Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Automate Releases #450

Merged
merged 102 commits into from
Jan 23, 2024
Merged

chore: Automate Releases #450

Show file tree
Hide file tree
Changes from 94 commits
Commits
Show all changes
102 commits
Select commit Hold shift + click to select a range
2828562
add `.gitlab-ci.yml`
duncanista Dec 11, 2023
93917c8
replace `lint` job to `build-layer`
duncanista Dec 11, 2023
bf3e7bc
typo
duncanista Dec 11, 2023
a1b6373
another typo
duncanista Dec 11, 2023
394dddf
enable docker in CI runner
duncanista Dec 11, 2023
e3146d5
typo
duncanista Dec 11, 2023
1ce7814
switch to docker instead of k8s
duncanista Dec 11, 2023
3ef140a
update `artifacts:paths`
duncanista Dec 11, 2023
c589b39
feat: Use buildx in build script
astuyve Dec 11, 2023
cf96abe
feat: try buildx on the create command too
astuyve Dec 11, 2023
311b0af
feat: pass --name to buildx create
astuyve Dec 11, 2023
d0b0967
feat: Remove need to run docker container, use -o and rip files strai…
astuyve Dec 11, 2023
a41b4c3
check layer size job
duncanista Dec 12, 2023
c9b314d
typo in script file
duncanista Dec 12, 2023
d7bd6a0
add a `publish` poc stage
duncanista Dec 13, 2023
18518f3
add `build-layer` to `needs`
duncanista Dec 13, 2023
242f01d
indent properly matrix
duncanista Dec 13, 2023
58315ab
typo
duncanista Dec 13, 2023
32f84de
add permissions to layer publisher job
duncanista Dec 15, 2023
1221726
switch order so regions are fetched after role is assumed
duncanista Dec 15, 2023
03cb08a
typo in `printf`
duncanista Dec 15, 2023
31bdae7
add `\` to commands
duncanista Dec 15, 2023
dc87dfd
update parameter value to use extension in the meantime
duncanista Dec 15, 2023
5181363
get external id back to `datadog-lambda-js`
duncanista Dec 15, 2023
0aada8e
up hardcoded version and remove manual trigger
duncanista Dec 15, 2023
862e4f6
trigger pipeline version 10
duncanista Dec 15, 2023
b6ec472
update pipeline to be generated on runtime
duncanista Dec 21, 2023
3eb188d
change gomplate installation to docker run
duncanista Dec 21, 2023
79171f2
update generator image and gomplate install
duncanista Dec 21, 2023
b5fba21
use go install
duncanista Dec 21, 2023
f5092f3
add tag to downstream pipeline so they can run
duncanista Dec 21, 2023
30383c3
add manual trigger for proof of concept publish
duncanista Dec 21, 2023
ea02770
typo
duncanista Dec 21, 2023
c9538ea
add build to needs
duncanista Dec 21, 2023
cc1131f
Merge branch 'main' into jordan.gonzalez/add-gitlab-ci
duncanista Dec 21, 2023
45b61ba
add regions and publish only on git tag
duncanista Dec 22, 2023
672e301
only publish layers on git tag attatched
duncanista Dec 22, 2023
95fa90d
move `when` to be part of the rule of the tag
duncanista Dec 22, 2023
af6f6a3
fix typo in script
duncanista Dec 22, 2023
ab52615
add lint job
duncanista Dec 26, 2023
05ac837
add unit test job
duncanista Dec 26, 2023
9d96e16
remove key from node-cache
duncanista Dec 26, 2023
27ecac9
typo
duncanista Dec 26, 2023
f92a580
remove codecov push
duncanista Dec 26, 2023
0735af3
add `--ci` flag to `yarn test`
duncanista Dec 26, 2023
75659a9
add `--forceExit` to `jest --ci`
duncanista Dec 26, 2023
a0ede98
detect open handles in jest
duncanista Dec 26, 2023
6b9a6ac
add boilerplate for integration test
duncanista Dec 26, 2023
7b92a68
typo on integration tests
duncanista Dec 26, 2023
a1696a6
change apk to apt
duncanista Dec 26, 2023
4946441
remove `sudo`
duncanista Dec 27, 2023
c1fe111
install nodejs in ubuntu properly and yarn
