Insta 12464 initial commit

ci/.pipeline-config-pr.yaml

@@ -0,0 +1,151 @@
+version: "2"
+
+tasks:
+  pr-code-checks:
+    displayName: "Build amd64 image"
+    onError: stopAndFail
+    include:
+      - dind
+    steps:
+      - name: build-image
+        include:
+          - docker-socket
+        script: |
+          #!/usr/bin/env bash
+          if [[ "\$PIPELINE_DEBUG" == 1 ]]; then
+              trap env EXIT
+              env
+              set -x
+          fi
+          source $WORKSPACE/$PIPELINE_CONFIG_REPO_PATH/ci/sps-scripts/sps-build-container-image-task.sh linux/amd64
+      - name: detect-secrets
+        include:
+          - docker-socket
+      - name: compliance-checks
+        when: false
+
+  pr-code-checks-2:
+    displayName: "Build arm64 image"
+    onError: stopAndFail
+    include:
+      - dind
+    steps:
+      - name: build-image
+        include:
+          - docker-socket
+        script: |
+          #!/usr/bin/env bash
+          if [[ "\$PIPELINE_DEBUG" == 1 ]]; then
+              trap env EXIT
+              env
+              set -x
+          fi
+          source $WORKSPACE/$PIPELINE_CONFIG_REPO_PATH/ci/sps-scripts/sps-build-container-image-task.sh linux/arm64
+      - name: detect-secrets
+        include:
+          - docker-socket
+      - name: compliance-checks
+        when: false
+
+  pr-code-checks-3:
+    displayName: "Build s390x image"
+    onError: stopAndFail
+    include:
+      - dind
+    steps:
+      - name: build-image
+        include:
+          - docker-socket
+        script: |
+          #!/usr/bin/env bash
+          if [[ "\$PIPELINE_DEBUG" == 1 ]]; then
+              trap env EXIT
+              env
+              set -x
+          fi
+          source $WORKSPACE/$PIPELINE_CONFIG_REPO_PATH/ci/sps-scripts/sps-build-container-image-task.sh linux/s390x
+      - name: detect-secrets
+        include:
+          - docker-socket
+      - name: compliance-checks
+        when: false
+  pr-code-checks-4:
+    displayName: "Build ppc64le image"
+    onError: stopAndFail
+    include:
+      - dind
+    steps:
+      - name: build-image
+        include:
+          - docker-socket
+        script: |
+          #!/usr/bin/env bash
+          if [[ "\$PIPELINE_DEBUG" == 1 ]]; then
+              trap env EXIT
+              env
+              set -x
+          fi
+          source $WORKSPACE/$PIPELINE_CONFIG_REPO_PATH/ci/sps-scripts/sps-build-container-image-task.sh linux/ppc64le
+      - name: detect-secrets
+        include:
+          - docker-socket
+      - name: compliance-checks
+        when: false
+
+  pr-code-checks-5:
+    displayName: e2e-ocp-latest
+    include:
+      - dind
+    steps:
+      - name: unit-test
+        image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
+        script: |
+          #!/usr/bin/env bash
+          if [[ "$PIPELINE_DEBUG" == 1 ]]; then
+            trap env EXIT
+            env
+            set -x
+          fi
+          if [[ "$(get_env run-ocp-fyre-latest)" == "false" ]]; then
+              echo "skipping tests due to run-ocp-fyre-latest being false"
+              exit 0
+          fi
+          SKIP_INSTALL_GCLOUD=true
+          source $WORKSPACE/$PIPELINE_CONFIG_REPO_PATH/ci/sps-scripts/setup.sh
+          source $WORKSPACE/$PIPELINE_CONFIG_REPO_PATH/ci/sps-scripts/build.sh
+          source $WORKSPACE/$PIPELINE_CONFIG_REPO_PATH/ci/sps-scripts/e2e.sh ocp-fyre-latest pr-code-checks 5
+      - name: detect-secrets
+        include:
+          - docker-socket
+      - name: compliance-checks
+        include:
+          - docker-socket
+
+  pr-code-checks-6:
+    from: pr-code-checks
+    displayName: e2e-gke-latest
+    include:
+      - dind
+    steps:
+      - name: unit-test
+        image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3
+        script: |
+          #!/usr/bin/env bash
+          if [[ "$PIPELINE_DEBUG" == 1 ]]; then
+            trap env EXIT
+            env
+            set -x
+          fi
+          if [[ "$(get_env run-gke-latest)" == "false" ]]; then
+              echo "skipping tests due to run-gke-latest being false"
+              exit 0
+          fi
+          source $WORKSPACE/$PIPELINE_CONFIG_REPO_PATH/ci/sps-scripts/setup.sh
+          source $WORKSPACE/$PIPELINE_CONFIG_REPO_PATH/ci/sps-scripts/build.sh
+          source $WORKSPACE/$PIPELINE_CONFIG_REPO_PATH/ci/sps-scripts/e2e.sh gke-latest pr-code-checks-6
+      - name: detect-secrets
+        include:
+          - docker-socket
+      - name: compliance-checks
+        include:
+          - docker-socket

ci/sps-scripts/build.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+set -euo pipefail
+echo "Building instana-agent helm chart..."
