From c18952d9915e2eb0e0171b596c072f57cbf9b671 Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sat, 26 Oct 2024 10:08:25 +0200 Subject: [PATCH 01/26] feat: migrate to github artifacts --- .github/workflows/__shared-ci.yml | 11 +++++------ .github/workflows/release.yml | 14 +++++++------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/.github/workflows/__shared-ci.yml b/.github/workflows/__shared-ci.yml index b980e9c..5528dbd 100644 --- a/.github/workflows/__shared-ci.yml +++ b/.github/workflows/__shared-ci.yml @@ -38,8 +38,7 @@ jobs: needs: - shellcheck - hadolint - # FIXME: use a released version of the action when it's ready - uses: hoverkraft-tech/ci-github-container/.github/workflows/docker-build-images.yml@feat/extra-buildx-cache-directives + uses: hoverkraft-tech/ci-github-container/.github/workflows/docker-build-images.yml@0.18.0 permissions: actions: write contents: read @@ -48,15 +47,15 @@ jobs: packages: write pull-requests: read secrets: - oci-registry-password: ${{ secrets.OCI_REGISTRY_PASSWORD }} + oci-registry-password: ${{ secrets.GITHUB_TOKEN }} with: runs-on: '["self-hosted"]' - oci-registry: ${{ vars.OCI_REGISTRY }} - oci-registry-username: ${{ vars.OCI_REGISTRY_USERNAME }} + oci-registry: ghcr.io + oci-registry-username: ${{ github.actor }} images: | [{ "name": "app", - "repository": "${{ vars.OCI_REGISTRY_IMAGE_REPOSITORY }}", + "repository": "${{ github.repository }}", "tag": "${{ inputs.tag }}", "dockerfile": "./Dockerfile", "platforms": [ diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4159d9c..57a565a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -68,9 +68,9 @@ jobs: echo "+ login to OCI registry" helm registry login ${OCI_REGISTRY} -u "${OCI_REGISTRY_USERNAME}" -p "${OCI_REGISTRY_PASSWORD}" env: - OCI_REGISTRY: ${{ vars.OCI_REGISTRY }} - OCI_REGISTRY_USERNAME: ${{ vars.OCI_REGISTRY_USERNAME }} - OCI_REGISTRY_PASSWORD: ${{ secrets.OCI_REGISTRY_PASSWORD }} + OCI_REGISTRY: ghcr.io + OCI_REGISTRY_USERNAME: ${{ github.actor }} + OCI_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} # Push the chart - name: ⚓ Push Helm Chart to OCI registry @@ -88,7 +88,7 @@ jobs: version: ${{ needs.update_release_draft.outputs.latestRelease }} appVersion: ${{ needs.update_release_draft.outputs.latestRelease }} env: - OCI_REGISTRY: ${{ vars.OCI_REGISTRY }} - OCI_REGISTRY_USERNAME: ${{ vars.OCI_REGISTRY_USERNAME }} - OCI_REGISTRY_PASSWORD: ${{ secrets.OCI_REGISTRY_PASSWORD }} - OCI_REGISTRY_CHART_REPOSITORY: ${{ vars.OCI_REGISTRY_CHART_REPOSITORY }} + OCI_REGISTRY: ghcr.io + OCI_REGISTRY_USERNAME: ${{ github.actor }} + OCI_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + OCI_REGISTRY_CHART_REPOSITORY: ${{ github.repository }} From 9f88586c57d9122a63ed4dc65b2e7dddfd941726 Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sat, 26 Oct 2024 11:30:43 +0200 Subject: [PATCH 02/26] chore: change image registry for GH --- helm/chart/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index 1742a2b..97e0094 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -5,8 +5,8 @@ replicaCount: 1 image: - registry: harbor.hoverkraft.cloud - repository: ovh-snapshoter/app + registry: ghcr.io + repository: hoverkraft-tech/ovh-snapshoter/app pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" From a578a4189f97c53b5c960aad2589e82ca2519fbd Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sat, 26 Oct 2024 11:31:09 +0200 Subject: [PATCH 03/26] chore: upgrade asdf tools --- .tool-versions | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.tool-versions b/.tool-versions index 379375f..c7e912c 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,2 +1,4 @@ -helm 3.12.1 -kubectl 1.28.5 +helm 3.14.3 +kubectl 1.30.5 +helm-ct 3.10.1 +kubeconform 0.6.4 From db7153036cbaad86ad36a6ecc21fb08e7478bd7e Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sat, 26 Oct 2024 11:39:52 +0200 Subject: [PATCH 04/26] docs: add install instructions --- README.