From 7c20058f31c4c628bddb72026d016566f6240567 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Wed, 15 May 2024 14:07:59 +0200 Subject: [PATCH 01/54] fix pass --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 405a597..5c2e140 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -58,7 +58,7 @@ jobs: with: rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }} cluster-name: "${{ env.CLUSTER_NAME }}" - admin-password: ${{ env.CI_OPENSHIFT_MAIN_PASSWORD }} + admin-password: "${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }}" aws-region: ${{ env.AWS_REGION }} namespace: "myns" s3-backend-bucket: ${{ env.TF_S3_BUCKET }} From acd3892f87c724b781b1dbc6258b34be9ca29469 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Wed, 15 May 2024 14:32:26 +0200 Subject: [PATCH 02/54] improve tests --- .github/labeler.yml | 17 ++++++++++ .github/workflows/labeler.yml | 13 ++++++++ .github/workflows/lint.yml | 2 -- .github/workflows/tests.yml | 27 +++++++++------ .lint/terraform_docs/.terraform-docs.yml | 42 ++++++++++++++++++++++++ .lint/tflint/.tflint.hcl | 25 ++++++++++++++ .pre-commit-config.yaml | 14 ++++++++ .tool-versions | 11 ++++--- 8 files changed, 134 insertions(+), 17 deletions(-) create mode 100644 .github/labeler.yml create mode 100644 .github/workflows/labeler.yml create mode 100644 .lint/terraform_docs/.terraform-docs.yml create mode 100644 .lint/tflint/.tflint.hcl diff --git a/.github/labeler.yml b/.github/labeler.yml new file mode 100644 index 0000000..c0978e3 --- /dev/null +++ b/.github/labeler.yml @@ -0,0 +1,17 @@ +# Add 'feature' label to any PR where the head branch name starts with `feature` or has a `feature` section in the name +feature: + - head-branch: ['^feature', 'feature'] + +# Add 'test' label to any changes within 'test' folder or any subfolders +test: + - changed-files: + - any-glob-to-any-file: + - test/**.go + - test/**/go.mod + - modules/fixtures/** + +terraform: + - changed-files: + - any-glob-to-any-file: + - modules/**.tf + - .tool-versions diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml new file mode 100644 index 0000000..907942e --- /dev/null +++ b/.github/workflows/labeler.yml @@ -0,0 +1,13 @@ +name: "Pull Request Labeler" +on: + pull_request_target: + schedule: + - cron: "0 1 * * 1" +jobs: + labeler: + permissions: + contents: read + pull-requests: write + runs-on: ubuntu-latest + steps: + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 161b6a1..255305b 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -6,8 +6,6 @@ on: push: workflow_dispatch: -# TODO: copy lint logic of eks repo - jobs: lint: name: pre-commit diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 5c2e140..310f61f 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -1,9 +1,17 @@ --- name: Cluster creation and destruction test -# TODO: align this with EKS current strategy on: - push: + workflow_dispatch: + pull_request: + # the paths should be synced with ../labeler.yml + paths: + - modules/fixtures/** + - modules/**.tf + - .tool-versions + - .github/workflows/tests.yml + - .github/actions/** + - justfile # limit to a single execution per actor of this workflow concurrency: @@ -13,15 +21,10 @@ env: AWS_PROFILE: "infex" AWS_REGION: "eu-west-2" TF_S3_BUCKET: "camunda-tf-rosa" - CLUSTER_NAME: "mycluster" jobs: - # TODO: implement same logic as EKS - # We can skip some tests using the commit description (skip-tests:NameOfTest1,NameOfTest2) or all tests (skip-tests:all) (see `DEVELOPER.md`) - # If all tests are skipped, the result of this workflow will be `failed` on purpose - # If you want to skip tests and have no error, you need to use `testing-ci-not-necessary` as a label on the PR - configure-tests: + action-test: runs-on: ubuntu-latest steps: - name: Checkout repository @@ -30,6 +33,10 @@ jobs: ref: ${{ github.head_ref }} fetch-depth: 0 + - name: Get Short GitHub SHA + id: short_git_sha + run: echo "short_git_sha=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" + - name: Import Secrets id: secrets uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3 @@ -57,7 +64,7 @@ jobs: uses: ./.github/actions/rosa-create-cluster with: rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }} - cluster-name: "${{ env.CLUSTER_NAME }}" + cluster-name: "tf-rosa-${{ steps.short_git_sha.outputs.short_git_sha }}" admin-password: "${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }}" aws-region: ${{ env.AWS_REGION }} namespace: "myns" @@ -69,6 +76,6 @@ jobs: uses: ./.github/actions/rosa-delete-cluster with: rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }} - cluster-name: "${{ env.CLUSTER_NAME }}" + cluster-name: "tf-rosa-${{ steps.short_git_sha.outputs.short_git_sha }}" aws-region: ${{ env.AWS_REGION }} s3-backend-bucket: ${{ env.TF_S3_BUCKET }} diff --git a/.lint/terraform_docs/.terraform-docs.yml b/.lint/terraform_docs/.terraform-docs.yml new file mode 100644 index 0000000..31a455d --- /dev/null +++ b/.lint/terraform_docs/.terraform-docs.yml @@ -0,0 +1,42 @@ +--- +# Configuration documentation https://terraform-docs.io/user-guide/configuration/ +formatter: "markdown table" # Required +version: "0.17" + +header-from: main.tf +footer-from: "" + +recursive: + enabled: false + +content: |- + {{ .Modules }} + {{ .Resources }} + {{ .Inputs }} + {{ .Outputs }} +sections: + hide: [] + show: [] + +output-values: + enabled: false + from: "" + +sort: + enabled: true + by: name + +settings: + anchor: true + color: true + default: true + description: true + escape: true + hide-empty: false + html: true + indent: 2 + lockfile: false + read-comments: true + required: true + sensitive: true + type: true diff --git a/.lint/tflint/.tflint.hcl b/.lint/tflint/.tflint.hcl new file mode 100644 index 0000000..9127bc1 --- /dev/null +++ b/.lint/tflint/.tflint.hcl @@ -0,0 +1,25 @@ +# Standard ruleset documentation: https://github.com/terraform-linters/tflint-ruleset-terraform/tree/main/docs/rules + +rule "terraform_naming_convention" { + enabled = true + custom = "^[a-z][a-z0-9_]{0,62}[a-z0-9]$" + module { + custom = "^[a-z][a-z0-9_]{0,70}[a-z0-9]$" + } +} + +rule "terraform_typed_variables" { + enabled = false +} + +rule "terraform_unused_declarations" { + enabled = false +} + +rule "terraform_required_version" { + enabled = false +} + +rule "terraform_required_providers" { + enabled = false +} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 2cb623b..e8cae76 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -34,6 +34,20 @@ repos: stages: [commit-msg] args: ["--strict" , "--force-scope"] +- repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.88.4 + hooks: + - id: terraform_fmt + - id: terraform_tflint + args: + - --args=--config=__GIT_WORKING_DIR__/.lint/tflint/.tflint.hcl + - id: terraform_docs + args: + - --hook-config=--path-to-file=README.md + - --hook-config=--create-file-if-not-exist=true + - --hook-config=--add-to-existing-file=true + - --args=--config=.lint/terraform_docs/.terraform-docs.yml + - repo: https://github.com/tcort/markdown-link-check rev: v3.12.1 # use tags until renovate supports sha: https://github.com/renovatebot/renovate/issues/22567 hooks: diff --git a/.tool-versions b/.tool-versions index 81a5490..1bcc571 100644 --- a/.tool-versions +++ b/.tool-versions @@ -3,20 +3,21 @@ # check it with # diff <(sed '/^#/d; /^$/d' .tool-versions | sort) <(sed '/^#/d; /^$/d' .tool-versions) && echo ".tool-versions is sorted correctly" || echo ".tool-versions is not sorted correctly" -# renovate: datasource=github-releases depName=aws/aws-cli awscli 2.15.42 -# renovate: datasource=golang-version depName=golang golang 1.22.2 -# renovate: datasource=github-releases depName=casey/just just 1.25.2 -# renovate: datasource=github-releases depName=pre-commit/pre-commit pre-commit 3.7.0 -# renovate: datasource=github-releases depName=hashicorp/terraform terraform 1.8.2 +terraform-docs 0.17.0 + +tflint 0.50.3 + +tfsec 1.28.5 + # TODO: rosa and oc not supported # TODO: add helm From 36224c24991534752254969a65ebfd4ea85e630b Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Wed, 15 May 2024 16:10:52 +0200 Subject: [PATCH 03/54] debug without delete --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 310f61f..575265c 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -72,7 +72,7 @@ jobs: - name: Delete Cluster timeout-minutes: 125 - if: always() + if: false uses: ./.github/actions/rosa-delete-cluster with: rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }} From 715a22876eabf9ec040c25e72ad33a6448965f2d Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Wed, 15 May 2024 17:47:14 +0200 Subject: [PATCH 04/54] reuse same name --- .github/workflows/tests.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 575265c..8e4ea3b 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -35,7 +35,9 @@ jobs: - name: Get Short GitHub SHA id: short_git_sha - run: echo "short_git_sha=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" + # run: echo "short_git_sha=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" + # TODO: revert + run: echo "short_git_sha=36224c2" >> "$GITHUB_OUTPUT" - name: Import Secrets id: secrets From 706296d4bbc558114702a209f6e08ce1fcb7dd5e Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Wed, 15 May 2024 17:57:09 +0200 Subject: [PATCH 05/54] add readme --- .github/workflows/tests.yml | 2 +- README.md | 100 +++++++++++++++++++++++++++++++++++- 2 files changed, 100 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 8e4ea3b..de486ae 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -74,7 +74,7 @@ jobs: - name: Delete Cluster timeout-minutes: 125 - if: false + if: always() uses: ./.github/actions/rosa-delete-cluster with: rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }} diff --git a/README.md b/README.md index ae8f9bf..0965cb1 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,9 @@ [![tests](https://github.com/camunda/camunda-tf-rosa/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/camunda/camunda-tf-rosa/actions/workflows/tests.yml) [![License](https://img.shields.io/github/license/camunda/camunda-tf-rosa)](LICENSE) -Terraform module which creates Red Hat OpenShift with Hosted Control Plane on AWS (ROSA HCP) cluster with an opinionated configuration targeting Camunda 8. +This module automates the creation of a ROSA HCP cluster with an opinionated configuration targeting Camunda 8 on AWS using Terraform. + +For more detailed usage and configuration options, please refer to the module's inputs and outputs documentation below. ## Documentation @@ -19,6 +21,102 @@ WIP * ROSA CLI * OpenShift CLI +### Terraform + +To use this module with Terraform, follow these steps: + +1. **Create a Terraform configuration file** (e.g., `main.tf`). +2. **Include the ROSA HCP module** in your configuration file. + +Here's an example configuration: + +```hcl +module "rosa_hcp" { + source = "github.com/camunda/camunda-tf-rosa.git//modules/rosa-hcp?ref=main" + + cluster_name = "my-ocp-cluster" + htpasswd_password = "your_password" + offline_access_token = "your_ocm_token" # see below for instructions + openshift_version = "4.15.11" + replicas = "2" +} +``` + +3. **Initialize Terraform** by running: + ```sh + terraform init + ``` + +4. **Review the execution plan** with: + ```sh + terraform plan + ``` + +5. **Apply the configuration** to create the resources: + ```sh + terraform apply + ``` + +### GitHub Actions + +You can automate the deployment and deletion of the ROSA HCP cluster using GitHub Actions. Below are examples of GitHub Actions workflows for deploying and deleting the cluster. + +#### Deploy ROSA HCP Cluster + +Create a file in your repository's `.github/workflows` directory, for example `deploy-rosa-hcp.yml`, with the following content: + +```yaml +name: Deploy ROSA HCP Cluster + +on: + push: + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Add profile credentials to ~/.aws/credentials + run: | + aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }} + aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }} + aws configure set region ${{ env.AWS_REGION }} --profile ${{ env.AWS_PROFILE }} + + - name: Deploy ROSA HCP Cluster + uses: camunda/camunda-tf-rosa/.github/actions/rosa-create-cluster@main + with: + rh-token: ${{ secrets.RH_OPENSHIFT_TOKEN }} + cluster-name: "my-ocp-cluster" + admin-password: ${{ secrets.CI_OPENSHIFT_MAIN_PASSWORD }} + aws-region: "us-west-2" + namespace: "myns" + s3-backend-bucket: ${{ secrets.TF_S3_BUCKET }} +``` + +#### Delete ROSA HCP Cluster + +Create another file in your repository's `.github/workflows` directory, for example `delete-rosa-hcp.yml`, with the following content: + +```yaml +name: Delete ROSA HCP Cluster + +on: + workflow_dispatch: + +jobs: + delete: + runs-on: ubuntu-latest + steps: + - name: Delete ROSA HCP Cluster + uses: camunda/camunda-tf-rosa/.github/actions/rosa-delete-cluster@main + with: + rh-token: ${{ secrets.RH_OPENSHIFT_TOKEN }} + cluster-name: "my-ocp-cluster" + aws-region: "us-west-2" + s3-backend-bucket: ${{ secrets.TF_S3_BUCKET }} +``` + +TODO: add description of the actions from definition + ### Getting started : Create a ROSA HCP cluster From 9c6c590a1835996146edfb002c7d36aa8e5d5079 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Wed, 15 May 2024 18:00:36 +0200 Subject: [PATCH 06/54] launch other instance --- .github/workflows/tests.