From bc79bbc0df3f9a99329ad4a3f89833aa3b55b890 Mon Sep 17 00:00:00 2001 From: nassimkammah Date: Tue, 21 Nov 2023 12:09:11 +0100 Subject: [PATCH 1/6] Delete old Jenkins jobs definitions --- .ci/jobs/defaults.yml | 40 ----------------- .../elastic+terraform-provider-ec+master.yml | 13 ------ ...tic+terraform-provider-ec+pull-request.yml | 21 --------- .../elastic+terraform-provider-ec+tag.yml | 15 ------- .ci/pipelines/acceptance.Jenkinsfile | 40 ----------------- .ci/pipelines/release.Jenkinsfile | 45 ------------------- .ci/views/view.yml | 5 --- 7 files changed, 179 deletions(-) delete mode 100644 .ci/jobs/defaults.yml delete mode 100644 .ci/jobs/elastic+terraform-provider-ec+master.yml delete mode 100644 .ci/jobs/elastic+terraform-provider-ec+pull-request.yml delete mode 100644 .ci/jobs/elastic+terraform-provider-ec+tag.yml delete mode 100644 .ci/pipelines/acceptance.Jenkinsfile delete mode 100644 .ci/pipelines/release.Jenkinsfile delete mode 100644 .ci/views/view.yml diff --git a/.ci/jobs/defaults.yml b/.ci/jobs/defaults.yml deleted file mode 100644 index 8a0b5cf18..000000000 --- a/.ci/jobs/defaults.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -##### GLOBAL METADATA - -- meta: - cluster: devops-ci - -##### JOB DEFAULTS - -- job: - project-type: pipeline - prune-dead-branches: true - logrotate: - daysToKeep: 30 - numToKeep: 100 - artifactDaysToKeep: 5 - artifactNumToKeep: 10 - parameters: - - string: - name: branch_specifier - default: master - description: "the Git branch specifier to build (<branchName>, <tagName>,<commitId>, etc.)" - properties: - - github: - url: https://github.com/elastic/terraform-provider-ec - - inject: - properties-content: HOME=$JENKINS_HOME - pipeline-scm: - script-path: .ci/pipelines/acceptance.Jenkinsfile - scm: - - git: - credentials-id: "f6c7695a-671e-4f4f-a331-acdce44ff9ba" - reference-repo: /var/lib/jenkins/.git-references/terraform-provider-ec.git - branches: - - ${branch_specifier} - url: https://github.com/elastic/terraform-provider-ec - vault: - role_id: cff5d4e0-61bf-2497-645f-fcf019d10c13 - wrappers: - - ansicolor - - timestamps diff --git a/.ci/jobs/elastic+terraform-provider-ec+master.yml b/.ci/jobs/elastic+terraform-provider-ec+master.yml deleted file mode 100644 index 264cd0ebc..000000000 --- a/.ci/jobs/elastic+terraform-provider-ec+master.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- job: - name: elastic+terraform-provider-ec+master - display-name: elastic / terraform-provider-ec - master - description: Master branch testing - project-type: pipeline - triggers: - - github - pipeline-scm: - scm: - - git: - branches: - - master diff --git a/.ci/jobs/elastic+terraform-provider-ec+pull-request.yml b/.ci/jobs/elastic+terraform-provider-ec+pull-request.yml deleted file mode 100644 index 242eb4348..000000000 --- a/.ci/jobs/elastic+terraform-provider-ec+pull-request.