Compare commits
11 commits
e503f8edd4
...
830b19be58
Author | SHA1 | Date | |
---|---|---|---|
830b19be58 | |||
63dcc3357a | |||
93433215c4 | |||
e48998faaa | |||
4f988450d6 | |||
e69d99b7f3 | |||
85f9b3285a | |||
8c41fba705 | |||
87ac203528 | |||
f8638137d7 | |||
4860e62fc2 |
15 changed files with 390 additions and 225 deletions
100
.gitlab-ci.yml
100
.gitlab-ci.yml
|
@ -5,11 +5,18 @@ stages:
|
||||||
- upload
|
- upload
|
||||||
- image
|
- image
|
||||||
|
|
||||||
services:
|
.img: &img
|
||||||
- docker:19.03.12-dind
|
image: "domaindrivenarchitecture/ddadevops-dind:4.11.3"
|
||||||
|
services:
|
||||||
|
- docker:dind
|
||||||
|
before_script:
|
||||||
|
- export RELEASE_ARTIFACT_TOKEN=$MEISSA_REPO_BUERO_RW
|
||||||
|
- export IMAGE_DOCKERHUB_USER=$DOCKERHUB_USER
|
||||||
|
- export IMAGE_DOCKERHUB_PASSWORD=$DOCKERHUB_PASSWORD
|
||||||
|
- export IMAGE_TAG=$CI_COMMIT_TAG
|
||||||
|
|
||||||
.cljs-job: &cljs
|
.cljs-job: &cljs
|
||||||
image: domaindrivenarchitecture/shadow-cljs
|
image: "domaindrivenarchitecture/ddadevops-clj-cljs:4.11.3"
|
||||||
cache:
|
cache:
|
||||||
key: ${CI_COMMIT_REF_SLUG}
|
key: ${CI_COMMIT_REF_SLUG}
|
||||||
paths:
|
paths:
|
||||||
|
@ -17,38 +24,44 @@ services:
|
||||||
- .shadow-cljs/
|
- .shadow-cljs/
|
||||||
- .m2
|
- .m2
|
||||||
before_script:
|
before_script:
|
||||||
- echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc
|
- export RELEASE_ARTIFACT_TOKEN=$MEISSA_REPO_BUERO_RW
|
||||||
- npm install
|
- echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc
|
||||||
|
- npm install
|
||||||
|
|
||||||
.clj-uploadjob: &clj
|
.clj-job: &clj
|
||||||
image: domaindrivenarchitecture/lein
|
image: "domaindrivenarchitecture/ddadevops-clj:4.11.3"
|
||||||
cache:
|
cache:
|
||||||
key: ${CI_COMMIT_REF_SLUG}
|
key: ${CI_COMMIT_REF_SLUG}
|
||||||
paths:
|
paths:
|
||||||
- .m2
|
- .m2
|
||||||
before_script:
|
before_script:
|
||||||
- mkdir -p /root/.lein
|
- export RELEASE_ARTIFACT_TOKEN=$MEISSA_REPO_BUERO_RW
|
||||||
- echo "{:auth {:repository-auth {#\"clojars\" {:username \"${CLOJARS_USER}\" :password \"${CLOJARS_TOKEN_DOMAINDRIVENARCHITECTURE}\" }}}}" > ~/.lein/profiles.clj
|
- mkdir -p /root/.lein
|
||||||
|
- echo "{:auth {:repository-auth {#\"clojars\" {:username \"${CLOJARS_USER}\" :password \"${CLOJARS_TOKEN_DOMAINDRIVENARCHITECTURE}\" }}}}" > ~/.lein/profiles.clj
|
||||||
|
|
||||||
test-cljs:
|
.tag_only: &tag_only
|
||||||
<<: *cljs
|
rules:
|
||||||
stage: build_and_test
|
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
|
||||||
script:
|
when: never
|
||||||
- shadow-cljs compile test
|
- if: '$CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+$/'
|
||||||
- node target/node-tests.js
|
|
||||||
|
|
||||||
test-clj:
|
test-clj:
|
||||||
<<: *clj
|
<<: *clj
|
||||||
stage: build_and_test
|
stage: build_and_test
|
||||||
script:
|
script:
|
||||||
- lein test
|
- pyb test_clj
|
||||||
|
|
||||||
|
test-cljs:
|
||||||
|
<<: *cljs
|
||||||
|
stage: build_and_test
|
||||||
|
script:
|
||||||
|
- pyb test_cljs
|
||||||
|
|
||||||
test-schema:
|
test-schema:
|
||||||
<<: *clj
|
<<: *clj
|
||||||
stage: build_and_test
|
stage: build_and_test
|
||||||
script:
|
script:
|
||||||
- lein uberjar
|
- pyb test_schema
|
||||||
- java -jar target/uberjar/c4k-shynet-standalone.jar valid-config.edn valid-auth.edn | kubeconform --kubernetes-version 1.19.0 --strict --skip Certificate -
|
|
||||||
artifacts:
|
artifacts:
|
||||||
paths:
|
paths:
|
||||||
- target/uberjar
|
- target/uberjar
|
||||||
|
@ -57,8 +70,7 @@ report-frontend:
|
||||||
<<: *cljs
|
<<: *cljs
|
||||||
stage: package
|
stage: package
|
||||||
script:
|
script:
|
||||||
- mkdir -p target/frontend-build
|
- pyb report_frontend
|
||||||
- shadow-cljs run shadow.cljs.build-report frontend target/frontend-build/build-report.html
|
|
||||||
artifacts:
