chore(helmbroker): add drone

Author: lijianguo

.drone/drone.yml

@@ -0,0 +1,170 @@
+kind: pipeline
+type: docker
+name: linux-amd64
+
+platform:
+  arch: amd64
+  os: linux
+
+steps:
+- name: test
+  image: docker.io/drycc/go-dev
+  pull: always
+  privileged: true
+  commands:
+  - make test-style upload-coverage
+  environment:
+    VERSION: ${DRONE_TAG:-latest}-linux-amd64
+    DEV_REGISTRY: ${DEV_REGISTRY:-docker.io}
+    DRYCC_REGISTRY: ${DRYCC_REGISTRY:-docker.io}
+    CODECOV_TOKEN:
+      from_secret: codecov_token
+  when:
+    event:
+    - push
+    - tag
+    - pull_request
+  volumes:
+  - name: image_registries
+    path: /etc/containers/registries.conf
+
+- name: publish
+  image: docker.io/drycc/go-dev
+  pull: always
+  privileged: true
+  commands:
+  - echo $DOCKER_PASSWORD | docker login $DRYCC_REGISTRY --username $DOCKER_USERNAME --password-stdin
+  - make docker-build docker-immutable-push
+  environment:
+    VERSION: ${DRONE_TAG:-latest}-linux-amd64
+    DEV_REGISTRY:
+      from_secret: dev_registry
+    DRYCC_REGISTRY:
+      from_secret: drycc_registry
+    DOCKER_USERNAME:
+      from_secret: docker_username
+    DOCKER_PASSWORD:
+      from_secret: docker_password
+  when:
+    event:
+    - push
+    - tag
+  volumes:
+  - name: image_registries
+    path: /etc/containers/registries.conf
+
+trigger:
+  event:
+  - push
+  - tag
+  - pull_request
+
+volumes:
+- name: image_registries
+  host:
+    path: /etc/containers/registries.conf
+
+---
+kind: pipeline
+type: docker
+name: linux-arm64
+
+platform:
+  arch: arm64
+  os: linux
+
+steps:
+- name: publish
+  image: docker.io/drycc/go-dev
+  pull: always
+  privileged: true
+  commands:
+  - echo $DOCKER_PASSWORD | docker login $DRYCC_REGISTRY --username $DOCKER_USERNAME --password-stdin
+  - make docker-build docker-immutable-push
+  environment:
+    VERSION: ${DRONE_TAG:-latest}-linux-arm64
+    DEV_REGISTRY:
+      from_secret: dev_registry
+    DRYCC_REGISTRY:
+      from_secret: drycc_registry
+    DOCKER_USERNAME:
+      from_secret: docker_username
+    DOCKER_PASSWORD:
+      from_secret: docker_password
+  volumes:
+  - name: image_registries
+    path: /etc/containers/registries.conf
+
+trigger:
+  event:
+  - push
+  - tag
+
+volumes:
+- name: image_registries
+  host:
+    path: /etc/containers/registries.conf
+
+---
+kind: pipeline
+type: docker
+name: manifest
+
+steps:
+- name: generate manifest
+  image: docker.io/library/alpine
+  pull: always
+  commands:
+  - sed -i "s/docker.io/$${DRYCC_REGISTRY}/g" .drone/manifest.tmpl
+  environment:
+    DRYCC_REGISTRY:
+      from_secret: drycc_registry
+
+- name: publish
+  image: plugins/manifest
+  settings:
+    spec: .drone/manifest.tmpl
+    username:
+      from_secret: docker_username
+    password:
+      from_secret: docker_password
+  environment:
+    DEV_REGISTRY:
+      from_secret: dev_registry
+    DRYCC_REGISTRY:
+      from_secret: drycc_registry
+
+trigger:
+  event:
+  - push
+  - tag
+
+depends_on:
+- linux-amd64
+- linux-arm64
+
+---
+kind: pipeline
+type: docker
+name: chart
+
+steps:
+- name: generate chart
+  image: docker.io/drycc/python-dev
+  commands:
+  - IMAGE_TAG=$([ ! -z $DRONE_TAG ] && echo \"${DRONE_TAG:1}\" || echo \"canary\")
+  - sed -i "s/image_tag:\ \"canary\"/image_tag:\ $IMAGE_TAG/g" charts/helmbroker/values.yaml
+  - helm package charts/helmbroker --version ${DRONE_TAG:-v1.0.0}
+  - curl -u $CHARTMUSEUM_USERNAME:$CHARTMUSEUM_PASSWORD -F chart=@helmbroker-${DRONE_TAG:-v1.0.0}.tgz "$CHARTMUSEUM_API/api/$([ -z $DRONE_TAG ] && echo testing || echo stable)/charts"
+  environment:
+    CHARTMUSEUM_USERNAME:
+      from_secret: chartmuseum_username
+    CHARTMUSEUM_PASSWORD:
+      from_secret: chartmuseum_password
+    CHARTMUSEUM_API:
+      from_secret: chartmuseum_api
+
+trigger:
+  event:
+  - push
+  - tag