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index de486ae..75ffcf3 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -14,8 +14,9 @@ on: - justfile # limit to a single execution per actor of this workflow -concurrency: - group: "${{ github.workflow }}-${{ github.actor }}" +# concurrency: +# group: "${{ github.workflow }}-${{ github.actor }}" +# TODO: re-enable this env: AWS_PROFILE: "infex" @@ -37,7 +38,7 @@ jobs: id: short_git_sha # run: echo "short_git_sha=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" # TODO: revert - run: echo "short_git_sha=36224c2" >> "$GITHUB_OUTPUT" + run: echo "short_git_sha=36224f3" >> "$GITHUB_OUTPUT" - name: Import Secrets id: secrets From 4a0c8b56c3fdc119cbb09e00363682a259797540 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Wed, 15 May 2024 20:45:03 +0200 Subject: [PATCH 07/54] conditional cluster definition ocp_cluster_name=leogit delete_ocp_cluster=false --- .../actions/rosa-create-cluster/action.yml | 4 +++ .github/workflows/tests.yml | 29 ++++++++++++++----- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index 5b59e4a..7094e9f 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -175,10 +175,14 @@ runs: - name: Generate kubeconfig shell: bash id: kube_config + # TODO: remove sleep time run: | export server_api=$(rosa describe cluster --output=json -c "${{ steps.apply.outputs.cluster_id }}" | jq -r '.api.url') echo "server_api=$server_api" >> "$GITHUB_OUTPUT" + echo "Wait some time before login" + sleep 30 + oc login --username "${{ inputs.admin-username }}" --password "${{ inputs.admin-password }}" --server=$server_api kubectl config rename-context $(oc config current-context) "${{ inputs.cluster-name }}" kubectl config use "${{ inputs.cluster-name }}" diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 75ffcf3..ef6fcd3 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -34,11 +34,24 @@ jobs: ref: ${{ github.head_ref }} fetch-depth: 0 - - name: Get Short GitHub SHA - id: short_git_sha - # run: echo "short_git_sha=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" - # TODO: revert - run: echo "short_git_sha=36224f3" >> "$GITHUB_OUTPUT" + - name: Get OCP Cluster Name and Delete Flag + id: commit_info + run: | + COMMIT_MSG=$(git log -1 --pretty=%B) + if [[ "$COMMIT_MSG" =~ ocp_cluster_name=([^\s]+) ]]; then + CLUSTER_NAME=${BASH_REMATCH[1]} + else + CLUSTER_NAME=$(git rev-parse --short HEAD) + fi + + if [[ "$COMMIT_MSG" =~ delete_ocp_cluster=false ]]; then + DELETE_CLUSTER="false" + else + DELETE_CLUSTER="true" + fi + + echo "cluster_name=$CLUSTER_NAME" >> "$GITHUB_OUTPUT" + echo "delete_cluster=$DELETE_CLUSTER" >> "$GITHUB_OUTPUT" - name: Import Secrets id: secrets @@ -67,7 +80,7 @@ jobs: uses: ./.github/actions/rosa-create-cluster with: rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }} - cluster-name: "tf-rosa-${{ steps.short_git_sha.outputs.short_git_sha }}" + cluster-name: "${{ steps.commit_info.outputs.cluster_name }}" admin-password: "${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }}" aws-region: ${{ env.AWS_REGION }} namespace: "myns" @@ -75,10 +88,10 @@ jobs: - name: Delete Cluster timeout-minutes: 125 - if: always() + if: always() && steps.commit_info.outputs.delete_cluster == 'true' uses: ./.github/actions/rosa-delete-cluster with: rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }} - cluster-name: "tf-rosa-${{ steps.short_git_sha.outputs.short_git_sha }}" + cluster-name: "${{ steps.ocp_cluster_name.outputs.cluster_name }}" aws-region: ${{ env.AWS_REGION }} s3-backend-bucket: ${{ env.TF_S3_BUCKET }} From 150ec70553e7c502cca690f530100d08fe612642 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Wed, 15 May 2024 20:54:08 +0200 Subject: [PATCH 08/54] conditional cluster definition ocp_cluster_name=leogit delete_ocp_cluster=false --- .github/workflows/tests.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ef6fcd3..e1c1545 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -37,21 +37,21 @@ jobs: - name: Get OCP Cluster Name and Delete Flag id: commit_info run: | - COMMIT_MSG=$(git log -1 --pretty=%B) - if [[ "$COMMIT_MSG" =~ ocp_cluster_name=([^\s]+) ]]; then - CLUSTER_NAME=${BASH_REMATCH[1]} + commit_message=$(git log -1 --pretty=format:"%B") + if echo "$commit_message" | grep -qE 'ocp_cluster_name=([^\s]+)'; then + cluster_name=$(echo "$commit_message" | grep -oP 'ocp_cluster_name=\K[^\s]+') else - CLUSTER_NAME=$(git rev-parse --short HEAD) + cluster_name=$(git rev-parse --short HEAD) fi - - if [[ "$COMMIT_MSG" =~ delete_ocp_cluster=false ]]; then - DELETE_CLUSTER="false" + + if echo "$commit_message" | grep -q 'delete_ocp_cluster=false'; then + delete_cluster="false" else - DELETE_CLUSTER="true" + delete_cluster="true" fi - echo "cluster_name=$CLUSTER_NAME" >> "$GITHUB_OUTPUT" - echo "delete_cluster=$DELETE_CLUSTER" >> "$GITHUB_OUTPUT" + echo "cluster_name=$cluster_name" >> "$GITHUB_OUTPUT" + echo "delete_cluster=$delete_cluster" >> "$GITHUB_OUTPUT" - name: Import Secrets id: secrets From 8f646c80072a9072d8e1d573cefa84570717658e Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Wed, 15 May 2024 22:01:35 +0200 Subject: [PATCH 09/54] conditional cluster definition ocp_cluster_name=leogit2 delete_ocp_cluster=false --- .github/actions/rosa-create-cluster/action.yml | 15 ++++----------- .github/workflows/tests.yml | 7 ++++++- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index 7094e9f..691f882 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -33,10 +33,6 @@ inputs: description: 'Version of the aws cli to use' required: true default: "1.32.105" # TODO: for all versions, update default one with renovate - oc-version: - description: 'Version of the oc cli to install' - required: true - default: "latest" openshift-version: description: 'Version of the OpenShift to install' required: true @@ -84,10 +80,10 @@ runs: - name: Install Terraform uses: hashicorp/setup-terraform@v3 - - name: Install oc CLI - uses: redhat-actions/oc-installer@v1 + - name: Install CLI tools from OpenShift Mirror + uses: redhat-actions/openshift-tools-installer@v1 with: - oc_version: ${{ inputs.oc-version }} + oc: "${{ inputs.openshift-version }}" - name: Login to Red Hat Hybrid Cloud Console shell: bash @@ -175,14 +171,11 @@ runs: - name: Generate kubeconfig shell: bash id: kube_config - # TODO: remove sleep time run: | export server_api=$(rosa describe cluster --output=json -c "${{ steps.apply.outputs.cluster_id }}" | jq -r '.api.url') + echo "server_api=$server_api" echo "server_api=$server_api" >> "$GITHUB_OUTPUT" - echo "Wait some time before login" - sleep 30 - oc login --username "${{ inputs.admin-username }}" --password "${{ inputs.admin-password }}" --server=$server_api kubectl config rename-context $(oc config current-context) "${{ inputs.cluster-name }}" kubectl config use "${{ inputs.cluster-name }}" diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index e1c1545..f1affda 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -74,6 +74,11 @@ jobs: aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }} aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }} aws configure set region ${{ env.AWS_REGION }} --profile ${{ env.AWS_PROFILE }} + + - name: Setup tmate session + uses: mxschmitt/action-tmate@v3 + with: + detached: true - name: Create Cluster timeout-minutes: 125 @@ -92,6 +97,6 @@ jobs: uses: ./.github/actions/rosa-delete-cluster with: rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }} - cluster-name: "${{ steps.ocp_cluster_name.outputs.cluster_name }}" + cluster-name: "${{ steps.commit_info.outputs.cluster_name }}" aws-region: ${{ env.AWS_REGION }} s3-backend-bucket: ${{ env.TF_S3_BUCKET }} From addc3c233a1625e7443409e1ba0886f4d58e9b98 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Wed, 15 May 2024 22:02:11 +0200 Subject: [PATCH 10/54] conditional cluster definition ocp_cluster_name=leogit delete_ocp_cluster=true From 02b6fc8b3a45ffbe60abe83fb486454548a5b2df Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Wed, 15 May 2024 22:17:56 +0200 Subject: [PATCH 11/54] conditional cluster definition ocp_cluster_name=leogit3 delete_ocp_cluster=false --- .github/actions/rosa-create-cluster/action.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index 691f882..2abf201 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -75,6 +75,7 @@ runs: curl -O "https://mirror.openshift.com/pub/openshift-v4/clients/rosa/${{ inputs.rosa-cli-version }}/rosa-linux.tar.gz" tar -xvf rosa-linux.tar.gz sudo mv rosa /usr/local/bin/rosa + rm -f rosa-linux.tar.gz rosa version - name: Install Terraform @@ -176,6 +177,7 @@ runs: echo "server_api=$server_api" echo "server_api=$server_api" >> "$GITHUB_OUTPUT" + echo "oc login --username '${{ inputs.admin-username }}' --password '${{ inputs.admin-password }}' --server=$server_api" > login_command.txt oc login --username "${{ inputs.admin-username }}" --password "${{ inputs.admin-password }}" --server=$server_api kubectl config rename-context $(oc config current-context) "${{ inputs.cluster-name }}" kubectl config use "${{ inputs.cluster-name }}" From 793b69211e7c6949a0fdc33888718d5ab0789787 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Wed, 15 May 2024 22:28:36 +0200 Subject: [PATCH 12/54] conditional cluster definition ocp_cluster_name=leogit2 delete_ocp_cluster=true From 5723ede801fb25d2b979696c4779dcd9d75c8a00 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Wed, 15 May 2024 22:32:59 +0200 Subject: [PATCH 13/54] conditional cluster definition ocp_cluster_name=leogit4 delete_ocp_cluster=false --- .github/actions/rosa-create-cluster/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index 2abf201..60dd009 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -178,7 +178,7 @@ runs: echo "server_api=$server_api" >> "$GITHUB_OUTPUT" echo "oc login --username '${{ inputs.admin-username }}' --password '${{ inputs.admin-password }}' --server=$server_api" > login_command.txt - oc login --username "${{ inputs.admin-username }}" --password "${{ inputs.admin-password }}" --server=$server_api + oc login --username="${{ inputs.admin-username }}" --password="${{ inputs.admin-password }}" --server="$server_api" --loglevel=10 kubectl config rename-context $(oc config current-context) "${{ inputs.cluster-name }}" kubectl config use "${{ inputs.cluster-name }}" From 972d4fdd786870dc549e519b5333121443b634d5 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Wed, 15 May 2024 23:09:06 +0200 Subject: [PATCH 14/54] conditional cluster definition ocp_cluster_name=leogit4 delete_ocp_cluster=true From f261d20f43683a0d001b75df7481a17f510032b1 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Wed, 15 May 2024 23:09:14 +0200 Subject: [PATCH 15/54] conditional cluster definition ocp_cluster_name=leogit3 delete_ocp_cluster=true From 22ada8f7fb7054c75ef8520a0976f1e43f8e9775 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Wed, 15 May 2024 23:11:26 +0200 Subject: [PATCH 16/54] conditional cluster definition ocp_cluster_name=leogit4 delete_ocp_cluster=true From dc429964ee4a3c8084852f84fabad28c353dc0a4 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Wed, 15 May 2024 23:12:08 +0200 Subject: [PATCH 17/54] conditional cluster definition ocp_cluster_name=leogit5 delete_ocp_cluster=true --- .github/actions/rosa-create-cluster/action.yml | 6 +++--- .github/workflows/tests.yml | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index 60dd009..405f618 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -17,7 +17,7 @@ inputs: required: true admin-username: description: 'Admin username for the ROSA cluster' - default: "kubeadmin" + default: "cluster-admin" required: true aws-region: description: 'AWS region where the ROSA cluster will be deployed' @@ -177,8 +177,8 @@ runs: echo "server_api=$server_api" echo "server_api=$server_api" >> "$GITHUB_OUTPUT" - echo "oc login --username '${{ inputs.admin-username }}' --password '${{ inputs.admin-password }}' --server=$server_api" > login_command.txt - oc login --username="${{ inputs.admin-username }}" --password="${{ inputs.admin-password }}" --server="$server_api" --loglevel=10 + echo "oc login --username '${{ inputs.admin-username }}' --password '${{ inputs.admin-password }}'" > login_command.txt + oc login $server_api --username="${{ inputs.admin-username }}" --password="${{ inputs.admin-password }}" --loglevel=10 kubectl config rename-context $(oc config current-context) "${{ inputs.cluster-name }}" kubectl config use "${{ inputs.cluster-name }}" diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index f1affda..3f7ff5c 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -86,6 +86,7 @@ jobs: with: rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }} cluster-name: "${{ steps.commit_info.outputs.cluster_name }}" + admin-username: "cluster-admin" admin-password: "${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }}" aws-region: ${{ env.AWS_REGION }} namespace: "myns" From d13bd4586a11e60e9cbb06427d6e80cdc814b4a7 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 09:12:04 +0200 Subject: [PATCH 18/54] conditional cluster definition ocp_cluster_name=leogit5 delete_ocp_cluster=true --- .github/actions/rosa-create-cluster/action.yml | 1 + .github/actions/rosa-delete-cluster/action.yml | 3 ++- .github/workflows/tests.yml | 4 +++- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index 405f618..d29186d 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -137,6 +137,7 @@ runs: repository: "camunda/camunda-tf-rosa" ref: ${{ inputs.tf-modules-revision }} path: ${{ inputs.tf-modules-path }} + fetch-depth: 0 - name: Terraform Init shell: bash diff --git a/.github/actions/rosa-delete-cluster/action.yml b/.github/actions/rosa-delete-cluster/action.yml index 00697d6..d385eb4 100644 --- a/.github/actions/rosa-delete-cluster/action.yml +++ b/.github/actions/rosa-delete-cluster/action.yml @@ -53,6 +53,7 @@ runs: repository: "camunda/camunda-tf-rosa" ref: ${{ inputs.tf-modules-revision }} path: ${{ inputs.tf-modules-path }} + fetch-depth: 0 - name: Terraform Init shell: bash @@ -68,7 +69,7 @@ runs: working-directory: "${{ inputs.tf-modules-path }}/modules/rosa-hcp/" run: | terraform plan -destroy -no-color -out rosa-destroy.plan -var "cluster_name=${{ inputs.cluster-name }}" -var "offline_access_token=${{ inputs.rh-token }}" -var "htpasswd_password=dUmmyPassword$123!" - +# TODO: remove s3 - name: Terraform Apply Destroy shell: bash id: apply-destroy diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3f7ff5c..f1b01d4 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -87,7 +87,9 @@ jobs: rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }} cluster-name: "${{ steps.commit_info.outputs.cluster_name }}" admin-username: "cluster-admin" - admin-password: "${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }}" + #admin-password: "${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }}" + # TODO: change this + admin-password: "myUnsecure1234567!pass" aws-region: ${{ env.AWS_REGION }} namespace: "myns" s3-backend-bucket: ${{ env.TF_S3_BUCKET }} From 9cdbd1d3399af517c947c4876d9020f6b2a923c1 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 09:55:01 +0200 Subject: [PATCH 19/54] conditional cluster definition ocp_cluster_name=leogit6 delete_ocp_cluster=true --- .github/actions/rosa-create-cluster/action.yml | 12 ++++++------ .github/actions/rosa-delete-cluster/action.yml | 12 +++++++++++- .github/workflows/tests.yml | 4 +--- README.md | 1 - 4 files changed, 18 insertions(+), 11 deletions(-) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index d29186d..4f86323 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -169,17 +169,17 @@ runs: id: cluster_info run: | rosa describe cluster --output=json -c "${{ steps.apply.outputs.cluster_id }}" + export server_api=$(rosa describe cluster --output=json -c "${{ steps.apply.outputs.cluster_id }}" | jq -r '.api.url') + echo "server_api=$server_api" + echo "server_api=$server_api" >> "$GITHUB_OUTPUT" - name: Generate kubeconfig