Merge pull request #1 from commitdev/add-circleci-pipeline

bmonkman · web-flow · commit 20733affd277 · 2020-04-23T15:20:14.000-07:00
Added circleci pipeline from commit0-ci-pipeline project, with some t…
diff --git a/.circleci/README.md b/.circleci/README.md
@@ -0,0 +1,96 @@
+# CircleCI Pipeline Template
+
+## Configuration
+
+### Requirements
+
+Requires you to configure the below [CircleCI Environment Variables](https://circleci.com/docs/2.0/env-vars/):
+
+- AWS_DEFAULT_REGION                    # Region of your cluster
+- AWS_ECR_ACCOUNT_URL                   # {awsAccountNum}.dkr.ecr.{region}.amazonaws.com
+- AWS_ECR_REPO_NAME                     # The ECR repository name to write images to
+- PRODUCTION_EKS_CLUSTER_NAME           # The name of the production EKS cluster to deploy into
+- STAGING_EKS_CLUSTER_NAME              # The name of the staging EKS cluster to deploy into
+
+
+## Deployment Process
+
+### Branch Deploys
+
+1. [Checkout](#checkout)
+2. [Unit Tests](#unit-tests)
+
+### Master Deploys
+
+1. [Checkout](#checkout)
+2. [Unit Tests](unit-tests)
+3. [Build and Push Image](#build-and-push-image)
+4. [Deploy Staging](#deploy-staging)
+5. [Integration Tests](#integration-test)
+6. [Deploy Production](#deploy-production)
+
+## Checkout
+
+We checkout code in a separate step and then save to a shared workspace throughout the rest of the build. This is done to avoid needing to run the checkout in multiple steps throughout the build.
+
+## Unit Tests
+
+We run the tests inside a Go container. This runs parallel to the build process to save time. We run unit tests on branches before merging to master so these should never fail on the master branch. Results are piped into go-junit-reporter to allow CircleCI to parse them for [Insights](https://circleci.com/build-insights/gh/Vin65/shipping-service/master).
+
+## Build and Push Image
+
+Uses the ECR orb (See: [Orbs](#orbs)) to build the Dockerfile and push the image up to ECR.
+
+## Deploy Staging
+
+Still finishing up with this, currently it just runs the command `make deploy-staging`
+
+## Integration Tests
+
+Set of tests that need to run against a working version of the application. These are run after deploying to a staging or testing server.
+
+## Deploy Production
+
+This does the same EKS deployment, just waits for other builds to finish deploying first.
+
+## Orbs
+
+### AWS
+
+- [ECR Orb](https://circleci.com/orbs/registry/orb/circleci/aws-ecr)
+- [EKS Orb](https://circleci.com/orbs/registry/orb/circleci/aws-eks)
+- [CLI Orb](https://circleci.com/orbs/registry/orb/circleci/aws-cli)
+
+We use multiple AWS orbs to simplify the deployment process. Firstly to build the image and push to the repo, we use the `aws-ecr` orb. This just combines the commands needed to build a docker image, tag it, and push to ECR. The tags are dealt with by the `version-tag` orb (see below).
+
+### Slack
+
+- [Slack Orb](https://circleci.com/orbs/registry/orb/circleci/slack)
+
+You'll need to set up a slack webhook to post messages to a channel in Slack. You can do it in the [Incoming Webhooks](https://winedirectteam.slack.com/apps/A0F7XDUAZ-incoming-webhooks?next_id=0) page. This is then added as an environment variable on your project with the name `SLACK_WEBHOOK` as per the [Slack Orb Documentation](https://circleci.com/orbs/registry/orb/circleci/slack).
+
+### Commit Version Tag
+
+- [Version Tag Orb](https://circleci.com/orbs/registry/orb/commitdev/version-tag)
+
+This is a custom orb used by (Commit)[https://commit.dev] to create a tag for docker images that is easier to work with. Instead of using the full Git SHA
+as the docker image tag, we use the build number from CircleCI and a short version of the Git SHA (first seven characters only). You'll find the tag for each build in the "Create Version Tag" step inside the `build_and_push` job.
+
+E.g. `Created version tag: VERSION_TAG=164-27a3d39`
+
+This is done to increase the readability, make the numbers sortable and still guarantee uniqueness with a high degree of certainty.
+
+### Queue
+
+- [EddieWebb Queue Orb](https://circleci.com/orbs/registry/orb/eddiewebb/queue)
+
+This orb is used to prevent multiple deployments going out at the same time. By using the CIRCLECI_API_KEY to access the current running builds, it's able to check that the current build is the oldest in the queue, and therefore is able to run first. Other builds in the queue will be put into a wait/retry loop until all builds before them have finished.
+
+This is run before the deploy production step to prevent two builds deploying to production at the same time.
