Test GitHub triggering review app deployments (#597)

rameziophobia · justin808 · web-flow · commit 2285c0ab9f84 · 2024-08-26T14:21:09.000+03:00
* WIP

* provision the appˆ

* WIP

* Updates for deployment

* test error handling

* Updates for deployment

* chore: remove error test

* refactor: rename job to deploy-to-control-plane-review

* feat: trigger deploying to control-plane review on opening a PR

* feat: change setup_app_templates: from gvc to app

* refactor: delete unneeded code

* fix: typo

* fix: styling

* feat: add a comment on opening PRs as an instruction for deploying review apps

* feat: trigger review-app deployment on commenting "/deploy-review-app"

* feat: Add Github confirmation comment upon starting to deploy

* fix: deprecated cpflow option

* feat: move confirmation comment to first thing in the review app workflow

* feat: get correct checkout ref in issue_comment event

* fix: typo

* fix: coderabbit suggestions

---------

Co-authored-by: Justin Gordon &lt;justin@shakacode.com&gt;
diff --git a/.controlplane/controlplane.yml b/.controlplane/controlplane.yml
@@ -14,7 +14,7 @@ aliases:
     # Production apps will use a different org than staging for security.
     # Change this value to your org name
     # or set ENV CPLN_ORG to your org name as that will override whatever is used here for all cpflow commands
-    # cpln_org: shakacode-open-source-examples
+    cpln_org: shakacode-open-source-examples-staging
 
     # Example apps use only location. CPLN offers the ability to use multiple locations.
     default_location: aws-us-east-2
@@ -34,6 +34,9 @@ aliases:
     # Configure the workload name used when maintenance mode is on (defaults to "maintenance").
     maintenance_workload: maintenance
 
+    # Configure the script to run when releasing an app., either with deploy-image or promote-app-from-upstream
+    release_script: release_script.sh
+
 apps:
   react-webpack-rails-tutorial:
     # Simulate Production Version
@@ -47,14 +50,24 @@ apps:
 
     upstream: react-webpack-rails-tutorial-staging
 
-    release_script: release_script.sh
-
   react-webpack-rails-tutorial-staging:
     <<: *common
   # QA Apps are like Heroku review apps, but the use `prefix` so you can run a commmand like
   # this to create a QA app for the tutorial app.
   # `cpflow setup gvc postgres redis rails -a qa-react-webpack-rails-tutorial-pr-1234`
   qa-react-webpack-rails-tutorial:
     <<: *common
-    # Prefix is used to identify these "qa" apps.
-    prefix: true
+    # Order matters!
+    setup_app_templates:
+      # GVC template contains the identity
+      - app
+
+      # Resources
+      - postgres
+      - redis
+
+      # Workloads, like Dynos types on Heroku
+      - daily-task
+      - rails
+    # match_if_app_name_starts_with is used to identify these "qa" apps.
+    match_if_app_name_starts_with: true
diff --git a/.controlplane/readme.md b/.controlplane/readme.md
@@ -74,7 +74,7 @@ export APP_NAME=react-webpack-rails-tutorial
 
 # Provision all infrastructure on Control Plane.
 # app react-webpack-rails-tutorial will be created per definition in .controlplane/controlplane.yml
-cpflow apply-template gvc postgres redis rails daily-task -a $APP_NAME
+cpflow setup-app -a $APP_NAME
 
 # Build and push docker image to Control Plane repository
 # Note, may take many minutes. Be patient.
diff --git a/.controlplane/release_script.sh b/.controlplane/release_script.sh
@@ -1,8 +1,22 @@
 #!/bin/bash -e
 
-echo 'Running release_script.sh per controlplane.yml'
 
-echo 'Run DB migrations'
-./bin/rails db:prepare
+log() {
+    echo "[`date +%Y-%m-%d:%H:%M:%S`]: $1"
+}
 
