cloudfoundry-incubator · neil-hickey · Jul 2, 2021 · Jul 1, 2021 · Jul 1, 2021 · Jul 1, 2021
diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml
@@ -0,0 +1,27 @@
+name: unit-tests
+
+on:
+  push:
+    branches: [ develop ]
+  pull_request:
+    branches: [ develop ]
+
+  workflow_dispatch:
+
+jobs:
+  kubo-release:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout kubo-release
+      uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.6
+        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+    - name: Install bosh-cli
+      run: brew install cloudfoundry/tap/bosh-cli
+    - name: Run bosh-release tests
+      run: bundle exec rspec spec/*_spec.rb
+    - name: Run manifest tests
+      run: ./bin/run_tests
diff --git a/.gitignore b/.gitignore
@@ -3,7 +3,6 @@
 /.blobs
 /staging
 /blobs
-/bin
 /pkg
 /releases/*.tgz
 /dev_releases

diff --git a/bin/run_tests b/bin/run_tests
@@ -0,0 +1,149 @@
+#!/bin/bash
+
+# From https://github.com/cloudfoundry/cf-deployment/blob/master/scripts/test
+
+set -eu
+
+exit_code=0
+GREEN='\033[0;32m'
+LIGHT_GREEN='\033[0;92m'
+RED='\033[0;31m'
+LIGHT_RED='\033[1;31m'
+YELLOW='\033[0;93m'
+NOCOLOR='\033[0m'
+
+script_home="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+home="$( cd "${script_home}/.." && pwd )"
+
+# suite_name should be defined by each of our test suite functions
+suite_name="UNDEFINED"
+
+# Grab each of our test suites, exercised by test_opsfile_interpolation()
+for script in `ls ${script_home}/test-*.sh`; do
+  source $script
+done
+
+# If we get killed, kill backgrounded processes
+trap 'kill $(jobs -p) > /dev/null 2>&1' SIGTERM SIGINT
+
+fail() {
+  echo -e "${RED} FAIL - ${LIGHT_RED} $suite_name ${RED} - ${NOCOLOR} $1"
+  exit_code=1
+}
+
+pass() {
+  echo -e "${GREEN} PASS - ${YELLOW} $suite_name ${GREEN} - ${NOCOLOR} $1"
+}
+
+skip() {
+  echo -e "${YELLOW} SKIP - ${YELLOW} $suite_name ${GREEN} - ${NOCOLOR} $1"
+}
+
+interpolate() {
+  local tmp_creds_store
+  tmp_creds_store=$(mktemp)
+
+  bosh interpolate ${home}/manifests/cfcr.yml \
+    $@ \
+    -o ${home}/manifests/ops-files/misc/local-config-server.yml \
+    --vars-store ${tmp_creds_store} \
+    --var-errs \
+    --var-errs-unused > /dev/null
+  return $?
+}
+
+check_interpolation() {
+  if [[ ${1} == name:* ]]; then
+    name_under_test=$1
+    empty_string=""
+    ops_under_test="${name_under_test/name: /$empty_string}"; shift
+  else
+    ops_under_test="${1}"
+  fi
+
+  if interpolate "-o $@"; then
+    pass "${ops_under_test}"
+  else
+    fail "${ops_under_test}"
+  fi
+}
+
+test_opsfile_interpolation() {
+  test_standard_ops &
+  # test_experimental_ops &
+  # test_test_ops &
+  # test_legacy_ops &
+  # test_addons_ops &
+
+  for job in $(jobs -p); do
+    wait $job || exit_code=1
+  done
+}
+
+ensure_opsfiles_in_readme() {
+  local readme=$1
+  shift
+
+  suite_name="Readme Test"
+
+  pushd ${home} > /dev/null
+    for x in $@; do
+      local basename=$(echo $x | sed -e "s%$home/manifests/%%")
+      if [ $(grep \($basename\) $readme -c) != "0" ]; then
+        pass "$basename is in $(basename "$readme")"
+      else
+        fail "$basename does not appear in $(basename "$readme")"
+      fi
+    done;
+  popd > /dev/null
+}
+ensure_opsfiles_in_tests() {
+
+  local test=$1
+  shift
+
+  suite_name="$test"
+
+  pushd ${home} > /dev/null
+    for x in $@; do
+      local basename=$(basename $x)
+      if [ $basename == "set-certificate-duration.yml" ]; then
+        skip "$basename is ${YELLOW}SKIPPED${NOCOLOR} in $test"
+      else