|
artifacts:
|
||||||
paths:
|
paths:
|
||||||
- target/frontend-build/build-report.html
|
- target/frontend-build/build-report.html
|
||||||
|
@ -67,11 +79,7 @@ package-frontend:
|
||||||
<<: *cljs
|
<<: *cljs
|
||||||
stage: package
|
stage: package
|
||||||
script:
|
script:
|
||||||
- mkdir -p target/frontend-build
|
- pyb package_frontend
|
||||||
- shadow-cljs release frontend
|
|
||||||
- cp public/js/main.js target/frontend-build/c4k-shynet.js
|
|
||||||
- sha256sum target/frontend-build/c4k-shynet.js > target/frontend-build/c4k-shynet.js.sha256
|
|
||||||
- sha512sum target/frontend-build/c4k-shynet.js > target/frontend-build/c4k-shynet.js.sha512
|
|
||||||
artifacts:
|
artifacts:
|
||||||
paths:
|
paths:
|
||||||
- target/frontend-build
|
- target/frontend-build
|
||||||
|
@ -80,36 +88,30 @@ package-uberjar:
|
||||||
<<: *clj
|
<<: *clj
|
||||||
stage: package
|
stage: package
|
||||||
script:
|
script:
|
||||||
- sha256sum target/uberjar/c4k-shynet-standalone.jar > target/uberjar/c4k-shynet-standalone.jar.sha256
|
- pyb package_uberjar
|
||||||
- sha512sum target/uberjar/c4k-shynet-standalone.jar > target/uberjar/c4k-shynet-standalone.jar.sha512
|
|
||||||
artifacts:
|
artifacts:
|
||||||
paths:
|
paths:
|
||||||
- target/uberjar
|
- target/uberjar
|
||||||
|
|
||||||
upload-clj-release:
|
package-native:
|
||||||
<<: *clj
|
<<: *clj
|
||||||
stage: upload
|
stage: package
|
||||||
rules:
|
|
||||||
- if: '$CI_COMMIT_TAG != null'
|
|
||||||
script:
|
script:
|
||||||
- lein deploy
|
- pyb package_native
|
||||||
|
|
||||||
release:
|
|
||||||
image: registry.gitlab.com/gitlab-org/release-cli:latest
|
|
||||||
stage: upload
|
|
||||||
rules:
|
|
||||||
- if: '$CI_COMMIT_TAG != null'
|
|
||||||
artifacts:
|
artifacts:
|
||||||
paths:
|
paths:
|
||||||
- target/uberjar
|
- target/graalvm
|
||||||
- target/frontend-build
|
|
||||||
|
release-to-clojars:
|
||||||
|
<<: *clj
|
||||||
|
<<: *tag_only
|
||||||
|
stage: upload
|
||||||
script:
|
script:
|
||||||
- apk --no-cache add curl
|
- pyb upload_clj
|
||||||
- |
|
|
||||||
release-cli create --name "Release $CI_COMMIT_TAG" --tag-name $CI_COMMIT_TAG \
|
release-to-forgejo:
|
||||||
--assets-link "{\"name\":\"c4k-shynet-standalone.jar\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-shynet/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-shynet-standalone.jar\"}" \
|
<<: *clj
|
||||||
--assets-link "{\"name\":\"c4k-shynet-standalone.jar.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-shynet/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-shynet-standalone.jar.sha256\"}" \
|
<<: *tag_only
|
||||||
--assets-link "{\"name\":\"c4k-shynet-standalone.jar.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-shynet/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-shynet-standalone.jar.sha512\"}" \
|
stage: upload
|
||||||
--assets-link "{\"name\":\"c4k-shynet.js\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-shynet/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-shynet.js\"}" \
|
script:
|
||||||
--assets-link "{\"name\":\"c4k-shynet.js.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-shynet/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-shynet.js.sha256\"}" \
|
- pyb publish_artifacts
|
||||||
--assets-link "{\"name\":\"c4k-shynet.js.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-shynet/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-shynet.js.sha512\"}" \
|
|
||||||
|
|
235
build.py
Normal file
235
build.py
Normal file
|
@ -0,0 +1,235 @@
|
||||||
|
from os import environ
|
||||||
|
from subprocess import run
|
||||||
|
from pybuilder.core import init, task
|
||||||
|
from ddadevops import *
|
||||||
|
|
||||||
|
default_task = "dev"
|
||||||
|
|
||||||
|
name = "c4k-shynet"
|
||||||
|
MODULE = "not-used"
|
||||||
|
PROJECT_ROOT_PATH = "."
