Test GitHub triggering review app deployments (#597)

* WIP

* provision the appˆ

* WIP

* Updates for deployment

* test error handling

* Updates for deployment

* chore: remove error test

* refactor: rename job to deploy-to-control-plane-review

* feat: trigger deploying to control-plane review on opening a PR

* feat: change setup_app_templates: from gvc to app

* refactor: delete unneeded code

* fix: typo

* fix: styling

* feat: add a comment on opening PRs as an instruction for deploying review apps

* feat: trigger review-app deployment on commenting "/deploy-review-app"

* feat: Add Github confirmation comment upon starting to deploy

* fix: deprecated cpflow option

* feat: move confirmation comment to first thing in the review app workflow

* feat: get correct checkout ref in issue_comment event

* fix: typo

* fix: coderabbit suggestions

---------

Co-authored-by: Justin Gordon <[email protected]>

Author: rameziophobia

.controlplane/controlplane.yml

@@ -14,7 +14,7 @@ aliases:
     # Production apps will use a different org than staging for security.
     # Change this value to your org name
     # or set ENV CPLN_ORG to your org name as that will override whatever is used here for all cpflow commands
-    # cpln_org: shakacode-open-source-examples
+    cpln_org: shakacode-open-source-examples-staging
 
     # Example apps use only location. CPLN offers the ability to use multiple locations.
     default_location: aws-us-east-2
@@ -34,6 +34,9 @@ aliases:
     # Configure the workload name used when maintenance mode is on (defaults to "maintenance").
     maintenance_workload: maintenance
 
+    # Configure the script to run when releasing an app., either with deploy-image or promote-app-from-upstream
+    release_script: release_script.sh
+
 apps:
   react-webpack-rails-tutorial:
     # Simulate Production Version
@@ -47,14 +50,24 @@ apps:
 
     upstream: react-webpack-rails-tutorial-staging
 
-    release_script: release_script.sh
-
   react-webpack-rails-tutorial-staging:
     <<: *common
   # QA Apps are like Heroku review apps, but the use `prefix` so you can run a commmand like
   # this to create a QA app for the tutorial app.
   # `cpflow setup gvc postgres redis rails -a qa-react-webpack-rails-tutorial-pr-1234`
   qa-react-webpack-rails-tutorial:
     <<: *common
-    # Prefix is used to identify these "qa" apps.
-    prefix: true
+    # Order matters!
+    setup_app_templates:
+      # GVC template contains the identity
+      - app
+
+      # Resources
+      - postgres
+      - redis
+
+      # Workloads, like Dynos types on Heroku
+      - daily-task
+      - rails
+    # match_if_app_name_starts_with is used to identify these "qa" apps.
+    match_if_app_name_starts_with: true

.controlplane/readme.md

@@ -74,7 +74,7 @@ export APP_NAME=react-webpack-rails-tutorial
 
 # Provision all infrastructure on Control Plane.
 # app react-webpack-rails-tutorial will be created per definition in .controlplane/controlplane.yml
-cpflow apply-template gvc postgres redis rails daily-task -a $APP_NAME
+cpflow setup-app -a $APP_NAME
 
 # Build and push docker image to Control Plane repository
 # Note, may take many minutes. Be patient.

.controlplane/release_script.sh

@@ -1,8 +1,22 @@
 #!/bin/bash -e
 
-echo 'Running release_script.sh per controlplane.yml'
 
-echo 'Run DB migrations'
-./bin/rails db:prepare
+log() {
+    echo "[`date +%Y-%m-%d:%H:%M:%S`]: $1"
+}
 
-echo 'Completed release_script.sh per controlplane.yml'
+error_exit() {
+    log "$1" 1>&2
+    exit 1
+}
+
+log 'Running release_script.sh per controlplane.yml'
+
+if [ -x ./bin/rails ]; then
+    log 'Run DB migrations'
+    ./bin/rails db:prepare || error_exit "Failed to run DB migrations"
+else
+    error_exit "./bin/rails does not exist or is not executable"
+fi
+
+log 'Completed release_script.sh per controlplane.yml'