+        if [ $(grep $basename ${script_home}/$test -c) != "0" ]; then
+          pass "$basename is tested in $test"
+        else
+          fail "$basename is ${RED}NOT${NOCOLOR} tested in $test"
+        fi
+      fi
+    done;
+  popd > /dev/null
+}
+
+main() {
+  echo
+  echo -e "${LIGHT_GREEN} ***** Begin rspec tests ***** ${NOCOLOR}"
+  project_root="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../" && pwd )"
+  pushd "${project_root}" > /dev/null
+    bundle install
+    bundle exec rspec spec/*_spec.rb
+  popd > /dev/null
+
+  echo
+  echo -e "${LIGHT_GREEN} ***** Begin affirmative readme operations tests ***** ${NOCOLOR}"
+  local ops_files;
+  ops_files=$(ls ${home}/manifests/ops-files/*.yml ${home}/manifests/ops-files/iaas/{aws,azure,gcp,openstack,vsphere,virtualbox}/*.yml)
+  ensure_opsfiles_in_readme "$home/manifests/README.md" "$ops_files"
+
+  echo
+  echo -e "${LIGHT_GREEN} ***** Begin test coverage analysis ***** ${NOCOLOR}"
+  ensure_opsfiles_in_tests "test-standard-ops.sh" "$ops_files"
+
+  echo
+  echo -e "${LIGHT_GREEN} ***** Begin interpolation operations tests ***** ${NOCOLOR}"
+  test_opsfile_interpolation
+
+  exit $exit_code
+}
+
+main
diff --git a/bin/test-standard-ops.sh b/bin/test-standard-ops.sh
@@ -0,0 +1,87 @@
+#!/bin/bash
+
+test_standard_ops() {
+  # Padded for pretty output
+  suite_name="STANDARD    "
+
+  pushd ${home}/manifests > /dev/null
+    pushd ops-files > /dev/null
+      if interpolate ""; then
+        pass "cfcr.yml"
+      else
+        fail "cfcr.yml"
+      fi
+
+      # CI & wrapper scripts
+      check_interpolation "misc/bootstrap.yml" "-l example-vars-files/misc/bootstrap.yml"
+      check_interpolation "misc/bootstrap.yml"  "-o misc/dev.yml"  "-l example-vars-files/misc/bootstrap.yml"
+
+      # BOSH
+      check_interpolation "rename.yml" "-v deployment_name=fubar"
+      check_interpolation "vm-types.yml" "-v master_vm_type=master" "-v worker_vm_type=worker" "-v apply_addons_vm_type=addons"
+      check_interpolation "add-vm-extensions-to-master.yml"
+      check_interpolation "use-vm-extensions.yml" "-v deployment_name=cfcr"
+      check_interpolation "worker_count.yml" "-v worker_count=4"
+      check_interpolation "non-precompiled-releases.yml"
+      check_interpolation "use-persistent-disk-for-workers.yml" "-v disk_size=1000"
+      check_interpolation "disable-swap.yml"
+
+      # Infrastructure
+      check_interpolation "iaas/aws/cloud-provider.yml"
+      check_interpolation "iaas/aws/lb.yml" "-v kubernetes_cluster_tag=test"
+      check_interpolation "name:iaas/aws/add-master-credentials.yml" "iaas/aws/cloud-provider.yml" "-o iaas/aws/add-master-credentials.yml" "-v aws_access_key_id_master=access-key-id" "-v aws_secret_access_key_master=secret-access-key"
+      check_interpolation "name:iaas/aws/add-worker-credentials.yml" "iaas/aws/cloud-provider.yml" "-o iaas/aws/add-worker-credentials.yml" "-v aws_access_key_id_worker=access-key-id" "-v aws_secret_access_key_worker=secret-access-key"
+      check_interpolation "iaas/azure/cloud-provider.yml" "-l example-vars-files/iaas/azure/cloud-provider.yml"
+      check_interpolation "name:iaas/azure/use-credentials" "iaas/azure/cloud-provider.yml" "-o iaas/azure/use-credentials.yml " "-l example-vars-files/iaas/azure/cloud-provider.yml" "-v client_id=client" "-v client_secret=secret"
+      check_interpolation "iaas/gcp/cloud-provider.yml" "-l example-vars-files/iaas/gcp/cloud-provider.yml"