|
||||||
|
|
||||||
|
|
||||||
|
@init
|
||||||
|
def initialize(project):
|
||||||
|
input = {
|
||||||
|
"name": name,
|
||||||
|
"module": MODULE,
|
||||||
|
"stage": "notused",
|
||||||
|
"project_root_path": PROJECT_ROOT_PATH,
|
||||||
|
"build_types": [],
|
||||||
|
"release_artifacts": ["target/uberjar/c4k-shynet-standalone.jar"],
|
||||||
|
"mixin_types": ["RELEASE"],
|
||||||
|
"release_primary_build_file": "project.clj",
|
||||||
|
"release_secondary_build_files": [
|
||||||
|
"package.json",
|
||||||
|
],
|
||||||
|
"release_artifact_server_url": "https://repo.prod.meissa.de",
|
||||||
|
"release_organisation": "meissa",
|
||||||
|
"release_repository_name": name,
|
||||||
|
"release_artifacts": [
|
||||||
|
f"target/graalvm/{name}",
|
||||||
|
f"target/uberjar/{name}-standalone.jar",
|
||||||
|
f"target/frontend-build/{name}.js",
|
||||||
|
],
|
||||||
|
}
|
||||||
|
|
||||||
|
build = ReleaseMixin(project, input)
|
||||||
|
build.initialize_build_dir()
|
||||||
|
|
||||||
|
|
||||||
|
@task
|
||||||
|
def test(project):
|
||||||
|
test_clj(project)
|
||||||
|
test_cljs(project)
|
||||||
|
test_schema(project)
|
||||||
|
|
||||||
|
@task
|
||||||
|
def test_clj(project):
|
||||||
|
run("lein test", shell=True, check=True)
|
||||||
|
|
||||||
|
|
||||||
|
@task
|
||||||
|
def test_cljs(project):
|
||||||
|
run("shadow-cljs compile test", shell=True, check=True)
|
||||||
|
run("node target/node-tests.js", shell=True, check=True)
|
||||||
|
|
||||||
|
|
||||||
|
@task
|
||||||
|
def test_schema(project):
|
||||||
|
run("lein uberjar", shell=True, check=True)
|
||||||
|
run(
|
||||||
|
"java -jar target/uberjar/c4k-shynet-standalone.jar "
|
||||||
|
+ "src/test/resources/shynet-test/valid-config.yaml "
|
||||||
|
+ "src/test/resources/shynet-test/valid-auth.yaml | "
|
||||||
|
+ "kubeconform --kubernetes-version 1.23.0 --strict --skip Certificate -",
|
||||||
|
shell=True,
|
||||||
|
check=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@task
|
||||||
|
def report_frontend(project):
|
||||||
|
run("mkdir -p target/frontend-build", shell=True, check=True)
|
||||||
|
run(
|
||||||
|
"shadow-cljs run shadow.cljs.build-report frontend target/frontend-build/build-report.html",
|
||||||
|
shell=True,
|
||||||
|
check=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@task
|
||||||
|
def package_frontend(project):
|
||||||
|
run("mkdir -p target/frontend-build", shell=True, check=True)
|
||||||
|
run("shadow-cljs release frontend", shell=True, check=True)
|
||||||
|
run(
|
||||||
|
"cp public/js/main.js target/frontend-build/c4k-shynet.js",
|
||||||
|
shell=True,
|
||||||
|
check=True,
|
||||||
|
)
|
||||||
|
run(
|
||||||
|
"sha256sum target/frontend-build/c4k-shynet.js > target/frontend-build/c4k-shynet.js.sha256",
|
||||||
|
shell=True,
|
||||||
|
check=True,
|
||||||
|
)
|
||||||
|
run(
|
||||||
|
"sha512sum target/frontend-build/c4k-shynet.js > target/frontend-build/c4k-shynet.js.sha512",
|
||||||
|
shell=True,
|
||||||
|
check=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@task
|
||||||
|
def package_uberjar(project):
|
||||||
|
run("lein uberjar", shell=True, check=True)
|
||||||
|
run(
|
||||||
|
"sha256sum target/uberjar/c4k-shynet-standalone.jar > target/uberjar/c4k-shynet-standalone.jar.sha256",
|
||||||
|
shell=True,
|
||||||
|
check=True,
|
||||||
|
)
|
||||||
|
run(
|
||||||
|
"sha512sum target/uberjar/c4k-shynet-standalone.jar > target/uberjar/c4k-shynet-standalone.jar.sha512",
|
||||||
|
shell=True,
|
||||||
|
check=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@task
|
||||||
|
def package_native(project):
|
||||||
|
run(
|
||||||
|
"mkdir -p target/graalvm",
|
||||||
|
shell=True,
|
||||||
|
check=True,
|
||||||
|
)
|
||||||
|
run(
|
||||||
|
"native-image " +
|
||||||
|
"--native-image-info " +
|
||||||
|
"--report-unsupported-elements-at-runtime " +
|
||||||
|
"--no-server " +
|
||||||
|
"--no-fallback " +
|
||||||
|
"--features=clj_easy.graal_build_time.InitClojureClasses " +
|
||||||
|
f"-jar target/uberjar/{project.name}-standalone.jar " +
|
||||||
|
