forked from validatedpatterns/common
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMakefile
214 lines (180 loc) · 8.88 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
NAME ?= $(shell basename "`pwd`")
ifneq ($(origin TARGET_SITE), undefined)
TARGET_SITE_OPT=--set main.clusterGroupName=$(TARGET_SITE)
endif
# This variable can be set in order to pass additional helm arguments from the
# the command line. I.e. we can set things without having to tweak values files
EXTRA_HELM_OPTS ?=
# INDEX_IMAGES=registry-proxy.engineering.redhat.com/rh-osbs/iib:394248
# or
# INDEX_IMAGES=registry-proxy.engineering.redhat.com/rh-osbs/iib:394248,registry-proxy.engineering.redhat.com/rh-osbs/iib:394249
INDEX_IMAGES ?=
TARGET_ORIGIN ?= origin
# This is to ensure that whether we start with a git@ or https:// URL, we end up with an https:// URL
# This is because we expect to use tokens for repo authentication as opposed to SSH keys
TARGET_REPO=$(shell git ls-remote --get-url --symref $(TARGET_ORIGIN) | sed -e 's/.*URL:[[:space:]]*//' -e 's%^git@%%' -e 's%^https://%%' -e 's%:%/%' -e 's%^%https://%')
# git branch --show-current is also available as of git 2.22, but we will use this for compatibility
TARGET_BRANCH=$(shell git rev-parse --abbrev-ref HEAD)
UUID_FILE ?= ~/.config/validated-patterns/pattern-uuid
UUID_HELM_OPTS ?=
# --set values always take precedence over the contents of -f
ifneq ("$(wildcard $(UUID_FILE))","")
UUID := $(shell cat $(UUID_FILE))
UUID_HELM_OPTS := --set main.analyticsUUID=$(UUID)
endif
HELM_OPTS=-f values-global.yaml --set main.git.repoURL="$(TARGET_REPO)" --set main.git.revision=$(TARGET_BRANCH) $(TARGET_SITE_OPT) $(UUID_HELM_OPTS) $(EXTRA_HELM_OPTS)
##@ Pattern Common Tasks
.PHONY: help
help: ## This help message
@echo "Pattern: $(NAME)"
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^(\s|[a-zA-Z_0-9-])+:.*?##/ { printf " \033[36m%-35s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
# Makefiles in the individual patterns should call these targets explicitly
# e.g. from industrial-edge: make -f common/Makefile show
.PHONY: show
show: ## show the starting template without installing it
helm template common/operator-install/ --name-template $(NAME) $(HELM_OPTS)
preview-%:
common/scripts/preview.sh hub $* $(TARGET_REPO) $(TARGET_BRANCH)
.PHONY: operator-deploy
operator-deploy operator-upgrade: validate-prereq validate-origin validate-cluster ## runs helm install
@set -e -o pipefail
# Retry five times because the CRD might not be fully installed yet
for i in {1..5}; do \
helm template --include-crds --name-template $(NAME) common/operator-install/ $(HELM_OPTS) | oc apply -f- && break || sleep 10; \
done
.PHONY: uninstall
uninstall: ## runs helm uninstall
$(eval CSV := $(shell oc get subscriptions -n openshift-operators openshift-gitops-operator -ojsonpath={.status.currentCSV}))
helm uninstall $(NAME)
@oc delete csv -n openshift-operators $(CSV)
.PHONY: load-secrets
load-secrets: ## loads the secrets into the vault
common/scripts/vault-utils.sh push_secrets $(NAME)
.PHONY: load-iib
load-iib: ## CI target to install Index Image Bundles
@set -e; if [ x$(INDEX_IMAGES) != x ]; then \
for IIB in $(shell echo $(INDEX_IMAGES) | tr ',' '\n'); do \
INDEX_IMAGE="$${IIB}" ansible-playbook common/ansible/playbooks/iib-ci/iib-ci.yaml; \
done; \
else \
echo "No INDEX_IMAGES defined. Bailing out"; \
exit 1; \
fi
##@ Validation Tasks
# We only check the remote ssh git branch's existance if we're not running inside a container
# as getting ssh auth working inside a container seems a bit brittle
.PHONY: validate-origin
validate-origin: ## verify the git origin is available
@echo "Checking repository:"
@echo -n " $(TARGET_REPO) - branch $(TARGET_BRANCH): "
@if [ ! -f /run/.containerenv ]; then\
git ls-remote --exit-code --heads $(TARGET_REPO) $(TARGET_BRANCH) >/dev/null &&\
echo "OK" ||\
(echo "NOT FOUND"; exit 1);\
else\
echo "Running inside a container: Skipping git ssh checks";\
fi
.PHONY: validate-cluster
validate-cluster: ## Do some cluster validations before installing
@echo "Checking cluster:"
@echo -n " cluster-info: "
@oc cluster-info >/dev/null && echo "OK" || (echo "Error"; exit 1)
@echo -n " storageclass: "
@if [ `oc get storageclass -o go-template='{{printf "%d\n" (len .items)}}'` -eq 0 ]; then\
echo "None Found"; exit 1;\
else\
echo "OK";\
fi
.PHONY: validate-schema
validate-schema: ## validates values files against schema in common/clustergroup