+
+```yaml
+        - queue/block_workflow:
+            time: '30' # hold for 30 mins then abort
+            requires:
+              - wait_for_approval
+```
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -0,0 +1,262 @@
+---
+version: 2.1
+orbs:
+  aws-ecr: circleci/aws-ecr@6.5.0
+  aws-eks: circleci/aws-eks@0.2.3
+  aws-s3: circleci/aws-s3@1.0.11
+  aws-cli: circleci/aws-cli@0.1.18
+  queue: eddiewebb/queue@1.3.0
+  slack: circleci/slack@3.4.2
+  version-tag: commitdev/version-tag@0.0.3
+
+variables:
+  - &workspace /home/circleci/project
+
+  - &build-image cimg/go:1.13
+
+
+aliases:
+  # Shallow Clone - this allows us to cut the 2 minute repo clone down to about 10 seconds for repos with 50,000 commits+
+  - &checkout-shallow
+    name: Checkout (Shallow)
+    command: |
+      #!/bin/sh
+      set -e
+
+      # Workaround old docker images with incorrect $HOME
+      # check https://github.com/docker/docker/issues/2968 for details
+      if [ "${HOME}" = "/" ]
+      then
+        export HOME=$(getent passwd $(id -un) | cut -d: -f6)
+      fi
+
+      mkdir -p ~/.ssh
+
+      echo 'github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
+      bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==' >> ~/.ssh/known_hosts
+
+      (umask 077; touch ~/.ssh/id_rsa)
+      chmod 0600 ~/.ssh/id_rsa
+      (cat \<<EOF > ~/.ssh/id_rsa
+      $CHECKOUT_KEY
+      EOF
+      )
+
+      # use git+ssh instead of https
+      git config --global url."ssh://git@github.com".insteadOf "https://github.com" || true
+
+      if [ -e /home/circleci/project/.git ]
+      then
+          cd /home/circleci/project
+          git remote set-url origin "$CIRCLE_REPOSITORY_URL" || true
+      else
+          mkdir -p /home/circleci/project
+          cd /home/circleci/project
+          git clone --depth=1 "$CIRCLE_REPOSITORY_URL" .
+      fi
+
+      if [ -n "$CIRCLE_TAG" ]
+      then
+        git fetch --depth=10 --force origin "refs/tags/${CIRCLE_TAG}"
+      elif [[ "$CIRCLE_BRANCH" =~ ^pull\/* ]]
+      then
+      # For PR from Fork
+        git fetch --depth=10 --force origin "$CIRCLE_BRANCH/head:remotes/origin/$CIRCLE_BRANCH"
+      else
+        git fetch --depth=10 --force origin "$CIRCLE_BRANCH:remotes/origin/$CIRCLE_BRANCH"
+      fi
+
+      if [ -n "$CIRCLE_TAG" ]
+      then
+          git reset --hard "$CIRCLE_SHA1"
+          git checkout -q "$CIRCLE_TAG"
+      elif [ -n "$CIRCLE_BRANCH" ]
+      then
+          git reset --hard "$CIRCLE_SHA1"
+          git checkout -q -B "$CIRCLE_BRANCH"
+      fi
+
+      git reset --hard "$CIRCLE_SHA1"
+      pwd
+
+  - &install-binaries
+      name: Install Binaries
+      command: |
+        KUSTOMIZE_VERSION=3.5.4
+        IAM_AUTH_VERSION=0.5.0
+        curl -L -o ./kustomize.tar.gz "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_amd64.tar.gz"
+        sudo tar xvzf ./kustomize.tar.gz -C /usr/local/bin/
+        sudo chmod +x /usr/local/bin/kustomize
+        kustomize version
+        curl -L -o ./aws-iam-authenticator "https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v${IAM_AUTH_VERSION}/aws-iam-authenticator_${IAM_AUTH_VERSION}_linux_amd64"
+        sudo mv ./aws-iam-authenticator /usr/local/bin/
+        sudo chmod +x /usr/local/bin/aws-iam-authenticator
+
+
+jobs:
+  checkout_code:
+    docker:
+      - image: *build-image
+    steps:
+      - run: *checkout-shallow
+      - persist_to_workspace:
+          root: /home/circleci/project
+          paths:
+            - .
+
+  unit_test:
+    docker:
+      - image: *build-image
+    working_directory: *workspace
+    steps: # steps that comprise the `build` job
+      - attach_workspace:
+          at: *workspace
+      - restore_cache: # restores saved cache if no changes are detected since last run
+          keys:
+            - v1-pkg-cache-{{ checksum "go.sum" }}
+            - v1-pkg-cache-
+      - run:
+          name: Run unit tests
+          command: |
+            go get -u github.com/jstemmer/go-junit-report
+            mkdir -p test-reports
+            go test -v ./... | go-junit-report > test-reports/junit.xml
+
+      - save_cache: # Store cache in the /go/pkg directory
+          key: v1-pkg-cache-{{ checksum "go.sum" }}
+          paths:
+            - "/go/pkg"
+
+      - store_test_results:
+          path: test-reports
+
+      - store_artifacts:
+          path: test-reports
+
+      # Requires the SLACK_WEBHOOK
+      - slack/notify-on-failure
+
+  build_and_push:
+    machine:
+      docker_layer_caching: false # only for performance plan circleci accounts
+    steps:
+      - attach_workspace:
+          at: *workspace
+      - run: *checkout-shallow
+      - version-tag/create
+      - aws-ecr/build-and-push-image:
+          repo: ${AWS_ECR_REPO_NAME}
+          tag: $VERSION_TAG,latest
+
+  deploy:
+    executor: aws-eks/python3
+    parameters:
+      namespace:
+        type: string
+        default: ''
+        description: |
+          The kubernetes namespace that should be used.
