Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate from CircleCI to Github Actions #324

Merged
merged 42 commits into from
Mar 21, 2023
Merged

Migrate from CircleCI to Github Actions #324

merged 42 commits into from
Mar 21, 2023

Conversation

spirosoik
Copy link
Member

@spirosoik spirosoik commented Dec 15, 2022
edited by fmartingr
Loading

Summary

We gradually moving away from CirlceCI to Github Actions as we are consolidating the CIs we use. In parallel we are introducing trivy in the PR level and we block the PR about the number of critical vulnerabilities.

Update: 15/02

  • We also bumped operator version from 0.4.0 to 0.6.2
  • We bumped MySQL default provisioning from 5.7 to 8.0
  • Bumped kind version to 0.17.0

⚠️ Breaking changes

The MySQL version upgrade will affect users of the operator that are using this under their production workloads. They need to specify the MySQL version on the Mattermost spec to 5.7 manually before the upgrade, so when the operator starts reconciling after the update it'll avoid creating a new database or potentially breaking the current one.

Ticket Link

Ticket: https://mattermost.atlassian.net/browse/CLD-4711

Release Note

NONE

@spirosoik
Migrate from CircleCI to Github Actions
936e3e4 
We gradually moving away from CirleCI to Github Actions as we are consolidating
the CIs we use. In parallel we are introducing `trivy` in the PR level
and we block the PR about the number of critical vulnerabilities.

Ticket: https://mattermost.atlassian.net/browse/CLD-4711
@mm-cloud-bot mm-cloud-bot added kind/feature Categorizes issue or PR as related to a new feature. release-note-none Denotes a PR that doesn't merit a release note. labels Dec 15, 2022
@fmartingr
Copy link
Contributor

After a lot of work @mirshahriar and I managed to get the github action working again for the manifest generation. Now the e2e tests are failing because we do not have docker-in-docker in the action. I have seen some actions around that provide kind working in actions, but I'm unsure how strict are we in using external actions in our own workflows and if those need to be checked up by security. @gabrieljackson any input on this?

@fmartingr fmartingr mentioned this pull request Dec 24, 2022
Closed
@fmartingr
Copy link
Contributor

fmartingr commented Dec 24, 2022
edited
Loading

After a lot of work @mirshahriar and I managed to get the github action working again for the manifest generation. Now the e2e tests are failing because we do not have docker-in-docker in the action. I have seen some actions around that provide kind working in actions, but I'm unsure how strict are we in using external actions in our own workflows and if those need to be checked up by security. @gabrieljackson any input on this?

I have created a tentative upgrade under #329

e2e works (kind cluster is created and tests run) but is failing for mysql instances... which is the same that happens to me locally (both on mac and linux) because errors on the init container of the mysql operator.

@gabrieljackson
Copy link
Collaborator

Nice work getting this further along. I am glad that my discussion with Mir was indeed on the right track. As for the use of external actions, I am not sure if we are okay with that or not. The move it GitHub actions is being spearheaded by @spirosoik so let's see what he has to say. If external actions are not allowed here then we can just copy what we need to manage it ourselves.

@spirosoik
Copy link
Member Author

@gabrieljackson @mirshahriar which action you want to use? Overall we want the external actions we are going to use to be officially verified by github.

@fmartingr
Copy link
Contributor

@gabrieljackson @mirshahriar which action you want to use? Overall we want the external actions we are going to use to be officially verified by github.

An action to automatically install kind: #329

@spirosoik
Copy link
Member Author

/update-branch

@spirosoik
Copy link
Member Author

/update-branch

@spirosoik
Copy link
Member Author

/update-branch

@toninis
Copy link
Contributor

toninis commented Feb 8, 2023

/update-branch

@fmartingr
Copy link
Contributor

@mirshahriar Can you take a look at b8c1879 ?

@fmartingr
Copy link
Contributor

fmartingr commented Feb 24, 2023
edited
Loading

So I have made some tests and it seems that the mysql-operator doesn't upgrade versions if you already have one cluster set up, so for the users that have a dev environment using the mysql-operator this should be a no-op, cluster will remain in 5.7 (even if the resource is updated with the 8.0 version).