+
+# Previously we build rancher charts and vanilla helm charts, but rancher
+# switched their approaches and instead of allowing pushes of special charts
+# is hosting their own overlay files now in https://github.com/rancher/partner-charts/tree/main-source/packages/instana/instana-agent/overlay
+
+SOURCE_DIRECTORY=$(git rev-parse --show-toplevel)
+TARGET_DIRECTORY=artefacts
+NEW_CHART_VERSION=$(cat "${SOURCE_DIRECTORY}/versions/INSTANA_AGENT_CHART_VERSION")
+HELM_APP_VERSION=$(cat "${SOURCE_DIRECTORY}/versions/INSTANA_AGENT_APP_VERSION")
+
+cd "${SOURCE_DIRECTORY}"
+rm -rf "${TARGET_DIRECTORY}"
+mkdir -p "${TARGET_DIRECTORY}"
+
+CHART_TARGET_DIRECTORY="${TARGET_DIRECTORY}/helm-charts"
+
+echo "Copying changes from canonical to ${CHART_TARGET_DIRECTORY}"
+rsync -avr "${SOURCE_DIRECTORY}/canonical/." "${CHART_TARGET_DIRECTORY}"
+
+echo "Injecting versions in Chart.yaml"
+yq eval -i ".appVersion = \"${HELM_APP_VERSION}\"" "${SOURCE_DIRECTORY}/${CHART_TARGET_DIRECTORY}/Chart.yaml"
+yq eval -i ".version = \"${NEW_CHART_VERSION}\"" "${SOURCE_DIRECTORY}/${CHART_TARGET_DIRECTORY}/Chart.yaml"
+
+
+echo "Downloading operator release yaml"
+rm -rf operator-download
+mkdir -p operator-download
+pushd operator-download
+curl -L https://github.com/instana/instana-agent-operator/releases/latest/download/instana-agent-operator.yaml | yq  -s '"operator_" + .kind + "_" + .metadata.name'
+echo "Extracting CRD"
+mkdir -p "${SOURCE_DIRECTORY}/${CHART_TARGET_DIRECTORY}/crds"
+# ensure to use lowercase letters for all filenames
+for file in *; do
+  mv "$file" "$(echo "$file" | tr '[:upper:]' '[:lower:]')"
+done
+mv ./*customresourcedefinition* "${SOURCE_DIRECTORY}/${CHART_TARGET_DIRECTORY}/crds/operator_customresourcedefinition_agents_instana_io.yml"
+
+# fetch current value of container image from the operator release and use it for default values.yaml
+OPERARTOR_IMAGE=$(yq ".spec.template.spec.containers[0].image" "./operator_deployment_instana-agent-controller-manager.yml")
+echo "OPERARTOR_IMAGE=${OPERARTOR_IMAGE}"
+OPERARTOR_REPO=$(echo "${OPERARTOR_IMAGE}" | awk -F '[:]' '{print $1}')
+echo "OPERARTOR_REPO=${OPERARTOR_REPO}"
+OPERARTOR_TAG=$(echo "${OPERARTOR_IMAGE}" | awk -F '[:]' '{print $2}')
+echo "OPERARTOR_TAG=${OPERARTOR_TAG}"
+yq eval -i ".controllerManager.image.name = \"${OPERARTOR_REPO}\"" "${SOURCE_DIRECTORY}/${CHART_TARGET_DIRECTORY}/values.yaml"
+yq eval -i ".controllerManager.image.tag = \"${OPERARTOR_TAG}\"" "${SOURCE_DIRECTORY}/${CHART_TARGET_DIRECTORY}/values.yaml"
+sed -i "s/instana-agent-operator:latest/instana-agent-operator:${OPERARTOR_TAG}/g" "${SOURCE_DIRECTORY}/${CHART_TARGET_DIRECTORY}/templates/operator_deployment_instana-agent-controller-manager.yml"
+
+popd
+rm -rf operator-download
+
+helm package "${CHART_TARGET_DIRECTORY}/." \
+    --version "${NEW_CHART_VERSION}" \
+    --app-version "${HELM_APP_VERSION}" \
+    --destination "${TARGET_DIRECTORY}/"
+