.controlplane/templates/gvc.yml renamed to .controlplane/templates/app.yml

@@ -1,15 +1,15 @@
 # Template setup of the GVC, roughly corresponding to a Heroku app
 kind: gvc
-name: APP_GVC
+name: { { APP_NAME } }
 spec:
   # For using templates for test apps, put ENV values here, stored in git repo.
   # Production apps will have values configured manually after app creation.
   env:
     - name: DATABASE_URL
-      # Password does not matter because host postgres.APP_GVC.cpln.local can only be accessed
+      # Password does not matter because host postgres.{{APP_NAME}}.cpln.local can only be accessed
       # locally within CPLN GVC, and postgres running on a CPLN workload is something only for a
       # test app that lacks persistence.
-      value: 'postgres://the_user:the_password@postgres.APP_GVC.cpln.local:5432/APP_GVC'
+      value: 'postgres://the_user:the_password@postgres.{{APP_NAME}}.cpln.local:5432/{{APP_NAME}}'
     - name: RAILS_ENV
       value: production
     - name: NODE_ENV
@@ -18,8 +18,13 @@ spec:
       value: 'true'
     - name: REDIS_URL
       # No password for GVC local Redis. See comment above for postgres.
-      value: 'redis://redis.APP_GVC.cpln.local:6379'
+      value: 'redis://redis.{{APP_NAME}}.cpln.local:6379'
   # Part of standard configuration
   staticPlacement:
     locationLinks:
-      - /org/APP_ORG/location/APP_LOCATION
+      - { { APP_LOCATION_LINK } }
+
+---
+# Identity is needed to access secrets
+kind: identity
+name: { { APP_IDENTITY } }

.controlplane/templates/daily-task.yml

@@ -20,7 +20,7 @@ spec:
         - rake
         - daily
       inheritEnv: true
-      image: "/org/APP_ORG/image/APP_IMAGE"
+      image: {{APP_IMAGE_LINK}}
   defaultOptions:
     autoscaling:
       minScale: 1
@@ -30,4 +30,5 @@ spec:
     external:
       outboundAllowCIDR:
         - 0.0.0.0/0
-  identityLink: /org/APP_ORG/gvc/APP_GVC/identity/postgres-poc-identity
+  # Identity is used for binding workload to secrets
+  identityLink: {{APP_IDENTITY_LINK}}

.controlplane/templates/org.yml

@@ -0,0 +1,23 @@
+# Org level secrets are used to store sensitive information that is
+# shared across multiple apps in the same organization. This is
+# useful for storing things like API keys, database credentials, and
+# other sensitive information that is shared across multiple apps
+# in the same organization.
+
+# This is how you apply this once (not during CI)
+# cpl apply-template secrets  -a qa-react-webpack-rails-tutorial --org shakacode-open-source-examples-staging
+
+kind: secret
+name: {{APP_SECRETS}}
+type: dictionary
+data:
+  SOME_ENV: "123456"
+
+---
+
+# Policy is needed to allow identities to access secrets
+kind: policy
+name: {{APP_SECRETS_POLICY}}
+targetKind: secret
+targetLinks:
+  - //secret/{{APP_SECRETS}}

.controlplane/templates/postgres.yml

@@ -106,7 +106,7 @@ bindings:
 #      - use
 #      - view
     principalLinks:
-      - //gvc/APP_GVC/identity/postgres-poc-identity
+      - //gvc/{{APP_NAME}}/identity/postgres-poc-identity
 targetKind: secret
 targetLinks:
   - //secret/postgres-poc-credentials
@@ -139,9 +139,6 @@ spec:
       args:
         - "-c"
         - "cat /usr/local/bin/cpln-entrypoint.sh >> ./cpln-entrypoint.sh && chmod u+x ./cpln-entrypoint.sh && ./cpln-entrypoint.sh postgres"
-      #command:  "cpln-entrypoint.sh"
-      #args:
-      #  - "postgres"
       ports:
         - number: 5432
           protocol: tcp