-echo 'Completed release_script.sh per controlplane.yml'
+error_exit() {
+    log "$1" 1>&2
+    exit 1
+}
+
+log 'Running release_script.sh per controlplane.yml'
+
+if [ -x ./bin/rails ]; then
+    log 'Run DB migrations'
+    ./bin/rails db:prepare || error_exit "Failed to run DB migrations"
+else
+    error_exit "./bin/rails does not exist or is not executable"
+fi
+
+log 'Completed release_script.sh per controlplane.yml'
diff --git a/.controlplane/templates/app.yml b/.controlplane/templates/app.yml
@@ -1,15 +1,15 @@
 # Template setup of the GVC, roughly corresponding to a Heroku app
 kind: gvc
-name: APP_GVC
+name: { { APP_NAME } }
 spec:
   # For using templates for test apps, put ENV values here, stored in git repo.
   # Production apps will have values configured manually after app creation.
   env:
     - name: DATABASE_URL
-      # Password does not matter because host postgres.APP_GVC.cpln.local can only be accessed
+      # Password does not matter because host postgres.{{APP_NAME}}.cpln.local can only be accessed
       # locally within CPLN GVC, and postgres running on a CPLN workload is something only for a
       # test app that lacks persistence.
-      value: 'postgres://the_user:the_password@postgres.APP_GVC.cpln.local:5432/APP_GVC'
+      value: 'postgres://the_user:the_password@postgres.{{APP_NAME}}.cpln.local:5432/{{APP_NAME}}'
     - name: RAILS_ENV
       value: production
     - name: NODE_ENV
@@ -18,8 +18,13 @@ spec:
       value: 'true'
     - name: REDIS_URL
       # No password for GVC local Redis. See comment above for postgres.
-      value: 'redis://redis.APP_GVC.cpln.local:6379'
+      value: 'redis://redis.{{APP_NAME}}.cpln.local:6379'
   # Part of standard configuration
   staticPlacement:
     locationLinks:
-      - /org/APP_ORG/location/APP_LOCATION
+      - { { APP_LOCATION_LINK } }
+
+---
+# Identity is needed to access secrets
+kind: identity
+name: { { APP_IDENTITY } }
diff --git a/.controlplane/templates/daily-task.yml b/.controlplane/templates/daily-task.yml
@@ -20,7 +20,7 @@ spec:
         - rake
         - daily
       inheritEnv: true
-      image: "/org/APP_ORG/image/APP_IMAGE"
+      image: {{APP_IMAGE_LINK}}
   defaultOptions:
     autoscaling:
       minScale: 1
@@ -30,4 +30,5 @@ spec:
     external:
       outboundAllowCIDR:
         - 0.0.0.0/0
-  identityLink: /org/APP_ORG/gvc/APP_GVC/identity/postgres-poc-identity
+  # Identity is used for binding workload to secrets
+  identityLink: {{APP_IDENTITY_LINK}}
diff --git a/.controlplane/templates/org.yml b/.controlplane/templates/org.yml
@@ -0,0 +1,23 @@
+# Org level secrets are used to store sensitive information that is
+# shared across multiple apps in the same organization. This is
+# useful for storing things like API keys, database credentials, and
+# other sensitive information that is shared across multiple apps
+# in the same organization.
+
+# This is how you apply this once (not during CI)
+# cpl apply-template secrets  -a qa-react-webpack-rails-tutorial --org shakacode-open-source-examples-staging
+
+kind: secret
+name: {{APP_SECRETS}}
+type: dictionary
+data:
+  SOME_ENV: "123456"
+
+---
+
+# Policy is needed to allow identities to access secrets
+kind: policy
+name: {{APP_SECRETS_POLICY}}
+targetKind: secret
+targetLinks:
+  - //secret/{{APP_SECRETS}}
diff --git a/.controlplane/templates/postgres.yml b/.controlplane/templates/postgres.yml
@@ -106,7 +106,7 @@ bindings:
 #      - use
 #      - view
     principalLinks:
-      - //gvc/APP_GVC/identity/postgres-poc-identity
+      - //gvc/{{APP_NAME}}/identity/postgres-poc-identity
 targetKind: secret
 targetLinks:
   - //secret/postgres-poc-credentials
@@ -139,9 +139,6 @@ spec:
       args:
         - "-c"
         - "cat /usr/local/bin/cpln-entrypoint.sh >> ./cpln-entrypoint.sh && chmod u+x ./cpln-entrypoint.sh && ./cpln-entrypoint.sh postgres"
-      #command:  "cpln-entrypoint.sh"
-      #args:
-      #  - "postgres"
       ports:
         - number: 5432
           protocol: tcp
diff --git a/.controlplane/templates/rails.yml b/.controlplane/templates/rails.yml
@@ -14,7 +14,7 @@ spec:
           value: debug
       # Inherit other ENV values from GVC
       inheritEnv: true
-      image: '/org/APP_ORG/image/APP_IMAGE'
+      image: {{APP_IMAGE_LINK}}
       # 512 corresponds to a standard 1x dyno type
       memory: 512Mi
       ports:
@@ -34,3 +34,5 @@ spec:
       # Could configure outbound for more security
       outboundAllowCIDR:
         - 0.0.0.0/0
+  # Identity is used for binding workload to secrets
+  identityLink: {{APP_IDENTITY_LINK}}
diff --git a/.github/actions/deploy-to-control-plane/action.yml b/.github/actions/deploy-to-control-plane/action.yml
@@ -4,7 +4,6 @@ name: Deploy-To-Control-Plane
 description: 'Deploys both to staging and to review apps'
 