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/README.md b/README.md index 8cda1f2..45311b7 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,30 @@ This is why this project was created. enjoy. - if this succeed it will take a backup of all the volumes pointed by the `OS_VOLUMES` var - finaly the script will clean all snapshots marked for cleanup +## install + +```shell +helm upgrade ovh-snapshoter oci://ghcr.io/hoverkraft-tech/ovh-snapshoter/charts \ + --install --create-namespace --namespace ovh-snapshoter \ + --set config.osProjectId=xxxxxx --set config.osUsername=xxxxxx .... +``` + +The mandatory values are the following: + +```yaml +config: + osPassword: "" + osProjectId: "" + osRegionName: GRA11 + osTenantId: "" + osTenantName: "" + osUsername: "" + osVolumes: [] +``` + +You can get all of them (except `osVolumes`) by downloading an horizon config file from OVH UI +`osVolumes` is a list of volume ids that you want to backup on cronjob run (you can get them from OVH public cloud UI or horizon) + ## contributing - Of course PRs and suggestions are welcome From 7bc58b81e8ca8654af277990dba1435c614d5724 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 26 Oct 2024 08:37:33 +0000 Subject: [PATCH 05/26] build(deps): bump the pip group with 7 updates Bumps the pip group with 7 updates: | Package | From | To | | --- | --- | --- | | [certifi](https://github.com/certifi/python-certifi) | `2024.2.2` | `2024.7.4` | | [cryptography](https://github.com/pyca/cryptography) | `42.0.5` | `43.0.1` | | [idna](https://github.com/kjd/idna) | `3.6` | `3.7` | | [requests](https://github.com/psf/requests) | `2.31.0` | `2.32.2` | | [setuptools](https://github.com/pypa/setuptools) | `69.2.0` | `70.0.0` | | [urllib3](https://github.com/urllib3/urllib3) | `2.2.1` | `2.2.2` | | [zipp](https://github.com/jaraco/zipp) | `3.18.1` | `3.19.1` | Updates `certifi` from 2024.2.2 to 2024.7.4 - [Commits](https://github.com/certifi/python-certifi/compare/2024.02.02...2024.07.04) Updates `cryptography` from 42.0.5 to 43.0.1 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/42.0.5...43.0.1) Updates `idna` from 3.6 to 3.7 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](https://github.com/kjd/idna/compare/v3.6...v3.7) Updates `requests` from 2.31.0 to 2.32.2 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.31.0...v2.32.2) Updates `setuptools` from 69.2.0 to 70.0.0 - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](https://github.com/pypa/setuptools/compare/v69.2.0...v70.0.0) Updates `urllib3` from 2.2.1 to 2.2.2 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.2.1...2.2.2) Updates `zipp` from 3.18.1 to 3.19.1 - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](https://github.com/jaraco/zipp/compare/v3.18.1...v3.19.1) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production dependency-group: pip - dependency-name: cryptography dependency-type: direct:production dependency-group: pip - dependency-name: idna dependency-type: direct:production dependency-group: pip - dependency-name: requests dependency-type: direct:production dependency-group: pip - dependency-name: setuptools dependency-type: direct:production dependency-group: pip - dependency-name: urllib3 dependency-type: direct:production dependency-group: pip - dependency-name: zipp dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] --- requirements.txt | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/requirements.txt b/requirements.txt index a7193b0..48755fb 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,17 +1,17 @@ attrs==23.2.0 autopage==0.5.2 -certifi==2024.2.2 +certifi==2024.7.4 cffi==1.16.0 charset-normalizer==3.3.2 cliff==4.6.0 cmd2==2.4.3 -cryptography==42.0.5 +cryptography==43.0.1 debtcollector==3.0.0 decorator==5.1.1 dogpile.cache==1.3.2 gitdb==4.0.11 GitPython==3.1.42 -idna==3.6 +idna==3.7 importlib_metadata==7.1.0 iso8601==2.1.0 jmespath==1.0.1 @@ -42,17 +42,17 @@ python-openstackclient==6.6.0 python-swiftclient==4.5.0 pytz==2024.1 PyYAML==6.0.1 -requests==2.31.0 +requests==2.32.2 requestsexceptions==1.4.0 rfc3986==2.0.0 -setuptools==69.2.0 +setuptools==70.0.0 simplejson==3.19.2 six==1.16.0 smmap==5.0.1 stevedore==5.2.0 tzdata==2024.1 -urllib3==2.2.1 +urllib3==2.2.2 wcwidth==0.2.13 wheel==0.43.0 wrapt==1.16.0 -zipp==3.18.1 +zipp==3.19.1 From 33f330e1ef30238c8e2e5562ed0c0aca3418a7d2 Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sat, 26 Oct 2024 11:48:53 +0200 Subject: [PATCH 06/26] ci: limit the number of deps open PRs --- .github/dependabot.