Merge branch 'master' into lr-ssh

codefresh-io · Feb 6, 2024 · 48e18ad · 48e18ad
2 parents f011b8c + c791f9c
commit 48e18ad
Show file tree

Hide file tree

Showing 20 changed files with 515 additions and 63 deletions.
diff --git a/graduated/github-release/step.yaml b/graduated/github-release/step.yaml
@@ -3,7 +3,7 @@ version: '1.0'
 metadata:
   name: github-release
   title: Create a GitHub release
-  version: 1.2.0
+  version: 1.2.1
   isPublic: true
   description: Create a GitHub release.
   sources:
@@ -20,7 +20,7 @@ metadata:
   tags: []
   icon:
     type: svg
-    url: https://cdn.jsdelivr.net/gh/codefresh-io/steps/incubating/github-release/icon.svg
+    url: https://cdn.jsdelivr.net/gh/codefresh-io/steps/graduated/github-release/icon.svg
     background: "#f4f4f4"
   examples:
     - description: typical

diff --git a/incubating/argo-cd-sync/CHANGELOG.md b/incubating/argo-cd-sync/CHANGELOG.md
@@ -1,7 +1,18 @@
 # Changelog
-## [1.3.1] - 2023-09-18
+
+## [1.4.2] - 2024-01-17
 ### Changed
+New graphql call to speed up query
 
+## [1.4.1] - 2023-10-31
+### Changed
+Add CA_BUNDLE option
+
+## [1.4.0] - 2023-10-30
+### Changed
+Add INSECURE option
+
+## [1.3.1] - 2023-09-18
 ### Fixed
 - CVE-2023-37920 - upgrade Python module certifi to 2023.7.22
 - CVE-2019-8457 - upgrade base image to python:3.11.5-slim-bookworm
@@ -10,5 +21,3 @@
 ### Changed
 - Adding IMAGE_NAME parameter
 - Adding example
-
-### Fixed
diff --git a/incubating/argo-cd-sync/Dockerfile b/incubating/argo-cd-sync/Dockerfile
@@ -1,6 +1,7 @@
-FROM    python:3.11.5-slim-bookworm
+FROM    python:3.12.0-bookworm
 WORKDIR /app
 COPY    requirements.txt requirements.txt
+RUN     pip3 install --upgrade pip
 RUN     pip3 install -r requirements.txt
 COPY    queries queries/
 COPY    argocd_sync.py run.py

diff --git a/incubating/argo-cd-sync/argocd_sync.py b/incubating/argo-cd-sync/argocd_sync.py
@@ -22,7 +22,14 @@
 CF_URL      = os.getenv('CF_URL', 'https://g.codefresh.io')
 CF_API_KEY  = os.getenv('CF_API_KEY')
 CF_STEP_NAME= os.getenv('CF_STEP_NAME', 'STEP_NAME')
-LOG_LEVEL   = os.getenv('LOG_LEVEL', "info")
+LOG_LEVEL   = os.getenv('LOG_LEVEL', "error")
+
+# Check the certificate or not accessing the API endpoint
+VERIFY      = True if os.getenv('INSECURE', "False").lower() == "false" else False
+CA_BUNDLE   = os.getenv('CA_BUNDLE')
+
+if CA_BUNDLE != None:
+    VERIFY='/root/bundle.pem'
 
 #######################################################################
 
@@ -37,28 +44,30 @@ def main():
     logging.debug("INTERVAL: %d", INTERVAL)
     logging.debug("MAX CHECKS: %s", MAX_CHECKS)
     logging.debug("ROLLBACK: %s", ROLLBACK)
+    logging.debug("VERIFY: %s", VERIFY)
+    logging.debug("BUNDLE: %s", CA_BUNDLE)
 
     ingress_host = get_runtime_ingress_host()
     execute_argocd_sync(ingress_host)
     namespace=get_runtime_ns()
-    status = get_app_status(namespace)
+    status = get_app_status(ingress_host)
 
     if WAIT_HEALTHY:
-        status=waitHealthy (namespace)
+        status=waitHealthy (ingress_host)
 