.controlplane/templates/rails.yml

@@ -14,7 +14,7 @@ spec:
           value: debug
       # Inherit other ENV values from GVC
       inheritEnv: true
-      image: '/org/APP_ORG/image/APP_IMAGE'
+      image: {{APP_IMAGE_LINK}}
       # 512 corresponds to a standard 1x dyno type
       memory: 512Mi
       ports:
@@ -34,3 +34,5 @@ spec:
       # Could configure outbound for more security
       outboundAllowCIDR:
         - 0.0.0.0/0
+  # Identity is used for binding workload to secrets
+  identityLink: {{APP_IDENTITY_LINK}}

.github/actions/deploy-to-control-plane/action.yml

@@ -4,7 +4,6 @@ name: Deploy-To-Control-Plane
 description: 'Deploys both to staging and to review apps'
 
 inputs:
-  # The name of the app to deploy
   app_name:
     description: 'The name of the app to deploy'
     required: true
@@ -20,25 +19,25 @@ runs:
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:
-        ruby-version: '3.2'  # Specify your Ruby version here
+        ruby-version: '3.3.3' # Specify your Ruby version here
 
     - name: Install Control Plane CLI
       shell: bash
       run: |
         sudo npm install -g @controlplane/[email protected]
         cpln --version
         gem install cpflow -v 4.0.0
+        cpflow --version
 
     - name: Set Short SHA
       id: vars
       shell: bash
       run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
 
-    - name: cpflow profile
+    - name: cpln profile
       shell: bash
       run: |
         cpln profile update default
-  #          cpln profile update default --token ${CPLN_TOKEN}
 
     # Caching step
     - uses: actions/cache@v2
@@ -49,22 +48,24 @@ runs:
           ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile', '**/package.json', '**/yarn.lock') }}
           ${{ runner.os }}-docker-
 
+    - name: cpflow setup-app
+      shell: bash
+      run: |
+        if ! cpflow exists -a ${{ inputs.app_name }} ; then
+          cpflow setup-app -a ${{ inputs.app_name }}
+        fi
+    # Provision all infrastructure on Control Plane.
+    # app react-webpack-rails-tutorial will be created per definition in .controlplane/controlplane.yml
     - name: cpflow build-image
       shell: bash
       run: |
         cpln image docker-login
+        # Use BUILDKIT_PROGRESS=plain to get more verbose logging of the build
+        # BUILDKIT_PROGRESS=plain cpflow build-image -a ${{ inputs.app_name }} --commit ${{steps.vars.outputs.sha_short}} --org ${{inputs.org}}
         cpflow build-image -a ${{ inputs.app_name }} --commit ${{steps.vars.outputs.sha_short}} --org ${{inputs.org}}
-        # --cache /tmp/.docker-cache 
-
-    - name: Run release script
-      shell: bash
-      run: |
-        # Run database migrations (or other release tasks) with the latest image,
-        # while the app is still running on the previous image.
-        # This is analogous to the release phase.
-        cpflow run './.controlplane/release_script.sh' -a ${{ inputs.app_name }}  --image latest
-
+        # --cache /tmp/.docker-cache
     - name: Deploy to Control Plane
       shell: bash
       run: |
-        cpflow deploy-image -a ${{ inputs.app_name }} --org ${{inputs.org}}  
+        echo "Deploying to Control Plane"
+        cpflow deploy-image -a ${{ inputs.app_name }} --run-release-phase --org ${{inputs.org}}  --verbose

.github/workflows/add-comment-on-pr-creation.yml

@@ -0,0 +1,20 @@
+name: Add helper Comment on PR creation
+
+on:
+  pull_request:
+    types: [opened]
+
+jobs:
+  comment-on-pr:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Add GitHub Comment for review app instructions
+        uses: actions/github-script@v6
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: "Hi 👋 To deploy a review app, please comment `/deploy-review-app`"
+            })