shell: bash id: kube_config run: | - export server_api=$(rosa describe cluster --output=json -c "${{ steps.apply.outputs.cluster_id }}" | jq -r '.api.url') - echo "server_api=$server_api" - echo "server_api=$server_api" >> "$GITHUB_OUTPUT" - - echo "oc login --username '${{ inputs.admin-username }}' --password '${{ inputs.admin-password }}'" > login_command.txt - oc login $server_api --username="${{ inputs.admin-username }}" --password="${{ inputs.admin-password }}" --loglevel=10 + oc login --username ${{ inputs.admin-username }} --password ${{ inputs.admin-password }} "${{ steps.cluster_info.outputs.server_api }}" + oc whoami + kubectl config rename-context $(oc config current-context) "${{ inputs.cluster-name }}" kubectl config use "${{ inputs.cluster-name }}" diff --git a/.github/actions/rosa-delete-cluster/action.yml b/.github/actions/rosa-delete-cluster/action.yml index d385eb4..95d7712 100644 --- a/.github/actions/rosa-delete-cluster/action.yml +++ b/.github/actions/rosa-delete-cluster/action.yml @@ -36,6 +36,11 @@ runs: - name: Install Terraform uses: hashicorp/setup-terraform@v3 + - name: Install aws-cli + shell: bash + run: | + python3 -m pip install "awscli==${{ inputs.awscli-version }}" + - name: Set Terraform variables shell: bash id: set-terraform-variables @@ -69,10 +74,15 @@ runs: working-directory: "${{ inputs.tf-modules-path }}/modules/rosa-hcp/" run: | terraform plan -destroy -no-color -out rosa-destroy.plan -var "cluster_name=${{ inputs.cluster-name }}" -var "offline_access_token=${{ inputs.rh-token }}" -var "htpasswd_password=dUmmyPassword$123!" -# TODO: remove s3 + - name: Terraform Apply Destroy shell: bash id: apply-destroy working-directory: "${{ inputs.tf-modules-path }}/modules/rosa-hcp/" run: | terraform apply -destroy -no-color rosa-destroy.plan + + - name: Delete Terraform State + shell: bash + run: | + aws s3 rm s3://${{ steps.set-terraform-variables.outputs.TFSTATE_BUCKET }}/${{ steps.set-terraform-variables.outputs.TFSTATE_KEY }} diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index f1b01d4..3f7ff5c 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -87,9 +87,7 @@ jobs: rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }} cluster-name: "${{ steps.commit_info.outputs.cluster_name }}" admin-username: "cluster-admin" - #admin-password: "${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }}" - # TODO: change this - admin-password: "myUnsecure1234567!pass" + admin-password: "${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }}" aws-region: ${{ env.AWS_REGION }} namespace: "myns" s3-backend-bucket: ${{ env.TF_S3_BUCKET }} diff --git a/README.md b/README.md index 0965cb1..5702eed 100644 --- a/README.md +++ b/README.md @@ -147,7 +147,6 @@ rosa verify quota --region="$AWS_REGION" # this may fail due to org policy rosa verify permissions --region="$AWS_REGION" -# TODO: check if this one is required: rosa create account-roles --mode auto ``` 5. Enable HCP ROSA on [AWS MarkePlace](https://docs.openshift.com/rosa/cloud_experts_tutorials/cloud-experts-rosa-hcp-activation-and-account-linking-tutorial.html) From aeb77459a6bc5ac03cca83db571d261fce9e2fe0 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 10:00:14 +0200 Subject: [PATCH 20/54] conditional cluster definition ocp_cluster_name=leogit5 delete_ocp_cluster=true From 6954e59da332d2bcce47b32d7a3a2143a1aee433 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 11:26:16 +0200 Subject: [PATCH 21/54] conditional cluster definition ocp_cluster_name=leogit7 delete_ocp_cluster=false --- .../actions/rosa-create-cluster/action.yml | 21 +------------ .github/workflows/tests.yml | 30 ++++++++++++++++--- 2 files changed, 27 insertions(+), 24 deletions(-) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index 4f86323..c4f3944 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -171,23 +171,4 @@ runs: rosa describe cluster --output=json -c "${{ steps.apply.outputs.cluster_id }}" export server_api=$(rosa describe cluster --output=json -c "${{ steps.apply.outputs.cluster_id }}" | jq -r '.api.url') echo "server_api=$server_api" - echo "server_api=$server_api" >> "$GITHUB_OUTPUT" - - - name: Generate kubeconfig - shell: bash - id: kube_config - run: | - oc login --username ${{ inputs.admin-username }} --password ${{ inputs.admin-password }} "${{ steps.cluster_info.outputs.server_api }}" - oc whoami - - kubectl config rename-context $(oc config current-context) "${{ inputs.cluster-name }}" - kubectl config use "${{ inputs.cluster-name }}" - - - name: Create namespace if not exists - shell: bash - run: | - if ! oc get namespace "${{ inputs.namespace }}"; then - oc new-project "${{ inputs.namespace }}" - else - echo "Namespace '${{ inputs.namespace }}' already exists" - fi + echo "server_api=$server_api" >> "$GITHUB_OUTPUT" \ No newline at end of file diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3f7ff5c..b46168a 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -22,6 +22,8 @@ env: AWS_PROFILE: "infex" AWS_REGION: "eu-west-2" TF_S3_BUCKET: "camunda-tf-rosa" + OCP_ADMIN_USERNAME: "cluster-admin" + OCP_NAMESPACE: "myns" jobs: @@ -83,15 +85,35 @@ jobs: - name: Create Cluster timeout-minutes: 125 uses: ./.github/actions/rosa-create-cluster + id: create_cluster with: rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }} - cluster-name: "${{ steps.commit_info.outputs.cluster_name }}" - admin-username: "cluster-admin" - admin-password: "${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }}" + cluster-name: ${{ steps.commit_info.outputs.cluster_name }} + admin-username: ${{ env.OCP_ADMIN_USERNAME }} + admin-password: ${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }} aws-region: ${{ env.AWS_REGION }} - namespace: "myns" + namespace: ${{ env.OCP_NAMESPACE }} s3-backend-bucket: ${{ env.TF_S3_BUCKET }} + - name: Generate kubeconfig + shell: bash + id: kube_config + run: | + oc login --username ${{ env.OCP_ADMIN_USERNAME }} --password ${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }} "${{ steps.create_cluster.outputs.openshift-server-api }}" + oc whoami + + kubectl config rename-context $(oc config current-context) "${{ steps.commit_info.outputs.cluster_name }}" + kubectl config use "${{ steps.commit_info.outputs.cluster_name }}" + + - name: Create namespace if not exists + shell: bash + run: | + if ! oc get namespace "${{ env.OCP_NAMESPACE }}"; then + oc new-project "${{ env.OCP_NAMESPACE }}" + else + echo "Namespace '${{ env.OCP_NAMESPACE }}' already exists" + fi + - name: Delete Cluster timeout-minutes: 125 if: always() && steps.commit_info.outputs.delete_cluster == 'true' From 43d9f2c1053ac68544feb7b5fccb3684bd0eddc4 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 12:05:53 +0200 Subject: [PATCH 22/54] conditional cluster definition ocp_cluster_name=leogit7 delete_ocp_cluster=false --- .github/actions/rosa-create-cluster/action.yml | 7 +++---- .github/actions/rosa-delete-cluster/action.yml | 2 +- README.md | 13 +++++++++++++ 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index c4f3944..204636c 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -1,9 +1,8 @@ name: Deploy ROSA HCP Cluster description: | - This GitHub Action automates the deployment of a ROSA (Red Hat OpenShift Service on AWS) cluster using Terraform with a dedicated namespace. + This GitHub Action automates the deployment of a ROSA (Red Hat OpenShift Service on AWS) cluster using Terraform. This action will also install oc, awscli, rosa cli. - This action also set the current kube context on the created namespace. inputs: rh-token: @@ -36,7 +35,7 @@ inputs: openshift-version: description: 'Version of the OpenShift to install' required: true - default: "4.15.11" + default: "4.15.12" replicas: description: 'Number of replicas for the ROSA cluster' required: true @@ -56,7 +55,7 @@ inputs: outputs: openshift-server-api: description: 'The server API URL of the deployed ROSA cluster' - value: ${{ steps.kube_config.outputs.cluster_api }} + value: ${{ steps.cluster_info.outputs.cluster_api }} openshift-cluster-id: description: 'The ID of the deployed ROSA cluster' diff --git a/.github/actions/rosa-delete-cluster/action.yml b/.github/actions/rosa-delete-cluster/action.yml index 95d7712..64fbe21 100644 --- a/.github/actions/rosa-delete-cluster/action.yml +++ b/.github/actions/rosa-delete-cluster/action.yml @@ -2,7 +2,7 @@ name: Delete ROSA HCP Cluster description: | This GitHub Action automates the deletion of a ROSA (Red Hat OpenShift Service on AWS) cluster using Terraform. - This action will also uninstall oc, awscli, rosa cli. + This action will also install awscli. inputs: rh-token: diff --git a/README.md b/README.md index 5702eed..dc0fb9b 100644 --- a/README.md +++ b/README.md @@ -83,13 +83,26 @@ jobs: - name: Deploy ROSA HCP Cluster uses: camunda/camunda-tf-rosa/.github/actions/rosa-create-cluster@main + id: create_cluster with: rh-token: ${{ secrets.RH_OPENSHIFT_TOKEN }} cluster-name: "my-ocp-cluster" + admin-username: "cluster-admin" admin-password: ${{ secrets.CI_OPENSHIFT_MAIN_PASSWORD }} aws-region: "us-west-2" namespace: "myns" s3-backend-bucket: ${{ secrets.TF_S3_BUCKET }} + + - name: Generate kubeconfig + shell: bash + id: kube_config + run: | + oc login --username "cluster-admin" --password ${{ secrets.CI_OPENSHIFT_MAIN_PASSWORD }} "${{ steps.create_cluster.outputs.openshift-server-api }}" + oc whoami + + kubectl config rename-context $(oc config current-context) "my-ocp-cluster" + kubectl config use "my-ocp-cluster" + ``` #### Delete ROSA HCP Cluster From 8c63f6af839ea81fb718413689e45fcd4138c44e Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 12:08:20 +0200 Subject: [PATCH 23/54] conditional cluster definition ocp_cluster_name=leogit7 delete_ocp_cluster=false --- .github/actions/rosa-create-cluster/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index 204636c..a237771 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -35,7 +35,7 @@ inputs: openshift-version: description: 'Version of the OpenShift to install' required: true - default: "4.15.12" + default: "4.15.11" replicas: description: 'Number of replicas for the ROSA cluster' required: true From 0e31d47a6a639b62cddaccd0796f64cb225397a9 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 12:13:15 +0200 Subject: [PATCH 24/54] conditional cluster definition ocp_cluster_name=leogit7 delete_ocp_cluster=false --- .github/actions/rosa-create-cluster/action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index a237771..334feac 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -168,6 +168,6 @@ runs: id: cluster_info run: | rosa describe cluster --output=json -c "${{ steps.apply.outputs.cluster_id }}" - export server_api=$(rosa describe cluster --output=json -c "${{ steps.apply.outputs.cluster_id }}" | jq -r '.api.url') - echo "server_api=$server_api" - echo "server_api=$server_api" >> "$GITHUB_OUTPUT" \ No newline at end of file + export cluster_api=$(rosa describe cluster --output=json -c "${{ steps.apply.outputs.cluster_id }}" | jq -r '.api.url') + echo "cluster_api=$cluster_api" + echo "cluster_api=$cluster_api" >> "$GITHUB_OUTPUT" \ No newline at end of file From 9ff1ad42d3fcf830d43e77e785e55c56ade03b4b Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 12:15:25 +0200 Subject: [PATCH 25/54] conditional cluster definition ocp_cluster_name=leogit8 delete_ocp_cluster=false From 7394ea932befa1c0ca0ed34d1492bcc1cdb996ac Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 12:15:39 +0200 Subject: [PATCH 26/54] conditional cluster definition ocp_cluster_name=leogit7 delete_ocp_cluster=true From f9ccada60c8132b3435593db8f49b3668d2de7dd Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 12:23:35 +0200 Subject: [PATCH 27/54] conditional cluster definition ocp_cluster_name=leogit8 delete_ocp_cluster=false From 34ea3085e5b64ee64411dd1d48ee4137e48b9e16 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 12:47:53 +0200 Subject: [PATCH 28/54] conditional cluster definition ocp_cluster_name=leogit8 delete_ocp_cluster=false From a4ef989c4ea2c9e3d5a77f159c3faee998801cfe Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 13:59:19 +0200 Subject: [PATCH 29/54] conditional cluster definition ocp_cluster_name=leogit9 delete_ocp_cluster=false --- .github/workflows/tests.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index b46168a..df40730 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -96,9 +96,14 @@ jobs: s3-backend-bucket: ${{ env.TF_S3_BUCKET }} - name: Generate kubeconfig - shell: bash + uses: nick-fields/retry@v3 id: kube_config - run: | + with: + timeout_minutes: 10 + max_attempts: 40 + shell: bash + retry_wait_seconds: 15 + command: | oc login --username ${{ env.OCP_ADMIN_USERNAME }} --password ${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }} "${{ steps.create_cluster.outputs.openshift-server-api }}" oc whoami From 70b37a1d4d89fc680dc4a209a77349028ca5c54d Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 14:00:06 +0200 Subject: [PATCH 30/54] conditional cluster definition ocp_cluster_name=leogit8 delete_ocp_cluster=true From 556793a77c25f4d99c791dffe5362ee04464e490 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 14:44:38 +0200 Subject: [PATCH 31/54] conditional cluster definition ocp_cluster_name=leogit9 delete_ocp_cluster=true From 6d4a76b00c32f6c7f4a280ba0f689564aa6363a7 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 15:41:15 +0200 Subject: [PATCH 32/54] update doc --- .github/actions/rosa-create-cluster/README.md | 77 +++++++++ .github/actions/rosa-delete-cluster/README.md | 41 +++++ .tool-versions | 3 - DEVELOPER.md | 63 ++++++++ README.md | 152 +++++++++--------- 5 files changed, 261 insertions(+), 75 deletions(-) create mode 100644 .github/actions/rosa-create-cluster/README.md create mode 100644 .github/actions/rosa-delete-cluster/README.md create mode 100644 DEVELOPER.md diff --git a/.github/actions/rosa-create-cluster/README.md b/.github/actions/rosa-create-cluster/README.md new file mode 100644 index 0000000..837a0c4 --- /dev/null +++ b/.github/actions/rosa-create-cluster/README.md @@ -0,0 +1,77 @@ +# Deploy ROSA HCP Cluster GitHub Action + +This GitHub Action automates the deployment of a ROSA (Red Hat OpenShift Service on AWS) cluster using Terraform. It also installs `oc`, `awscli`, and `rosa` CLI tools. + +## Inputs + +| Input | Description | Required | Default | +|---------------------|--------------------------------------------------------------|----------|------------------| +| `rh-token` | Red Hat Hybrid Cloud Console Token | true | | +| `cluster-name` | Name of the ROSA cluster to deploy | true | | +| `admin-password` | Admin password for the ROSA