duncanista Dec 27, 2023
08cd438
remove `sudo`
duncanista Dec 27, 2023
87b8c77
add `node-gyp` to step
duncanista Dec 27, 2023
1950e9b
change caching strategy to be per-job and per-branch
duncanista Dec 27, 2023
dc89ec1
install serverless framework in pipeline
duncanista Dec 27, 2023
ae55c3d
add prefix to serverless framework installation
duncanista Dec 27, 2023
0d2ffc6
switch node to be `18` for integration tests
duncanista Dec 27, 2023
448858e
use `get_secrets.sh` script to get correct AWS credentials
duncanista Dec 28, 2023
f2a0cfe
update file permissions
duncanista Dec 28, 2023
de33970
allow variable expansion
duncanista Dec 28, 2023
5f74f2c
add different image which has awscli
duncanista Dec 28, 2023
9b76af6
change directory to root
duncanista Dec 28, 2023
f0f36e3
typo in script ending
duncanista Dec 28, 2023
6a01bed
install xxd
duncanista Dec 28, 2023
5b4f410
source credentials in `before_script`
duncanista Jan 3, 2024
25c100d
clean `config.yaml`
duncanista Jan 6, 2024
d39c67b
add new datasource `environments`
duncanista Jan 17, 2024
16e1190
add `environments.yaml`
duncanista Jan 17, 2024
ad1f639
eol
duncanista Jan 17, 2024
fe76014
update release on environment and rules
duncanista Jan 17, 2024
5d24852
send `STAGE` as env var for pipeline
duncanista Jan 17, 2024
12bbb08
deploy latest version always on sandbox and staging, for prod the spe…
duncanista Jan 17, 2024
871d87b
typo on script
duncanista Jan 17, 2024
adc0af5
fix missing `$runtime` for dependencie
duncanista Jan 18, 2024
bbe2bdf
we dont need layer to run unit tests or lint
duncanista Jan 18, 2024
53024d0
test in prod
duncanista Jan 19, 2024
23a4a72
add specific account to environment datasource
duncanista Jan 19, 2024
48f0fe5
always use sandbox for integration tests
duncanista Jan 19, 2024
838a0fd
add fake CI_COMMIT_TAG to test prod deploy
duncanista Jan 19, 2024
9decfd2
update `sign_layers.sh` to accept one layer only
duncanista Jan 19, 2024
b1f032c
add `sign` stage and jobs
duncanista Jan 19, 2024
a536278
re specify artifacts for signing jobs
duncanista Jan 19, 2024
6fbc8ca
typo in scripts
duncanista Jan 19, 2024
57d6344
install `uuidgen`
duncanista Jan 19, 2024
f4f183d
revert to not use fake values for prod testing
duncanista Jan 19, 2024
cd18bc4
only sign layers on prod when commit tag is set
duncanista Jan 19, 2024
9bbb87c
only create pipeline when `$CI_COMMIT_TAG` is present
duncanista Jan 19, 2024
b78ecc9
signing approval allows all regions to be deployed at once
duncanista Jan 19, 2024
314d795
typo
duncanista Jan 19, 2024
5bcac09
update `package.json` `repository` data
duncanista Jan 20, 2024
16e6dfc
add `publish_npm.sh` file
duncanista Jan 20, 2024
609e9e8
add pipeline to deploy to npm
duncanista Jan 20, 2024
67b756e
typo
duncanista Jan 20, 2024
f3783e4
artifacts expire in specific dates
duncanista Jan 22, 2024
e69de71
adjust script to work only for one environment
duncanista Jan 23, 2024
fc1b96f
update naming to be cleaner
duncanista Jan 23, 2024
57b902b
removing suffix `-GITLAB` for layers
duncanista Jan 23, 2024
864e3f5
Merge branch 'main' into jordan.gonzalez/add-gitlab-ci
duncanista Jan 23, 2024
ddeed2c
get `gomplate` from `apk add` not go dev version
duncanista Jan 23, 2024
2841208
Merge branch 'main' of ssh://github.com/DataDog/datadog-lambda-js int…
duncanista Jan 23, 2024
3a994d8
Merge remote-tracking branch 'refs/remotes/origin/jordan.gonzalez/add…
duncanista Jan 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,5 @@ package-lock.json

