}:${{ steps.get-version.outputs.version }}
+            us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name_hyphen}:deploy-dev.${{ steps.get-version.outputs.timestamp }}.v${{ steps.get-version.outputs.version }}
+            us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name_hyphen}:latest
           secret-files: |
             "gcloud_auth_credentials=${{ steps.auth.outputs.credentials_file_path }}"
-

Dockerfile Dockerfile.template

@@ -13,14 +13,13 @@ RUN --mount=type=secret,id=gcloud_auth_credentials \
     poetry install --only main --no-root --no-interaction
 
 FROM dependencies AS app
-
-ARG DEPLOYMENT_ID
-ARG APP_MODULE=example_app
+# If you change your app directory to e.g., use src/ you MUST
+# change the APP_MODULE here to match OR supply a --build-arg
+ARG APP_MODULE=${template:app_name_underscore}
 ARG FLASK_PORT=5000
 ENV FLASK_ENV=development \
     PYTHONPATH=${APP_MODULE} \
-    FLASK_APP=${APP_MODULE}.app \
-    DEPLOYMENT_ID=${DEPLOYMENT_ID}
+    FLASK_APP=${APP_MODULE}.app
 EXPOSE ${FLASK_PORT}
 COPY ${APP_MODULE}/ ./${APP_MODULE}
 # install root package now that we've copied it

README.md

@@ -11,7 +11,7 @@ click the button above that says "Use this template"
 
 You will be asked to name your new repository. To take full advantage
 of the automation and kubernetes capabilities, you should create your new
-repository under the "UWIT-IAM" namespace; this gives you access to 
+repository under the "UWIT-IAM" namespace; this gives you access to
 secrets that are consumable in your Github actions.
 
 Once you have done that, follow the instructions for
@@ -22,12 +22,12 @@ Once you have done that, follow the instructions for
 If you are reading this, and you are not in the `flask-example` template repository,
 then you haven't yet finalized your template!
 
-To finalize the template, visit your repository on GitHub, 
+To finalize the template, visit your repository on GitHub,
 then click on "Actions."
 
 Click the "Finalize Template" workflow, and click "Run this workflow."
 
-A pull request will be generated for you to review and merge! This message will 
+A pull request will be generated for you to review and merge! This message will
 self-destruct after running that workflow.
 
 ## Updating the template
@@ -37,15 +37,15 @@ This very basic templating engine does not allow for conditional logic.
 To use an argument name inside a document, make sure the document is named `<name>.
 template.<ext>`, the final file name will be `<name>.<ext>`.
 
-You can use any supported argument with the format: `${template:<arg_name>}`; all 
-values are treated as strings. 
+You can use any supported argument with the format: `${template:<arg_name>}`; all
+values are treated as strings.
 
 Functionally:
 
 ```
 # foo.template.yaml
 
-- policy-name: ${template:app_name}-policy
+- policy-name: ${template:app_name_hyphen}-policy
 ```
 
 becomes:
@@ -60,8 +60,8 @@ becomes:
 ### About templating templates...
 
 Please note that `.template.` files are interpolated before any other templating
-engine does anything; you may freely nest the `${template:<arg_name>}` syntax inside 
-other strings that other templating engines might use. 
+engine does anything; you may freely nest the `${template:<arg_name>}` syntax inside
+other strings that other templating engines might use.
 
 ## Supported Values
 

example_app/app.template.py

@@ -1,4 +1,3 @@
-import os
 import importlib.metadata as importlib_metadata  # Python ^3.9 change
 
 from flask import Flask, jsonify
@@ -9,7 +8,7 @@
 @app.route("/", methods=("GET",))
 def index():
     print("Hello there")
-    return 'OK', 200
+    return "OK", 200
 
 
 APP_VERSION = None
@@ -19,13 +18,15 @@ def index():
 def status():
     global APP_VERSION
     if APP_VERSION is None:
-        APP_VERSION = importlib_metadata.version("${template:app_name}")
+        try:
+            APP_VERSION = importlib_metadata.version("${template:app_name_underscore}")
+        except importlib_metadata.PackageNotFoundError:
+            "Something went wrong locating the package that is this application. Was it installed via poetry?"
 