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- job: - name: elastic+terraform-provider-ec+pull-request - display-name: elastic / terraform-provider-ec - pull-request - description: Pull request testing - project-type: pipeline - concurrent: true - triggers: - - github-pull-request: - github-hooks: true - org-list: - - elastic - allow-whitelist-orgs-as-admins: true - cancel-builds-on-update: false - status-context: acceptance - pipeline-scm: - scm: - - git: - branches: - - $ghprbActualCommit - refspec: +refs/pull/*:refs/remotes/origin/pr/* diff --git a/.ci/jobs/elastic+terraform-provider-ec+tag.yml b/.ci/jobs/elastic+terraform-provider-ec+tag.yml deleted file mode 100644 index 13c8ee624..000000000 --- a/.ci/jobs/elastic+terraform-provider-ec+tag.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- job: - name: elastic+terraform-provider-ec+release - display-name: elastic / terraform-provider-ec - release job - description: Releases job - project-type: pipeline - triggers: - - github - pipeline-scm: - script-path: .ci/pipelines/release.Jenkinsfile - scm: - - git: - refspec: +refs/tags/v*:refs/remotes/origin/tags/v* - branches: - - "**/tags/v*" diff --git a/.ci/pipelines/acceptance.Jenkinsfile b/.ci/pipelines/acceptance.Jenkinsfile deleted file mode 100644 index 9540b79ff..000000000 --- a/.ci/pipelines/acceptance.Jenkinsfile +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/env groovy - -node('docker && gobld/machineType:n1-highcpu-8') { - String DOCKER_IMAGE = "golang:1.21" - String APP_PATH = "/go/src/github.com/elastic/terraform-provider-ec" - - stage('Checkout from GitHub') { - checkout scm - } - withCredentials([ - string(credentialsId: 'vault-addr', variable: 'VAULT_ADDR'), - string(credentialsId: 'vault-secret-id', variable: 'VAULT_SECRET_ID'), - string(credentialsId: 'vault-role-id', variable: 'VAULT_ROLE_ID') - ]) { - stage("Get EC_API_KEY from vault") { - withEnv(["VAULT_SECRET_ID=${VAULT_SECRET_ID}", "VAULT_ROLE_ID=${VAULT_ROLE_ID}", "VAULT_ADDR=${VAULT_ADDR}"]) { - sh 'make -C .ci .apikey' - } - } - } - docker.image("${DOCKER_IMAGE}").inside("-u root:root -v ${pwd()}:${APP_PATH} -w ${APP_PATH}") { - try { - stage("Download dependencies") { - sh 'make vendor' - } - stage("Run acceptance tests") { - sh 'make testacc-ci' - } - } catch (Exception err) { - throw err - } finally { - stage("Clean up") { - // Sweeps any deployments older than 1h. - sh 'make sweep-ci' - sh 'make -C .ci clean' - sh 'rm -rf reports bin' - } - } - } -} diff --git a/.ci/pipelines/release.Jenkinsfile b/.ci/pipelines/release.Jenkinsfile deleted file mode 100644 index b52a7fa8e..000000000 --- a/.ci/pipelines/release.Jenkinsfile +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/bin/env groovy - -node('docker && gobld/machineType:n1-highcpu-8') { - String DOCKER_IMAGE = "golang:1.21" - String APP_PATH = "/go/src/github.com/elastic/terraform-provider-ec" - - stage('Checkout from GitHub') { - checkout scm - } - withCredentials([ - string(credentialsId: 'vault-addr', variable: 'VAULT_ADDR'), - string(credentialsId: 'vault-secret-id', variable: 'VAULT_SECRET_ID'), - string(credentialsId: 'vault-role-id', variable: 'VAULT_ROLE_ID') - ]) { - stage("Get secrets from vault") { - withEnv(["VAULT_SECRET_ID=${VAULT_SECRET_ID}", "VAULT_ROLE_ID=${VAULT_ROLE_ID}", "VAULT_ADDR=${VAULT_ADDR}"]) { - sh 'make -C .ci .gpg_private .gpg_passphrase .github_token .gpg_fingerprint' - } - } - } - docker.image("${DOCKER_IMAGE}").inside("-u root:root -v ${pwd()}:${APP_PATH} -w ${APP_PATH}") { - try { - stage("Download dependencies") { - sh 'make