$(eval VAL_PARAMS := $(shell for i in ./values-*.yaml; do echo -n "$${i} "; done))
@echo -n "Validating clustergroup schema of: "
@set -e; for i in $(VAL_PARAMS); do echo -n " $$i"; helm template common/clustergroup $(HELM_OPTS) -f "$${i}" >/dev/null; done
@echo
.PHONY: validate-prereq
validate-prereq: ## verify pre-requisites
@echo "Checking prerequisites:"
@for t in $(EXECUTABLES); do if ! which $$t > /dev/null 2>&1; then echo "No $$t in PATH"; exit 1; fi; done
@echo " Check for '$(EXECUTABLES)': OK"
@echo -n " Check for python-kubernetes: "
@if ! ansible -m ansible.builtin.command -a "{{ ansible_python_interpreter }} -c 'import kubernetes'" localhost > /dev/null 2>&1; then echo "Not found"; exit 1; fi
@echo "OK"
@echo -n " Check for kubernetes.core collection: "
@if ! ansible-galaxy collection list | grep kubernetes.core > /dev/null 2>&1; then echo "Not found"; exit 1; fi
@echo "OK"
.PHONY: argo-healthcheck
argo-healthcheck: ## Checks if all argo applications are synced
@echo "Checking argo applications"
$(eval APPS := $(shell oc get applications -A -o jsonpath='{range .items[*]}{@.metadata.namespace}{","}{@.metadata.name}{"\n"}{end}'))
@NOTOK=0; \
for i in $(APPS); do\
n=`echo "$${i}" | cut -f1 -d,`;\
a=`echo "$${i}" | cut -f2 -d,`;\
STATUS=`oc get -n "$${n}" application/"$${a}" -o jsonpath='{.status.sync.status}'`;\
if [[ $$STATUS != "Synced" ]]; then\
NOTOK=$$(( $${NOTOK} + 1));\
fi;\
HEALTH=`oc get -n "$${n}" application/"$${a}" -o jsonpath='{.status.health.status}'`;\
if [[ $$HEALTH != "Healthy" ]]; then\
NOTOK=$$(( $${NOTOK} + 1));\
fi;\
echo "$${n} $${a} -> Sync: $${STATUS} - Health: $${HEALTH}";\
done;\
if [ $${NOTOK} -gt 0 ]; then\
echo "Some applications are not synced or are unhealthy";\
exit 1;\
fi
##@ Test and Linters Tasks
CHARTS=$(shell find . -type f -iname 'Chart.yaml' -exec dirname "{}" \; | grep -v examples | sed -e 's/.\///')
# Section related to tests and linting
TEST_OPTS= -f values-global.yaml \
--set global.repoURL="https://github.com/pattern-clone/mypattern" \
--set main.git.repoURL="https://github.com/pattern-clone/mypattern" \
--set main.git.revision=main --set global.pattern="mypattern" \
--set global.namespace="pattern-namespace" \
--set global.hubClusterDomain=apps.hub.example.com \
--set global.localClusterDomain=apps.region.example.com \
--set global.clusterDomain=region.example.com \
--set global.clusterVersion="4.12" \
--set global.clusterPlatform=aws \
--set "clusterGroup.imperative.jobs[0].name"="test" \
--set "clusterGroup.imperative.jobs[0].playbook"="ansible/test.yml"
PATTERN_OPTS=-f common/examples/values-example.yaml
EXECUTABLES=git helm oc ansible
.PHONY: test
test: ## run helm tests
@for t in $(CHARTS); do common/scripts/test.sh $$t all "$(TEST_OPTS)"; if [ $$? != 0 ]; then exit 1; fi; done
.PHONY: helmlint
helmlint: ## run helm lint
@for t in $(CHARTS); do common/scripts/lint.sh $$t $(TEST_OPTS); if [ $$? != 0 ]; then exit 1; fi; done
API_URL ?= https://raw.githubusercontent.com/hybrid-cloud-patterns/ocp-schemas/main/openshift/4.10/
KUBECONFORM_SKIP ?= -skip 'CustomResourceDefinition,ClusterIssuer,CertManager,Certificate,ArgoCD'
# We need to skip 'CustomResourceDefinition' as openapi2jsonschema seems to be unable to generate them ATM
.PHONY: kubeconform
kubeconform: ## run helm kubeconform
@for t in $(CHARTS); do helm template $(TEST_OPTS) $(PATTERN_OPTS) $$t | kubeconform -strict $(KUBECONFORM_SKIP) -verbose -schema-location $(API_URL); if [ $$? != 0 ]; then exit 1; fi; done
.PHONY: super-linter
super-linter: ## Runs super linter locally
rm -rf .mypy_cache
podman run -e RUN_LOCAL=true -e USE_FIND_ALGORITHM=true \
-e VALIDATE_BASH=false \
-e VALIDATE_JSCPD=false \
-e VALIDATE_KUBERNETES_KUBECONFORM=false \
-e VALIDATE_YAML=false \
-e VALIDATE_ANSIBLE=false \
-e VALIDATE_DOCKERFILE_HADOLINT=false \
-e VALIDATE_TEKTON=false \
$(DISABLE_LINTERS) \
-v $(PWD):/tmp/lint:rw,z \
-w /tmp/lint \
docker.io/github/super-linter:slim-v5
.PHONY: ansible-lint
ansible-lint: ## run ansible lint on ansible/ folder
podman run -it -v $(PWD):/workspace:rw,z --workdir /workspace --env ANSIBLE_CONFIG=./ansible/ansible.cfg \
--entrypoint "/usr/local/bin/ansible-lint" quay.io/ansible/creator-ee:latest "-vvv" "ansible/"
.PHONY: ansible-unittest
ansible-unittest: ## run ansible unit tests
pytest -r a --fulltrace --color yes ansible/tests/unit/test_*.py
.PHONY: deploy upgrade legacy-deploy legacy-upgrade
deploy upgrade legacy-deploy legacy-upgrade:
@echo "UNSUPPORTED TARGET: please switch to 'operator-deploy'"; exit 1