cluster | true | | +| `admin-username` | Admin username for the ROSA cluster | true | `cluster-admin` | +| `aws-region` | AWS region where the ROSA cluster will be deployed | true | | +| `namespace` | Namespace to create in the ROSA cluster | true | | +| `rosa-cli-version` | Version of the ROSA CLI to use | true | `latest` | +| `awscli-version` | Version of the AWS CLI to use | true | `1.32.105` | +| `openshift-version` | Version of the OpenShift to install | true | `4.15.11` | +| `replicas` | Number of replicas for the ROSA cluster | true | `2` | +| `s3-backend-bucket` | Name of the S3 bucket to store Terraform state | true | | +| `tf-modules-revision`| Git revision of the Terraform modules to use | true | `main` | +| `tf-modules-path` | Path where the Terraform ROSA modules will be cloned | true | `./.action-tf-modules/rosa/` | + +## Outputs + +| Output | Description | +|--------------------------|------------------------------------------------------------| +| `openshift-server-api` | The server API URL of the deployed ROSA cluster | +| `openshift-cluster-id` | The ID of the deployed ROSA cluster | +| `terraform-state-url` | URL of the Terraform state file in the S3 bucket | + +## Usage + +Create a file in your repository's `.github/workflows` directory, for example `deploy-rosa-hcp.yml`, with the following content: + +```yaml +name: Deploy ROSA HCP Cluster + +on: + push: + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Add profile credentials to ~/.aws/credentials + run: | + aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }} + aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }} + aws configure set region ${{ env.AWS_REGION }} --profile ${{ env.AWS_PROFILE }} + + - name: Deploy ROSA HCP Cluster + uses: camunda/camunda-tf-rosa/.github/actions/rosa-create-cluster@main + id: create_cluster + with: + rh-token: ${{ secrets.RH_OPENSHIFT_TOKEN }} + cluster-name: "my-ocp-cluster" + admin-username: "cluster-admin" + admin-password: ${{ secrets.CI_OPENSHIFT_MAIN_PASSWORD }} + aws-region: "us-west-2" + namespace: "myns" + s3-backend-bucket: ${{ secrets.TF_S3_BUCKET }} + + - name: Generate kubeconfig + uses: nick-fields/retry@v3 + id: kube_config + with: + timeout_minutes: 10 + max_attempts: 40 + shell: bash + retry_wait_seconds: 15 + command: | + oc login --username "cluster-admin" --password ${{ secrets.CI_OPENSHIFT_MAIN_PASSWORD }} "${{ steps.create_cluster.outputs.openshift-server-api }}" + oc whoami + + kubectl config rename-context $(oc config current-context) "my-ocp-cluster" + kubectl config use "my-ocp-cluster" +``` \ No newline at end of file diff --git a/.github/actions/rosa-delete-cluster/README.md b/.github/actions/rosa-delete-cluster/README.md new file mode 100644 index 0000000..7e6c06a --- /dev/null +++ b/.github/actions/rosa-delete-cluster/README.md @@ -0,0 +1,41 @@ +# Delete ROSA HCP Cluster GitHub Action + +This GitHub Action automates the deletion of a ROSA (Red Hat OpenShift Service on AWS) cluster using Terraform. It also installs `awscli`. + +## Inputs + +| Input | Description | Required | Default | +|----------------------|----------------------------------------------------------|----------|--------------------------------| +| `rh-token` | Red Hat Hybrid Cloud Console Token | true | | +| `cluster-name` | Name of the ROSA cluster to delete | true | | +| `aws-region` | AWS region where the ROSA cluster is deployed | true | | +| `s3-backend-bucket` | Name of the S3 bucket where the Terraform state is stored| true | | +| `awscli-version` | Version of the aws cli to use | true | `1.32.105` | +| `tf-modules-revision`| Git revision of the tf modules to use | true | `main` | +| `tf-modules-path` | Path where the tf rosa modules will be cloned | true | `./.action-tf-modules/rosa/` | + +## Usage + +Create a file in your repository's `.github/workflows` directory, for example `delete-rosa-hcp.yml`, with the following content: + +```yaml +name: Delete ROSA HCP Cluster + +on: + workflow_dispatch: + +jobs: + delete: + runs-on: ubuntu-latest + steps: + - name: Delete ROSA HCP Cluster + uses: camunda/camunda-tf-rosa/.github/actions/rosa-delete-cluster@main + with: + rh-token: ${{ secrets.RH_OPENSHIFT_TOKEN }} + cluster-name: "my-ocp-cluster" + aws-region: "us-west-2" + s3-backend-bucket: ${{ secrets.TF_S3_BUCKET }} + awscli-version: "1.32.105" + tf-modules-revision: "main" + tf-modules-path: "./.action-tf-modules/rosa/" +``` \ No newline at end of file diff --git a/.tool-versions b/.tool-versions index 1bcc571..26c017e 100644 --- a/.tool-versions +++ b/.tool-versions @@ -18,6 +18,3 @@ terraform-docs 0.17.0 tflint 0.50.3 tfsec 1.28.5 - -# TODO: rosa and oc not supported -# TODO: add helm diff --git a/DEVELOPER.md b/DEVELOPER.md new file mode 100644 index 0000000..75357cb --- /dev/null +++ b/DEVELOPER.md @@ -0,0 +1,63 @@ +# Developer's Guide + +Welcome to the development reference for Camunda's Terraform Rosa module! This document provides guidance on setting up a testing environment, running tests, and managing releases. + +## Setting up Development Environment + +To start developing or testing the Rosa module, follow these steps: + +1. **Clone the Repository:** + - Clone the repository from [camunda/camunda-tf-rosa](https://github.com/camunda/camunda-tf-rosa) to your local machine. + +2. **Install Dependencies:** + - Ensure you have Terraform, the AWS CLI, and the ROSA CLI installed on your machine. Refer to their respective documentation for installation instructions. + +3. **Configure AWS Credentials:** + - Configure your AWS CLI with the necessary credentials to interact with your AWS account: + ```bash + aws configure + ``` + +4. **Initialize Terraform:** + - Navigate to the module's directory and initialize Terraform: + ```bash + cd modules/rosa-hcp + terraform init + ``` + +5. **Run Terraform Plan and Apply:** + - You can now plan and apply the Terraform configuration to create the ROSA cluster: + ```bash + terraform plan -var "cluster_name=your-cluster-name" -var "replicas=2" -var "htpasswd_password=your-password" -var "htpasswd_username=your-username" -var "offline_access_token=your-token" -var "openshift_version=your-openshift-version" + terraform apply -var "cluster_name=your-cluster-name" -var "replicas=2" -var "htpasswd_password=your-password" -var "htpasswd_username=your-username" -var "offline_access_token=your-token" -var "openshift_version=your-openshift-version" + ``` + +## Tests in the CI + +The tests in the CI can be triggered automatically by modifying Terraform or test files. It will be labeled either `test` or `terraform` automatically by the labeler. + +You can choose to overwrite the name of the cluster by including `ocp_cluster_name=leogit8` in the commit description. +Additionally, you can disable the deletion of the cluster by adding `delete_ocp_cluster=false` in the commit description. + +## Releasing a New Version + +We follow Semantic Versioning (SemVer) guidelines for versioning. Follow these steps to release a new version: + +1. **Commit History:** + - Maintain a clear commit history with explicit messages detailing additions and deletions. + +2. **Versioning:** + - Determine the appropriate version number based on the changes made since the last release. + - Follow the format `MAJOR.MINOR.PATCH` as per Semantic Versioning guidelines. + +3. **GitHub Releases:** + - Publish the new version on GitHub Releases. + - Tag the release with the version number and include release notes summarizing changes. + +## Adding new GH actions + +Please pin GitHub action, if you need you can use [pin-github-action](https://github.com/mheap/pin-github-action) cli tool. + +--- + +By following these guidelines, we ensure smooth development iterations, robust testing practices, and clear version management for the Terraform ROSA module. Happy coding! \ No newline at end of file diff --git a/README.md b/README.md index dc0fb9b..980400c 100644 --- a/README.md +++ b/README.md @@ -6,22 +6,74 @@ This module automates the creation of a ROSA HCP cluster with an opinionated configuration targeting Camunda 8 on AWS using Terraform. +**⚠️ Warning:** This project is not intended for production use but rather for demonstration purposes only. There are no guarantees or warranties provided. + For more detailed usage and configuration options, please refer to the module's inputs and outputs documentation below. -## Documentation +## Usage -WIP +## Requirements -## Usage +To gather all specifics versions of this project, we use: +- [asdf](https://asdf-vm.com/) version manager (see [installation](https://asdf-vm.com/guide/getting-started.html)). +- [just](https://github.com/casey/just) as a command runner + - install it using asdf: `asdf plugin add just && asdf install just` + +Then we will install all the tooling listed in the `.tool-versions` of this root project using just: +```bash +just install-tooling + +# list available recipes +just --list +``` + +* Terraform (installed by asdf) +* AWS CLI (installed by asdf) +* ROSA CLI ([installation guide](https://docs.openshift.com/rosa/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-installing-rosa.html)) +* OpenShift CLI ([installation guide](https://docs.openshift.com/container-platform/latest/cli_reference/openshift_cli/getting-started-cli.html)) + +## Getting started : Create a ROSA HCP cluster + +Base tutorial https://aws.amazon.com/blogs/containers/build-rosa-clusters-with-terraform/ + +### I. Enable ROSA in AWS Marketplace + +1. Login onto AWS +2. Check if ELB role exists +```bash +# To check if the role exists for your account, run this command in your terminal: +aws iam get-role --role-name "AWSServiceRoleForElasticLoadBalancing" + +# If the role doesn't exist, create it by running the following command: +aws iam create-service-linked-role --aws-service-name "elasticloadbalancing.amazonaws.com" + +``` +3. Login onto [Red Hat Hybrid Cloud Console](https://console.redhat.com/openshift/token) +4. Generate an Offline token, click on "Load Token" +```bash +export RH_TOKEN=yourToken +rosa login --token=${RH_TOKEN} -### Requirements +rosa whoami -* Terraform -* AWS CLI -* ROSA CLI -* OpenShift CLI +rosa verify quota --region="$AWS_REGION" -### Terraform +# this may fail due to org policy +rosa verify permissions --region="$AWS_REGION" + +rosa create account-roles --mode auto +``` +5. Enable HCP ROSA on [AWS MarkePlace](https://docs.openshift.com/rosa/cloud_experts_tutorials/cloud-experts-rosa-hcp-activation-and-account-linking-tutorial.html) + 5.1 Navigate to the ROSA console : https://console.aws.amazon.com/rosa + 5.2 Choose Get started. + 5.3 On the Verify ROSA prerequisites page, select I agree to share my contact information with Red Hat. + 5.4 Choose Enable ROSA + +Please note that **Only a single AWS account that will be used for service billing can be associated with a Red Hat account.** + +### II. Create the cluster + +#### Terraform To use this module with Terraform, follow these steps: @@ -42,6 +94,9 @@ module "rosa_hcp" { } ``` +For more details, refer to the [Terraform module ROSA HCP README](https://github.com/camunda/camunda-tf-rosa/blob/main/modules/rosa-hcp/README.md). + + 3. **Initialize Terraform** by running: ```sh terraform init @@ -57,11 +112,11 @@ module "rosa_hcp" { terraform apply ``` -### GitHub Actions +#### GitHub Actions You can automate the deployment and deletion of the ROSA HCP cluster using GitHub Actions. Below are examples of GitHub Actions workflows for deploying and deleting the cluster. -#### Deploy ROSA HCP Cluster +##### Deploy ROSA HCP Cluster Create a file in your repository's `.github/workflows` directory, for example `deploy-rosa-hcp.yml`, with the following content: @@ -77,8 +132,8 @@ jobs: steps: - name: Add profile credentials to ~/.aws/credentials run: | - aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }} - aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }} + aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }} + aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }} aws configure set region ${{ env.AWS_REGION }} --profile ${{ env.AWS_PROFILE }} - name: Deploy ROSA HCP Cluster @@ -94,18 +149,24 @@ jobs: s3-backend-bucket: ${{ secrets.TF_S3_BUCKET }} - name: Generate kubeconfig - shell: bash + uses: nick-fields/retry@v3 id: kube_config - run: | + with: + timeout_minutes: 10 + max_attempts: 40 + shell: bash + retry_wait_seconds: 15 + command: | oc login --username "cluster-admin" --password ${{ secrets.CI_OPENSHIFT_MAIN_PASSWORD }} "${{ steps.create_cluster.outputs.openshift-server-api }}" oc whoami kubectl config rename-context $(oc config current-context) "my-ocp-cluster" kubectl config use "my-ocp-cluster" - ``` -#### Delete ROSA HCP Cluster +For more details, refer to the [Deploy ROSA HCP Cluster Action README](https://github.com/camunda/camunda-tf-rosa/blob/main/.github/actions/rosa-create-cluster/README.md). + +##### Delete ROSA HCP Cluster Create another file in your repository's `.github/workflows` directory, for example `delete-rosa-hcp.yml`, with the following content: @@ -128,61 +189,10 @@ jobs: s3-backend-bucket: ${{ secrets.TF_S3_BUCKET }} ``` -TODO: add description of the actions from definition - - -### Getting started : Create a ROSA HCP cluster - -Base tutorial https://aws.amazon.com/blogs/containers/build-rosa-clusters-with-terraform/ - -#### I. Prepare the deployment - -1. Login onto AWS -2. Check if ELB role exists -```bash -# To check if the role exists for your account, run this command in your terminal: -aws iam get-role --role-name "AWSServiceRoleForElasticLoadBalancing" - -# If the role doesn't exist, create it by running the following command: -aws iam create-service-linked-role --aws-service-name "elasticloadbalancing.amazonaws.com" - -``` -3. Login onto [Red Hat Hybrid Cloud Console](https://console.redhat.com/openshift/token) -4. Generate an Offline token, click on "Load Token" -```bash -export RH_TOKEN=yourToken -rosa login --token=${RH_TOKEN} - -rosa whoami - -rosa verify quota --region="$AWS_REGION" - -# this may fail due to org policy -rosa verify permissions --region="$AWS_REGION" - -rosa create account-roles --mode auto -``` -5. Enable HCP ROSA on [AWS MarkePlace](https://docs.openshift.com/rosa/cloud_experts_tutorials/cloud-experts-rosa-hcp-activation-and-account-linking-tutorial.html) - 5.1 Navigate to the ROSA console : https://console.aws.amazon.com/rosa - 5.2 Choose Get started. - 5.3 On the Verify ROSA prerequisites page, select I agree to share my contact information with Red Hat. - 5.4 Choose Enable ROSA - -Please note that **Only a single AWS account that will be used for service billing can be associated with a Red Hat account.