         # if Wait failed, it's time for rollback
         if status != "HEALTHY" and ROLLBACK:
             logging.info("Application '%s' did not sync properly. Initiating rollback ", APPLICATION)
             revision = getRevision(namespace)
-            logging.info("latest healthy revision is %d", revision)
+            logging.info("Latest healthy revision is %d", revision)
 
             rollback(ingress_host, namespace, revision)
             logging.info("Waiting for rollback to happen")
             if WAIT_ROLLBACK:
-                status=waitHealthy (namespace)
+                status=waitHealthy (ingress_host)
             else:
                 time.sleep(INTERVAL)
-                status=get_app_status(namespace)
+                status=get_app_status(ingress_host)
         else:
             export_variable('ROLLBACK_EXECUTED', "false")
     else:
@@ -83,7 +92,7 @@ def getRevision(namespace):
     transport = RequestsHTTPTransport(
         url=gql_api_endpoint,
         headers={'authorization': CF_API_KEY},
-        verify=True,
+        verify=VERIFY,
         retries=3,
     )
     client = Client(transport=transport, fetch_schema_from_transport=False)
@@ -99,7 +108,7 @@ def getRevision(namespace):
       }
     }
     result = client.execute(query, variable_values=variables)
-    logging.info(result)
+    logging.debug("getRevision result: %s", result)
 
     loop=0
     revision = -1
@@ -115,18 +124,18 @@ def getRevision(namespace):
         loop += 1
     # we did not find a HEALTHY one in our page
     export_variable('ROLLBACK_EXECUTED', "false")
-    logging.error("Did not find a HEALTHY release among the lat %d", PAGE_SIZE)
+    logging.error("Did not find a HEALTHY release among the last %d", PAGE_SIZE)
     sys.exit(1)
 
-def waitHealthy (namespace):
-    logging.debug ("Entering waitHealthy (ns: %s)", namespace)
+def waitHealthy (ingress_host):
+    logging.debug ("Entering waitHealthy (ns: %s)", ingress_host)
 
     time.sleep(INTERVAL)
-    status = get_app_status(namespace)
+    status = get_app_status(ingress_host)
     logging.info("App status is %s", status)
     loop=0
     while status != "HEALTHY" and loop < MAX_CHECKS:
-        status=get_app_status(namespace)
+        status=get_app_status(ingress_host)
         time.sleep(INTERVAL)
         logging.info("App status is %s after %d checks", status, loop)
         loop += 1
@@ -139,7 +148,7 @@ def rollback(ingress_host, namespace, revision):
     transport = RequestsHTTPTransport(
         url=runtime_api_endpoint,
         headers={'authorization': CF_API_KEY},
-        verify=True,
+        verify=VERIFY,
         retries=3,
     )
     client = Client(transport=transport, fetch_schema_from_transport=False)
@@ -151,31 +160,30 @@ def rollback(ingress_host, namespace, revision):
       "dryRun": False,
       "prune": True
     }
-    logging.info("Rollback app: %s", variables)
+    logging.debug("Rollback variables: %s", variables)
     result = client.execute(query, variable_values=variables)
-    logging.info(result)
+    logging.debug("Rollback result: %s", result)
     export_variable('ROLLBACK_EXECUTED', "true")
 
 
-def get_app_status(namespace):
+def get_app_status(ingress_host):
     ## Get the health status of the app
-    gql_api_endpoint = CF_URL + '/2.0/api/graphql'
+    gql_api_endpoint = ingress_host + '/app-proxy/api/graphql'
     transport = RequestsHTTPTransport(
         url=gql_api_endpoint,
         headers={'authorization': CF_API_KEY},
-        verify=True,
+        verify=VERIFY,
         retries=3,
     )
     client = Client(transport=transport, fetch_schema_from_transport=False)
     query = get_query('get_app_status') ## gets gql query
     variables = {
-        "runtime":  RUNTIME,
-        "name": APPLICATION,
-        "namespace": namespace
+        "name": APPLICATION
     }
     result = client.execute(query, variable_values=variables)
 