"-H:IncludeResources=.*.yaml " +
|
||||||
|
"-H:Log=registerResource:verbose " +
|
||||||
|
f"-H:Name=target/graalvm/{project.name}",
|
||||||
|
shell=True,
|
||||||
|
check=True,
|
||||||
|
)
|
||||||
|
run(
|
||||||
|
f"sha256sum target/graalvm/{project.name} > target/graalvm/{project.name}.sha256",
|
||||||
|
shell=True,
|
||||||
|
check=True,
|
||||||
|
)
|
||||||
|
run(
|
||||||
|
f"sha512sum target/graalvm/{project.name} > target/graalvm/{project.name}.sha512",
|
||||||
|
shell=True,
|
||||||
|
check=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@task
|
||||||
|
def upload_clj(project):
|
||||||
|
run("lein deploy", shell=True, check=True)
|
||||||
|
|
||||||
|
|
||||||
|
@task
|
||||||
|
def lint(project):
|
||||||
|
run(
|
||||||
|
"lein eastwood",
|
||||||
|
shell=True,
|
||||||
|
check=True,
|
||||||
|
)
|
||||||
|
run(
|
||||||
|
"lein ancient check",
|
||||||
|
shell=True,
|
||||||
|
check=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@task
|
||||||
|
def inst(project):
|
||||||
|
package_uberjar(project)
|
||||||
|
package_native(project)
|
||||||
|
run(
|
||||||
|
f"sudo install -m=755 target/uberjar/{project.name}-standalone.jar /usr/local/bin/{project.name}-standalone.jar",
|
||||||
|
shell=True,
|
||||||
|
check=True,
|
||||||
|
)
|
||||||
|
run(
|
||||||
|
f"sudo install -m=755 target/graalvm/{project.name} /usr/local/bin/{project.name}",
|
||||||
|
shell=True,
|
||||||
|
check=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@task
|
||||||
|
def patch(project):
|
||||||
|
linttest(project, "PATCH")
|
||||||
|
release(project)
|
||||||
|
|
||||||
|
|
||||||
|
@task
|
||||||
|
def minor(project):
|
||||||
|
linttest(project, "MINOR")
|
||||||
|
release(project)
|
||||||
|
|
||||||
|
|
||||||
|
@task
|
||||||
|
def major(project):
|
||||||
|
linttest(project, "MAJOR")
|
||||||
|
release(project)
|
||||||
|
|
||||||
|
|
||||||
|
@task
|
||||||
|
def dev(project):
|
||||||
|
linttest(project, "NONE")
|
||||||
|
|
||||||
|
|
||||||
|
@task
|
||||||
|
def prepare(project):
|
||||||
|
build = get_devops_build(project)
|
||||||
|
build.prepare_release()
|
||||||
|
|
||||||
|
|
||||||
|
@task
|
||||||
|
def tag(project):
|
||||||
|
build = get_devops_build(project)
|
||||||
|
build.tag_bump_and_push_release()
|
||||||
|
|
||||||
|
@task
|
||||||
|
def publish_artifacts(project):
|
||||||
|
build = get_devops_build(project)
|
||||||
|
build.publish_artifacts()
|
||||||
|
|
||||||
|
def release(project):
|
||||||
|
prepare(project)
|
||||||
|
tag(project)
|
||||||
|
|
||||||
|
|
||||||
|
def linttest(project, release_type):
|
||||||
|
build = get_devops_build(project)
|
||||||
|
build.update_release_type(release_type)
|
||||||
|
test_clj(project)
|
||||||
|
test_cljs(project)
|
||||||
|
test_schema(project)
|
||||||
|
lint(project)
|
15
project.clj
15
project.clj
|
@ -32,17 +32,4 @@
|
||||||
["change" "version" "leiningen.release/bump-version" "release"]
|
["change" "version" "leiningen.release/bump-version" "release"]
|
||||||
["vcs" "commit"]
|
["vcs" "commit"]
|
||||||
["vcs" "tag" "v" "--no-sign"]
|
["vcs" "tag" "v" "--no-sign"]
|
||||||
["change" "version" "leiningen.release/bump-version"]]
|
["change" "version" "leiningen.release/bump-version"]])
|
||||||
:aliases {"native" ["shell"
|
|
||||||
"native-image"
|
|
||||||
"--report-unsupported-elements-at-runtime"
|
|
||||||
"--initialize-at-build-time"
|
|
||||||
"-jar" "target/uberjar/c4k-shynet-standalone.jar"
|
|
||||||
"-H:ResourceConfigurationFiles=graalvm-resource-config.json"
|
|
||||||
"-H:Log=registerResource"
|
|
||||||
"-H:Name=target/graalvm/${:name}"]
|
|
||||||
"inst" ["shell" "sudo"
|
|
||||||
"install"
|
|
||||||
"-m=755"
|
|
||||||
"target/uberjar/c4k-shynet-standalone.jar"
|
|
||||||
"/usr/local/bin/c4k-shynet-standalone.jar"]})
|
|
||||||
|
|
|
@ -4,36 +4,48 @@
|
||||||
[clojure.spec.alpha :as s]
|
[clojure.spec.alpha :as s]
|
||||||
#?(:clj [orchestra.core :refer [defn-spec]]
|
#?(:clj [orchestra.core :refer [defn-spec]]
|
||||||
:cljs [orchestra.core :refer-macros [defn-spec]])
|
:cljs [orchestra.core :refer-macros [defn-spec]])