 inputs:
-  # The name of the app to deploy
   app_name:
     description: 'The name of the app to deploy'
     required: true
@@ -20,25 +19,25 @@ runs:
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:
-        ruby-version: '3.2'  # Specify your Ruby version here
+        ruby-version: '3.3.3' # Specify your Ruby version here
 
     - name: Install Control Plane CLI
       shell: bash
       run: |
         sudo npm install -g @controlplane/cli@3.1.0
         cpln --version
         gem install cpflow -v 4.0.0
+        cpflow --version
 
     - name: Set Short SHA
       id: vars
       shell: bash
       run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
 
-    - name: cpflow profile
+    - name: cpln profile
       shell: bash
       run: |
         cpln profile update default
-  #          cpln profile update default --token ${CPLN_TOKEN}
 
     # Caching step
     - uses: actions/cache@v2
@@ -49,22 +48,24 @@ runs:
           ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile', '**/package.json', '**/yarn.lock') }}
           ${{ runner.os }}-docker-
 
+    - name: cpflow setup-app
+      shell: bash
+      run: |
+        if ! cpflow exists -a ${{ inputs.app_name }} ; then
+          cpflow setup-app -a ${{ inputs.app_name }}
+        fi
+    # Provision all infrastructure on Control Plane.
+    # app react-webpack-rails-tutorial will be created per definition in .controlplane/controlplane.yml
     - name: cpflow build-image
       shell: bash
       run: |
         cpln image docker-login
+        # Use BUILDKIT_PROGRESS=plain to get more verbose logging of the build
+        # BUILDKIT_PROGRESS=plain cpflow build-image -a ${{ inputs.app_name }} --commit ${{steps.vars.outputs.sha_short}} --org ${{inputs.org}}
         cpflow build-image -a ${{ inputs.app_name }} --commit ${{steps.vars.outputs.sha_short}} --org ${{inputs.org}}
-        # --cache /tmp/.docker-cache 
-
-    - name: Run release script
-      shell: bash
-      run: |
-        # Run database migrations (or other release tasks) with the latest image,
-        # while the app is still running on the previous image.
-        # This is analogous to the release phase.
-        cpflow run './.controlplane/release_script.sh' -a ${{ inputs.app_name }}  --image latest
-
+        # --cache /tmp/.docker-cache
     - name: Deploy to Control Plane
       shell: bash
       run: |
-        cpflow deploy-image -a ${{ inputs.app_name }} --org ${{inputs.org}}  
+        echo "Deploying to Control Plane"
+        cpflow deploy-image -a ${{ inputs.app_name }} --run-release-phase --org ${{inputs.org}}  --verbose
diff --git a/.github/workflows/add-comment-on-pr-creation.yml b/.github/workflows/add-comment-on-pr-creation.yml
@@ -0,0 +1,20 @@
+name: Add helper Comment on PR creation
+
+on:
+  pull_request:
+    types: [opened]
+
+jobs:
+  comment-on-pr:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Add GitHub Comment for review app instructions
+        uses: actions/github-script@v6
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: "Hi 👋 To deploy a review app, please comment `/deploy-review-app`"
+            })
diff --git a/.github/workflows/deploy-to-control-plane-review.yml b/.github/workflows/deploy-to-control-plane-review.yml
@@ -6,24 +6,80 @@ name: Deploy Review App to Control Plane
 on:
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
+
+  # Uncomment these lines to trigger the workflow on pull request events
+  # pull_request:
+  #   branches:
+  #     - master
+
+  # deploy on comment "/deploy-review-app"
   issue_comment:
     types: [created, edited]
 