**/.serverless
/.idea/

ci/build-*.yaml
31 changes: 31 additions & 0 deletions .gitlab-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
stages:
- pre
- build

.go-cache: &go-cache
key: datadog-lambda-js-go-cache
paths:
- $CI_PROJECT_DIR/.go-cache/pkg/mod
policy: pull

generator:
stage: pre
image: registry.ddbuild.io/images/mirror/golang:alpine
tags: ["arch:amd64"]
cache: *go-cache
script:
- go install github.com/hairyhenderson/gomplate/v4/cmd/gomplate@latest
- gomplate --config ci/config.yaml
artifacts:
paths:
- ci/*-pipeline.yaml

build-layers:
stage: build
trigger:
include:
- artifact: ci/build-pipeline.yaml
job: generator
strategy: depend
rules:
- when: on_success
5 changes: 3 additions & 2 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
ARG image
FROM $image
FROM $image as builder
ARG image

# Install git so we can specify a specific git ref (ie: refs/head/my-feature) in package.json
Expand Down Expand Up @@ -55,4 +55,5 @@ RUN find /nodejs/node_modules -name "*.d.ts" -delete
RUN find /nodejs/node_modules -name "*.js.map" -delete
RUN find /nodejs/node_modules -name "*.ts.map" -delete


FROM scratch
COPY --from=builder /nodejs /
13 changes: 13 additions & 0 deletions ci/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
inputFiles:
- ci/input_files/build.yaml.tpl

outputFiles:
- ci/build-pipeline.yaml

datasources:
runtimes:
url: ci/datasources/runtimes.yaml
regions:
url: ci/datasources/regions.yaml
environments:
url: ci/datasources/environments.yaml
9 changes: 9 additions & 0 deletions ci/datasources/environments.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
environments:
- name: sandbox
external_id: sandbox-publish-externalid
role_to_assume: sandbox-layer-deployer
account: 425362996713
- name: prod
external_id: prod-publish-externalid
role_to_assume: dd-serverless-layer-deployer-role
account: 464622532012
29 changes: 29 additions & 0 deletions ci/datasources/regions.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
regions:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not needed for this PR: I think we probably want a way to remind us if there's a new region added.
Related to this PR: We need to catch up some of the regions before we enable the pipelines.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, right now this approach wouldn't work for GovCloud either, since we are setting those regions here.

An ideal solution for another PR would be: in the generator pipeline, list regions and generate this file!

- code: "us-east-1"
- code: "us-east-2"
- code: "us-west-1"
- code: "us-west-2"
- code: "af-south-1"
- code: "ap-east-1"
- code: "ap-south-1"
- code: "ap-south-2"
- code: "ap-southeast-1"
- code: "ap-southeast-2"
- code: "ap-southeast-3"
- code: "ap-southeast-4"
- code: "ap-northeast-1"
- code: "ap-northeast-2"
- code: "ap-northeast-3"
- code: "ca-central-1"
- code: "ca-west-1"
- code: "eu-central-1"
- code: "eu-central-2"
- code: "eu-west-1"
- code: "eu-west-2"
- code: "eu-west-3"
- code: "eu-south-1"
- code: "eu-south-2"
- code: "il-central-1"
- code: "me-south-1"
- code: "me-central-1"
- code: "sa-east-1"
13 changes: 13 additions & 0 deletions ci/datasources/runtimes.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
runtimes:
- name: "node14"
node_version: "14.15"
node_major_version: "14"
- name: "node16"
node_version: "16.14"
node_major_version: "16"
- name: "node18"
node_version: "18.12"
node_major_version: "18"
- name: "node20"
node_version: "20.9"
node_major_version: "20"
48 changes: 48 additions & 0 deletions ci/get_secrets.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
#!/bin/bash