|
||||||
|
[dda.c4k-common.common :as cm]
|
||||||
[dda.c4k-common.yaml :as yaml]
|
[dda.c4k-common.yaml :as yaml]
|
||||||
[dda.c4k-common.postgres :as postgres]
|
[dda.c4k-common.postgres :as postgres]
|
||||||
|
[dda.c4k-common.monitoring :as mon]
|
||||||
[dda.c4k-shynet.shynet :as shynet]))
|
[dda.c4k-shynet.shynet :as shynet]))
|
||||||
|
|
||||||
(def config-defaults {:issuer :staging})
|
(def config-defaults {:issuer :staging})
|
||||||
|
|
||||||
|
(s/def ::mon-cfg ::mon/mon-cfg)
|
||||||
|
(s/def ::mon-auth ::mon/mon-auth)
|
||||||
|
|
||||||
(def config? (s/keys :req-un [::shynet/fqdn]
|
(def config? (s/keys :req-un [::shynet/fqdn]
|
||||||
:opt-un [::shynet/issuer]))
|
:opt-un [::shynet/issuer
|
||||||
|
::postgres/postgres-data-volume-path
|
||||||
|
::mon-cfg]))
|
||||||
|
|
||||||
(def auth? (s/keys :req-un [::shynet/django-secret-key
|
(def auth? (s/keys :req-un [::shynet/django-secret-key
|
||||||
::postgres/postgres-db-user ::postgres/postgres-db-password]))
|
::postgres/postgres-db-user ::postgres/postgres-db-password
|
||||||
|
::mon-auth]))
|
||||||
|
|
||||||
(defn config-objects [config]
|
(defn config-objects [config]
|
||||||
(let [storage-class (if (contains? config :postgres-data-volume-path) :manual :local-path)]
|
(let [storage-class (if (contains? config :postgres-data-volume-path) :manual :local-path)]
|
||||||
(map yaml/to-string
|
(map yaml/to-string
|
||||||
[(postgres/generate-config {:postgres-size :2gb :db-name "shynet"})
|
(filter
|
||||||
(when (contains? config :postgres-data-volume-path)
|
#(not (nil? %))
|
||||||
(postgres/generate-persistent-volume (select-keys config [:postgres-data-volume-path :pv-storage-size-gb])))
|
(cm/concat-vec
|
||||||
(postgres/generate-pvc {:pv-storage-size-gb 20
|
[(postgres/generate-config {:postgres-size :2gb :db-name "shynet"})
|
||||||
:pvc-storage-class-name storage-class})
|
(when (contains? config :postgres-data-volume-path)
|
||||||
(postgres/generate-deployment {:postgres-image "postgres:14"
|
(postgres/generate-persistent-volume (select-keys config [:postgres-data-volume-path :pv-storage-size-gb])))
|
||||||
:postgres-size :2gb})
|
(postgres/generate-pvc {:pv-storage-size-gb 20
|
||||||
(postgres/generate-service config)
|
:pvc-storage-class-name storage-class})
|
||||||
(shynet/generate-webserver-deployment)
|
(postgres/generate-deployment {:postgres-image "postgres:14"
|
||||||
(shynet/generate-celeryworker-deployment)
|
:postgres-size :2gb})
|
||||||
(shynet/generate-ingress config)
|
(postgres/generate-service config)
|
||||||
(shynet/generate-certificate config)
|
(shynet/generate-webserver-deployment)
|
||||||
(shynet/generate-service-redis)
|
(shynet/generate-celeryworker-deployment)
|
||||||
(shynet/generate-service-webserver)
|
(shynet/generate-service-redis)
|
||||||
(shynet/generate-statefulset)])))
|
(shynet/generate-service-webserver)
|
||||||
|
(shynet/generate-statefulset)]
|
||||||
|
(shynet/generate-ingress-and-cert config)
|
||||||
|
(when (:contains? config :mon-cfg)
|
||||||
|
(mon/generate (:mon-cfg config) (:mon-auth config))))))))
|
||||||
|
|
||||||
(defn auth-objects [config]
|
(defn auth-objects [config]
|
||||||
(map yaml/to-string
|
(map yaml/to-string
|
||||||
|
|
|
@ -1,30 +1,19 @@
|
||||||
(ns dda.c4k-shynet.shynet
|
(ns dda.c4k-shynet.shynet
|
||||||
(:require
|
(:require
|
||||||
[clojure.spec.alpha :as s]
|
[clojure.spec.alpha :as s]
|
||||||
#?(:cljs [shadow.resource :as rc])
|
#?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])
|
||||||
[dda.c4k-common.yaml :as yaml]
|
[dda.c4k-common.yaml :as yaml]
|
||||||
[dda.c4k-common.common :as cm]
|
[dda.c4k-common.common :as cm]
|
||||||
[dda.c4k-common.predicate :as pred]))
|
[dda.c4k-common.predicate :as cp]
|
||||||
|
[dda.c4k-common.ingress :as ing]))
|
||||||
|
|
||||||
(s/def ::fqdn pred/fqdn-string?)
|
(s/def ::fqdn cp/fqdn-string?)
|
||||||
(s/def ::issuer pred/letsencrypt-issuer?)
|
(s/def ::issuer cp/letsencrypt-issuer?)
|
||||||
(s/def ::django-secret-key pred/bash-env-string?)
|
(s/def ::django-secret-key cp/bash-env-string?)