-    health = result['application']['healthStatus']
+    logging.debug("App Status result: %s", result)
+    health = result['applicationProxyQuery']['status']['health']['status']
     return health
 
 def get_query(query_name):
@@ -189,7 +197,7 @@ def get_runtime():
     transport = RequestsHTTPTransport(
         url = CF_URL + '/2.0/api/graphql',
         headers={'authorization': CF_API_KEY},
-        verify=True,
+        verify=VERIFY,
         retries=3,
     )
     client = Client(transport=transport, fetch_schema_from_transport=False)
@@ -225,7 +233,7 @@ def execute_argocd_sync(ingress_host):
     transport = RequestsHTTPTransport(
         url=runtime_api_endpoint,
         headers={'authorization': CF_API_KEY},
-        verify=True,
+        verify=VERIFY,
         retries=3,
     )
     client = Client(transport=transport, fetch_schema_from_transport=False)
@@ -236,9 +244,8 @@ def execute_argocd_sync(ingress_host):
             "prune": True
         }
     }
-    logging.info("Syncing app: %s", variables)
     result = client.execute(query, variable_values=variables)
-    logging.info(result)
+    logging.debug("Syncing App result: %s", result)
 
 
 def export_variable(var_name, var_value):
@@ -251,7 +258,7 @@ def export_variable(var_name, var_value):
         with open('/meta/env_vars_to_export', 'a') as a_writer:
             a_writer.write(var_name + "=" + var_value+'\n')
 
-    logging.info("Exporting variable: %s=%s", var_name, var_value)
+    logging.debug("Exporting variable: %s=%s", var_name, var_value)
 