vendor' - } - stage("Import gpg key") { - sh 'make -C .ci import-gpg-key' - } - stage("Cache GPG key and release the binaries") { - script { - env.GITHUB_TOKEN = readFile(".ci/.github_token").trim() - env.GPG_FINGERPRINT = readFile(".ci/.gpg_fingerprint").trim() - } - sh 'make -C .ci cache-gpg-passphrase; make release' - } - } catch (Exception err) { - throw err - } finally { - stage("Clean up") { - sh 'make -C .ci clean' - sh 'rm -rf dist bin' - } - } - } -} diff --git a/.ci/views/view.yml b/.ci/views/view.yml deleted file mode 100644 index 30d678680..000000000 --- a/.ci/views/view.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- view: - name: 'terraform-provider-ec' - regex: '.*terraform-provider-ec.*' - view-type: list \ No newline at end of file From 08da00ea544fa6bb3e0d51d62183b4044c8f8a4d Mon Sep 17 00:00:00 2001 From: nassimkammah Date: Tue, 21 Nov 2023 12:16:48 +0100 Subject: [PATCH 2/6] Update Makefile to use ci-vault path --- .ci/Makefile | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.ci/Makefile b/.ci/Makefile index f718f7c92..866cb479b 100644 --- a/.ci/Makefile +++ b/.ci/Makefile @@ -1,4 +1,5 @@ ROOT_DIR := $(CURDIR)/.. +VAULT_PATH ?= "secret/ci/elastic-terraform-provider-ec/terraform-provider-secrets" #CI Vault path -include $(ROOT_DIR)/.env @@ -18,19 +19,19 @@ clean: ## Delete credentials @ rm -f .apikey .gpg_private .gpg_passphrase .github_token .gpg_fingerprint .apikey: - @ VAULT_TOKEN=$(VAULT_TOKEN) $(vault) read -field=apikey secret/devops-ci/terraform-provider-ec > .apikey + @ VAULT_TOKEN=$(VAULT_TOKEN) $(vault) read -field=apikey $(VAULT_PATH) > .apikey .gpg_private: - @ VAULT_TOKEN=$(VAULT_TOKEN) $(vault) read -field=gpg_private secret/devops-ci/terraform-provider-ec | base64 -d > .gpg_private + @ VAULT_TOKEN=$(VAULT_TOKEN) $(vault) read -field=gpg_private $(VAULT_PATH) | base64 -d > .gpg_private .gpg_passphrase: - @ VAULT_TOKEN=$(VAULT_TOKEN) $(vault) read -field=gpg_passphrase secret/devops-ci/terraform-provider-ec > .gpg_passphrase + @ VAULT_TOKEN=$(VAULT_TOKEN) $(vault) read -field=gpg_passphrase $(VAULT_PATH) > .gpg_passphrase .gpg_fingerprint: - @ VAULT_TOKEN=$(VAULT_TOKEN) $(vault) read -field=gpg_fingerprint secret/devops-ci/terraform-provider-ec > .gpg_fingerprint + @ VAULT_TOKEN=$(VAULT_TOKEN) $(vault) read -field=gpg_fingerprint $(VAULT_PATH) > .gpg_fingerprint .github_token: - @ VAULT_TOKEN=$(VAULT_TOKEN) $(vault) read -field=gh_personal_access_token secret/devops-ci/terraform-provider-ec > .github_token + @ VAULT_TOKEN=$(VAULT_TOKEN) $(vault) read -field=gh_personal_access_token $(VAULT_PATH) > .github_token import-gpg-key: @ cat .gpg_passphrase | gpg --import --batch --yes --passphrase-fd 0 .gpg_private From 6f4d9090e4f3497219d60c06a5a27ca5b6ee9ac1 Mon Sep 17 00:00:00 2001 From: nassimkammah Date: Tue, 21 Nov 2023 12:19:05 +0100 Subject: [PATCH 3/6] Clean-up Jenkins make targets --- {.ci => .buildkite}/Makefile | 0 build/Makefile.test | 8 -------- 2 files changed, 8 deletions(-) rename {.ci => .buildkite}/Makefile (100%) diff --git a/.ci/Makefile b/.buildkite/Makefile similarity index 100% rename from .ci/Makefile rename to .buildkite/Makefile diff --git a/build/Makefile.test b/build/Makefile.test index bf7c0f02e..be990d12a 100644 --- a/build/Makefile.test +++ b/build/Makefile.test @@ -39,11 +39,3 @@ ifndef BUILD_ID @ read -r -p "do you wish to continue? [y/N]: " res && if [[ "$${res:0:1}" =~ ^([yY]) ]]; then echo "-> Continuing..."; else exit 1; fi endif @ go test $(SWEEP_DIR) -v -sweep=$(SWEEP) $(SWEEPARGS) -timeout 60m - -.PHONY: testacc-ci -testacc-ci: - @ EC_API_KEY=$(shell cat .ci/.apikey) $(MAKE) testacc - -.PHONY: sweep-ci -sweep-ci: - @ EC_API_KEY=$(shell cat .ci/.apikey) SWEEPARGS=-sweep-run=$(SWEEP_CI_RUN_FILTER) $(MAKE) sweep From 868004b3381a7d4291dc2322a3e46ae61bc5ab6f Mon Sep 17 00:00:00 2001 From: nassimkammah Date: Tue, 21 Nov 2023 12:19:24 +0100 Subject: [PATCH 4/6] Update gitignore --- .gitignore | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index a5226b9c8..c5319af50 100644 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,4 @@ examples/*/*.tfstate.backup .idea .apikey dist -.ci/.gpg_* -.ci/.github_* -.terraform.lock.hcl \ No newline at end of file +.terraform.lock.hcl From b513a280bdff4011d025ecbee1439c4ee6f958ab Mon Sep 17 00:00:00 2001 From: nassimkammah Date: Tue, 21 Nov 2023 12:20:33 +0100 Subject: [PATCH 5/6] Delete Makefile altogether --- .buildkite/Makefile | 40 ---------------------------------------- 1 file changed, 40 deletions(-) delete mode 100644 .buildkite/Makefile diff --git a/.buildkite/Makefile b/.buildkite/Makefile deleted file mode 100644 index 866cb479b..000000000 --- a/.buildkite/Makefile +++ /dev/null @@ -1,40 +0,0 @@ -ROOT_DIR := $(CURDIR)/.. -VAULT_PATH ?= "secret/ci/elastic-terraform-provider-ec/terraform-provider-secrets" #CI Vault path - --include $(ROOT_DIR)/.env - -vault :=$(ROOT_DIR)/scripts/retry.sh 5 vault - -# BUILD_ID is present during run on Jenkins machine, but not on dev box, hence using it here to distinguish between those cases -ifndef VAULT_TOKEN - ifdef BUILD_ID - VAULT_TOKEN = $(shell $(vault) write -address=$(VAULT_ADDR) -field=token auth/approle/login role_id=$(VAULT_ROLE_ID) secret_id=$(VAULT_SECRET_ID)) - else - VAULT_TOKEN = $(shell $(vault) write -address=$(VAULT_ADDR) -field=token auth/github/login token=$(GITHUB_TOKEN)) - endif -endif - -.PHONY: clean -clean: ## Delete credentials - @ rm -f .apikey .gpg_private .gpg_passphrase .github_token .gpg_fingerprint - -.apikey: - @ VAULT_TOKEN=$(VAULT_TOKEN) $(vault) read -field=apikey $(VAULT_PATH) > .apikey - -.gpg_private: - @ VAULT_TOKEN=$(VAULT_TOKEN) $(vault) read -field=gpg_private $(VAULT_PATH) | base64 -d > .gpg_private - -.gpg_passphrase: - @ VAULT_TOKEN=$(VAULT_TOKEN) $(vault) read -field=gpg_passphrase $(VAULT_PATH) > .gpg_passphrase - -.gpg_fingerprint: - @ VAULT_TOKEN=$(VAULT_TOKEN) $(vault) read -field=gpg_fingerprint $(VAULT_PATH) > .gpg_fingerprint - -.github_token: - @ VAULT_TOKEN=$(VAULT_TOKEN) $(vault) read -field=gh_personal_access_token $(VAULT_PATH) > .github_token - -import-gpg-key: - @ cat .gpg_passphrase | gpg --import --batch --yes --passphrase-fd 0 .gpg_private - -cache-gpg-passphrase: - @ cat .gpg_passphrase | gpg --armor --detach-sign --passphrase-fd 0 --pinentry-mode loopback From 415f47f792c4604d6fe995582fdc8fb2fbd67230 Mon Sep 17 00:00:00 2001 From: Nassim Kammah Date: Wed, 22 Nov 2023 11:50:13 +0100 Subject: [PATCH 6/6] Update Makefile.test