A notice should be added in the release notes either way, just in case.

@spirosoik
Copy link
Member Author

@fmartingr do you need any help here?

@fmartingr
Copy link
Contributor

@fmartingr do you need any help here?

Mysql-operator is giving problems again, and something have changed with github actions logs processing because it reaches a point where the disk is full (form our waiting for deployment to be log lines), which causes the workflow to fail (because the mysql-operator does not launch correctly), but you can only see that if you have the tab open while the workflow is running, if you refresh the e2e step doesn't show any data, nor in the archive download :/

@spirosoik
Copy link
Member Author

What if you enable debug logs?

@spirosoik
Copy link
Member Author

We need to push this a bit as we need to finalise the CirleCI effort. Let me know how we can help unblock this.

@fmartingr
Copy link
Contributor

We need to push this a bit as we need to finalise the CirleCI effort. Let me know how we can help unblock this.

Hey, I'm currently with other e2e issue on another project, so I couldn't look this up. Basically now we have logs but mysql pods doesn't come up, but I didn't add the ssh step to check what's going on on the cluster in github infra. Running E2E test locally works just fine (on the mac).

@fmartingr
Copy link
Contributor

Everything is working except that the pipeline is failing due to the trivy scan result. I'm not sure how to make that step optional since results are being "pushed" to Github. @toninis @spirosoik any ideas here? We could also leave it as it is (so we don't forget to re-enable it) until we fix our dependencies in the operator. What do you think?

@toninis
Copy link
Contributor

toninis commented Mar 8, 2023
edited
Loading

Everything is working except that the pipeline is failing due to the trivy scan result. I'm not sure how to make that step optional since results are being "pushed" to Github. @toninis @spirosoik any ideas here? We could also leave it as it is (so we don't forget to re-enable it) until we fix our dependencies in the operator. What do you think?

@fmartingr This is a Code Scanning result . There is an option on the repo to make this not to fail and just be informative .

It should be ok now . @gabrieljackson is pending for review .
You can re-enable this from the settings page once we fix the vulnerabilities

@fmartingr
Copy link
Contributor

Everything is working except that the pipeline is failing due to the trivy scan result. I'm not sure how to make that step optional since results are being "pushed" to Github. @toninis @spirosoik any ideas here? We could also leave it as it is (so we don't forget to re-enable it) until we fix our dependencies in the operator. What do you think?

@fmartingr This is a Code Scanning result . There is an option on the repo to make this not to fail and just be informative .

It should be ok now . @gabrieljackson is pending for review . You can re-enable this from the settings page once we fix the vulnerabilities

Thanks!

@fmartingr fmartingr requested review from gabrieljackson and removed request for gabrieljackson March 8, 2023 09:49
gabrieljackson
gabrieljackson approved these changes Mar 21, 2023
View reviewed changes
Copy link
Collaborator

@gabrieljackson gabrieljackson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. We have a plan to make improvements to this along with preparing the operator 2.0 release.

@gabrieljackson gabrieljackson added 3: Reviews Complete All reviewers have approved the pull request and removed 2: Dev Review Requires review by a developer labels Mar 21, 2023
@gabrieljackson gabrieljackson merged commit 02ac79d into master Mar 21, 2023
@gabrieljackson gabrieljackson deleted the feat/CLD-4711 branch March 21, 2023 13:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mirshahriar mirshahriar mirshahriar left review comments

@fmartingr fmartingr fmartingr left review comments

@phoinixgrr phoinixgrr phoinixgrr approved these changes

@toninis toninis toninis approved these changes

@gabrieljackson gabrieljackson gabrieljackson approved these changes

Assignees
No one assigned
Labels
3: Reviews Complete All reviewers have approved the pull request kind/feature Categorizes issue or PR as related to a new feature. release-note-none Denotes a PR that doesn't merit a release note.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@spirosoik @fmartingr @gabrieljackson @toninis @phoinixgrr @mirshahriar @mm-cloud-bot @mattermost-build