Migrate to cff concourse#1616
Merged
Merged
Conversation
aramprice
force-pushed
the
migrate-to-cff-concourse
branch
from
0593906 to
1298a8e
Compare
There was a problem hiding this comment.
Pull request overview
This PR migrates the project’s Concourse pipeline to a CFF-style setup by replacing Shepherd-based environment provisioning with BBL-managed bosh-lite environments and updating CI tasks/images accordingly.
Changes:
- Reworks
ci/pipeline.ymlto run system tests and DRATs against BBL-provisioned environments (with newbbl-up,extract-bbl-env, andbbl-downtasks). - Updates DRATs and B-DRATs integration config generation tasks to source env credentials from
bbl print-envrather than pipeline-passed CredHub/BOSH params. - Adjusts pipeline Git auth (deploy key for main repo) and updates task images to
cloudfoundry/cf-deployment-concourse-tasks.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| ci/tasks/setup-drats-integration-config/task.yml | Drops explicit CredHub/BOSH/jumpbox params; relies on BBL-sourced env vars plus SYSTEM_DOMAIN. |
| ci/tasks/setup-drats-integration-config/task.sh | Uses bbl print-env from the mapped env input; derives jumpbox info from BOSH proxy env. |
| ci/tasks/setup-b-drats-integration-config/task.yml | Switches task image to cloudfoundry/cf-deployment-concourse-tasks. |
| ci/tasks/setup-b-drats-integration-config/task.sh | Generates B-DRATs integration config from bbl print-env-provided director/jumpbox credentials. |
| ci/tasks/extract-bbl-env/task.yml | Adds a task to extract BBL env details into a bosh-env/metadata.yml format for downstream tasks. |
| ci/tasks/extract-bbl-env/task.sh | Implements extraction/parsing of jumpbox + BOSH creds from BBL env. |
| ci/tasks/bbl-up/task.yml | Adds a BBL “up” task to provision bosh-lite on GCP with shared params. |
| ci/tasks/bbl-up/task.sh | Runs bbl plan/bbl up with bosh-deployment and plan patches. |
| ci/tasks/bbl-down/task.yml | Adds a BBL “down” task to tear down the environment. |
| ci/tasks/bbl-down/task.sh | Runs bbl down --no-confirm in the state directory. |
| ci/pipeline.yml | Major pipeline refactor: introduces BBL provisioning/teardown, removes Shepherd resources, updates git auth, and rewires DRATs jobs. |
| ci/configure.sh | Refactors pipeline rendering + fly set-pipeline, adds a DEBUG output path. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
cf-foundation-community-automation
Bot
moved this to Inbox
in Foundational Infrastructure Working Group
aramprice
force-pushed
the
migrate-to-cff-concourse
branch
2 times, most recently
from
6934212 to
722c3ff
Compare
Member
Author
|
@coderabbitai review |
aramprice
force-pushed
the
migrate-to-cff-concourse
branch
2 times, most recently
from
ed4fcc2 to
8c2b916
Compare
aramprice
force-pushed
the
migrate-to-cff-concourse
branch
2 times, most recently
from
2b06f7d to
16654a6
Compare
aramprice
force-pushed
the
migrate-to-cff-concourse
branch
from
c7854b5 to
39140c0
Compare
Member
Author
|
/easycla |
aramprice
force-pushed
the
migrate-to-cff-concourse
branch
3 times, most recently
from
6249164 to
dd6ba78
Compare
mkocher
approved these changes
Jun 18, 2026
aramprice
force-pushed
the
migrate-to-cff-concourse
branch
5 times, most recently
from
e5c61f3 to
54cecfa
Compare
aramprice
force-pushed
the
migrate-to-cff-concourse
branch
2 times, most recently
from
b2ab96a to
5657ed6
Compare
Replace hard-coded stemcell OS names and file paths with environment variables (STEMCELL_OS, FIXTURES_DIR, AWS_REGION). Update all BOSH fixture manifests to use the ((stemcell-os)) variable, and update Go test suites across integration, system, and ssh packages to read fixture paths and stemcell configuration from the environment rather than hard-coded strings.
aramprice
force-pushed
the
migrate-to-cff-concourse
branch
from
5657ed6 to
8259bf9
Compare
aramprice
requested review from
a team,
dlresende and
mrosecrance
and removed request for
a team
aramprice
force-pushed
the
migrate-to-cff-concourse
branch
from
8259bf9 to
44a5991
Compare
aramprice
force-pushed
the
migrate-to-cff-concourse
branch
from
44a5991 to
bf5b50b
Compare
Replace static pre-provisioned environments with dynamic bbl up/down provisioning for each pipeline job using GCP BOSH-lite directors. - Add bbl-up, bbl-down, and extract-bbl-env tasks for per-job environment lifecycle management - Switch run-drats CF deployment to ubuntu-noble warden containers with cf-deployment v57 compiled releases - Pin BPM to 1.4.33 to fix cgroup v2 job startup hang on noble hosts - Serialize CF instance group updates to prevent cgroup contention across simultaneous noble warden containers - Configure BOSH DNS recursors (8.8.8.8, 8.8.4.4) so warden containers can resolve external DNS (GCP metadata DNS is not reachable from the 10.244.x.x warden network) - Add BOSH DNS wildcard alias for *.bosh-lite.com to the CF router IP so noble containers resolve CF API and app routes via BOSH DNS - Add 8.8.8.8 to silk-cni dns_servers as external DNS fallback since 169.254.169.254 is not routable inside the warden network - Raise inotify limits on the director VM to prevent Envoy and systemd from aborting when the shared kernel watch limit is exhausted - Upgrade os-conf to v23 (bosh-lite.yml pins v18 which lacks pre-start-script); enables iptables FORWARD policy to be set at director startup so warden container IPs are reachable from jumpbox - Enable IP forwarding on the director VM via an os-conf pre-start-script ops file injected during bbl up; sets iptables FORWARD policy to ACCEPT so warden container IPs (10.244.x.x) are reachable from the jumpbox - Route DRATS acceptance tests through the jumpbox via sshuttle and dnsmasq since Concourse workers cannot reach 10.244.0.0/16 - Fix CredHub and UAA TLS trust by concatenating both the CredHub TLS CA and the BOSH director CA into CREDHUB_CA_CERT - Use `instances: 3` instead of `instances: 20` in fixtures/many-bbr-jobs.yml
mkocher
approved these changes
Jun 18, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
New pipeline: https://bosh.ci.cloudfoundry.org/teams/main/pipelines/bbr-cli
Currently configured to pull https://bosh.ci.cloudfoundry.org/teams/main/pipelines/bbr-cli/resources/bosh-backup-and-restore-ci
migrate-to-cff-concoursebranch.S3 Buckets have been renamed. Existing buckets have not been modified but do exist in an AWS account named "PCF Backup Restore".