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index d3eba5f..76bc095 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,8 +3,11 @@ version: 2 updates: - package-ecosystem: "github-actions" - directory: "/" - open-pull-requests-limit: 20 + directories: + - "/" + - "/.github/" + - "/.github/workflows/" + open-pull-requests-limit: 3 schedule: interval: "weekly" day: friday @@ -12,7 +15,7 @@ updates: - package-ecosystem: "docker" directory: "/" - open-pull-requests-limit: 20 + open-pull-requests-limit: 3 schedule: interval: "weekly" day: friday @@ -20,7 +23,7 @@ updates: - package-ecosystem: "pip" directory: "/" - open-pull-requests-limit: 20 + open-pull-requests-limit: 3 schedule: interval: "weekly" day: friday From db6adeb7c95e0120b7dc59fedf28736e467cbd32 Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sat, 26 Oct 2024 11:51:48 +0200 Subject: [PATCH 07/26] ci: add labels for deps PRs --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 76bc095..4838954 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,6 +8,8 @@ updates: - "/.github/" - "/.github/workflows/" open-pull-requests-limit: 3 + labels: + - "github-actions" schedule: interval: "weekly" day: friday @@ -16,6 +18,8 @@ updates: - package-ecosystem: "docker" directory: "/" open-pull-requests-limit: 3 + labels: + - "docker" schedule: interval: "weekly" day: friday @@ -24,6 +28,8 @@ updates: - package-ecosystem: "pip" directory: "/" open-pull-requests-limit: 3 + labels: + - "pip" schedule: interval: "weekly" day: friday From a527b2f941a049de1a8763854e00bd5e67d4898d Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sat, 26 Oct 2024 11:54:09 +0200 Subject: [PATCH 08/26] fix: avoid duplicates with deps PR of GH actions --- .github/dependabot.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 4838954..0d84a5f 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,8 +4,6 @@ updates: - package-ecosystem: "github-actions" directories: - - "/" - - "/.github/" - "/.github/workflows/" open-pull-requests-limit: 3 labels: From b90243a460f9aa0f55bdaa676be88bfd74aa99f2 Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sat, 26 Oct 2024 11:57:49 +0200 Subject: [PATCH 09/26] ci: add concurency parameters --- .github/workflows/main-ci.yml | 4 ++++ .github/workflows/release.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/.github/workflows/main-ci.yml b/.github/workflows/main-ci.yml index b9af944..076b1e0 100644 --- a/.github/workflows/main-ci.yml +++ b/.github/workflows/main-ci.yml @@ -5,6 +5,10 @@ on: branches: - main +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + permissions: contents: read diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 57a565a..4bd6c89 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,6 +3,10 @@ name: 🚀 Release on: workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: check-branches: From 132363470a5f62de78fe1533b755fdb6cfc01ab2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 26 Oct 2024 09:42:41 +0000 Subject: [PATCH 10/26] build(deps): bump setuptools from 69.2.0 to 75.2.0 Bumps [setuptools](https://github.com/pypa/setuptools) from 69.2.0 to 75.2.0. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](https://github.com/pypa/setuptools/compare/v69.2.0...v75.2.0) --- updated-dependencies: - dependency-name: setuptools dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 48755fb..b6ac297 100644 --- a/requirements.txt +++ b/requirements.txt @@ -45,7 +45,7 @@ PyYAML==6.0.1 requests==2.32.2 requestsexceptions==1.4.0 rfc3986==2.0.0 -setuptools==70.0.0 +setuptools==75.2.0 simplejson==3.19.2 six==1.16.0 smmap==5.0.1 From ea83e34216baf83743c6bb5482a6354c93a4961d Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sat, 26 Oct 2024 12:20:01 +0200 Subject: [PATCH 11/26] ci: add docker hub login --- .github/workflows/__shared-ci.