# Unless explicitly stated otherwise all files in this repository are licensed
# under the Apache License Version 2.0.
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2023 Datadog, Inc.

set -e

if [ -z "$EXTERNAL_ID_NAME" ]; then
printf "[Error] No EXTERNAL_ID_NAME found.\n"
printf "Exiting script...\n"
exit 1
fi

if [ -z "$ROLE_TO_ASSUME" ]; then
printf "[Error] No ROLE_TO_ASSUME found.\n"
printf "Exiting script...\n"
exit 1
fi

printf "Getting AWS External ID...\n"

EXTERNAL_ID=$(aws ssm get-parameter \
--region us-east-1 \
--name "ci.datadog-lambda-js.$EXTERNAL_ID_NAME" \
--with-decryption \
--query "Parameter.Value" \
--out text)

printf "Getting DD API KEY...\n"

export DD_API_KEY=$(aws ssm get-parameter \
--region us-east-1 \
--name ci.datadog-lambda-js.dd-api-key \
--with-decryption \
--query "Parameter.Value" \
--out text)

printf "Assuming role...\n"

export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" \
$(aws sts assume-role \
--role-arn "arn:aws:iam::$AWS_ACCOUNT:role/$ROLE_TO_ASSUME" \
--role-session-name "ci.datadog-lambda-js-$CI_JOB_ID-$CI_JOB_STAGE" \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--external-id $EXTERNAL_ID \
--output text))
177 changes: 177 additions & 0 deletions ci/input_files/build.yaml.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,177 @@
stages:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❤️ this templating approach!

- build
- test
- sign
- publish

.install-node: &install-node
- apt-get update
- apt-get install -y ca-certificates curl gnupg xxd
- mkdir -p /etc/apt/keyrings
- curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
# We are explicitly setting the node_18.x version for the installation
- echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_18.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list
- apt-get update
- apt-get install nodejs -y
- npm install --global yarn

.node-before-script: &node-before-script
- echo 'yarn-offline-mirror ".yarn-cache/"' >> .yarnrc
- echo 'yarn-offline-mirror-pruning true' >> .yarnrc
- yarn install --frozen-lockfile --no-progress

{{ $runtimes := (ds "runtimes").runtimes }}
{{ range $runtime := $runtimes }}

.{{ $runtime.name }}-cache: &{{ $runtime.name }}-cache
key: "$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG"
paths:
- $CI_PROJECT_DIR/.yarn-cache
policy: pull

build-{{ $runtime.name }}-layer:
stage: build
tags: ["arch:amd64"]
image: registry.ddbuild.io/images/docker:20.10
artifacts:
expire_in: 10 min # TODO: remove temp value
paths:
- .layers/datadog_lambda_node{{ $runtime.node_version }}.zip
variables:
CI_ENABLE_CONTAINER_IMAGE_BUILDS: "true"
script:
- NODE_VERSION={{ $runtime.node_version }} ./scripts/build_layers.sh

check-{{ $runtime.name }}-layer-size:
stage: test
tags: ["arch:amd64"]
image: registry.ddbuild.io/images/docker:20.10
needs:
- build-{{ $runtime.name }}-layer
dependencies:
- build-{{ $runtime.name }}-layer
script:
- NODE_VERSION={{ $runtime.node_version }} ./scripts/check_layer_size.sh

lint-{{ $runtime.name }}:
stage: test
tags: ["arch:amd64"]
image: registry.ddbuild.io/images/mirror/node:{{ $runtime.node_major_version }}-bullseye
cache: &{{ $runtime.name }}-cache
before_script: *node-before-script
script:
- yarn check-formatting
- yarn lint

unit-test-{{ $runtime.name }}:
stage: test
tags: ["arch:amd64"]
image: registry.ddbuild.io/images/mirror/node:{{ $runtime.node_major_version }}-bullseye
cache: &{{ $runtime.name }}-cache
before_script: *node-before-script
script:
- yarn build
- yarn test --ci --forceExit --detectOpenHandles
- bash <(curl -s https://codecov.io/bash)