.drone/manifest.tmpl

@@ -0,0 +1,18 @@
+image: docker.io/drycc/helmbroker:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}canary{{/if}}
+{{#if build.tags}}
+tags:
+{{#each build.tags}}
+  - {{this}}
+{{/each}}
+{{/if}}
+manifests:
+  -
+    image: docker.io/drycc/helmbroker:{{#if build.tag}}{{build.tag}}-{{else}}latest-{{/if}}linux-amd64
+    platform:
+      architecture: amd64
+      os: linux
+  -
+    image: docker.io/drycc/helmbroker:{{#if build.tag}}{{build.tag}}-{{else}}latest-{{/if}}linux-arm64
+    platform:
+      architecture: arm64
+      os: linux

charts/helmbroker/templates/helmbroker-ingress.yaml

@@ -14,7 +14,7 @@ metadata:
     {{- end }}
 spec:
   rules:
-  - host: drycc.{{ .Values.platform_domain }}
+  - host: drycc-helmbroker.{{ .Values.platform_domain }}
     http:
       paths:
       - pathType: Prefix
@@ -32,5 +32,5 @@ spec:
   tls:
     - secretName: drycc-helmbroker-certificate-auto
       hosts:
-        - drycc.{{ .Values.platform_domain }}
+        - drycc-helmbroker.{{ .Values.platform_domain }}
   {{- end }}

charts/helmbroker/values.yaml

@@ -26,7 +26,7 @@ ingress_class: ""
 cluster_domain: "cluster.local"
 # The public resolvable hostname to build your cluster with.
 #
-# This will be the hostname that is used to build endpoints such as "drycc.$HOSTNAME"
+# This will be the hostname that is used to build endpoints such as "drycc-helmbroker.$HOSTNAME"
 platform_domain: ""
 # Whether cert_manager is enabled to automatically generate helmbroker certificates
 cert_manager_enabled: "true"

rootfs/Dockerfile

@@ -31,4 +31,4 @@ RUN apk add --update --virtual .build-deps \
   && /app/bin/install
 
 CMD ["/app/bin/boot"]
-EXPOSE 8000
+EXPOSE 5000

rootfs/Dockerfile.test

@@ -0,0 +1,36 @@
+FROM docker.io/library/python:3.9-alpine
+
+COPY requirements.txt /app/requirements.txt
+
+ENV PATH="/app/.venv/bin:${PATH}"
+
+COPY . /app
+
+WORKDIR /app
+
+RUN apk add --update --virtual .build-deps \
+    musl-dev \
+    openssl-dev \
+  && python3 -m venv /app/.venv \
+  && pip3 install --disable-pip-version-check --no-cache-dir -r /app/requirements.txt \
+  && pip3 install --disable-pip-version-check --no-cache-dir -r /app/dev_requirements.txt \
+  && runDeps="$( \
+    scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
+    | tr ',' '\n' \
+    | sort -u \
+    | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
+    )" \
+  && apk add --update --virtual .helmbroker-rundeps \
+    $runDeps \
+    ca-certificates \
+    su-exec \
+    bash \
+    shadow \
+    curl \
+  && apk del .build-deps \
+  && chmod +x /app/bin/* \
+  && /app/bin/install
+COPY . /app
+
+CMD ["/app/bin/boot"]
+EXPOSE 5000

rootfs/bin/install

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+#
+# This script is designed to be run inside the container
+#
+
+# fail hard and fast even on pipelines
+set -eou pipefail
+
+flake8 --show-source

rootfs/bin/test-style

@@ -0,0 +1,16 @@
+# test module
+# test
+# Run "make test-unit" for the % of code exercised during tests
+coverage==5.3
+
+# Run "make test-style" to check python syntax and style
+flake8==3.8.3
+
+# code coverage report at https://codecov.io/github/drycc/controller
+codecov==2.1.9
+
+# mock out python-requests, mostly k8s
+requests-mock==1.8.0
+
+# tail a log and pipe into tbgrep to find all tracebacks
+tbgrep==0.3.0

rootfs/dev_requirements.txt

@@ -1,11 +1,16 @@
 import os
 import shutil
+from typing import Union, List, Optional
 
 from openbrokerapi.errors import ErrInstanceAlreadyExists, ErrAsyncRequired, \
     ErrBindingAlreadyExists, ErrBadRequest, ErrInstanceDoesNotExist
-from openbrokerapi.service_broker import *
+from openbrokerapi.service_broker import ServiceBroker, Service, \
+    ProvisionDetails, ProvisionedServiceSpec, ProvisionState, GetBindingSpec, \
+    BindDetails, Binding, BindState, UnbindDetails, UnbindSpec, \
+    UpdateDetails, UpdateServiceSpec, DeprovisionDetails, \
+    DeprovisionServiceSpec, LastOperation
 