|
||||||
|
|
||||||
#?(:cljs
|
#?(:cljs
|
||||||
(defmethod yaml/load-resource :shynet [resource-name]
|
(defmethod yaml/load-resource :shynet [resource-name]
|
||||||
(case resource-name
|
(get (inline-resources "shynet") resource-name)))
|
||||||
"shynet/secret.yaml" (rc/inline "shynet/secret.yaml")
|
|
||||||
"shynet/certificate.yaml" (rc/inline "shynet/certificate.yaml")
|
|
||||||
"shynet/deployments.yaml" (rc/inline "shynet/deployments.yaml")
|
|
||||||
"shynet/ingress.yaml" (rc/inline "shynet/ingress.yaml")
|
|
||||||
"shynet/service-redis.yaml" (rc/inline "shynet/service-redis.yaml")
|
|
||||||
"shynet/service-webserver.yaml" (rc/inline "shynet/service-webserver.yaml")
|
|
||||||
"shynet/statefulset.yaml" (rc/inline "shynet/statefulset.yaml")
|
|
||||||
(throw (js/Error. "Undefined Resource!")))))
|
|
||||||
|
|
||||||
#?(:cljs
|
|
||||||
(defmethod yaml/load-as-edn :shynet [resource-name]
|
|
||||||
(yaml/from-string (yaml/load-resource resource-name))))
|
|
||||||
|
|
||||||
(defn generate-secret [config]
|
(defn generate-secret [config]
|
||||||
(let [{:keys [fqdn django-secret-key postgres-db-user postgres-db-password]} config]
|
(let [{:keys [fqdn django-secret-key postgres-db-user postgres-db-password]} config]
|
||||||
|
@ -36,34 +25,19 @@
|
||||||
(assoc-in [:stringData :DB_USER] postgres-db-user)
|
(assoc-in [:stringData :DB_USER] postgres-db-user)
|
||||||
(assoc-in [:stringData :DB_PASSWORD] postgres-db-password))))
|
(assoc-in [:stringData :DB_PASSWORD] postgres-db-password))))
|
||||||
|
|
||||||
(defn generate-certificate [config]
|
|
||||||
(let [{:keys [fqdn issuer]} config
|
|
||||||
letsencrypt-issuer (name issuer)]
|
|
||||||
(->
|
|
||||||
(yaml/load-as-edn "shynet/certificate.yaml")
|
|
||||||
(assoc-in [:spec :commonName] fqdn)
|
|
||||||
(assoc-in [:spec :dnsNames] [fqdn])
|
|
||||||
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer))))
|
|
||||||
|
|
||||||
(defn generate-webserver-deployment []
|
(defn generate-webserver-deployment []
|
||||||
(let [shynet-application "shynet-webserver"]
|
(let [shynet-application "shynet-webserver"]
|
||||||
(-> (yaml/load-as-edn "shynet/deployments.yaml")
|
(-> (yaml/load-as-edn "shynet/deployments.yaml")
|
||||||
(cm/replace-all-matching-values-by-new-value "shynet-application" shynet-application)
|
(cm/replace-all-matching "shynet-application" shynet-application)
|
||||||
(update-in [:spec :template :spec :containers 0] dissoc :command))))
|
(update-in [:spec :template :spec :containers 0] dissoc :command))))
|
||||||
|
|
||||||
(defn generate-celeryworker-deployment []
|
(defn generate-celeryworker-deployment []
|
||||||
(let [shynet-application "shynet-celeryworker"]
|
(let [shynet-application "shynet-celeryworker"]
|
||||||
(-> (yaml/load-as-edn "shynet/deployments.yaml")
|
(-> (yaml/load-as-edn "shynet/deployments.yaml")
|
||||||
(cm/replace-all-matching-values-by-new-value "shynet-application" shynet-application))))
|
(cm/replace-all-matching "shynet-application" shynet-application))))
|
||||||
|
|
||||||
(defn generate-ingress [config]
|
(defn generate-ingress-and-cert [config]
|
||||||
(let [{:keys [fqdn issuer]
|
(ing/generate-ingress-and-cert config))
|
||||||
:or {issuer :staging}} config
|
|
||||||
letsencrypt-issuer (name issuer)]
|
|
||||||
(->
|
|
||||||
(yaml/load-as-edn "shynet/ingress.yaml")
|
|
||||||
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer)
|
|
||||||
(cm/replace-all-matching-values-by-new-value "fqdn" fqdn))))
|
|
||||||
|
|
||||||
(defn generate-statefulset []
|
(defn generate-statefulset []
|
||||||
(yaml/load-as-edn "shynet/statefulset.yaml"))
|
(yaml/load-as-edn "shynet/statefulset.yaml"))
|
||||||
|
|
|
@ -8,35 +8,21 @@
|
||||||
[dda.c4k-common.postgres :as pgc]
|
[dda.c4k-common.postgres :as pgc]
|
||||||
[dda.c4k-common.common :as cm]))
