Merge branch 'main' into main

.github/workflows/AutomatedAppDeploy.yml

@@ -0,0 +1,19 @@
+name: AutomatedAppDeploy
+
+on:
+  repository_dispatch:
+    types: AutomatedAppDeploy
+jobs:
+  build:
+    name: automated deploy from main
+    runs-on: ubuntu-latest
+    steps:  
+      - name: Checkout code
+        uses: actions/checkout@v2 
+      - name: Deployment
+        uses: armory/cli-deploy-action@main
+        with:
+          clientId: "${{ secrets.CDAAS_CLIENT_ID }}"  # "61ihoLa6dkk5SRwAy232H0TJk1xTBbK6"
+          clientSecret:  "${{ secrets.CDAAS_CLIENT_SECRET }}" #Client secret that you created in the Armory Cloud Console that has been encrypted with GitHub's encrypted secrets.
+          path-to-file: "/deploy-automated-2-env.yml" # Path to the deployment file. For more information, see the Create a deployment file section.
+          applicationName: "potato-facts" 

.github/workflows/alwaysfail.yml

@@ -0,0 +1,30 @@
+name: Webhook Callback
+
+on:
+  repository_dispatch:
+    types: alwaysfail
+
+jobs:
+  respond:
+    name: Calls the callback being passed in
+    runs-on: ubuntu-latest
+    steps:
+      - name: getToken
+        id: getToken
+        uses: fjogeleit/http-request-action@master
+        with:
+          url: "https://auth.cloud.armory.io/oauth/token"
+          method: "POST"
+          customHeaders: '{ "Content-Type": "application/x-www-form-urlencoded" }'
+          data: 'audience=https://api.cloud.armory.io&grant_type=client_credentials&client_id=${{ secrets.CDAAS_CLIENT_ID }}&client_secret=${{ secrets.CDAAS_CLIENT_SECRET }}'
+      - name: callCallback
+        id: callCallback
+        uses: fjogeleit/http-request-action@master
+        with:
+          url: ${{ github.event.client_payload.callbackUri }}
+          method: 'POST'
+          bearerToken: ${{ fromJSON(steps.getToken.outputs.response).access_token }}
+          customHeaders: '{ "Content-Type": "application/json" }'
+          data: '{ "success": false, "mdMessage": "Webhook successful: no errors found in logs service: ${{ github.event.client_payload.service }}" }'
+      - name: show http response
+        run: echo ${{ steps.callCallback.outputs.response }}

.github/workflows/checkLogs.yml

@@ -25,6 +25,6 @@ jobs:
           method: 'POST'
           bearerToken: ${{ fromJSON(steps.getToken.outputs.response).access_token }}
           customHeaders: '{ "Content-Type": "application/json" }'
-          data: '{ "success": true, "mdMessage": "Webhook successful: no errors found in logs" }'
+          data: '{ "success": true, "mdMessage": "Webhook successful: no errors found in logs service: ${{ github.event.client_payload.service }}" }'
       - name: show http response
         run: echo ${{ steps.callCallback.outputs.response }}

.github/workflows/manualInput.yml

@@ -0,0 +1,24 @@
+name: Mixed inputs
+
+on:
+  workflow_dispatch:
+    inputs:
+      template:
+        type: choice
+        description: template
+        options: 
+        - Template 1 - v1
+        - Template 1 - v2
+        - Template 2 - v2
+      name:
+        required: true
+      nodeCount:
+        required: true
+
+jobs:
+  greet:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Send greeting
+      run: echo "${{ github.event.inputs.message }} ${{ fromJSON('["", ""]')[github.event.inputs.use-emoji == 'true'] }} ${{ github.event.inputs.name }}"

.github/workflows/stackhawk-webhook.yml

@@ -0,0 +1,35 @@
+name: stackhawk
+
+on:
+  repository_dispatch:
+    types: stackhawk
+
+jobs:
+  test:
+    name: stackhawk
+    runs-on: ubuntu-latest
+    steps:
+      - name: getToken
+        id: getToken
+        uses: fjogeleit/http-request-action@master
+        with:
+          url: "https://auth.cloud.armory.io/oauth/token"
+          method: "POST"
+          customHeaders: '{ "Content-Type": "application/x-www-form-urlencoded" }'
+          data: 'audience=https://api.cloud.armory.io&grant_type=client_credentials&client_id=${{ secrets.CDAAS_CLIENT_ID }}&client_secret=${{ secrets.CDAAS_CLIENT_SECRET }}'        
+
+      - uses: actions/checkout@v2
+      - uses: stackhawk/[email protected]
+        with:
+          apiKey: ${{ secrets.HAWK_API_KEY }}
+      - name: callCallback
+        id: callCallback
+        uses: fjogeleit/http-request-action@master
+        with:
+          url: ${{ github.event.client_payload.callbackUri }}
+          method: 'POST'
+          bearerToken: ${{ fromJSON(steps.getToken.outputs.response).access_token }}
+          customHeaders: '{ "Content-Type": "application/json" }'
+          data: '{ "success": true, "mdMessage": "Webhook was successful: ${{ github.event.client_payload.callbackUri }}" }'
+      - name: show http response
+        run: echo ${{ steps.callCallback.outputs.response }}