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/__shared-ci.yml b/.github/workflows/__shared-ci.yml index 5528dbd..303961d 100644 --- a/.github/workflows/__shared-ci.yml +++ b/.github/workflows/__shared-ci.yml @@ -12,10 +12,21 @@ on: value: ${{ jobs.docker-build-images.outputs.built-images }} jobs: + init: + name: "prepare environment for jobs" + runs-on: self-hosted + steps: + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} shellcheck: name: "Shell: Lint Shell Scripts" runs-on: self-hosted + needs: + - init steps: - name: Checkout uses: actions/checkout@v4 @@ -26,6 +37,8 @@ jobs: hadolint: name: "Docker: Lint Dockerfile" runs-on: self-hosted + needs: + - init steps: - name: Checkout uses: actions/checkout@v4 @@ -36,6 +49,7 @@ jobs: docker-build-images: name: "Docker: Build Images" needs: + - init - shellcheck - hadolint uses: hoverkraft-tech/ci-github-container/.github/workflows/docker-build-images.yml@0.18.0 @@ -68,6 +82,7 @@ jobs: name: "Helm: Chart Testing" runs-on: self-hosted needs: + - init - docker-build-images steps: - name: Checkout From 68e89f5d8dd6736845e69d6af4306f2cd6083bdf Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sat, 26 Oct 2024 16:55:12 +0200 Subject: [PATCH 12/26] ci: add app tests --- .github/workflows/__shared-ci.yml | 43 +++++++++++++++++++++++++++++-- .github/workflows/release.yml | 2 +- Dockerfile | 24 ++++++++--------- 3 files changed, 54 insertions(+), 15 deletions(-) diff --git a/.github/workflows/__shared-ci.yml b/.github/workflows/__shared-ci.yml index 303961d..71c5128 100644 --- a/.github/workflows/__shared-ci.yml +++ b/.github/workflows/__shared-ci.yml @@ -12,6 +12,7 @@ on: value: ${{ jobs.docker-build-images.outputs.built-images }} jobs: + init: name: "prepare environment for jobs" runs-on: self-hosted @@ -79,7 +80,7 @@ jobs: }] chart-testing: - name: "Helm: Chart Testing" + name: "Tests: helm chart" runs-on: self-hosted needs: - init @@ -114,7 +115,7 @@ jobs: run: | ct install \ --target-branch ${{ github.event.repository.default_branch }} \ - --helm-extra-args "--set image.tag=${{ needs.docker-build-images.outputs.built-images[0].tag }} --wait" + --helm-extra-args "--set image.tag=${{ fromJson(needs.docker-build-images.outputs.built-images).app.tags[0] }} --wait" - name: show pods if: steps.list-changed.outputs.changed == 'true' run: | @@ -123,3 +124,41 @@ jobs: kubectl create job --from=cronjob/ovh-snapshoter -n default ovh-snapshoter-job sleep 10 kubectl get pods -n default + + app-testing: + name: "Tests: application" + runs-on: self-hosted + needs: + - init + - docker-build-images + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Run tests + run: | + echo "OS_PASSWORD length: ${#OS_PASSWORD}" + echo "OS_PROJECT_ID length: ${#OS_PROJECT_ID}" + echo "OS_REGION_NAME length: ${#OS_REGION_NAME}" + echo "OS_TENANT_ID length: ${#OS_TENANT_ID}" + echo "OS_TENANT_NAME length: ${#OS_TENANT_NAME}" + echo "OS_USERNAME length: ${#OS_USERNAME}" + echo "OS_VOLUMES length: ${#OS_VOLUMES}" + docker run --rm -i \ + -e DRY_RUN=true \ + -e OS_PASSWORD \ + -e OS_PROJECT_ID \ + -e OS_REGION_NAME \ + -e OS_TENANT_ID \ + -e OS_TENANT_NAME \ + -e OS_USERNAME \ + -e OS_VOLUMES \ + ${IMAGE} + env: + OS_PASSWORD: ${{ secrets.OS_PASSWORD }} + OS_PROJECT_ID: ${{ secrets.OS_PROJECT_ID }} + OS_REGION_NAME: ${{ secrets.OS_REGION_NAME }} + OS_TENANT_ID: ${{ secrets.OS_TENANT_ID }} + OS_TENANT_NAME: ${{ secrets.OS_TENANT_NAME }} + OS_USERNAME: ${{ secrets.OS_USERNAME }} + OS_VOLUMES: ${{ secrets.OS_VOLUMES }} + IMAGE: ghcr.io/${{ github.repository }}/app:${{ fromJson(needs.docker-build-images.outputs.built-images).app.tags[0] }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4bd6c89..8f37661 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -95,4 +95,4 @@ jobs: OCI_REGISTRY: ghcr.io OCI_REGISTRY_USERNAME: ${{ github.actor }} OCI_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - OCI_REGISTRY_CHART_REPOSITORY: ${{ github.repository }} + OCI_REGISTRY_CHART_REPOSITORY: 'charts' diff --git a/Dockerfile b/Dockerfile index 1fb7884..7958eda 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.12-slim-bullseye as builder +FROM python:3.12-slim-bullseye AS builder # hadolint ignore=DL3008 RUN set -eux; export DEBIAN_FRONTEND=noninteractive; \ @@ -15,17 +15,17 @@ RUN --mount=type=cache,target=~/.cache/pip \ FROM python:3.12-slim-bullseye ENV PYTHONUNBUFFERED="1" -ENV OS_AUTH_URL: https://auth.cloud.ovh.net/v3/ -ENV OS_IDENTITY_API_VERSION: "3" -ENV OS_PASSWORD: "" -ENV OS_PROJECT_DOMAIN_NAME: Default -ENV OS_PROJECT_ID: "" -ENV OS_REGION_NAME: GRA5 -ENV OS_TENANT_ID: "" -ENV OS_TENANT_NAME: "" -ENV OS_USER_DOMAIN_NAME: Default -ENV OS_USERNAME: "" -ENV OS_VOLUMES: "" +ENV OS_AUTH_URL=https://auth.cloud.ovh.net/v3/ +ENV OS_IDENTITY_API_VERSION="3" +ENV OS_PASSWORD="" +ENV OS_PROJECT_DOMAIN_NAME=Default +ENV