+      check_interpolation "name:iaas/gcp/add-subnetwork-for-internal-load-balancer.yml" "iaas/gcp/cloud-provider.yml" "-o iaas/gcp/add-subnetwork-for-internal-load-balancer.yml" "-v subnetwork=foo" "-l example-vars-files/iaas/gcp/cloud-provider.yml"
+      check_interpolation "name:iaas/gcp/add-service-key-master.yml" "iaas/gcp/cloud-provider.yml" "-o iaas/gcp/add-service-key-master.yml" "-v service_key_master=foo" "-l example-vars-files/iaas/gcp/cloud-provider.yml"
+      check_interpolation "name:iaas/gcp/add-service-key-worker.yml" "iaas/gcp/cloud-provider.yml" "-o iaas/gcp/add-service-key-worker.yml" "-v service_key_worker=foo" "-l example-vars-files/iaas/gcp/cloud-provider.yml"
+      check_interpolation "iaas/openstack/master-static-ip.yml" "-v kubernetes_master_host=10.11.12.13"
+      check_interpolation "iaas/openstack/cloud-provider.yml" "-l example-vars-files/iaas/openstack/cloud-provider.yml"
+      check_interpolation "iaas/vsphere/cloud-provider.yml" "-l example-vars-files/iaas/vsphere/cloud-provider.yml"
+      check_interpolation "name:iaas/vsphere/set-working-dir-no-rp.yml" "iaas/vsphere/cloud-provider.yml" "-o iaas/vsphere/set-working-dir-no-rp.yml" "-l example-vars-files/iaas/vsphere/set-working-dir-no-rp.yml"
+      check_interpolation "iaas/vsphere/master-static-ip.yml" "-v kubernetes_master_host=10.11.12.13"
+      check_interpolation "iaas/vsphere/use-vm-extensions.yml"
+      check_interpolation "iaas/virtualbox/bosh-lite.yml"
+      check_interpolation "iaas/azure/subnet.yml"
+      check_interpolation "iaas/azure/use-cifs.yml"
+
+      # HTTP proxy options
+      check_interpolation "add-proxy.yml" "-v http_proxy=10.10.10.10:8000 -v https_proxy=10.10.10.10:8000 -v no_proxy=localhost,127.0.0.1"
+
+      # Syslog
+      check_interpolation "add-syslog.yml" "-l example-vars-files/add-syslog.yml"
+      check_interpolation "name:add-syslog-tls.yml" "add-syslog.yml" "-o add-syslog-tls.yml" "-l example-vars-files/add-syslog.yml" "-l example-vars-files/add-syslog-tls.yml"
+
+      # Kubernetes
+      check_interpolation "add-hostname-to-master-certificate.yml" "-v api-hostname=example.com"
+      check_interpolation "add-oidc-endpoint.yml" "-l example-vars-files/misc/oidc.yml"
+      check_interpolation "change-audit-log-flags.yml" "-l example-vars-files/change-audit-log-flags.yml"
+      check_interpolation "addons-spec.yml" "-v addons-spec={}"
+      check_interpolation "allow-privileged-containers.yml"
+      check_interpolation "change-cidrs.yml" "-l example-vars-files/new-cidrs.yml"
+      check_interpolation "disable-anonymous-auth.yml"
+      check_interpolation "enable-denyescalatingexec.yml"
+      check_interpolation "enable-podsecuritypolicy.yml"
+      check_interpolation "enable-securitycontextdeny.yml"
+      check_interpolation "enable-encryption-config.yml" "-v encryption-config=encryption-config.yml"
+      check_interpolation "enable-csi-shared-mounts.yml"
+      check_interpolation "use-hostgw.yml"
+      check_interpolation "set-fs-inotify-limit.yml" "-l example-vars-files/fs-inotify-limit.yml"
+
+      # Etcd
+      check_interpolation "change-etcd-metrics-url.yml" "-v etcd_metrics_protocol=http -v etcd_metrics_port=2378"
+
+      # BBR
+      check_interpolation "enable-bbr.yml"
+
+      # Dev
+      check_interpolation "kubo-local-release.yml"
+
+      # NFS
+      check_interpolation "enable-nfs.yml"
+    popd > /dev/null # operations
+  popd > /dev/null
+  exit $exit_code
+}
diff --git a/ci/pipelines/build-kubo.yml b/ci/pipelines/build-kubo.yml
@@ -31,16 +31,6 @@ resources:
     branch: master
     private_key: ((git-ssh-key.private_key))
 