Jenkinsfile

@@ -0,0 +1,31 @@
+pipeline {
+    agent any
+    stages {
+
+        stage('Start Deploy image') {
+            //agent {
+            //    kubernetes {
+
+            //containerTemplate{
+            //    image 'mrnonz/alpine-git-curl:latest'
+            //    name 'armory-cli'
+            //    command '/bin/sh -c "git clone https://github.com/stephenatwell/borealis-demo-1.git && cd borealis-demo-1 && pwd && curl -sL https://github.com/armory/armory-cli/releases/latest/download/armory-linux-amd64 > ./armory && chmod +x ./armory && ls -la && /bin/sh -c \'/borealis-demo-1/armory deploy start -f deploy.yml -c CLIENT_ID -s SECRET\'"'
+            //}
+            //        defaultContainer 'armory-cli'
+            //        yamlFile 'jenkinsPod.yml'
+            //        idleMinutes 1
+            //    }
+            //}
+            tools{
+                CustomTool 'armory'
+            }
+            steps{
+                //container('armory-cli'){
+                    sh 'echo $PATH'
+                    sh 'ls -la /bin'
+                    sh 'armory deploy start -f deploy.yml -c CLIENT_ID -s SECRET'
+                //}
+            }
+        }
+    }
+}

changeme.txt

@@ -0,0 +1,2 @@
+just edit me to kick off a build
+fsadasdsa

deploy-locust-w-jenkins.yml

@@ -0,0 +1,236 @@
+# reminder:
+# kubectl port-forward service/load-test-locust 8089:8089 -n=borealis-perftest
+
+version: v1
+kind: kubernetes
+application: potato-facts-locust2
+# Map of Deployment Targets, this is set up in a way where 
+# we can do multi-target deployments (multi-region or multi-cluster)
+targets:
+  # This in the name of a deployment, underneath it are its configuration
+  dev:
+    # the name of an agent configured account
+    account: demo-dev-cluster #sa-eks-direct #saClusterViaHelm
+    # Optionally override the namespaces that are in the manifests
+    namespace: borealis-dev
+    # This is the key to a strategy under the strategies map
+    strategy: rolling
+  staging:
+    # the name of an agent configured account
+    account: demo-staging-cluster
+    # Optionally override the namespaces that are in the manifests
+    namespace: borealis-staging
+    # This is the key to a strategy under the strategies map
+    strategy: rolling
+    # This is a list of manifest names that should be included in this deployment
+    constraints:
+      dependsOn: ["dev"]
+      afterDeployment:
+      - runWebhook:
+          name: Integration_Tests
+  perf:
+    # the name of an agent configured account
+    account: demo-staging-cluster
+    # Optionally override the namespaces that are in the manifests
+    namespace: borealis-perftest
+    # This is the key to a strategy under the strategies map
+    strategy: rolling
+    # This is a list of manifest names that should be included in this deployment
+    constraints:
+      dependsOn: ["dev"]
+      afterDeployment:
+      - pause:
+          untilApproved: true
+  infosec:
+    # the name of an agent configured account
+    account: demo-staging-cluster
+    # Optionally override the namespaces that are in the manifests
+    namespace: borealis-infosec
+    # This is the key to a strategy under the strategies map
+    strategy: rolling
+    constraints:
+      dependsOn: ["dev"]
+      afterDeployment:
+      - runWebhook:
+          name: Security_Scanners
+  prod-west:
+    # the name of an agent configured account
+    account: demo-prod-west-cluster
+    # Optionally override the namespaces that are in the manifests
+    namespace: borealis-prod
+    # This is the key to a strategy under the strategies map
+    strategy: mycanary
+    constraints:
+      dependsOn: ["staging","perf","infosec"]
+      beforeDeployment:
+      - pause:
+          untilApproved: true
+  prod-eu:
+    # the name of an agent configured account
+    account: demo-prod-eu-cluster
+    # Optionally override the namespaces that are in the manifests
+    namespace: borealis-prod-eu
+    # This is the key to a strategy under the strategies map
+    strategy: myBlueGreen
+    constraints:
+      dependsOn: [ "staging","perf","infosec" ]
+      beforeDeployment:
+        - pause:
+            untilApproved: true
+  prod-east:
+    # the name of an agent configured account
+    account: demo-prod-west-cluster
+    # Optionally override the namespaces that are in the manifests
+    namespace: borealis-prod-east
+    # This is the key to a strategy under the strategies map
+    strategy: mycanary
+    constraints:
+      dependsOn: [ "staging","perf","infosec" ]
+      beforeDeployment:
+        - pause:
+            untilApproved: true
+# The list of manifests sources
+manifests:
+  # This will read all yaml|yml files in a dir and deploy all manifests in that directory to all targets.
+  - path: manifests/potato-facts.yml
+  - path: manifests/potato-facts-external-service.yml
+    targets: [prod-west, prod-eu, prod-east]