** +For more details, refer to the [Delete ROSA HCP Cluster Action README](https://github.com/camunda/camunda-tf-rosa/blob/main/.github/actions/rosa-delete-cluster/README.md). -#### II. Deploy a cluster with terraform -```bash -export ADMIN_PASS="yourPassword!!138" -export ADMIN_USER="kubeadmin" -export CLUSTER_NAME="rosatest" - -terraform init -terraform plan -out rosa.plan -var "cluster_name=$CLUSTER_NAME" -var "htpasswd_password=$ADMIN_PASS" -var "htpasswd_username=$ADMIN_USER" -var "offline_access_token=$RH_TOKEN" -terraform apply rosa.plan -``` - -#### III. Retrieve cluster informations +### III. Retrieve cluster informations 1. In the output, you will have the created cluster id: ```bash @@ -207,8 +217,6 @@ kubectl config use "$CLUSTER_NAME" oc new-project "$NAMESPACE" ``` -TODO: add modules doc - ## Support Please note that the modules have been tested with **[Terraform](https://github.com/hashicorp/terraform)** in the version described in the [.tool-versions](./.tool-versions) of this project. From 0be74006bfa2bddc4646f2b1c09a48196a5cbf30 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 15:41:54 +0200 Subject: [PATCH 33/54] update doc --- .github/workflows/tests.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index df40730..b325eb2 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -14,9 +14,8 @@ on: - justfile # limit to a single execution per actor of this workflow -# concurrency: -# group: "${{ github.workflow }}-${{ github.actor }}" -# TODO: re-enable this +concurrency: + group: "${{ github.workflow }}-${{ github.actor }}" env: AWS_PROFILE: "infex" From fe3458146637dcfc3f565afc68f34f4198c31d4b Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 15:50:28 +0200 Subject: [PATCH 34/54] update doc --- .github/actions/rosa-create-cluster/action.yml | 4 +++- .github/actions/rosa-delete-cluster/action.yml | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index 334feac..be1c97c 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -31,10 +31,12 @@ inputs: awscli-version: description: 'Version of the aws cli to use' required: true - default: "1.32.105" # TODO: for all versions, update default one with renovate + # TODO renovate latest version + default: "1.32.105" openshift-version: description: 'Version of the OpenShift to install' required: true + # TODO renovate latest version default: "4.15.11" replicas: description: 'Number of replicas for the ROSA cluster' diff --git a/.github/actions/rosa-delete-cluster/action.yml b/.github/actions/rosa-delete-cluster/action.yml index 64fbe21..c1f0a41 100644 --- a/.github/actions/rosa-delete-cluster/action.yml +++ b/.github/actions/rosa-delete-cluster/action.yml @@ -20,6 +20,7 @@ inputs: awscli-version: description: 'Version of the aws cli to use' required: true + # TODO renovate latest version default: "1.32.105" tf-modules-revision: description: 'Git revision of the tf modules to use' From 0979aa8515d9098c90d604495ff0837768ca4d21 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 16:08:54 +0200 Subject: [PATCH 35/54] implement links checks --- .github/actions/rosa-create-cluster/README.md | 4 +- .../actions/rosa-create-cluster/action.yml | 2 +- .github/actions/rosa-delete-cluster/README.md | 2 +- .github/markdown-links.json | 20 ---------- .github/workflows/links.yml | 40 +++++++++++++++++++ .github/workflows/tests.yml | 10 ++--- .pre-commit-config.yaml | 6 --- DEVELOPER.md | 4 +- README.md | 4 +- lychee-links.toml | 19 +++++++++ 10 files changed, 72 insertions(+), 39 deletions(-) delete mode 100644 .github/markdown-links.json create mode 100644 .github/workflows/links.yml create mode 100644 lychee-links.toml diff --git a/.github/actions/rosa-create-cluster/README.md b/.github/actions/rosa-create-cluster/README.md index 837a0c4..41503eb 100644 --- a/.github/actions/rosa-create-cluster/README.md +++ b/.github/actions/rosa-create-cluster/README.md @@ -71,7 +71,7 @@ jobs: command: | oc login --username "cluster-admin" --password ${{ secrets.CI_OPENSHIFT_MAIN_PASSWORD }} "${{ steps.create_cluster.outputs.openshift-server-api }}" oc whoami - + kubectl config rename-context $(oc config current-context) "my-ocp-cluster" kubectl config use "my-ocp-cluster" -``` \ No newline at end of file +``` diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index be1c97c..e3acd6f 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -172,4 +172,4 @@ runs: rosa describe cluster --output=json -c "${{ steps.apply.outputs.cluster_id }}" export cluster_api=$(rosa describe cluster --output=json -c "${{ steps.apply.outputs.cluster_id }}" | jq -r '.api.url') echo "cluster_api=$cluster_api" - echo "cluster_api=$cluster_api" >> "$GITHUB_OUTPUT" \ No newline at end of file + echo "cluster_api=$cluster_api" >> "$GITHUB_OUTPUT" diff --git a/.github/actions/rosa-delete-cluster/README.md b/.github/actions/rosa-delete-cluster/README.md index 7e6c06a..f32f971 100644 --- a/.github/actions/rosa-delete-cluster/README.md +++ b/.github/actions/rosa-delete-cluster/README.md @@ -38,4 +38,4 @@ jobs: awscli-version: "1.32.105" tf-modules-revision: "main" tf-modules-path: "./.action-tf-modules/rosa/" -``` \ No newline at end of file +``` diff --git a/.github/markdown-links.json b/.github/markdown-links.json deleted file mode 100644 index 6d17351..0000000 --- a/.github/markdown-links.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "projectBaseUrl":"${workspaceFolder}", - "ignorePatterns": [ - { - "pattern": "^http(s?)://localhost" - }, - { - "pattern": "^#" - } - ], - "replacementPatterns": [ - ], - "httpHeaders": [ - ], - "timeout": "20s", - "retryOn429": true, - "retryCount": 5, - "fallbackRetryDelay": "30s", - "aliveStatusCodes": [200, 206] -} diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml new file mode 100644 index 0000000..fe6e57e --- /dev/null +++ b/.github/workflows/links.yml @@ -0,0 +1,40 @@ +name: Check external links + +on: + push: + workflow_dispatch: + schedule: + - cron: "0 3 1 * *" + +jobs: + lint: + name: links-check + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + + - name: Get Current Timestamp + id: timestamp + run: echo "TIMESTAMP=$(date +%s)" >> "$GITHUB_ENV" + + - name: Restore lychee cache + uses: actions/cache@v3 + with: + path: .lycheecache + key: "cache-lychee-${{ env.TIMESTAMP }}" + restore-keys: cache-lychee- + + - name: Link Checker + uses: lycheeverse/lychee-action@v1.10.0 + with: + fail: true + args: -c ./lychee-links.toml --base . --cache --max-cache-age 1d . --verbose --no-progress '*.md' './**/*.md' + token: "${{ secrets.GITHUB_TOKEN }}" + + - name: Create Issue From File + if: ${{ github.event_name == 'schedule' && env.lychee_exit_code != 0 }} + uses: peter-evans/create-issue-from-file@v4 + with: + title: Link Checker Report + content-filepath: ./lychee/out.md + labels: report, automated issue diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index b325eb2..02841be 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -44,7 +44,7 @@ jobs: else cluster_name=$(git rev-parse --short HEAD) fi - + if echo "$commit_message" | grep -q 'delete_ocp_cluster=false'; then delete_cluster="false" else @@ -75,7 +75,7 @@ jobs: aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }} aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }} aws configure set region ${{ env.AWS_REGION }} --profile ${{ env.AWS_PROFILE }} - + - name: Setup tmate session uses: mxschmitt/action-tmate@v3 with: @@ -105,10 +105,10 @@ jobs: command: | oc login --username ${{ env.OCP_ADMIN_USERNAME }} --password ${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }} "${{ steps.create_cluster.outputs.openshift-server-api }}" oc whoami - + kubectl config rename-context $(oc config current-context) "${{ steps.commit_info.outputs.cluster_name }}" kubectl config use "${{ steps.commit_info.outputs.cluster_name }}" - + - name: Create namespace if not exists shell: bash run: | @@ -116,7 +116,7 @@ jobs: oc new-project "${{ env.OCP_NAMESPACE }}" else echo "Namespace '${{ env.OCP_NAMESPACE }}' already exists" - fi + fi - name: Delete Cluster timeout-minutes: 125 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e8cae76..c4cd8e1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -47,10 +47,4 @@ repos: - --hook-config=--create-file-if-not-exist=true - --hook-config=--add-to-existing-file=true - --args=--config=.lint/terraform_docs/.terraform-docs.yml - -- repo: https://github.com/tcort/markdown-link-check - rev: v3.12.1 # use tags until renovate supports sha: https://github.com/renovatebot/renovate/issues/22567 - hooks: - - id: markdown-link-check - args: [-q, -c .github/markdown-links.json] ... diff --git a/DEVELOPER.md b/DEVELOPER.md index 75357cb..2a38460 100644 --- a/DEVELOPER.md +++ b/DEVELOPER.md @@ -36,7 +36,7 @@ To start developing or testing the Rosa module, follow these steps: The tests in the CI can be triggered automatically by modifying Terraform or test files. It will be labeled either `test` or `terraform` automatically by the labeler. -You can choose to overwrite the name of the cluster by including `ocp_cluster_name=leogit8` in the commit description. +You can choose to overwrite the name of the cluster by including `ocp_cluster_name=leogit8` in the commit description. Additionally, you can disable the deletion of the cluster by adding `delete_ocp_cluster=false` in the commit description. ## Releasing a New Version @@ -60,4 +60,4 @@ Please pin GitHub action, if you need you can use [pin-github-action](https://gi --- -By following these guidelines, we ensure smooth development iterations, robust testing practices, and clear version management for the Terraform ROSA module. Happy coding! \ No newline at end of file +By following these guidelines, we ensure smooth development iterations, robust testing practices, and clear version management for the Terraform ROSA module. Happy coding! diff --git a/README.md b/README.md index 980400c..0bf58fa 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ just --list * Terraform (installed by asdf) * AWS CLI (installed by asdf) * ROSA CLI ([installation guide](https://docs.openshift.com/rosa/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-installing-rosa.html)) -* OpenShift CLI ([installation guide](https://docs.openshift.com/container-platform/latest/cli_reference/openshift_cli/getting-started-cli.html)) +* OpenShift CLI ([installation guide](https://docs.openshift.com/container-platform/latest/cli_reference/openshift_cli/getting-started-cli.html)) ## Getting started : Create a ROSA HCP cluster @@ -159,7 +159,7 @@ jobs: command: | oc login --username "cluster-admin" --password ${{ secrets.CI_OPENSHIFT_MAIN_PASSWORD }} "${{ steps.create_cluster.outputs.openshift-server-api }}" oc whoami - + kubectl config rename-context $(oc config current-context) "my-ocp-cluster" kubectl config use "my-ocp-cluster" ``` diff --git a/lychee-links.toml b/lychee-links.toml new file mode 100644 index 0000000..8fe7ed8 --- /dev/null +++ b/lychee-links.toml @@ -0,0 +1,19 @@ +# Cache the results of Lychee if ran locally in order to minimise the chance of rate limiting +cache = true +# Ignore all private link (such as localhost) to avoid errors +exclude_all_private = true +# HTTP status code: 429 (Too Many Requests) will also be treated as a valid link if Lychee gets rate limited +accept = ["200", "403"] +# retry +max_retries = 6 +retry_wait_time = 10 +max_concurrency = 3 + +# Exclude all unsupported versioned_docs +exclude_path = [ +] + +# Explicitly exclude some URLs +exclude = [ + "^file:", +] From f87eea67041bf4c2d412d7c6a25e55d25d92e7af Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 16:12:25 +0200 Subject: [PATCH 36/54] remove tmate --- .github/workflows/tests.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 02841be..6bf56e0 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -76,11 +76,6 @@ jobs: aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }} aws configure set region ${{ env.AWS_REGION }} --profile ${{ env.AWS_PROFILE }} - - name: Setup tmate session - uses: mxschmitt/action-tmate@v3 - with: - detached: true - - name: Create Cluster timeout-minutes: 125 uses: ./.github/actions/rosa-create-cluster From 295e18f1e43ebfc6e9ef6f82bc602997012707ac Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 16:29:06 +0200 Subject: [PATCH 37/54] implement renovate for awscli --- .github/actions/rosa-create-cluster/action.yml | 4 ++-- .github/actions/rosa-delete-cluster/action.yml | 2 +- modules/rosa-hcp/vars.tf | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index e3acd6f..12e65de 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -31,12 +31,12 @@ inputs: awscli-version: description: 'Version of the aws cli to use' required: true - # TODO renovate latest version + # renovate: datasource=github-releases depName=aws/aws-cli default: "1.32.105" openshift-version: description: 'Version of the OpenShift to install' required: true - # TODO renovate latest version + # TODO renovate latest version but we need to extract versions from https://mirror.openshift.com/pub/openshift-v4/multi/clients/ocp/ default: "4.15.11" replicas: description: 'Number of replicas for the ROSA cluster' diff --git a/.github/actions/rosa-delete-cluster/action.yml b/.github/actions/rosa-delete-cluster/action.yml index c1f0a41..5685a74 100644 --- a/.github/actions/rosa-delete-cluster/action.yml +++ b/.github/actions/rosa-delete-cluster/action.yml @@ -20,7 +20,7 @@ inputs: awscli-version: description: 'Version of the aws cli to use' required: true - # TODO renovate latest version + # renovate: datasource=github-releases depName=aws/aws-cli default: "1.32.105" tf-modules-revision: description: 'Git revision of the tf modules to use' diff --git a/modules/rosa-hcp/vars.tf b/modules/rosa-hcp/vars.tf index 1d0b3e7..6252518 100644 --- a/modules/rosa-hcp/vars.tf +++ b/modules/rosa-hcp/vars.tf @@ -8,7 +8,7 @@ variable "cluster_name" { variable "openshift_version" { type = string description = "The version of ROSA to be deployed" - # TODO renovate latest version + # TODO renovate latest version but we need to extract versions from https://mirror.openshift.com/pub/openshift-v4/multi/clients/ocp/ default = "4.14.21" validation { condition = can(regex("^[0-9]*[0-9]+.[0-9]*[0-9]+.[0-9]*[0-9]+$", var.openshift_version)) From f81479432edb562a51a4acf97068c3e265976da0 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 16 May 2024 17:25:41 +0200 Subject: [PATCH 38/54] add eol for openshift --- .github/actions/rosa-create-cluster/action.yml | 2 +- modules/rosa-hcp/vars.