 ##############################################################
 

diff --git a/incubating/argo-cd-sync/queries/get_app_status.graphql b/incubating/argo-cd-sync/queries/get_app_status.graphql
@@ -1,18 +1,17 @@
-query ApplicationsStatusesQuery(
-  $runtime: String!
-  $name: String!
-  $namespace: String
-) {
-  application(runtime: $runtime, name: $name, namespace: $namespace) {
+query appstatus ($name: String!) {
+  applicationProxyQuery(
+		name: $name
+  ){
     metadata {
-      runtime
       name
-      namespace
-      cluster
-      __typename
     }
-    healthStatus
-    syncStatus
-    syncPolicy
+    status {
+      health {
+        status
+      }
+      sync {
+        status
+      }
+    }
   }
 }
diff --git a/incubating/argo-cd-sync/queries/get_app_status.orig.graphql b/incubating/argo-cd-sync/queries/get_app_status.orig.graphql
@@ -0,0 +1,18 @@
+query ApplicationsStatusesQuery(
+  $runtime: String!
+  $name: String!
+  $namespace: String
+) {
+  application(runtime: $runtime, name: $name, namespace: $namespace) {
+    metadata {
+      runtime
+      name
+      namespace
+      cluster
+      __typename
+    }
+    healthStatus
+    syncStatus
+    syncPolicy
+  }
+}
diff --git a/incubating/argo-cd-sync/requirements.txt b/incubating/argo-cd-sync/requirements.txt
@@ -7,5 +7,5 @@ idna==3.4
 multidict==6.0.4
 requests==2.28.2
 requests-toolbelt==0.10.1
-urllib3==1.26.15
-yarl==1.8.2
+urllib3==1.26.16
+yarl==1.9.2
diff --git a/incubating/argo-cd-sync/step.yaml b/incubating/argo-cd-sync/step.yaml
@@ -1,17 +1,17 @@
 kind: step-type
 metadata:
   name: argo-cd-sync
-  version: 1.3.1
+  version: 1.4.2
   isPublic: true
   description: Syncs Argo CD apps managed by our GitOps Runtimes
   sources:
     - 'https://github.com/codefresh-io/steps/tree/master/incubating/argo-cd-sync'
   stage: incubating
   maintainers:
     - name: Francisco Cocozza
-    - email: [email protected]
+      email: [email protected]
     - name: Laurent Rochette
-    - email: [email protected]
+      email: [email protected]
   categories:
     - GitOps
   official: true
@@ -99,6 +99,15 @@ spec:
           "description": "OPTIONAL - Wait for the app to be healthy after a rollback. Forces ROLLBACK to true",
           "default": false
         },
+        "CA_BUNDLE": {
+          "type": "string",
+          "description": "OPTIONAL - a base64 encoded stringnthat contain the complete CA Certificate Bundle"
+        },
+        "INSECURE": {
+          "type": "boolean",
+          "description": "OPTIONAL - to allow the usage of a self-signed certificate in the chain to reach the API endpoint",
+          "default": false
+        },
         "LOG_LEVEL": {
           "type": "string",
           "description": "OPTIONAL - set the log level, e.g. 'debug', 'info', 'warn', 'error', 'critical' (default 'error')",
@@ -111,7 +120,7 @@ spec:
         },
         "IMAGE_TAG": {
           "type": "string",
-          "default": "1.3.1",
+          "default": "1.4.2",
           "description": "OPTIONAL - To overwrite the tag to use"
         }
       }
@@ -145,8 +154,12 @@ spec:
         - '[[ $key ]]=[[ $val ]]'
       [[- end ]]
       commands:
+      [[ if .Arguments.CA_BUNDLE ]]
+        - echo [[ .Arguments.CA_BUNDLE ]] | base64 -d >/root/bundle.pem
+      [[ end ]]
         - cd /app
         - python3 run.py
+
   delimiters:
     left: '[['
     right: ']]'
diff --git a/incubating/aws-sts-assume-role-with-web-identity/Dockerfile b/incubating/aws-sts-assume-role-with-web-identity/Dockerfile
@@ -0,0 +1,9 @@
+FROM python:alpine
+
+# using same aws-cli that was used before moving to quay images to prevent regressions
+ARG CLI_VERSION=1.16.284
+
+RUN apk -uv add --no-cache groff jq less && \
+    pip install --no-cache-dir awscli==$CLI_VERSION
+
+WORKDIR /aws
diff --git a/incubating/aws-sts-assume-role-with-web-identity/step.yaml b/incubating/aws-sts-assume-role-with-web-identity/step.yaml
@@ -1,7 +1,7 @@
 version: '1.0'
 kind: step-type
 metadata:
-  version: 1.0.0
+  version: 1.2.0
   name: aws-sts-assume-role-with-web-identity
   description: >-
     Obtain AWS STS credentials using OIDC ID token and export them as environment variables

diff --git a/incubating/git-commit/step.yaml b/incubating/git-commit/step.yaml
@@ -2,7 +2,7 @@ kind: step-type
 version: '1.0'
 metadata:
   name: git-commit
-  version: 0.1.2
+  version: 0.1.3
   isPublic: true
   description: Commit and push changes to repository
   icon:
@@ -144,7 +144,7 @@ spec:
   steps:
     export_access_token:
       title: "Export git access token"
-      image: quay.io/codefreshplugins/cli
+      image: quay.io/codefresh/cli:0.87.2
       environment:
         - GIT_INTEGRATION_NAME=${{git}}
         - ALLOW_EMPTY_BOOL=${{allow_empty}}
@@ -165,7 +165,7 @@ spec:
 
     commit_and_push:
       title: "Commit and push"
-      image: codefreshplugins/git-commit:0.1.0
+      image: codefreshplugins/git-commit:0.1.3
       shell: bash
       environment:
         - REPO=${{repo}}