|
[dda.c4k-common.common :as cm]))
|
||||||
|
|
||||||
(defn generate-group
|
|
||||||
[name
|
|
||||||
content]
|
|
||||||
[{:type :element
|
|
||||||
:tag :div
|
|
||||||
:attrs {:class "rounded border border-3 m-3 p-2"}
|
|
||||||
:content [{:type :element
|
|
||||||
:tag :b
|
|
||||||
:attrs {:style "z-index: 1; position: relative; top: -1.3rem;"}
|
|
||||||
:content name}
|
|
||||||
{:type :element
|
|
||||||
:tag :fieldset
|
|
||||||
:content content}]}])
|
|
||||||
|
|
||||||
(defn generate-content []
|
(defn generate-content []
|
||||||
(cm/concat-vec
|
(cm/concat-vec
|
||||||
[(assoc
|
[(assoc
|
||||||
(br/generate-needs-validation) :content
|
(br/generate-needs-validation) :content
|
||||||
(cm/concat-vec
|
(cm/concat-vec
|
||||||
(generate-group
|
(br/generate-group
|
||||||
"domain"
|
"domain"
|
||||||
(cm/concat-vec
|
(cm/concat-vec
|
||||||
(br/generate-input-field "fqdn" "Your fqdn:" "shynet.prod.meissa-gmbh.de")
|
(br/generate-input-field "fqdn" "Your fqdn:" "shynet.prod.meissa-gmbh.de")
|
||||||
(br/generate-input-field "issuer" "(Optional) Your issuer prod/staging:" "")))
|
(br/generate-input-field "issuer" "(Optional) Your issuer prod/staging:" "")))
|
||||||
(generate-group
|
(br/generate-group
|
||||||
"provider"
|
"provider"
|
||||||
(cm/concat-vec
|
(cm/concat-vec
|
||||||
(br/generate-input-field "postgres-data-volume-path" "(Optional) Your postgres-data-volume-path if Persistent Volumes are not generated by an Operator:" "")))
|
(br/generate-input-field "postgres-data-volume-path" "(Optional) Your postgres-data-volume-path if Persistent Volumes are not generated by an Operator:" "")))
|
||||||
(generate-group
|
(br/generate-group
|
||||||
"credentials"
|
"credentials"
|
||||||
(br/generate-text-area
|
(br/generate-text-area
|
||||||
"auth" "Your auth.edn:"
|
"auth" "Your auth.edn:"
|
||||||
|
|
|
@ -1,15 +0,0 @@
|
||||||
apiVersion: cert-manager.io/v1
|
|
||||||
kind: Certificate
|
|
||||||
metadata:
|
|
||||||
name: shynet-cert
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
secretName: shynet-cert
|
|
||||||
commonName: fqdn
|
|
||||||
duration: 2160h # 90d
|
|
||||||
renewBefore: 360h # 15d
|
|
||||||
dnsNames:
|
|
||||||
- fqdn
|
|
||||||
issuerRef:
|
|
||||||
name: REPLACEME
|
|
||||||
kind: ClusterIssuer
|
|
|
@ -1,24 +0,0 @@
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: shynet-webserver-ingress
|
|
||||||
annotations:
|
|
||||||
ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
||||||
ingress.kubernetes.io/ssl-redirect: "true"
|
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-staging-issuer
|
|
||||||
spec:
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- fqdn
|
|
||||||
secretName: shynet-cert
|
|
||||||
rules:
|
|
||||||
- host: fqdn
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- backend:
|
|
||||||
service:
|
|
||||||
name: shynet-webserver-service
|
|
||||||
port:
|
|
||||||
number: 8080
|
|
||||||
path: /
|
|
||||||
pathType: Prefix
|
|
19
src/test/cljc/dda/c4k_shynet/core_test.cljc
Normal file
19
src/test/cljc/dda/c4k_shynet/core_test.cljc
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
(ns dda.c4k-shynet.core-test
|
||||||
|
(:require
|
||||||
|
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
||||||
|
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||||
|
#?(:cljs [shadow.resource :as rc])
|
||||||
|
[clojure.spec.alpha :as s]
|
||||||
|
[dda.c4k-common.yaml :as yaml]
|
||||||
|
[dda.c4k-shynet.core :as cut]))
|
||||||
|
|
||||||
|
#?(:cljs
|
||||||
|
(defmethod yaml/load-resource :shynet-test [resource-name]
|
||||||
|
(case resource-name
|
||||||
|
"shynet-test/valid-auth.yaml" (rc/inline "shynet-test/valid-auth.yaml")
|
||||||
|
"shynet-test/valid-config.yaml" (rc/inline "shynet-test/valid-config.yaml")
|
||||||
|
(throw (js/Error. "Undefined Resource!")))))