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index 12e65de..59db4bc 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -36,7 +36,7 @@ inputs: openshift-version: description: 'Version of the OpenShift to install' required: true - # TODO renovate latest version but we need to extract versions from https://mirror.openshift.com/pub/openshift-v4/multi/clients/ocp/ + # renovate: datasource=endoflife-date depName=red-hat-openshift versioning=semver default: "4.15.11" replicas: description: 'Number of replicas for the ROSA cluster' diff --git a/modules/rosa-hcp/vars.tf b/modules/rosa-hcp/vars.tf index 6252518..572ee2c 100644 --- a/modules/rosa-hcp/vars.tf +++ b/modules/rosa-hcp/vars.tf @@ -8,7 +8,7 @@ variable "cluster_name" { variable "openshift_version" { type = string description = "The version of ROSA to be deployed" - # TODO renovate latest version but we need to extract versions from https://mirror.openshift.com/pub/openshift-v4/multi/clients/ocp/ + # renovate: datasource=endoflife-date depName=red-hat-openshift versioning=semver default = "4.14.21" validation { condition = can(regex("^[0-9]*[0-9]+.[0-9]*[0-9]+.[0-9]*[0-9]+$", var.openshift_version)) From fa217a88dbbc625ebbb69ca7657a6da30746bd49 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Fri, 17 May 2024 09:07:15 +0200 Subject: [PATCH 39/54] cleanup cloned repo at the end of the action execution --- .github/actions/rosa-create-cluster/action.yml | 6 ++++++ .github/actions/rosa-delete-cluster/action.yml | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index 59db4bc..fbd8a2f 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -173,3 +173,9 @@ runs: export cluster_api=$(rosa describe cluster --output=json -c "${{ steps.apply.outputs.cluster_id }}" | jq -r '.api.url') echo "cluster_api=$cluster_api" echo "cluster_api=$cluster_api" >> "$GITHUB_OUTPUT" + + - name: Clean up cloned modules + if: always() + shell: bash + run: | + rm -rf "${{ inputs.tf-modules-path }}" diff --git a/.github/actions/rosa-delete-cluster/action.yml b/.github/actions/rosa-delete-cluster/action.yml index 5685a74..7908909 100644 --- a/.github/actions/rosa-delete-cluster/action.yml +++ b/.github/actions/rosa-delete-cluster/action.yml @@ -83,6 +83,12 @@ runs: run: | terraform apply -destroy -no-color rosa-destroy.plan + - name: Clean up cloned modules + shell: bash + if: always() + run: | + rm -rf "${{ inputs.tf-modules-path }}" + - name: Delete Terraform State shell: bash run: | From 6f6a98f3d01027fa7eb54264a1e8d2c94a35c194 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Fri, 17 May 2024 12:52:54 +0200 Subject: [PATCH 40/54] pin actions --- .../actions/rosa-create-cluster/action.yml | 6 +- .../actions/rosa-delete-cluster/action.yml | 4 +- .github/workflows/links.yml | 8 +-- .github/workflows/lint.yml | 1 + .github/workflows/tests.yml | 60 +++++++++---------- 5 files changed, 40 insertions(+), 39 deletions(-) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index fbd8a2f..6c62ae2 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -80,10 +80,10 @@ runs: rosa version - name: Install Terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3 - name: Install CLI tools from OpenShift Mirror - uses: redhat-actions/openshift-tools-installer@v1 + uses: redhat-actions/openshift-tools-installer@2de9a80cf012ad0601021515481d433b91ef8fd5 # v1 with: oc: "${{ inputs.openshift-version }}" @@ -133,7 +133,7 @@ runs: echo "terraform-state-url=${terraform_state_url}" >> "$GITHUB_OUTPUT" - name: Checkout Repository rosa modules - uses: actions/checkout@v4 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 with: repository: "camunda/camunda-tf-rosa" ref: ${{ inputs.tf-modules-revision }} diff --git a/.github/actions/rosa-delete-cluster/action.yml b/.github/actions/rosa-delete-cluster/action.yml index 7908909..fe1536b 100644 --- a/.github/actions/rosa-delete-cluster/action.yml +++ b/.github/actions/rosa-delete-cluster/action.yml @@ -35,7 +35,7 @@ runs: using: 'composite' steps: - name: Install Terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3 - name: Install aws-cli shell: bash @@ -54,7 +54,7 @@ runs: echo "TFSTATE_KEY=${TFSTATE_KEY}" >> "$GITHUB_OUTPUT" - name: Checkout Repository rosa modules - uses: actions/checkout@v4 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 with: repository: "camunda/camunda-tf-rosa" ref: ${{ inputs.tf-modules-revision }} diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml index fe6e57e..79d7d9b 100644 --- a/.github/workflows/links.yml +++ b/.github/workflows/links.yml @@ -11,21 +11,21 @@ jobs: name: links-check runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 - name: Get Current Timestamp id: timestamp run: echo "TIMESTAMP=$(date +%s)" >> "$GITHUB_ENV" - name: Restore lychee cache - uses: actions/cache@v3 + uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3 with: path: .lycheecache key: "cache-lychee-${{ env.TIMESTAMP }}" restore-keys: cache-lychee- - name: Link Checker - uses: lycheeverse/lychee-action@v1.10.0 + uses: lycheeverse/lychee-action@2b973e86fc7b1f6b36a93795fe2c9c6ae1118621 # v1.10.0 with: fail: true args: -c ./lychee-links.toml --base . --cache --max-cache-age 1d . --verbose --no-progress '*.md' './**/*.md' @@ -33,7 +33,7 @@ jobs: - name: Create Issue From File if: ${{ github.event_name == 'schedule' && env.lychee_exit_code != 0 }} - uses: peter-evans/create-issue-from-file@v4 + uses: peter-evans/create-issue-from-file@433e51abf769039ee20ba1293a088ca19d573b7f # v4 with: title: Link Checker Report content-filepath: ./lychee/out.md diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 255305b..19655f6 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -6,6 +6,7 @@ on: push: workflow_dispatch: + jobs: lint: name: pre-commit diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 6bf56e0..593adeb 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -2,16 +2,16 @@ name: Cluster creation and destruction test on: - workflow_dispatch: - pull_request: - # the paths should be synced with ../labeler.yml - paths: - - modules/fixtures/** - - modules/**.tf - - .tool-versions - - .github/workflows/tests.yml - - .github/actions/** - - justfile + workflow_dispatch: + pull_request: + # the paths should be synced with ../labeler.yml + paths: + - modules/fixtures/** + - modules/**.tf + - .tool-versions + - .github/workflows/tests.yml + - .github/actions/** + - justfile # limit to a single execution per actor of this workflow concurrency: @@ -38,21 +38,21 @@ jobs: - name: Get OCP Cluster Name and Delete Flag id: commit_info run: | - commit_message=$(git log -1 --pretty=format:"%B") - if echo "$commit_message" | grep -qE 'ocp_cluster_name=([^\s]+)'; then - cluster_name=$(echo "$commit_message" | grep -oP 'ocp_cluster_name=\K[^\s]+') - else - cluster_name=$(git rev-parse --short HEAD) - fi + commit_message=$(git log -1 --pretty=format:"%B") + if echo "$commit_message" | grep -qE 'ocp_cluster_name=([^\s]+)'; then + cluster_name=$(echo "$commit_message" | grep -oP 'ocp_cluster_name=\K[^\s]+') + else + cluster_name=$(git rev-parse --short HEAD) + fi - if echo "$commit_message" | grep -q 'delete_ocp_cluster=false'; then - delete_cluster="false" - else - delete_cluster="true" - fi + if echo "$commit_message" | grep -q 'delete_ocp_cluster=false'; then + delete_cluster="false" + else + delete_cluster="true" + fi - echo "cluster_name=$cluster_name" >> "$GITHUB_OUTPUT" - echo "delete_cluster=$delete_cluster" >> "$GITHUB_OUTPUT" + echo "cluster_name=$cluster_name" >> "$GITHUB_OUTPUT" + echo "delete_cluster=$delete_cluster" >> "$GITHUB_OUTPUT" - name: Import Secrets id: secrets @@ -86,11 +86,11 @@ jobs: admin-username: ${{ env.OCP_ADMIN_USERNAME }} admin-password: ${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }} aws-region: ${{ env.AWS_REGION }} - namespace: ${{ env.OCP_NAMESPACE }} + namespace: ${{ env.OCP_NAMESPACE }} s3-backend-bucket: ${{ env.TF_S3_BUCKET }} - name: Generate kubeconfig - uses: nick-fields/retry@v3 + uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3 id: kube_config with: timeout_minutes: 10 @@ -107,11 +107,11 @@ jobs: - name: Create namespace if not exists shell: bash run: | - if ! oc get namespace "${{ env.OCP_NAMESPACE }}"; then - oc new-project "${{ env.OCP_NAMESPACE }}" - else - echo "Namespace '${{ env.OCP_NAMESPACE }}' already exists" - fi + if ! oc get namespace "${{ env.OCP_NAMESPACE }}"; then + oc new-project "${{ env.OCP_NAMESPACE }}" + else + echo "Namespace '${{ env.OCP_NAMESPACE }}' already exists" + fi - name: Delete Cluster timeout-minutes: 125 From a321ac59075af73c06ed88e0be64ea374b6f4eed Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Fri, 17 May 2024 15:36:34 +0200 Subject: [PATCH 41/54] login is now integrated in the cluster creation --- .github/actions/rosa-create-cluster/README.md | 2 +- .../actions/rosa-create-cluster/action.yml | 25 ++++++++++++++++--- .github/workflows/tests.yml | 16 ------------ README.md | 23 ++++++----------- 4 files changed, 31 insertions(+), 35 deletions(-) diff --git a/.github/actions/rosa-create-cluster/README.md b/.github/actions/rosa-create-cluster/README.md index 41503eb..b95b816 100644 --- a/.github/actions/rosa-create-cluster/README.md +++ b/.github/actions/rosa-create-cluster/README.md @@ -11,7 +11,6 @@ This GitHub Action automates the deployment of a ROSA (Red Hat OpenShift Service | `admin-password` | Admin password for the ROSA cluster | true | | | `admin-username` | Admin username for the ROSA cluster | true | `cluster-admin` | | `aws-region` | AWS region where the ROSA cluster will be deployed | true | | -| `namespace` | Namespace to create in the ROSA cluster | true | | | `rosa-cli-version` | Version of the ROSA CLI to use | true | `latest` | | `awscli-version` | Version of the AWS CLI to use | true | `1.32.105` | | `openshift-version` | Version of the OpenShift to install | true | `4.15.11` | @@ -19,6 +18,7 @@ This GitHub Action automates the deployment of a ROSA (Red Hat OpenShift Service | `s3-backend-bucket` | Name of the S3 bucket to store Terraform state | true | | | `tf-modules-revision`| Git revision of the Terraform modules to use | true | `main` | | `tf-modules-path` | Path where the Terraform ROSA modules will be cloned | true | `./.action-tf-modules/rosa/` | +| `login` | Authenticate the current kube context on the created cluster | true | `true` | ## Outputs diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index 6c62ae2..83f237e 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -3,6 +3,7 @@ name: Deploy ROSA HCP Cluster description: | This GitHub Action automates the deployment of a ROSA (Red Hat OpenShift Service on AWS) cluster using Terraform. This action will also install oc, awscli, rosa cli. + The kube context will be set on the created cluster. inputs: rh-token: @@ -21,9 +22,6 @@ inputs: aws-region: description: 'AWS region where the ROSA cluster will be deployed' required: true - namespace: - description: 'Namespace to create in the ROSA cluster' - required: true rosa-cli-version: description: 'Version of the ROSA CLI to use' required: true @@ -53,6 +51,10 @@ inputs: description: 'Path where the tf rosa modules will be cloned' default: './.action-tf-modules/rosa/' required: true + login: + description: 'Authenticate the current kube context on the created cluster' + default: "true" + required: true outputs: openshift-server-api: @@ -174,6 +176,23 @@ runs: echo "cluster_api=$cluster_api" echo "cluster_api=$cluster_api" >> "$GITHUB_OUTPUT" + - name: Login and generate kubeconfig + # we need to retry due as the cluster has just been created and the OIDC provider may not be available yet + uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3 + id: kube_config + if: inputs.login == 'true' + with: + timeout_minutes: 10 + max_attempts: 40 + shell: bash + retry_wait_seconds: 15 + command: | + oc login --username "${{ inputs.admin-username }}" --password "${{ inputs.admin-password }}" "${{ steps.cluster_info.outputs.cluster_api }}" + oc whoami + + kubectl config rename-context $(oc config current-context) "${{ inputs.cluster-name }}" + kubectl config use "${{ inputs.cluster-name }}" + - name: Clean up cloned modules if: always() shell: bash diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 593adeb..24ddc20 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -86,24 +86,8 @@ jobs: admin-username: ${{ env.OCP_ADMIN_USERNAME }} admin-password: ${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }} aws-region: ${{ env.AWS_REGION }} - namespace: ${{ env.OCP_NAMESPACE }} s3-backend-bucket: ${{ env.TF_S3_BUCKET }} - - name: Generate kubeconfig - uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3 - id: kube_config - with: - timeout_minutes: 10 - max_attempts: 40 - shell: bash - retry_wait_seconds: 15 - command: | - oc login --username ${{ env.OCP_ADMIN_USERNAME }} --password ${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }} "${{ steps.create_cluster.outputs.openshift-server-api }}" - oc whoami - - kubectl config rename-context $(oc config current-context) "${{ steps.commit_info.outputs.cluster_name }}" - kubectl config use "${{ steps.commit_info.outputs.cluster_name }}" - - name: Create namespace if not exists shell: bash run: | diff --git a/README.md b/README.md index 0bf58fa..0338605 100644 --- a/README.md +++ b/README.md @@ -139,29 +139,21 @@ jobs: - name: Deploy ROSA HCP Cluster uses: camunda/camunda-tf-rosa/.github/actions/rosa-create-cluster@main id: create_cluster + timeout-minutes: 125 # cluster creation can take up to 45 minutes with: rh-token: ${{ secrets.RH_OPENSHIFT_TOKEN }} cluster-name: "my-ocp-cluster" admin-username: "cluster-admin" admin-password: ${{ secrets.CI_OPENSHIFT_MAIN_PASSWORD }} aws-region: "us-west-2" - namespace: "myns" s3-backend-bucket: ${{ secrets.TF_S3_BUCKET }} - - name: Generate kubeconfig - uses: nick-fields/retry@v3 - id: kube_config - with: - timeout_minutes: 10 - max_attempts: 40 - shell: bash - retry_wait_seconds: 15 - command: | - oc login --username "cluster-admin" --password ${{ secrets.CI_OPENSHIFT_MAIN_PASSWORD }} "${{ steps.create_cluster.outputs.openshift-server-api }}" - oc whoami - - kubectl config rename-context $(oc config current-context) "my-ocp-cluster" - kubectl config use "my-ocp-cluster" + - name: Use your created cluster + shell: bash + run: | + oc new-project "myns" + oc whoami + oc get pods ``` For more details, refer to the [Deploy ROSA HCP Cluster Action README](https://github.com/camunda/camunda-tf-rosa/blob/main/.github/actions/rosa-create-cluster/README.md). @@ -182,6 +174,7 @@ jobs: steps: - name: Delete ROSA HCP Cluster uses: camunda/camunda-tf-rosa/.github/actions/rosa-delete-cluster@main + timeout-minutes: 125 # cluster deletion can take some time with: rh-token: ${{ secrets.RH_OPENSHIFT_TOKEN }} cluster-name: "my-ocp-cluster" From 7b68383f3375aac21f190a961d579b26242ac8d8 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Fri, 17 May 2024 17:00:37 +0200 Subject: [PATCH 42/54] apply suggestions from review --- .github/actions/rosa-create-cluster/README.md | 22 ++++++++----- .../actions/rosa-create-cluster/action.yml | 33 +++++++++++++++++-- .github/actions/rosa-delete-cluster/README.md | 12 ++++--- .../actions/rosa-delete-cluster/action.yml | 32 ++++++++++++++++-- .github/workflows/tests.yml | 32 ++++++++++-------- README.md | 12 +++---- 6 files changed, 104 insertions(+), 39 deletions(-) diff --git a/.github/actions/rosa-create-cluster/README.md b/.github/actions/rosa-create-cluster/README.md index b95b816..a03bc4f 100644 --- a/.github/actions/rosa-create-cluster/README.md +++ b/.github/actions/rosa-create-cluster/README.md @@ -9,16 +9,20 @@ This GitHub Action automates the deployment of a ROSA (Red Hat OpenShift Service | `rh-token` | Red Hat Hybrid Cloud Console Token | true | | | `cluster-name` | Name of the ROSA cluster to deploy | true | | | `admin-password` | Admin password for the ROSA cluster | true | | -| `admin-username` | Admin username for the ROSA cluster | true | `cluster-admin` | +| `admin-username` | Admin username for the ROSA cluster | false | `cluster-admin` | | `aws-region` | AWS region where the ROSA cluster will be deployed | true | | -| `rosa-cli-version` | Version of the ROSA CLI to use | true | `latest` | -| `awscli-version` | Version of the AWS CLI to use | true | `1.32.105` | -| `openshift-version` | Version of the OpenShift to install | true | `4.15.11` | -| `replicas` | Number of replicas for the ROSA cluster | true | `2` | +| `rosa-cli-version` | Version of the ROSA CLI to use | false | `latest` | +| `awscli-version` | Version of the AWS CLI to use | false | `1.32.105` | +| `openshift-version` | Version of the OpenShift to install | false | `4.15.11` | +| `replicas` | Number of replicas for the ROSA cluster | false | `2` | | `s3-backend-bucket` | Name of the S3 bucket to store Terraform state | true | | -| `tf-modules-revision`| Git revision of the Terraform modules to use | true | `main` | -| `tf-modules-path` | Path where the Terraform ROSA modules will be cloned | true | `./.action-tf-modules/rosa/` | -| `login` | Authenticate the current kube context on the created cluster | true | `true` | +| `tf-modules-revision`| Git revision of the Terraform modules to use | false | `main` | +| `tf-modules-path` | Path where the Terraform ROSA modules will be cloned | false | `./.action-tf-modules/rosa/` | +| `login` | Authenticate the current kube context on the created cluster | false | `true` | +| `tf-cli-config-credentials-hostname` | The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. Defaults to `app.terraform.io`. | false | `app.terraform.io` | +| `tf-cli-config-credentials-token` | The API token for a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. | false | | +| `tf-terraform-version` | The version of Terraform CLI to install. Defaults to `latest`. | false | `latest` | +| `tf-terraform-wrapper` | Whether or not to install a wrapper to wrap subsequent calls of the `terraform` binary and expose its STDOUT, STDERR, and exit code as outputs named `stdout`, `stderr`, and `exitcode` respectively. Defaults to `true`. | false | `true` | ## Outputs @@ -36,7 +40,7 @@ Create a file in your repository's `.github/workflows` directory, for example `d name: Deploy ROSA HCP Cluster on: - push: + pull_request: jobs: deploy: diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index 83f237e..a649e08 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -30,7 +30,7 @@ inputs: description: 'Version of the aws cli to use' required: true # renovate: datasource=github-releases depName=aws/aws-cli - default: "1.32.105" + default: "2.15.52" openshift-version: description: 'Version of the OpenShift to install' required: true @@ -56,6 +56,23 @@ inputs: default: "true" required: true + # inherited from https://github.com/hashicorp/setup-terraform/blob/main/action.yml + tf-cli-config-credentials-hostname: + description: 'The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. Defaults to `app.terraform.io`.' + default: 'app.terraform.io' + required: false + tf-cli-config-credentials-token: + description: 'The API token for a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file.' + required: false + tf-terraform-version: + description: 'The version of Terraform CLI to install. Instead of full version string you can also specify constraint string starting with "<" (for example `<1.13.0`) to install the latest version satisfying the constraint. A value of `latest` will install the latest version of Terraform CLI. Defaults to `latest`.' + default: 'latest' + required: false + tf-terraform-wrapper: + description: 'Whether or not to install a wrapper to wrap subsequent calls of the `terraform` binary and expose its STDOUT, STDERR, and exit code as outputs named `stdout`, `stderr`, and `exitcode` respectively. Defaults to `true`.' + default: 'true' + required: false + outputs: openshift-server-api: description: 'The server API URL of the deployed ROSA cluster' @@ -78,11 +95,17 @@ runs: curl -O "https://mirror.openshift.com/pub/openshift-v4/clients/rosa/${{ inputs.rosa-cli-version }}/rosa-linux.tar.gz" tar -xvf rosa-linux.tar.gz sudo mv rosa /usr/local/bin/rosa + chmod +x /usr/local/bin/rosa rm -f rosa-linux.tar.gz rosa version - name: Install Terraform uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3 + with: + cli_config_credentials_hostname: ${{ inputs.tf-cli-config-credentials-hostname }} + cli_config_credentials_token: ${{ inputs.tf-cli-config-credentials-token }} + terraform_version: ${{ inputs.tf-terraform-version }} + terraform_wrapper: ${{ inputs.tf-terraform-wrapper }} - name: Install CLI tools from OpenShift Mirror uses: redhat-actions/openshift-tools-installer@2de9a80cf012ad0601021515481d433b91ef8fd5 # v1 @@ -102,10 +125,14 @@ runs: rosa verify permissions --region="${{ inputs.aws-region }}" rosa create account-roles --mode auto - - name: Install aws-cli + - name: Install aws-cli v2 shell: bash run: | - python3 -m pip install "awscli==${{ inputs.awscli-version }}" + cd /tmp/awscli + curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${{ inputs.awscli-version }}.zip" -o "awscliv2.zip" + unzip awscliv2.zip + sudo ./aws/install + cd - && rm -Rf /tmp/awscli - name: Check if S3 bucket exists id: create-s3-bucket diff --git a/.github/actions/rosa-delete-cluster/README.md b/.github/actions/rosa-delete-cluster/README.md index f32f971..f659fdb 100644 --- a/.github/actions/rosa-delete-cluster/README.md +++ b/.github/actions/rosa-delete-cluster/README.md @@ -10,9 +10,13 @@ This GitHub Action automates the deletion of a ROSA (Red Hat OpenShift Service o | `cluster-name` | Name of the ROSA cluster to delete | true | | | `aws-region` | AWS region where the ROSA cluster is deployed | true | | | `s3-backend-bucket` | Name of the S3 bucket where the Terraform state is stored| true | | -| `awscli-version` | Version of the aws cli to use | true | `1.32.105` | -| `tf-modules-revision`| Git revision of the tf modules to use | true | `main` | -| `tf-modules-path` | Path where the tf rosa modules will be cloned | true | `./.action-tf-modules/rosa/` | +| `awscli-version` | Version of the aws cli to use | false | `1.32.105` | +| `tf-modules-revision`| Git revision of the tf modules to use | false | `main` | +| `tf-modules-path` | Path where the tf rosa modules will be cloned | false | `./.action-tf-modules/rosa/` | +| `tf-cli-config-credentials-hostname` | The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. Defaults to `app.terraform.io`. | false | `app.terraform.io` | +| `tf-cli-config-credentials-token` | The API token for a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. | false | | +| `tf-terraform-version` | The version of Terraform CLI to install. Defaults to `latest`. | false | `latest` | +| `tf-terraform-wrapper` | Whether or not to install a wrapper to wrap subsequent calls of the `terraform` binary and expose its STDOUT, STDERR, and exit code as outputs named `stdout`, `stderr`, and `exitcode` respectively. Defaults to `true`. | false | `true` | ## Usage @@ -22,7 +26,7 @@ Create a file in your repository's `.github/workflows` directory, for example `d name: Delete ROSA HCP Cluster on: - workflow_dispatch: + pull_request: jobs: delete: diff --git a/.github/actions/rosa-delete-cluster/action.yml b/.github/actions/rosa-delete-cluster/action.yml index fe1536b..0828105 100644 --- a/.github/actions/rosa-delete-cluster/action.yml +++ b/.github/actions/rosa-delete-cluster/action.yml @@ -21,7 +21,7 @@ inputs: description: 'Version of the aws cli to use' required: true # renovate: datasource=github-releases depName=aws/aws-cli - default: "1.32.105" + default: "2.15.52" tf-modules-revision: description: 'Git revision of the tf modules to use' default: 'main' @@ -31,16 +31,42 @@ inputs: default: './.action-tf-modules/rosa/' required: true + # inherited from https://github.com/hashicorp/setup-terraform/blob/main/action.yml + tf-cli-config-credentials-hostname: + description: 'The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. Defaults to `app.terraform.io`.' + default: 'app.terraform.io' + required: false + tf-cli-config-credentials-token: + description: 'The API token for a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file.' + required: false + tf-terraform-version: + description: 'The version of Terraform CLI to install. Instead of full version string you can also specify constraint string starting with "<" (for example `<1.13.0`) to install the latest version satisfying the constraint. A value of `latest` will install the latest version of Terraform CLI. Defaults to `latest`.' + default: 'latest' + required: false + tf-terraform-wrapper: + description: 'Whether or not to install a wrapper to wrap subsequent calls of the `terraform` binary and expose its STDOUT, STDERR, and exit code as outputs named `stdout`, `stderr`, and `exitcode` respectively. Defaults to `true`.' + default: 'true' + required: false + runs: using: 'composite' steps: - name: Install Terraform uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3 + with: + cli_config_credentials_hostname: ${{ inputs.tf-cli-config-credentials-hostname }} + cli_config_credentials_token: ${{ inputs.tf-cli-config-credentials-token }} + terraform_version: ${{ inputs.tf-terraform-version }} + terraform_wrapper: ${{ inputs.tf-terraform-wrapper }} - - name: Install aws-cli + - name: Install aws-cli v2 shell: bash run: | - python3 -m pip install "awscli==${{ inputs.awscli-version }}" + cd /tmp/awscli + curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${{ inputs.awscli-version }}.zip" -o "awscliv2.zip" + unzip awscliv2.zip + sudo ./aws/install + cd - && rm -Rf /tmp/awscli - name: Set Terraform variables shell: bash diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 24ddc20..29797c0 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -2,7 +2,21 @@ name: Cluster creation and destruction test on: + schedule: + - cron: '0 1 * * 1' # At 01:00 on Monday. + workflow_dispatch: + inputs: + cluster_name: + description: "Cluster name." + required: false + type: string + delete_cluster: + description: "Whether to delete the cluster." + required: false + type: boolean + default: true + pull_request: # the paths should be synced with ../labeler.yml paths: @@ -35,24 +49,16 @@ jobs: ref: ${{ github.head_ref }} fetch-depth: 0 - - name: Get OCP Cluster Name and Delete Flag + - name: Get OCP Cluster Name id: commit_info run: | - commit_message=$(git log -1 --pretty=format:"%B") - if echo "$commit_message" | grep -qE 'ocp_cluster_name=([^\s]+)'; then - cluster_name=$(echo "$commit_message" | grep -oP 'ocp_cluster_name=\K[^\s]+') - else - cluster_name=$(git rev-parse --short HEAD) - fi - - if echo "$commit_message" | grep -q 'delete_ocp_cluster=false'; then - delete_cluster="false" + if [[ -n "${{ inputs.cluster_name }}" ]]; then + cluster_name="${{ inputs.cluster_name }}" else - delete_cluster="true" + cluster_name=$(git rev-parse --short HEAD) fi echo "cluster_name=$cluster_name" >> "$GITHUB_OUTPUT" - echo "delete_cluster=$delete_cluster" >> "$GITHUB_OUTPUT" - name: Import Secrets id: secrets @@ -99,7 +105,7 @@ jobs: - name: Delete Cluster timeout-minutes: 125 - if: always() && steps.commit_info.outputs.delete_cluster == 'true' + if: always() && !(inputs.delete_cluster == false) uses: ./.github/actions/rosa-delete-cluster with: rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }} diff --git a/README.md b/README.md index 0338605..047d3b1 100644 --- a/README.md +++ b/README.md @@ -10,8 +10,6 @@ This module automates the creation of a ROSA HCP cluster with an opinionated con For more detailed usage and configuration options, please refer to the module's inputs and outputs documentation below. -## Usage - ## Requirements To gather all specifics versions of this project, we use: @@ -64,10 +62,10 @@ rosa verify permissions --region="$AWS_REGION" rosa create account-roles --mode auto ``` 5. Enable HCP ROSA on [AWS MarkePlace](https://docs.openshift.com/rosa/cloud_experts_tutorials/cloud-experts-rosa-hcp-activation-and-account-linking-tutorial.html) - 5.1 Navigate to the ROSA console : https://console.aws.amazon.com/rosa - 5.2 Choose Get started. - 5.3 On the Verify ROSA prerequisites page, select I agree to share my contact information with Red Hat. - 5.4 Choose Enable ROSA + * Navigate to the ROSA console : https://console.aws.amazon.com/rosa + * Choose Get started. + * On the Verify ROSA prerequisites page, select I agree to share my contact information with Red Hat. + * Choose Enable ROSA Please note that **Only a single AWS account that will be used for service billing can be associated with a Red Hat account.** @@ -124,7 +122,7 @@ Create a file in your repository's `.github/workflows` directory, for example `d name: Deploy ROSA HCP Cluster on: - push: + pull_request: jobs: deploy: From 78fa41c143446e56147962e3fec6f8155b8a2b31 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Fri, 17 May 2024 17:02:02 +0200 Subject: [PATCH 43/54] fix doc --- DEVELOPER.