OS_PROJECT_ID="" +ENV OS_REGION_NAME=GRA5 +ENV OS_TENANT_ID="" +ENV OS_TENANT_NAME="" +ENV OS_USER_DOMAIN_NAME=Default +ENV OS_USERNAME="" +ENV OS_VOLUMES="" ENV PATH=/root/.local/bin:$PATH COPY --from=builder /root/.local /root/.local From ed0ae52517189b21f3eb96460f7cd8dad516e83d Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sun, 27 Oct 2024 00:04:11 +0200 Subject: [PATCH 13/26] ci: better app tests --- .github/workflows/__shared-ci.yml | 16 +++++++++++++++- Dockerfile | 28 +++++++++++++++------------- 2 files changed, 30 insertions(+), 14 deletions(-) diff --git a/.github/workflows/__shared-ci.yml b/.github/workflows/__shared-ci.yml index 71c5128..d6ea311 100644 --- a/.github/workflows/__shared-ci.yml +++ b/.github/workflows/__shared-ci.yml @@ -145,6 +145,7 @@ jobs: echo "OS_VOLUMES length: ${#OS_VOLUMES}" docker run --rm -i \ -e DRY_RUN=true \ + -e CLEANUP=true \ -e OS_PASSWORD \ -e OS_PROJECT_ID \ -e OS_REGION_NAME \ @@ -152,7 +153,7 @@ jobs: -e OS_TENANT_NAME \ -e OS_USERNAME \ -e OS_VOLUMES \ - ${IMAGE} + ${IMAGE} > output env: OS_PASSWORD: ${{ secrets.OS_PASSWORD }} OS_PROJECT_ID: ${{ secrets.OS_PROJECT_ID }} @@ -162,3 +163,16 @@ jobs: OS_USERNAME: ${{ secrets.OS_USERNAME }} OS_VOLUMES: ${{ secrets.OS_VOLUMES }} IMAGE: ghcr.io/${{ github.repository }}/app:${{ fromJson(needs.docker-build-images.outputs.built-images).app.tags[0] }} + - name: show output + run: | + cat output + - name: check if snapshot was created + run: | + echo -n "check if snapshot was created: " + grep -q "would create snapshot $(date +%Y%m%d)" output && echo 'ok' + - name: check if old snapshot will be deleted + run: | + echo -n "check if old snapshot will be deleted: " + grep -q "would remove snapshot with id=" output && echo ok + - name: delete output file + run: rm output diff --git a/Dockerfile b/Dockerfile index 7958eda..11639d7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,19 +14,21 @@ RUN --mount=type=cache,target=~/.cache/pip \ FROM python:3.12-slim-bullseye -ENV PYTHONUNBUFFERED="1" -ENV OS_AUTH_URL=https://auth.cloud.ovh.net/v3/ -ENV OS_IDENTITY_API_VERSION="3" -ENV OS_PASSWORD="" -ENV OS_PROJECT_DOMAIN_NAME=Default -ENV OS_PROJECT_ID="" -ENV OS_REGION_NAME=GRA5 -ENV OS_TENANT_ID="" -ENV OS_TENANT_NAME="" -ENV OS_USER_DOMAIN_NAME=Default -ENV OS_USERNAME="" -ENV OS_VOLUMES="" -ENV PATH=/root/.local/bin:$PATH +ENV PYTHONUNBUFFERED="1" \ + DRY_RUN="false" \ + CLEANUP="false" \ + OS_AUTH_URL=https://auth.cloud.ovh.net/v3/ \ + OS_IDENTITY_API_VERSION="3" \ + OS_PASSWORD="" \ + OS_PROJECT_DOMAIN_NAME=Default \ + OS_PROJECT_ID="" \ + OS_REGION_NAME=GRA5 \ + OS_TENANT_ID="" \ + OS_TENANT_NAME="" \ + OS_USER_DOMAIN_NAME=Default \ + OS_USERNAME="" \ + OS_VOLUMES="" \ + PATH=/root/.local/bin:$PATH COPY --from=builder /root/.local /root/.local COPY entrypoint.sh /entrypoint.sh From 97a5562062d775670d3c86be88dcf0b190fdf514 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 26 Oct 2024 22:19:47 +0000 Subject: [PATCH 14/26] build(deps): bump helm/kind-action in /.github/workflows Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/v1.9.0...v1.10.0) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/__shared-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/__shared-ci.yml b/.github/workflows/__shared-ci.yml index d6ea311..cf17ebe 100644 --- a/.github/workflows/__shared-ci.yml +++ b/.github/workflows/__shared-ci.yml @@ -109,7 +109,7 @@ jobs: run: ct lint --target-branch ${{ github.event.repository.default_branch }} - name: Create kind cluster if: steps.list-changed.outputs.changed == 'true' - uses: helm/kind-action@v1.9.0 + uses: helm/kind-action@v1.10.0 - name: Run chart-testing (install) if: steps.list-changed.outputs.changed == 'true' run: | From b9075737f560abd7695bf5f30cd716774258ea4b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 27 Oct 2024 07:51:45 +0000 Subject: [PATCH 15/26] build(deps): bump cryptography from 42.0.5 to 43.0.3 Bumps [cryptography](https://github.com/pyca/cryptography) from 42.0.5 to 43.0.3. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/42.0.5...43.0.3) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index b6ac297..bf881fd 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,7 +5,7 @@ cffi==1.16.0 charset-normalizer==3.3.2 cliff==4.6.0 cmd2==2.4.3 -cryptography==43.0.1 +cryptography==43.0.3 debtcollector==3.0.0 decorator==5.1.1 dogpile.cache==1.3.2 From 5b6cd277e015be5bbd414ff1030094acc08ec9dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 27 Oct 2024 08:02:02 +0000 Subject: [PATCH 16/26] build(deps): bump charset-normalizer from 3.3.2 to 3.4.0 Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer) from 3.3.2 to 3.4.0. - [Release notes](https://github.com/Ousret/charset_normalizer/releases) - [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/Ousret/charset_normalizer/compare/3.3.2...3.4.0) --- updated-dependencies: - dependency-name: charset-normalizer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index bf881fd..8625540 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,7 +2,7 @@ attrs==23.2.0 autopage==0.5.2 certifi==2024.7.4 cffi==1.16.0 -charset-normalizer==3.3.2 +charset-normalizer==3.4.0 cliff==4.6.0 cmd2==2.4.3 cryptography==43.0.3 From c762ad2657c44351eb798fe68ae7de533b405bf8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 27 Oct 2024 08:18:45 +0000 Subject: [PATCH 17/26] build(deps): bump pytz from 2024.1 to 2024.2 Bumps [pytz](https://github.com/stub42/pytz) from 2024.1 to 2024.2. - [Release notes](https://github.com/stub42/pytz/releases) - [Commits](https://github.com/stub42/pytz/compare/release_2024.1...release_2024.2) --- updated-dependencies: - dependency-name: pytz dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 8625540..5423c9f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -40,7 +40,7 @@ python-keystoneclient==5.4.0 python-novaclient==18.6.0 python-openstackclient==6.6.0 python-swiftclient==4.5.0 -pytz==2024.1 +pytz==2024.2 PyYAML==6.0.1 requests==2.32.2 requestsexceptions==1.4.0 From d2a61e7786f5254997399f993c14b0fc9cd90436 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 27 Oct 2024 08:31:35 +0000 Subject: [PATCH 18/26] build(deps): bump zipp from 3.18.1 to 3.20.2 Bumps [zipp](https://github.com/jaraco/zipp) from 3.18.1 to 3.20.2. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](https://github.com/jaraco/zipp/compare/v3.18.1...v3.20.2) --- updated-dependencies: - dependency-name: zipp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 5423c9f..a4396f3 100644 --- a/requirements.txt +++ b/requirements.txt @@ -55,4 +55,4 @@ urllib3==2.2.2 wcwidth==0.2.13 wheel==0.43.0 wrapt==1.16.0 -zipp==3.19.1 +zipp==3.20.2 From a21bdae4f58d45482d0e8897c108a15144cac371 Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sun, 27 Oct 2024 09:21:00 +0100 Subject: [PATCH 19/26] chore: use standard dependabot config for gh act --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 0d84a5f..a7ba266 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,7 +4,7 @@ updates: - package-ecosystem: "github-actions" directories: - - "/.github/workflows/" + - "/" open-pull-requests-limit: 3 labels: - "github-actions" From 9ff92790b0a123fb1910f6233e9cccdae3f734b4 Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sun, 27 Oct 2024 09:21:18 +0100 Subject: [PATCH 20/26] chore: add pre-commit --- .pre-commit-config.yaml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .pre-commit-config.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..62bd47b --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,34 @@ +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v5.0.0 + hooks: + - id: check-merge-conflict + - id: end-of-file-fixer + - id: check-added-large-files + - id: check-case-conflict + # - id: check-json + - id: check-executables-have-shebangs + - id: check-symlinks + - id: check-yaml + exclude: ^helm/ + - id: detect-aws-credentials + - id: mixed-line-ending + - id: trailing-whitespace + + - repo: https://github.com/gruntwork-io/pre-commit + rev: v0.1.24 + hooks: + - id: helmlint + + - repo: https://github.com/jtyr/kubeconform-helm + rev: v0.1.17 + hooks: + - id: kubeconform-helm + + - repo: https://github.com/norwoodj/helm-docs + rev: v1.14.2 + hooks: + - id: helm-docs + args: + # Make the tool search for charts only under the `charts` directory + - --chart-search-root=helm/chart From f3abf8e690c0c734f62e4f7e2bd5565fcc46a131 Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sun, 27 Oct 2024 09:28:19 +0100 Subject: [PATCH 21/26] chore: commit helm-docs generated file --- README.md | 2 ++ helm/chart/README.md | 47 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 helm/chart/README.md diff --git a/README.md b/README.md index 45311b7..aa9de20 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,8 @@ config: You can get all of them (except `osVolumes`) by downloading an horizon config file from OVH UI `osVolumes` is a list of volume ids that you want to backup on cronjob run (you can get them from OVH public cloud UI or horizon) +For full documentation check [here](./helm/chart/README.md) + ## contributing - Of course PRs and suggestions are welcome diff --git a/helm/chart/README.md b/helm/chart/README.md new file mode 100644 index 0000000..341715b --- /dev/null +++ b/helm/chart/README.md @@ -0,0 +1,47 @@ +# ovh-snapshoter + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) + +A Helm chart for ovh-snapshoter + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| autoscaling.enabled | bool | `false` | | +| config.cleanup | string | `"true"` | | +| config.dryRun | string | `"false"` | | +| config.osAuthUrl | string | `"https://auth.cloud.ovh.net/v3"` | | +| config.osIdentityApiVersion | int | `3` | | +| config.osPassword | string | `""` | | +| config.osProjectDomainName | string | `"Default"` | | +| config.osProjectId | string | `""` | | +| config.osRegionName | string | `"GRA11"` | | +| config.osTenantId | string | `""` | | +| config.osTenantName | string | `""` | | +| config.osUserDomainName | string | `"Default"` | | +| config.osUsername | string | `""` | | +| config.osVolumes | list | `[]` | | +| cronjob.schedule | string | `"0 0 * * *"` | | +| deployment.enabled | bool | `false` | | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.registry | string | `"ghcr.io"` | | +| image.repository | string | `"hoverkraft-tech/ovh-snapshoter/app"` | | +| image.tag | string | `""` | | +| imagePullSecrets | list | `[]` | | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podAnnotations | object | `{}` | | +| podSecurityContext | object | `{}` | | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| securityContext | object | `{}` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) From f282ecaa2963d5fec32d2bd45b41ccb32a459d23 Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sun, 27 Oct 2024 09:51:32 +0100 Subject: [PATCH 22/26] ci: add helm-docs --- .github/workflows/release.yml | 27 +++++++++++++++++++++++---- .tool-versions | 1 + 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8f37661..75a994c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -55,7 +55,7 @@ jobs: pull-requests: read secrets: inherit - helm-push: + helm-publish: name: "Helm: push chart to OCI registry" needs: [update_release_draft, ci] runs-on: self-hosted @@ -64,10 +64,10 @@ jobs: - uses: actions/checkout@v4 # install tools with asdf - - name: 📦 Install tools with asdf + - name: install tools with asdf uses: asdf-vm/actions/install@v3 - - name: 🔒 Login to OCI registry + - name: login to OCI registry run: | echo "+ login to OCI registry" helm registry login ${OCI_REGISTRY} -u "${OCI_REGISTRY_USERNAME}" -p "${OCI_REGISTRY_PASSWORD}" @@ -76,8 +76,27 @@ jobs: OCI_REGISTRY_USERNAME: ${{ github.actor }} OCI_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + - name: update helm chart version + run: | + cd "${CHART_PATH}" + echo "+ update helm chart version" + sed -i "s/version: .*/version: ${VERSION}/g" Chart.yaml + sed -i "s/appVersion: .*/appVersion: ${VERSION}/g" Chart.yaml + env: + CHART_PATH: ${{github.workspace}}/helm/chart + VERSION: ${{ needs.update_release_draft.outputs.latestRelease }} + + - name: commit helm chart version changes + uses: stefanzweifel/git-auto-commit-action@v5 + + - name: update helm chart docs + uses: shaybentk/helm-docs-action@v0.0.1 + with: + working-dir: helm/chart + git-push: "true" + # Push the chart - - name: ⚓ Push Helm Chart to OCI registry + - name: push helm chart to OCI registry uses: hoverkraft-tech/helm-push@v5.0.0 with: useOCIRegistry: true diff --git a/.tool-versions b/.tool-versions index c7e912c..07fbb8f 100644 --- a/.tool-versions +++ b/.tool-versions @@ -2,3 +2,4 @@ helm 3.14.3 kubectl 1.30.5 helm-ct 3.10.1 kubeconform 0.6.4 +helm-docs 1.14.2 From d34e7bf0312566c7a43522ea814ae8e06308961d Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sun, 27 Oct 2024 10:26:36 +0100 Subject: [PATCH 23/26] chore: use known labels for dependabot --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a7ba266..df09be8 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,7 +7,7 @@ updates: - "/" open-pull-requests-limit: 3 labels: - - "github-actions" + - "github_actions" schedule: interval: "weekly" day: friday From 3a33a6bd7186e98462bd9df1f3c8d8e991fcca32 Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sun, 27 Oct 2024 10:19:12 +0100 Subject: [PATCH 24/26] Create FUNDING.yml --- .github/FUNDING.