|
||||||
|
|
||||||
|
(deftest validate-valid-resources
|
||||||
|
(is (s/valid? cut/config? (yaml/load-as-edn "shynet-test/valid-config.yaml")))
|
||||||
|
(is (s/valid? cut/auth? (yaml/load-as-edn "shynet-test/valid-auth.yaml"))))
|
|
@ -48,42 +48,34 @@
|
||||||
:envFrom [{:secretRef {:name "shynet-settings"}}]}]}}}}
|
:envFrom [{:secretRef {:name "shynet-settings"}}]}]}}}}
|
||||||
(cut/generate-celeryworker-deployment))))
|
(cut/generate-celeryworker-deployment))))
|
||||||
|
|
||||||
(deftest should-generate-certificate
|
(deftest should-generate-ingress-and-cert
|
||||||
(is (= {:apiVersion "cert-manager.io/v1"
|
(is (= [{:apiVersion "cert-manager.io/v1",
|
||||||
:kind "Certificate"
|
:kind "Certificate",
|
||||||
:metadata {:name "shynet-cert", :namespace "default"}
|
:metadata
|
||||||
:spec
|
{:name nil,
|
||||||
{:secretName "shynet-cert"
|
:labels {:app.kubernetes.part-of nil},
|
||||||
:commonName "test.com"
|
:namespace "default"},
|
||||||
:duration "2160h",
|
:spec
|
||||||
:renewBefore "360h",
|
{:secretName nil,
|
||||||
:dnsNames ["test.com"]
|
:commonName nil,
|
||||||
:issuerRef {:name "staging", :kind "ClusterIssuer"}}}
|
:duration "2160h",
|
||||||
(cut/generate-certificate {:fqdn "test.com" :issuer :staging}))))
|
:renewBefore "720h",
|
||||||
|
:dnsNames nil,
|
||||||
(deftest should-generate-ingress
|
:issuerRef {:name "staging", :kind "ClusterIssuer"}}}
|
||||||
(is (= {:apiVersion "networking.k8s.io/v1"
|
{:apiVersion "networking.k8s.io/v1",
|
||||||
:kind "Ingress"
|
:kind "Ingress",
|
||||||
:metadata
|
:metadata
|
||||||
{:name "shynet-webserver-ingress"
|
{:namespace "default",
|
||||||
:annotations
|
:annotations
|
||||||
{:ingress.kubernetes.io/force-ssl-redirect "true"
|
{:traefik.ingress.kubernetes.io/router.entrypoints
|
||||||
:ingress.kubernetes.io/ssl-redirect "true"
|
"web, websecure",
|
||||||
:cert-manager.io/cluster-issuer
|
:traefik.ingress.kubernetes.io/router.middlewares
|
||||||
"staging"}}
|
"default-redirect-https@kubernetescrd",
|
||||||
:spec
|
:metallb.universe.tf/address-pool "public"},
|
||||||
{:tls [{:hosts ["test.com"], :secretName "shynet-cert"}]
|
:name nil,
|
||||||
:rules
|
:labels {:app.kubernetes.part-of nil}},
|
||||||
[{:host "test.com"
|
:spec {:tls [{:hosts nil, :secretName nil}], :rules []}}]
|
||||||
:http
|
(cut/generate-ingress-and-cert {:fqdn "test.com" :issuer :staging}))))
|
||||||
{:paths
|
|
||||||
[{:backend
|
|
||||||
{:service
|
|
||||||
{:name "shynet-webserver-service"
|
|
||||||
:port {:number 8080}}}
|
|
||||||
:path "/"
|
|
||||||
:pathType "Prefix"}]}}]}}
|
|
||||||
(cut/generate-ingress {:fqdn "test.com" :issuer :staging}))))
|
|
||||||
|
|
||||||
(deftest should-generate-secret
|
(deftest should-generate-secret
|
||||||
(is (= {:apiVersion "v1"
|
(is (= {:apiVersion "v1"
|
||||||
|
|
|
@ -1,10 +0,0 @@
|
||||||
(ns dda.c4k-shynet.browser-test
|
|
||||||
(:require
|
|
||||||
[cljs.test :refer-macros [deftest is are testing run-tests]]
|
|
||||||
[hickory.render :as hr]
|
|
||||||
[dda.c4k-shynet.browser :as cut]))
|
|
||||||
|
|
||||||
(deftest should-generate-group
|
|
||||||
(is (= "<div class=\"rounded border border-3 m-3 p-2\"><b style=\"z-index: 1; position: relative; top: -1.3rem;\">id1</b><fieldset>content</fieldset></div>"
|
|
||||||
(apply hr/hickory-to-html
|
|
||||||
(cut/generate-group "id1" "content")))))
|
|
6
src/test/resources/shynet-test/valid-auth.yaml
Normal file
6
src/test/resources/shynet-test/valid-auth.yaml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
django-secret-key: "django"
|
||||||
|
postgres-db-user: "shynet"
|
||||||
|
postgres-db-password: "shynet-db-password"
|
||||||
|
mon-auth:
|
||||||
|
grafana-cloud-user: "user"
|
||||||
|
grafana-cloud-password: "password"
|
7
src/test/resources/shynet-test/valid-config.yaml
Normal file
7
src/test/resources/shynet-test/valid-config.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
fqdn: "statistics.test.meissa-gmbh.de"
|
||||||
|
issuer: "staging"
|
||||||
|
postgres-data-volume-path: "/var/postgres"
|
||||||
|
mon-cfg:
|
||||||
|
grafana-cloud-url: "url-for-your-prom-remote-write-endpoint"
|
||||||
|
cluster-name: "jitsi"
|
||||||
|
cluster-stage: "test"
|
|
@ -1,3 +0,0 @@
|
||||||
{:django-secret-key "django"
|
|
||||||
:postgres-db-user "shynet"
|
|
||||||
:postgres-db-password "shynet-db-password"}
|
|
|
@ -1,3 +0,0 @@
|
||||||
{:fqdn "statistics.test.meissa-gmbh.de"
|
|
||||||
:issuer "staging"
|
|
||||||
:postgres-data-volume-path "/var/postgres"}
|
|
Loading…
Reference in a new issue