Deploy review apps for pull request
- Install Virtualbox to power Minikube
- Install asdf to install dev tools and languages
- Run
bin/setup
The setup script will create a one-off root CA whose cert can be found at dev-resources/tls/ca.crt. If you want to make sure that portion of the ingress is working properly or just want to view the test review app over TLS, you can add that CA to your trust store. Firefox is a good browser for this because it manages its own trusted CAs rather than making you add them to the operating system.
- Start minikube with
minikube start - Start the operator with
bin/console. (It will run with iex attached.) - In another terminal, create a review app with
./bin/dev/create-review-app.sh - This will create a build job as well as the other review app resources, though the deployment will be scaled to 0 until the build finishes.
- 90s later, the build will finish and the deployment should be scaled up to 1 replica.
- You should now be able to access your review app at https://test-review-app-678.review.local if you set up the CA certificate in your trust store
- The test review app shows its environment and tests its DB connection by reading out the "migrations" table in its database. There should be a new migration for every deployment update, with the commit hash as the id.
- To simulate pushing a new commit to PR number 678, you can run
./bin/dev/patch-review-app.sh. This will kick off another build. - 90s later the second build will finish and the deployment will update. You should be able to see the updated version and new migration in the browser.
- To kill the review app, run
./bin/dev/delete-review-app.sh, and all related resources should be cleaned up by the operator.
- Upload the tarball to S3 (so the operator doesn't need GitHub access)
- Provide review app config from the repo's yaml file
- Provide branch, repoOwner, repo, PR # (as a string), commit hash, tarballUrl
- Update the commitHash, tarballUrl, and review app config when the PR is updated
- Sort out the k8s permissions required and annotate the controller
- I believe the AWS and Harbor permissions are already in the builder namespace and the same build jobs should work w/o any changes there
- Build job
- app deployment
- app service
- app ingress
- TLS secret for ingress
- app database (kubedb Postgres)
- init secret for app database (to copy from existing db)
- Delete the existing Job resource, if any
- Create a Job to build the review app
- Update the review app's status info with
- appStatus: status.appStatus || "building"
- buildStatus: "building"
- buildJobName: "build-{SHA}"
- image: "whatever"
- buildStartedAt: 1552453453
- buildCommit: {SHA}
- build_app
- Generate the resources and CREATE them, but use a 0 in the deployment replicas (The deployment resource builder can do ^ based on the status info on the ReviewApp)
- Exit if the commitHash == status.buildCommit (b/c we trigger our own events)
- build_app
- Exit unless status.buildStatus == "building"
- check the job's status
- If still building, exit
- If error
- set status.buildStatus = "error"
- just stop
- If done
- Update the deployment based on the latest in the ReviewApp, this time with 1 replica and the new image tag
- Set status.buildStatus = "success"
- Set status.appStatus = "deployed"
(I believe this gets called every 30s by default)
Tear down all of the resources, including the current build job specified on the review app