+  - path: manifests/potato-lies.yml
+  - path: manifests/potato-facts-internal-service.yml
+    targets: [perf-test]
+  - path: thirdParty/locust/generatedManifest.yml
+    targets: [perf]
+
+# The map of strategies, a deployment target will reference one of these
+strategies:
+  # this is the name for the strategy
+  mycanary:
+    # This map key, is the deployment strategy type
+    canary: 
+        # List of canary steps
+        steps:
+          # The map key is the step type
+          - setWeight:
+              weight: 25
+          - analysis:
+              interval: 10
+              units: seconds
+              numberOfJudgmentRuns: 1
+              rollBackMode: manual
+              rollForwardMode: automatic
+              queries:
+              - avgCPUUsage-pass
+          - runWebhook:
+              name: Check_Logs
+          #- pause:
+          #    untilApproved: true
+          - setWeight:
+              weight: 50
+          - analysis:
+              interval: 7
+              units: seconds
+              numberOfJudgmentRuns: 3
+              rollBackMode: manual
+              rollForwardMode: manual
+              queries: 
+              - avgCPUUsage-fail
+              - avgCPUUsage-pass
+          - runWebhook:
+              name: Check_Logs
+          - setWeight:
+              weight: 100
+  rolling:
+    canary:
+      steps: 
+      - setWeight:
+          weight: 100
+  myBlueGreen:
+    blueGreen:
+#      activeService: potato-facts-external
+      redirectTrafficAfter:
+        - analysis:
+            interval: 10
+            units: seconds
+            numberOfJudgmentRuns: 1
+            rollBackMode: manual
+            rollForwardMode: automatic
+            queries:
+              - avgCPUUsage-pass
+      shutDownOldVersionAfter:
+        - pause:
+            untilApproved: true
+        - runWebhook:
+            name: Check_Logs
+        - analysis:
+            interval: 7
+            units: seconds
+            numberOfJudgmentRuns: 1
+            rollBackMode: manual
+            queries:
+              - avgCPUUsage-pass
+analysis:
+  defaultMetricProviderName: Stephen-Prometheus
+  queries:
+    - lowerLimit: 0
+      name: avgCPUUsage-pass
+      queryTemplate: avg (avg_over_time(container_cpu_system_seconds_total{job="kubelet"}[{{armory.promQlStepInterval}}]) * on (pod)  group_left (annotation_app) sum(kube_pod_annotations{job="kube-state-metrics",annotation_deploy_armory_io_replica_set_name="{{armory.replicaSetName}}"}) by (annotation_app, pod)) by (annotation_app) OR on() vector(0)
+      upperLimit: 10000
+    - lowerLimit: 0
+      name: avgCPUUsage-fail
+      queryTemplate: "avg (avg_over_time(container_cpu_system_seconds_total{job=\"kubelet\"}[{{armory.promQlStepInterval}}]) * on (pod)  group_left (annotation_app)\n sum(kube_pod_annotations{job=\"kube-state-metrics\",annotation_deploy_armory_io_replica_set_name=\"{{armory.replicaSetName}}\"})\n by (annotation_app, pod)) by (annotation_app) "
+      upperLimit: 0.001
+
+trafficManagement:
+  - targets: [prod-east]
+    smi:
+      - rootServiceName: potato-facts-cluster-svc
+      - rootServiceName: potato-lies-cluster-svc
+  - targets: [prod-eu]
+    kubernetes:
+      - activeService: potato-facts-external
+      - activeService: potato-lies-external
+
+webhooks: #Note: All webhooks in this demo simply cann the github action workflow for the 'webhookCallback' event on a github repo. They have different names for demo purposes.
+  - name: Check_Logs
+    method: POST
+    uriTemplate: https://api.github.com/repos/{{secrets.github_org}}/{{secrets.github_repository}}/dispatches
+    headers:
+      - key: Authorization
+        value: token {{secrets.github_token}}
+      - key: Content-Type
+        value: application/json
+    bodyTemplate:
+      inline:  >-
+        {
+        "event_type": "webhookCallback",
+        "client_payload": {
+            "callbackUri": "{{armory.callbackUri}}/callback"
+            }
+        }
+    retryCount: 3
+  - name: Security_Scanners
+    method: POST
+    uriTemplate: https://api.github.com/repos/{{secrets.github_org}}/{{secrets.github_repository}}/dispatches
+    headers:
+      - key: Authorization
+        value: token {{secrets.github_token}}
+      - key: Content-Type
+        value: application/json
+    bodyTemplate:
+      inline:  >-
+        {
+        "event_type": "checkLogs",
+        "client_payload": {
+            "callbackUri": "{{armory.callbackUri}}/callback"
+            }
+        }
+    retryCount: 3
+  - name: Integration_Tests
+    method: POST
+    uriTemplate: http://jenkins.jenkins:8080/job/WebhookCallback/buildWithParameters?url={{armory.callbackUri}}/callback
+    retryCount: 3
+    agentIdentifier: demo-staging-cluster
+    networkMode: remoteNetworkAgent
+    headers:
+      - key: Authorization
+        value: Basic YWRtaW46MTExYmNhMzBlZGIwZTdkYTU2MzE3YTk4ZTY2ODNiNDM1YQ==