-- name: git-kubo-deployment
-  type: git
-  source:
-    uri: [email protected]:cloudfoundry-incubator/kubo-deployment.git
-    branch: develop
-    private_key: ((git-ssh-key.private_key))
-    ignore_paths:
-    - 'LICENSE'
-    - 'NOTICE'
-
 - name: git-kubo-release
   type: git
   source:
@@ -83,13 +73,6 @@ resources:
     deployment: compilation-windows
     skip_check: true
 
-- name: gcs-kubo-deployment-tarball-untested
-  type: gcs
-  source:
-    json_key: ((gcs-json-key))
-    bucket: kubo-pipeline-store
-    regexp: dev-builds/kubo-deployment-(.*).tgz
-
 - name: gcs-kubo-release-tarball-untested
   type: gcs
   source:
@@ -104,38 +87,7 @@ resources:
     bucket: kubo-pipeline-store
     regexp: dev-windows-builds/kubo-.*-windows2019-.*-(.*).tgz
 
-- name: slack-alert
-  type: slack-notification
-  source:
-    url: ((build-alert-slack-url))
-
 jobs:
-- name: run-unit-tests-release
-  plan:
-  - get: git-kubo-ci
-  - get: git-kubo-release
-    trigger: true
-  - task: run-release-unit-tests
-    file: git-kubo-ci/tasks/run-release-unit-tests.yml
-    on_failure: &on_failure_alert
-      do:
-      - task: configure-slack-notification
-        file: git-kubo-ci/tasks/configure-slack-notification.yml
-      - put: slack-alert
-        params:
-          attachments_file: slack-notification/attachments
-          text: |
-            Build Failed. https://ci.kubo.sh/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME
-
-- name: run-unit-tests-deployment
-  plan:
-  - get: git-kubo-ci
-  - get: git-kubo-deployment
-    trigger: true
-  - task: run-deployment-unit-tests
-    file: git-kubo-ci/tasks/run-deployment-unit-tests.yml
-    on_failure: *on_failure_alert
-
 - name: build
   plan:
   - in_parallel:
@@ -147,18 +99,11 @@ jobs:
     - get: git-kubo-windows-release
       trigger: true
     - get: git-kubo-release
-      passed: [ 'run-unit-tests-release' ]
-      trigger: true
-    - get: git-kubo-deployment
-      passed: [ 'run-unit-tests-deployment' ]
       trigger: true
   - in_parallel:
     - do:
       - task: build-kubo-release
         file: git-kubo-ci/tasks/build-kubo-release.yml
-        on_failure: *on_failure_alert
-        params:
-          release: kubo
       - task: generate-compilation-manifest
         file: git-kubo-ci/tasks/generate-compilation-manifest.yml
         params:
@@ -181,7 +126,6 @@ jobs:
     - do:
       - task: build-kubo-windows-release
         file: git-kubo-ci/tasks/build-kubo-release.yml
-        on_failure: *on_failure_alert
         input_mapping: {git-kubo-release: git-kubo-windows-release}
         output_mapping: {kubo-release: kubo-windows-release}
         params:
@@ -207,9 +151,6 @@ jobs:
           gcs-source-json: director-source-json
           compilation-deployment: compilation-deployment-windows
         output_mapping: {compiled-releases: compiled-releases-windows}
-    - task: build-kubo-deployment-tarball
-      file: git-kubo-ci/tasks/build-kubo-deployment-tarball.yml
-      on_failure: *on_failure_alert
   - put: gcs-kubo-release-tarball-untested
     attempts: 10
     params:
@@ -218,9 +159,6 @@ jobs:
     attempts: 10
     params:
       file: compiled-releases-windows/kubo-*.tgz
-  - put: gcs-kubo-deployment-tarball-untested
-    params:
-      file: kubo-deployment-tarball/kubo-deployment*.tgz
 
 - name: bump-version
   plan:
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,7 +3,6 @@ @@
     /.blobs
     /staging
     /blobs
-    /bin
     /pkg
     /releases/*.tgz
     /dev_releases
@@ Expand Down @@