+helm lint ${TARGET_DIRECTORY}/instana-agent-*.tgz
+
+echo "Bundled operator version: ${OPERARTOR_IMAGE}"

ci/sps-scripts/e2e.sh

@@ -0,0 +1,153 @@
+#!/usr/bin/env bash
+set -euo pipefail
+echo "===== e2e.sh - start ====="
+pwd
+export SOURCE_DIRECTORY="${WORKSPACE}/${PIPELINE_CONFIG_REPO_PATH}"
+echo "${SOURCE_DIRECTORY}"
+ls "${SOURCE_DIRECTORY}"
+CLUSTER_ID=$1
+echo "Running e2e chart tests for ${CLUSTER_ID}"
+TASK_NAME=$2
+
+if [[ "$(get_env pipeline_namespace)" == *"pr"* ]]; then
+    set-commit-status \
+        --repository "$(load_repo app-repo url)" \
+        --commit-sha "$(load_repo app-repo commit)" \
+        --state "pending" \
+        --description "OCP e2e test" \
+        --context "tekton/e2e-${CLUSTER_ID}" \
+        --target-url "${PIPELINE_RUN_URL//\?/\/$TASK_NAME\/unit-test\?}"
+else
+    set-commit-status \
+        --repository "$(load_repo app-repo url)" \
+        --commit-sha "$(load_repo app-repo commit)" \
+        --state "pending" \
+        --description "OCP e2e test" \
+        --context "tekton/e2e-${CLUSTER_ID}" \
+        --target-url "${PIPELINE_RUN_URL//\?/\/$TASK_NAME\/deploy\?}"
+fi
+
+COMMIT_STATUS="error"
+
+CLUSTER_DETAILS=$(get_env "${CLUSTER_ID}")
+CLUSTER_TYPE=$(echo "${CLUSTER_DETAILS}" | jq -r ".type")
+CLUSTER_NAME=$(echo "${CLUSTER_DETAILS}" | jq -r ".name")
+# required in e2e test
+export CLUSTER_NAME
+
+if [ "${CLUSTER_TYPE}" == "fyre-ocp" ]; then
+    echo "Fyre OCP Cluster detected"
+    CLUSTER_SERVER=$(echo "${CLUSTER_DETAILS}" | jq -r ".server")
+    CLUSTER_USERNAME=$(echo "${CLUSTER_DETAILS}" | jq -r ".username")
+    CLUSTER_PASSWORD=$(echo "${CLUSTER_DETAILS}" | jq -r ".password")
+    mkdir -p bin
+    cd bin
+    # late install, as the oc cli is fetched from the target cluster to ensure proper versions
+    echo "=== Installing oc cli ==="
+    echo "trying to download oc from https://downloads-openshift-console.apps.${CLUSTER_NAME}.cp.fyre.ibm.com/amd64/linux/oc.tar"
+    curl -sk "https://downloads-openshift-console.apps.${CLUSTER_NAME}.cp.fyre.ibm.com/amd64/linux/oc.tar" -o oc.tar
+    ls -lah oc.tar
+    tar -xf oc.tar
+    rm -f oc.tar
+
+    PATH=$(pwd):$PATH
+    export PATH
+
+    # ensure that debug will not print cluster credentials to the log
+    if [[ "$PIPELINE_DEBUG" == 1 ]]; then
+        set +x
+    fi
+
+    echo "Logging into ${CLUSTER_SERVER}"
+    oc login --insecure-skip-tls-verify=true -u "${CLUSTER_USERNAME}" -p "${CLUSTER_PASSWORD}" --server="${CLUSTER_SERVER}"
+
+    if [[ "$PIPELINE_DEBUG" == 1 ]]; then
+        set -x
+    fi
+
+elif [ "${CLUSTER_TYPE}" == "gke" ]; then
+    echo "GKE Cluster detected"
+    CLUSTER_ZONE=$(echo "${CLUSTER_DETAILS}" | jq -r ".zone")
+    CLUSTER_PROJECT=$(echo "${CLUSTER_DETAILS}" | jq -r ".project")
+    # login into GCP
+    get_env gcp-service-account > keyfile.json
+    gcloud auth activate-service-account --key-file keyfile.json