 # Convert the GitHub secret variables to environment variables for use by the Control Plane CLI
 env:
   CPLN_ORG: ${{secrets.CPLN_ORG_STAGING}}
   CPLN_TOKEN: ${{secrets.CPLN_TOKEN_STAGING}}
+  # Uncomment this line to use the PR number from the pull requests trigger event (that trigger is commented)
+  # PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
+  PR_NUMBER: ${{ github.event.issue.number }}
 
 jobs:
-  deploy-to-control-plane-staging:
+  deploy-to-control-plane-review:
     if: ${{ github.event_name != 'issue_comment' || (github.event.comment.body == '/deploy-review-app' && github.event.issue.pull_request) }}
     runs-on: ubuntu-latest
 
     steps:
-      - name: Check out the repo
-        uses: actions/checkout@v2
+      - name: Get PR HEAD Ref
+        if: ${{ github.event_name == 'issue_comment' }}
+        id: getRef
+        run: echo "PR_REF=$(gh pr view \"$PR_NUMBER\" --repo \"${{ github.repository }}\" --json headRefName | jq -r '.headRefName')" >> $GITHUB_OUTPUT
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Checkout source code from Github
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ steps.getRef.outputs.PR_REF || github.ref }}
+
+      - name: Add GitHub Comment
+        if: ${{ github.event_name == 'issue_comment' }}
+        uses: actions/github-script@v6
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: "We started working on your review-app deployment. You can track progress in the "Actions" Tab [here](https://github.com/shakacode/react-webpack-rails-tutorial/actions/workflows/deploy-to-control-plane-review.yml) on Github."
+            })
 
+      - name: Get PR number
+        if: ${{ github.event_name != 'issue_comment' }}
+        run: |
+          echo "GITHUB_REPOSITORY: \"$GITHUB_REPOSITORY\""
+          if [ -z "$PR_NUMBER" ]; then
+            echo "PR_NUMBER is not in the trigger event. Fetching PR number from open PRs."
+            REF="${{ github.ref }}"
+            REF=${REF#refs/heads/}  # Remove 'refs/heads/' prefix
+            echo "REF: \"$REF\""
+            API_RESPONSE=$(curl --location --request GET "https://api.github.com/repos/${GITHUB_REPOSITORY}/pulls?state=open" \
+            --header 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}')
+            PR_NUMBER=$(echo "$API_RESPONSE" | jq '.[] | select(.head.ref=="'$REF'") | .number')
+          fi
+          echo "PR_NUMBER: $PR_NUMBER"
+          if [ -z "$PR_NUMBER" ]; then
+            echo "PR_NUMBER is not set. Aborting."
+            exit 1
+          fi
+          echo "PR_NUMBER=\"$PR_NUMBER\"" >> $GITHUB_ENV
+      - name: Get App Name
+        run: |
+          echo "PR_NUMBER: ${{ env.PR_NUMBER }}"
+          echo "APP_NAME=qa-react-webpack-rails-tutorial-pr-${{ env.PR_NUMBER }}" >> "$GITHUB_ENV"
+          echo "App Name: ${{ env.APP_NAME }}"
       - uses: ./.github/actions/deploy-to-control-plane
         with:
-          app_name: qa-react-webpack-rails-tutorial-pr-${{ github.event.pull_request.number }}
-          org: ${{ secrets.CPLN_ORG_STAGING }}
+          app_name: ${{ env.APP_NAME }}
+          org: ${{ env.CPLN_ORG }}