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/DEVELOPER.md b/DEVELOPER.md index 2a38460..e563ac0 100644 --- a/DEVELOPER.md +++ b/DEVELOPER.md @@ -36,8 +36,7 @@ To start developing or testing the Rosa module, follow these steps: The tests in the CI can be triggered automatically by modifying Terraform or test files. It will be labeled either `test` or `terraform` automatically by the labeler. -You can choose to overwrite the name of the cluster by including `ocp_cluster_name=leogit8` in the commit description. -Additionally, you can disable the deletion of the cluster by adding `delete_ocp_cluster=false` in the commit description. +You can choose to overwrite the name and disable the deletion of the cluster in the workflow dispatch. ## Releasing a New Version From 3e26ac4aed4a2af456ef1a171780374448f26842 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Fri, 17 May 2024 17:07:45 +0200 Subject: [PATCH 44/54] fix aws cli --- .github/actions/rosa-create-cluster/action.yml | 2 +- .github/actions/rosa-delete-cluster/action.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index a649e08..744be04 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -128,7 +128,7 @@ runs: - name: Install aws-cli v2 shell: bash run: | - cd /tmp/awscli + mkdir -p /tmp/awscli && cd /tmp/awscli curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${{ inputs.awscli-version }}.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install diff --git a/.github/actions/rosa-delete-cluster/action.yml b/.github/actions/rosa-delete-cluster/action.yml index 0828105..8ec4ba2 100644 --- a/.github/actions/rosa-delete-cluster/action.yml +++ b/.github/actions/rosa-delete-cluster/action.yml @@ -62,7 +62,7 @@ runs: - name: Install aws-cli v2 shell: bash run: | - cd /tmp/awscli + mkdir -p /tmp/awscli && cd /tmp/awscli curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${{ inputs.awscli-version }}.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install From 8eedab714403b978331ef5aa3a449811258ffc9f Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Fri, 17 May 2024 17:11:53 +0200 Subject: [PATCH 45/54] fix aws cli --- .github/actions/rosa-create-cluster/action.yml | 1 + .github/actions/rosa-delete-cluster/action.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index 744be04..5ec2df5 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -128,6 +128,7 @@ runs: - name: Install aws-cli v2 shell: bash run: | + rm -rf /usr/local/aws-cli mkdir -p /tmp/awscli && cd /tmp/awscli curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${{ inputs.awscli-version }}.zip" -o "awscliv2.zip" unzip awscliv2.zip diff --git a/.github/actions/rosa-delete-cluster/action.yml b/.github/actions/rosa-delete-cluster/action.yml index 8ec4ba2..cd9ad19 100644 --- a/.github/actions/rosa-delete-cluster/action.yml +++ b/.github/actions/rosa-delete-cluster/action.yml @@ -62,6 +62,7 @@ runs: - name: Install aws-cli v2 shell: bash run: | + rm -rf /usr/local/aws-cli mkdir -p /tmp/awscli && cd /tmp/awscli curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${{ inputs.awscli-version }}.zip" -o "awscliv2.zip" unzip awscliv2.zip From 279f17d70779c2cfcd3742fdcacd5ce8d6fc1423 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Fri, 17 May 2024 17:13:38 +0200 Subject: [PATCH 46/54] fix aws cli --- .github/actions/rosa-create-cluster/action.yml | 2 +- .github/actions/rosa-delete-cluster/action.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index 5ec2df5..e22a61a 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -128,7 +128,7 @@ runs: - name: Install aws-cli v2 shell: bash run: | - rm -rf /usr/local/aws-cli + sudo rm -rf /usr/local/aws-cli mkdir -p /tmp/awscli && cd /tmp/awscli curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${{ inputs.awscli-version }}.zip" -o "awscliv2.zip" unzip awscliv2.zip diff --git a/.github/actions/rosa-delete-cluster/action.yml b/.github/actions/rosa-delete-cluster/action.yml index cd9ad19..3ed407a 100644 --- a/.github/actions/rosa-delete-cluster/action.yml +++ b/.github/actions/rosa-delete-cluster/action.yml @@ -62,7 +62,7 @@ runs: - name: Install aws-cli v2 shell: bash run: | - rm -rf /usr/local/aws-cli + sudo rm -rf /usr/local/aws-cli mkdir -p /tmp/awscli && cd /tmp/awscli curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${{ inputs.awscli-version }}.zip" -o "awscliv2.zip" unzip awscliv2.zip From 6190be543c6ed1b93b42f4d63a5ec259da3e99e6 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Fri, 17 May 2024 17:35:44 +0200 Subject: [PATCH 47/54] make sure cluster name start with alphabetic char --- .github/actions/rosa-create-cluster/action.yml | 2 +- .github/actions/rosa-delete-cluster/action.yml | 2 +- .github/workflows/tests.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index e22a61a..2518c94 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -131,7 +131,7 @@ runs: sudo rm -rf /usr/local/aws-cli mkdir -p /tmp/awscli && cd /tmp/awscli curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${{ inputs.awscli-version }}.zip" -o "awscliv2.zip" - unzip awscliv2.zip + unzip -qq awscliv2.zip sudo ./aws/install cd - && rm -Rf /tmp/awscli diff --git a/.github/actions/rosa-delete-cluster/action.yml b/.github/actions/rosa-delete-cluster/action.yml index 3ed407a..e7df6ed 100644 --- a/.github/actions/rosa-delete-cluster/action.yml +++ b/.github/actions/rosa-delete-cluster/action.yml @@ -65,7 +65,7 @@ runs: sudo rm -rf /usr/local/aws-cli mkdir -p /tmp/awscli && cd /tmp/awscli curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${{ inputs.awscli-version }}.zip" -o "awscliv2.zip" - unzip awscliv2.zip + unzip -qq awscliv2.zip sudo ./aws/install cd - && rm -Rf /tmp/awscli diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 29797c0..3250989 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -55,7 +55,7 @@ jobs: if [[ -n "${{ inputs.cluster_name }}" ]]; then cluster_name="${{ inputs.cluster_name }}" else - cluster_name=$(git rev-parse --short HEAD) + cluster_name="cl-$(git rev-parse --short HEAD)" fi echo "cluster_name=$cluster_name" >> "$GITHUB_OUTPUT" From 1360fa3a813a0a3eaf5e3e5e398de9671b09ce21 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Fri, 17 May 2024 17:43:11 +0200 Subject: [PATCH 48/54] fix delete cluster condition --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3250989..38face7 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -105,7 +105,7 @@ jobs: - name: Delete Cluster timeout-minutes: 125 - if: always() && !(inputs.delete_cluster == false) + if: always() && !(github.event_name == 'workflow_dispatch' && github.event.inputs.delete_cluster == 'false') uses: ./.github/actions/rosa-delete-cluster with: rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }} From 0aee60c0bdbacea6b850225646048d713dd01f84 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Fri, 17 May 2024 17:59:32 +0200 Subject: [PATCH 49/54] add tf version --- .github/actions/rosa-create-cluster/action.yml | 1 + .github/actions/rosa-delete-cluster/action.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml index 2518c94..7925a9f 100644 --- a/.github/actions/rosa-create-cluster/action.yml +++ b/.github/actions/rosa-create-cluster/action.yml @@ -175,6 +175,7 @@ runs: id: init working-directory: "${{ inputs.tf-modules-path }}/modules/rosa-hcp/" run: | + terraform version terraform init -backend-config="bucket=${{ steps.set-terraform-variables.outputs.TFSTATE_BUCKET }}" -backend-config="key=${{ steps.set-terraform-variables.outputs.TFSTATE_KEY }}" -backend-config="region=${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }}" terraform validate -no-color diff --git a/.github/actions/rosa-delete-cluster/action.yml b/.github/actions/rosa-delete-cluster/action.yml index e7df6ed..032b597 100644 --- a/.github/actions/rosa-delete-cluster/action.yml +++ b/.github/actions/rosa-delete-cluster/action.yml @@ -93,6 +93,7 @@ runs: id: init working-directory: "${{ inputs.tf-modules-path }}/modules/rosa-hcp/" run: | + terraform version terraform init -backend-config="bucket=${{ steps.set-terraform-variables.outputs.TFSTATE_BUCKET }}" -backend-config="key=${{ steps.set-terraform-variables.outputs.TFSTATE_KEY }}" -backend-config="region=${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }}" terraform validate -no-color From 34b886e9661ce0b7e77a6174ce3ead1741669f65 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Fri, 17 May 2024 18:02:29 +0200 Subject: [PATCH 50/54] fix tests triggering --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 38face7..c81def1 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -24,7 +24,7 @@ on: - modules/**.tf - .tool-versions - .github/workflows/tests.yml - - .github/actions/** + - .github/actions/**.yml - justfile # limit to a single execution per actor of this workflow From 2652d79842ded099df510d740e967fed9efd5a0d Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Tue, 21 May 2024 08:57:07 +0200 Subject: [PATCH 51/54] doc: license --- LICENSE | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..849a5ff --- /dev/null +++ b/LICENSE @@ -0,0 +1,14 @@ +Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH +under one or more contributor license agreements. See the NOTICE file +distributed with this work for additional information regarding copyright +ownership. Camunda licenses this file to you under the Apache License, +Version 2.0; you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. From 53b48ac1398f406954ce4c3f96b9c1f8be8796df Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Tue, 21 May 2024 09:15:26 +0200 Subject: [PATCH 52/54] chore: renovate config --- .github/renovate.json5 | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .github/renovate.json5 diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 0000000..57f041c --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,5 @@ +{ + $schema: "https://docs.renovatebot.com/renovate-schema.json", + extends: ["github>camunda/infraex-common-config:default.json5"], + groupName: "mono-update-renovate", // we keep all updates in a single renovate branch in order to save CI tests +} From 87e882f7990073858cc699feede5643f494fe84f Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Wed, 22 May 2024 09:11:37 +0200 Subject: [PATCH 53/54] doc: improve action docs --- .github/actions/rosa-create-cluster/README.md | 22 ++++--------------- .github/actions/rosa-delete-cluster/README.md | 7 +++--- 2 files changed, 7 insertions(+), 22 deletions(-) diff --git a/.github/actions/rosa-create-cluster/README.md b/.github/actions/rosa-create-cluster/README.md index a03bc4f..c7c864a 100644 --- a/.github/actions/rosa-create-cluster/README.md +++ b/.github/actions/rosa-create-cluster/README.md @@ -12,8 +12,8 @@ This GitHub Action automates the deployment of a ROSA (Red Hat OpenShift Service | `admin-username` | Admin username for the ROSA cluster | false | `cluster-admin` | | `aws-region` | AWS region where the ROSA cluster will be deployed | true | | | `rosa-cli-version` | Version of the ROSA CLI to use | false | `latest` | -| `awscli-version` | Version of the AWS CLI to use | false | `1.32.105` | -| `openshift-version` | Version of the OpenShift to install | false | `4.15.11` | +| `awscli-version` | Version of the AWS CLI to use | false | __see `action.yml`__ | +| `openshift-version` | Version of the OpenShift to install | false | __see `action.yml`__ | | `replicas` | Number of replicas for the ROSA cluster | false | `2` | | `s3-backend-bucket` | Name of the S3 bucket to store Terraform state | true | | | `tf-modules-revision`| Git revision of the Terraform modules to use | false | `main` | @@ -34,6 +34,8 @@ This GitHub Action automates the deployment of a ROSA (Red Hat OpenShift Service ## Usage +This action is idempotent and can be re-run without affecting the existing cluster, following the principles of Terraform. + Create a file in your repository's `.github/workflows` directory, for example `deploy-rosa-hcp.yml`, with the following content: ```yaml @@ -61,21 +63,5 @@ jobs: admin-username: "cluster-admin" admin-password: ${{ secrets.CI_OPENSHIFT_MAIN_PASSWORD }} aws-region: "us-west-2" - namespace: "myns" s3-backend-bucket: ${{ secrets.TF_S3_BUCKET }} - - - name: Generate kubeconfig - uses: nick-fields/retry@v3 - id: kube_config - with: - timeout_minutes: 10 - max_attempts: 40 - shell: bash - retry_wait_seconds: 15 - command: | - oc login --username "cluster-admin" --password ${{ secrets.CI_OPENSHIFT_MAIN_PASSWORD }} "${{ steps.create_cluster.outputs.openshift-server-api }}" - oc whoami - - kubectl config rename-context $(oc config current-context) "my-ocp-cluster" - kubectl config use "my-ocp-cluster" ``` diff --git a/.github/actions/rosa-delete-cluster/README.md b/.github/actions/rosa-delete-cluster/README.md index f659fdb..797a8d1 100644 --- a/.github/actions/rosa-delete-cluster/README.md +++ b/.github/actions/rosa-delete-cluster/README.md @@ -10,7 +10,7 @@ This GitHub Action automates the deletion of a ROSA (Red Hat OpenShift Service o | `cluster-name` | Name of the ROSA cluster to delete | true | | | `aws-region` | AWS region where the ROSA cluster is deployed | true | | | `s3-backend-bucket` | Name of the S3 bucket where the Terraform state is stored| true | | -| `awscli-version` | Version of the aws cli to use | false | `1.32.105` | +| `awscli-version` | Version of the aws cli to use | false | __see `action.yml`__ | | `tf-modules-revision`| Git revision of the tf modules to use | false | `main` | | `tf-modules-path` | Path where the tf rosa modules will be cloned | false | `./.action-tf-modules/rosa/` | | `tf-cli-config-credentials-hostname` | The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. Defaults to `app.terraform.io`. | false | `app.terraform.io` | @@ -20,6 +20,8 @@ This GitHub Action automates the deletion of a ROSA (Red Hat OpenShift Service o ## Usage +For this destruction action, it is not necessary to have called the creation action just before, as the state will be retrieved via the bucket. + Create a file in your repository's `.github/workflows` directory, for example `delete-rosa-hcp.yml`, with the following content: ```yaml @@ -39,7 +41,4 @@ jobs: cluster-name: "my-ocp-cluster" aws-region: "us-west-2" s3-backend-bucket: ${{ secrets.TF_S3_BUCKET }} - awscli-version: "1.32.105" - tf-modules-revision: "main" - tf-modules-path: "./.action-tf-modules/rosa/" ``` From 08e711e5b59cb00bc655386f3e77b1d8f3bf0048 Mon Sep 17 00:00:00 2001 From: leiicamundi <153937047+leiicamundi@users.noreply.github.com> Date: Wed, 22 May 2024 09:16:49 +0200 Subject: [PATCH 54/54] fix paths action --- .github/workflows/tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index c81def1..003c6e8 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -20,11 +20,11 @@ on: pull_request: # the paths should be synced with ../labeler.yml paths: - - modules/fixtures/** + - modules/fixtures/**/*.tf - modules/**.tf - .tool-versions - .github/workflows/tests.yml - - .github/actions/**.yml + - .github/actions/**/*.yml - justfile # limit to a single execution per actor of this workflow