integration-test-{{ $runtime.name }}:
stage: test
tags: ["arch:amd64"]
image: registry.ddbuild.io/images/docker:20.10-py3
needs:
- build-{{ $runtime.name }}-layer
dependencies:
- build-{{ $runtime.name }}-layer
cache: &{{ $runtime.name }}-cache
variables:
CI_ENABLE_CONTAINER_IMAGE_BUILDS: "true"
before_script:
- *install-node
- EXTERNAL_ID_NAME=integration-test-externalid ROLE_TO_ASSUME=sandbox-integration-test-deployer AWS_ACCOUNT=425362996713 source ./ci/get_secrets.sh
- yarn global add serverless --prefix /usr/local
- cd integration_tests && yarn install && cd ..
script:
- RUNTIME_PARAM={{ $runtime.node_major_version }} ./scripts/run_integration_tests.sh

{{ $environments := (ds "environments").environments }}
{{ range $environment := $environments }}

{{ if or (eq $environment.name "prod") }}
sign-{{ $environment.name }}-{{ $runtime.name }}-layer:
stage: sign
tags: ["arch:amd64"]
image: registry.ddbuild.io/images/docker:20.10-py3
rules:
- if: '$CI_COMMIT_TAG =~ /^v.*/'
when: manual
needs:
- build-{{ $runtime.name }}-layer
- check-{{ $runtime.name }}-layer-size
- lint-{{ $runtime.name }}
- unit-test-{{ $runtime.name }}
- integration-test-{{ $runtime.name }}
dependencies:
- build-{{ $runtime.name }}-layer
artifacts: # Re specify artifacts so the modified signed file is passed
expire_in: 10 min # TODO: remove temp value
paths:
- .layers/datadog_lambda_node{{ $runtime.node_version }}.zip
before_script:
- apt-get update
- apt-get install -y uuid-runtime
- EXTERNAL_ID_NAME={{ $environment.external_id }} ROLE_TO_ASSUME={{ $environment.role_to_assume }} AWS_ACCOUNT={{ $environment.account }} source ./ci/get_secrets.sh
script:
- LAYER_FILE=datadog_lambda_node{{ $runtime.node_version }}.zip ./scripts/sign_layers.sh {{ $environment.name }}
{{ end }}

publish-{{ $environment.name }}-{{ $runtime.name }}-layer:
stage: publish
tags: ["arch:amd64"]
image: registry.ddbuild.io/images/docker:20.10-py3
rules:
- if: '"{{ $environment.name }}" =~ /^(sandbox|staging)/'
when: manual
allow_failure: true
- if: '$CI_COMMIT_TAG =~ /^v.*/'
needs:
{{ if or (eq $environment.name "prod") }}
- sign-{{ $environment.name }}-{{ $runtime.name }}-layer
{{ else }}
- build-{{ $runtime.name }}-layer
- check-{{ $runtime.name }}-layer-size
- lint-{{ $runtime.name }}
- unit-test-{{ $runtime.name }}
- integration-test-{{ $runtime.name }}
{{ end }}
dependencies:
{{ if or (eq $environment.name "prod") }}
- sign-{{ $environment.name }}-{{ $runtime.name }}-layer
{{ else }}
- build-{{ $runtime.name }}-layer
{{ end }}
parallel:
matrix:
- REGION: {{ range (ds "regions").regions }}
- {{ .code }}
{{- end}}
before_script:
- EXTERNAL_ID_NAME={{ $environment.external_id }} ROLE_TO_ASSUME={{ $environment.role_to_assume }} AWS_ACCOUNT={{ $environment.account }} source ./ci/get_secrets.sh
script:
- STAGE={{ $environment.name }} NODE_VERSION={{ $runtime.node_version }} ./ci/publish_layers.sh

{{- end }}

{{- end }}

publish-npm-package:
stage: publish
tags: ["arch:amd64"]
image: registry.ddbuild.io/images/docker:20.10-py3
cache: []
rules:
- if: '$CI_COMMIT_TAG =~ /^v.*/'
when: manual
before_script:
- *install-node
script:
- ./scripts/publish_npm.sh
Loading
Loading