+    gcloud container clusters get-credentials "${CLUSTER_NAME}" --zone "${CLUSTER_ZONE}" --project "${CLUSTER_PROJECT}"
+else
+    echo "Unknown cluster type, failing build as it is unclear how to connect to the cluster"
+    exit 1
+fi
+
+
+cd "${SOURCE_DIRECTORY}"
+echo "Showing connected cluster nodes"
+kubectl get nodes -o wide
+
+export PATH=$PATH:/usr/local/go/bin:/usr/local/bin
+go version
+
+# fetching e2e test backend details
+INSTANA_E2E_BACKEND_DETAILS=$(get_env instana-e2e-backend-details)
+INSTANA_ENDPOINT_HOST=$(echo "${INSTANA_E2E_BACKEND_DETAILS}" | jq -r ".endpoint_host")
+INSTANA_ENDPOINT_PORT=443
+INSTANA_AGENT_KEY=$(echo "${INSTANA_E2E_BACKEND_DETAILS}" | jq -r ".agent_key")
+INSTANA_API_URL=$(echo "${INSTANA_E2E_BACKEND_DETAILS}" | jq -r ".api_url")
+INSTANA_API_TOKEN=$(echo "${INSTANA_E2E_BACKEND_DETAILS}" | jq -r ".api_token")
+
+export INSTANA_ENDPOINT_HOST INSTANA_ENDPOINT_PORT INSTANA_AGENT_KEY INSTANA_API_URL INSTANA_API_TOKEN
+
+echo "=== Claim cluster lock ==="
+
+bash "${SOURCE_DIRECTORY}/ci/sps/reslock.sh" claim "${CLUSTER_ID}"
+
+# Ensure that cluster is released after a successful claim, even if tests fail
+cleanup() {
+    set-commit-status \
+        --repository "$(load_repo app-repo url)" \
+        --commit-sha "$(load_repo app-repo commit)" \
+        --state "${COMMIT_STATUS}" \
+        --description "OCP e2e test" \
+        --context "tekton/e2e-${CLUSTER_ID}" \
+        --target-url "${PIPELINE_RUN_URL//\?/\/$TASK_NAME\/unit-test\?}"
+    if [[ "$(get_env pipeline_namespace)" == *"pr"* ]]; then
+        set-commit-status \
+            --repository "$(load_repo app-repo url)" \
+            --commit-sha "$(load_repo app-repo commit)" \
+            --state "${COMMIT_STATUS}" \
+            --description "OCP e2e test" \
+            --context "tekton/e2e-${CLUSTER_ID}" \
+            --target-url "${PIPELINE_RUN_URL//\?/\/$TASK_NAME\/unit-test\?}"
+    else
+        set-commit-status \
+            --repository "$(load_repo app-repo url)" \
+            --commit-sha "$(load_repo app-repo commit)" \
+            --state "${COMMIT_STATUS}" \
+            --description "OCP e2e test" \
+            --context "tekton/e2e-${CLUSTER_ID}" \
+            --target-url "${PIPELINE_RUN_URL//\?/\/$TASK_NAME\/deploy\?}"
+    fi
+    bash "${SOURCE_DIRECTORY}/ci/sps/reslock.sh" release "${CLUSTER_ID}"
+    echo "===== e2e.sh - end ====="
+}
+
+trap cleanup EXIT
+echo
+
+echo "=== Showing versions ==="
+oc version
+kubectl version
+helm version
+echo
+
+echo "Showing available helm charts"
+ls -lah artefacts
+
+echo "=== Running e2e tests ==="
+INSTANA_AGENT_HELM_CHART_LOCATION="$(ls artefacts/instana-agent-*.tgz)"
+export INSTANA_AGENT_HELM_CHART_LOCATION
+echo "INSTANA_AGENT_HELM_CHART_LOCATION=$INSTANA_AGENT_HELM_CHART_LOCATION"
+helm version
+make e2e
+echo "Tests finished"
+# trap handler will automatically report status
+COMMIT_STATUS="success"