-from .meta import load_instance_meta, load_binding_meta, dump_binding_meta
+from .meta import load_instance_meta, load_binding_meta
 from .utils import get_instance_path, get_chart_path, get_plan_path, \
     get_addon_path, get_addon_name, get_addon_updateable, get_addon_bindable
 from .tasks import provision, bind, deprovision, update
@@ -27,12 +32,12 @@ def provision(self,
                   **kwargs) -> ProvisionedServiceSpec:
         instance_path = get_instance_path(instance_id)
         if os.path.exists(instance_path):
-            raise ErrInstanceAlreadyExists("Instance %s already exists" % instance_id)
+            raise ErrInstanceAlreadyExists("Instance %s already exists" % instance_id)  # noqa
         if not async_allowed:
             raise ErrAsyncRequired()
         os.makedirs(instance_path, exist_ok=True)
-        chart_path, plan_path =get_chart_path(instance_id), get_plan_path(instance_id)
-        addon_chart_path, addon_plan_path = get_addon_path(details.service_id, details.plan_id)
+        chart_path, plan_path = get_chart_path(instance_id), get_plan_path(instance_id)  # noqa
+        addon_chart_path, addon_plan_path = get_addon_path(details.service_id, details.plan_id)  # noqa
         shutil.copy(addon_chart_path, chart_path)
         shutil.copy(addon_plan_path, plan_path)
         provision.delay(instance_id, details)
@@ -61,15 +66,15 @@ def bind(self,
         instance_meta = load_instance_meta(instance_id)
         if not (instance_meta and
                 instance_meta['last_operation']['state'] == 'Ready'):
-            raise ErrBadRequest(msg="This instance %s is not ready" % instance_id)
+            raise ErrBadRequest(msg="This instance %s is not ready" % instance_id)  # noqa
         if not async_allowed:
             raise ErrAsyncRequired()
         instance_path = get_instance_path(instance_id)
         if os.path.exists(f'{instance_path}/bind.yaml'):
             raise ErrBindingAlreadyExists()
-        chart_path, plan_path = get_chart_path(instance_id), get_plan_path(instance_id)
+        chart_path, plan_path = get_chart_path(instance_id), get_plan_path(instance_id)  # noqa
         addon_name = get_addon_name(details.service_id)
-        shutil.copy(f'{plan_path}/bind.yaml', f'{chart_path}/{addon_name}/templates')
+        shutil.copy(f'{plan_path}/bind.yaml', f'{chart_path}/{addon_name}/templates')  # noqa
         bind.delay(instance_id, binding_id, details, async_allowed, **kwargs)
         return Binding(state=BindState.IS_ASYNC)
 
@@ -96,13 +101,13 @@ def update(self,
             raise ErrBadRequest("Instance %s does not exist" % instance_id)
         is_plan_updateable = get_addon_updateable(instance_id)
         if not is_plan_updateable:
-            raise ErrBadRequest("Instance %s does not updateable" % instance_id)
+            raise ErrBadRequest("Instance %s does not updateable" % instance_id)  # noqa
         if not async_allowed:
             raise ErrAsyncRequired()
         plan_path = get_plan_path(instance_id)
         # delete the pre plan
         shutil.rmtree(plan_path)
-        _, addon_plan_path = get_addon_path(details.service_id, details.plan_id)
+        _, addon_plan_path = get_addon_path(details.service_id, details.plan_id)  # noqa
         # add the new plan
         shutil.copy(addon_plan_path, plan_path)
         update.delay(instance_id, details)
@@ -115,7 +120,7 @@ def deprovision(self,
                     **kwargs) -> DeprovisionServiceSpec:
         instance_path = get_instance_path(instance_id)
         if not os.path.exists(instance_path):
-            raise ErrInstanceDoesNotExist("Instance %s not exists" % instance_id)
+            raise ErrInstanceDoesNotExist("Instance %s not exists" % instance_id)  # noqa
         if not async_allowed:
             raise ErrAsyncRequired()