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/FUNDING.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..971b794 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,6 @@ +# These are supported funding model platforms + +github: +- fredleger +- neilime +patreon: webofmars From 512bbf473148f8fdb28a8f63f82f7707fecba665 Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sun, 27 Oct 2024 10:07:45 +0100 Subject: [PATCH 25/26] chore: add artifacthub integration --- artifacthub-repo.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 artifacthub-repo.yml diff --git a/artifacthub-repo.yml b/artifacthub-repo.yml new file mode 100644 index 0000000..cce6414 --- /dev/null +++ b/artifacthub-repo.yml @@ -0,0 +1,17 @@ +# Artifact Hub repository metadata file +# +# Some settings like the verified publisher flag or the ignored packages won't +# be applied until the next time the repository is processed. Please keep in +# mind that the repository won't be processed if it has not changed since the +# last time it was processed. Depending on the repository kind, this is checked +# in a different way. For Helm http based repositories, we consider it has +# changed if the `index.yaml` file changes. For git based repositories, it does +# when the hash of the last commit in the branch you set up changes. This does +# NOT apply to ownership claim operations, which are processed immediately. +# +repositoryID: aa153811-a4aa-43ba-a9c6-ab63f8fe4775 +owners: + - name: Frederic Leger + email: frederic@webofmars.com + - name: Emilien Escalle + email: emilien.escalle@escemi.com From 0a9577722545b13548e4fa6009bf775005b8d2a3 Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sun, 27 Oct 2024 10:44:07 +0100 Subject: [PATCH 26/26] ci: add merge group --- .github/workflows/merge-group-ci.yml | 35 +++++++++++++++++++++++++++ .github/workflows/pull-request-ci.yml | 16 +++--------- .github/workflows/stale.yml | 4 +++ 3 files changed, 43 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/merge-group-ci.yml diff --git a/.github/workflows/merge-group-ci.yml b/.github/workflows/merge-group-ci.yml new file mode 100644 index 0000000..118c003 --- /dev/null +++ b/.github/workflows/merge-group-ci.yml @@ -0,0 +1,35 @@ +name: Pull request - Continuous Integration + +on: + merge_group: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + + pull-request-labeler: + name: Pull request labeler + runs-on: self-hosted + permissions: + contents: write + pull-requests: write + steps: + - uses: release-drafter/release-drafter@v6 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + disable-releaser: true + + ci: + name: Continuous Integration + uses: ./.github/workflows/__shared-ci.yml + permissions: + actions: write + contents: read + id-token: write + issues: read + packages: write + pull-requests: read + secrets: inherit diff --git a/.github/workflows/pull-request-ci.yml b/.github/workflows/pull-request-ci.yml index bf5ee4a..cf90ecd 100644 --- a/.github/workflows/pull-request-ci.yml +++ b/.github/workflows/pull-request-ci.yml @@ -5,6 +5,10 @@ on: branches: - main +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: pull-request-labeler: @@ -19,15 +23,3 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: disable-releaser: true - - ci: - name: Continuous Integration - uses: ./.github/workflows/__shared-ci.yml - permissions: - actions: write - contents: read - id-token: write - issues: read - packages: write - pull-requests: read - secrets: inherit diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 1ccd41c..918f6b7 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -4,6 +4,10 @@ on: schedule: - cron: "30 1 * * *" +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: stale: runs-on: self-hosted