+      repo:
+        type: string
+        default: ''
+        description: |
+          The name of the ECR repo to deploy an image from.
+      config-environment:
+        type: string
+        default: ''
+        description: |
+          The environment kustomize should overlay to generate the kubernetes config. Options are the directories in kubernetes/overlays/
+      tag:
+        type: string
+        default: $VERSION_TAG
+        description: |
+          The tag that should be deployed.
+      region:
+        type: string
+        default: ''
+        description: |
+          The region to use for AWS operations.
+      cluster-name:
+        description: |
+          The name of the EKS cluster.
+        type: string
+      cluster-authentication-role-arn:
+        default: ''
+        description: |
+          To assume a role for cluster authentication, specify an IAM role ARN with
+          this option. For example, if you created a cluster while assuming an IAM
+          role, then you must also assume that role to connect to the cluster the
+          first time.
+        type: string
+    steps:
+      - run: *checkout-shallow
+      - version-tag/get
+      - run: *install-binaries
+      - aws-cli/install
+      - aws-cli/setup
+      - aws-eks/update-kubeconfig-with-authenticator:
+          cluster-name: << parameters.cluster-name >>
+          cluster-authentication-role-arn: << parameters.cluster-authentication-role-arn >>
+          aws-region: << parameters.region >>
+          install-kubectl: true
+      - queue/until_front_of_line:
+          time: '30'
+      - run:
+          name: Deploy
+          command: |
+            cd kubernetes/overlays/<< parameters.config-environment >>
+            IMAGE=${AWS_ECR_ACCOUNT_URL}/<< parameters.repo >>
+            kustomize edit set image fake-image=${IMAGE}:${VERSION_TAG}
+            kustomize build . | kubectl apply -f - -n << parameters.namespace >>
+workflows:
+    version: 2
+    # The main workflow. Check out the code, build it, push it, deploy to staging, test, deploy to production
+    build_test_and_deploy:
+      jobs:
+        - checkout_code
+
+        - unit_test:
+            requires:
+              - checkout_code
+
+        - build_and_push:
+            requires:
+              - unit_test
+            filters:
+              branches:
+                only:  # only branches matching the below regex filters will run
+                  - /^master$/
+
+        - deploy:
+            name: deploy_staging
+            repo: "${AWS_ECR_REPO_NAME}"
+            cluster-name: "${STAGING_EKS_CLUSTER_NAME}"
+            config-environment: "staging"
+            cluster-authentication-role-arn: "${AWS_CLUSTER_AUTH_ROLE_ARN_STAGING}"
+            region: "${AWS_DEFAULT_REGION}"
+            namespace: "${CIRCLE_BRANCH}"
+            tag: "${VERSION_TAG}"
+            requires:
+              - build_and_push
+
+        - wait_for_approval:
+            type: approval
+            requires:
+              - deploy_staging
+
+        - queue/block_workflow:
+            time: '30' # hold for 30 mins then abort
+            requires:
+              - wait_for_approval
+
+        - deploy:
+            name: deploy_production
+            repo: "${AWS_ECR_REPO_NAME}"
+            cluster-name: "${PRODUCTION_EKS_CLUSTER_NAME}"
+            config-environment: "production"
+            cluster-authentication-role-arn: "${AWS_CLUSTER_AUTH_ROLE_ARN_PRODUCTION}"
+            region: "${AWS_DEFAULT_REGION}"
+            namespace: "${CIRCLE_BRANCH}"
+            tag: "${VERSION_TAG}"
+            requires:
+              - queue/block_workflow
diff --git a/commit0.module.yml b/commit0.module.yml
@@ -0,0 +1,12 @@
+name: commit0-deployable-backend
+description: 'A deployable project including an application, Dockerfile, CircleCI pipeline, and k8s manifests'
+author: 'Commit'
+icon: ''
+thumbnail: ''
+
+template:
+  strictMode: true
+  delimiters:
+    - '<%'
+    - '%>'
+  output: '.'
diff --git a/example.yml b/example.yml
@@ -4,6 +4,8 @@ name: example-app
 # params are key value pairs passed into templates
 params:
 
+  # Application config
+
   # production host name
   productionHost: fix_me
 
diff --git a/main_test.go b/main_test.go
@@ -0,0 +1,12 @@
+package main_test
+
+import (
+	"testing"
+)
+
+func TestExample(t *testing.T) {
+	got := (1 + 1)
+	if got != 2 {
+		t.Errorf("1 + 1 = %d; want 2", got)
+	}
+}