-    deployment_id = os.environ.get("DEPLOYMENT_ID")
-    status = 200 if deployment_id else 503
+    status = 200 if APP_VERSION else 503
 
-    return jsonify({"deployment_id": deployment_id, "version": APP_VERSION}), status
+    return jsonify({"version": APP_VERSION}), status
 
 
 if __name__ == "__main__":
-    app.run(host='0.0.0.0', port=5000)
+    app.run(host="0.0.0.0", port=5000)

fingerprints.template.yaml

@@ -1,13 +1,13 @@
 # Template Kubernetes Configuration
 
-The basic kubernetes configuration provided here will subscribe you 
-to the [basic-web-service helm chart]. 
+The basic kubernetes configuration provided here will subscribe you
+to the [basic-web-service helm chart].
 
 After finalizing your template, you should copy the files in this directory
 into the [gcp-k8] repository, in the `dev/${template:app_name}` directory.
 
 Unless you change the values generated for you, your app will
-expect to run at `https://${template:app_name}.iamdev.s.uw.edu`.
+expect to run at `https://${template:app_name_hyphen}.iamdev.s.uw.edu`.
 
 
 [gcp-k8]: https://github.com/uwit-iam/gcp-k8

kubernetes-config/README.template.md

@@ -4,11 +4,11 @@
 apiVersion: image.toolkit.fluxcd.io/v1beta1
 kind: ImagePolicy
 metadata:
-  name: ${template:app_name}-policy
+  name: ${template:app_name_hyphen}-policy
   namespace: default # must be 'default' in MCI, even if app itself is not in default
 spec:
   imageRepositoryRef:
-    name: ${template:app_name}-gar
+    name: ${template:app_name_hyphen}-gar
   filterTags:
     pattern: '^deploy-dev.(?P<ts>[0-9\.]+)\.v.+$'
     extract: '$ts'
@@ -19,10 +19,10 @@ spec:
 apiVersion: image.toolkit.fluxcd.io/v1beta1
 kind: ImageRepository
 metadata:
-  name: ${template:app_name}-gar
+  name: ${template:app_name_hyphen}-gar
   namespace: default # must be 'default' in MCI, even if app itself is not in default
 spec:
-  image: us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name}
+  image: us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name_hyphen}
   interval: 2m0s
   secretRef:
     name: flux-mci-registry-credential

kubernetes-config/automation.template.yaml

@@ -9,12 +9,12 @@
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
-  name: ${template:app_name}
+  name: ${template:app_name_hyphen}
   namespace: default
 spec:
   values:
     app:
-      name: ${template:app_name}
+      name: ${template:app_name_hyphen}
       clusterDomain: iamdev.s.uw.edu
     replicaCount: 1
     ports:
@@ -45,8 +45,8 @@ spec:
         memory: "64M"
         cpu: "100m"
     image:
-      name: us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name}
-      tag: latest  # {"$imagepolicy": "default:${template:app_name}-policy:tag"}
+      name: us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name_hyphen}
+      tag: latest  # {"$imagepolicy": "default:${template:app_name_hyphen}-policy:tag"}
 
   chart:
     spec:

kubernetes-config/helm-release.template.yaml

@@ -1,5 +1,5 @@
 [tool.poetry]
-name = "${template:app_name}"
+name = "${template:app_name_underscore}"
 version = "0.1.0"
 description = ""
 authors = []
@@ -23,3 +23,7 @@ priority = "explicit"
 [build-system]
 requires = ["poetry-core>=1.0.0"]
 build-backend = "poetry.core.masonry.api"
+
+[tool.black]
+# coordinated with setup.cfg max-line-length
+line-length = 119