Add helm chart with initial functional test (#2)

* Dockerfile

* initial CI setup

* initial helm charts

* add functional test

* make database configurable, with default

---------

Co-authored-by: Jake Hutchinson <[email protected]>

.github/workflows/functional.yaml

@@ -0,0 +1,25 @@
+name: Functional tests
+
+on:
+  workflow_call:
+
+jobs:
+  functional_test:
+    name: Operator functional tests via tox
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Helm
+      uses: azure/setup-helm@v4
+      with:
+        version: v3.11.3
+
+    - name: Create k8s Kind Cluster
+      uses: helm/[email protected]
+
+    - name: Run test
+      timeout-minutes: 10
+      run: tools/functional_test.sh

.github/workflows/main.yaml

@@ -0,0 +1,25 @@
+name: on push to main
+
+on:
+  push:
+    branches:
+      - main
+
+concurrency:
+  group: main
+  cancel-in-progress: true
+
+jobs:
+  unit_tests:
+    uses: ./.github/workflows/tox.yaml
+
+  publish_images:
+    uses: ./.github/workflows/publish-images.yaml
+
+  publish_charts:
+    needs: [publish_images]
+    uses: ./.github/workflows/publish-charts.yaml
+
+  functional_tests:
+    needs: [publish_images]
+    uses: ./.github/workflows/functional.yaml

.github/workflows/pr.yaml

@@ -0,0 +1,38 @@
+name: on pull request
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - ready_for_review
+      - edited
+      - reopened
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.head_ref }}
+  cancel-in-progress: true
+
+jobs:
+  # Run the unit tests on every PR, even from external repos
+  unit_tests:
+    uses: ./.github/workflows/tox.yaml
+
+  # When the PR is from a branch of the main repo, publish images and charts
+  publish_images:
+    uses: ./.github/workflows/publish-images.yaml
+    if: github.repository == 'stackhpc/coral-credits'
+
+  publish_charts:
+    needs: [publish_images]
+    uses: ./.github/workflows/publish-charts.yaml
+    if: github.repository == 'stackhpc/coral-credits'
+
+  # The functional tests require the runner image, so we can only run them
+  # once the image has been built, and on PRs from the main repo
+  functional_tests:
+    needs: [publish_images]
+    uses: ./.github/workflows/functional.yaml
+    if: github.repository == 'stackhpc/coral-credits'

.github/workflows/publish-charts.yaml

@@ -0,0 +1,33 @@
+name: Publish charts
+
+on:
+  workflow_call:
+    outputs:
+      chart-version:
+        description: The chart version that was published
+        value: ${{ jobs.publish_charts.outputs.chart-version }}
+
+jobs:
+  publish_charts:
+    name: Publish Helm charts to GitHub pages
+    runs-on: ubuntu-latest
+    outputs:
+      chart-version: ${{ steps.semver.outputs.version }}
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@v4
+        with:
+          # This is important for the semver action to work correctly
+          # when determining the number of commits since the last tag
+          fetch-depth: 0
+
+      - name: Get SemVer version for current commit
+        id: semver
+        uses: stackhpc/github-actions/semver@master
+
+      - name: Publish Helm charts
+        uses: stackhpc/github-actions/helm-publish@master
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          version: ${{ steps.semver.outputs.version }}
+          app-version: ${{ steps.semver.outputs.short-sha }}

.github/workflows/publish-images.yaml

@@ -0,0 +1,46 @@
+name: Publish images
+
+on:
+  workflow_call:
+
+jobs:
+  build_push_coral_credits_image:
+    name: Build and push coral credits image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write         # needed for signing the images with GitHub OIDC Token
+      packages: write         # required for pushing container images
+      security-events: write  # required for pushing SARIF files
+
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@v4
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Calculate metadata for image
+        id: image-meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/stackhpc/coral-credits
+          # Produce the branch name or tag and the SHA as tags
+          tags: |
+            type=ref,event=branch
+            type=ref,event=tag
+            type=sha,prefix=
+
+      - name: Build and push image
+        uses: stackhpc/github-actions/docker-multiarch-build-push@master
+        with:
+          cache-key: coral-credits
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.image-meta.outputs.tags }}
+          labels: ${{ steps.image-meta.outputs.labels }}

.github/workflows/tag.yaml

@@ -0,0 +1,13 @@
+name: on tag
+
+on:
+  push:
+    tags: ['**']
+
+jobs:
+  publish_images:
+    uses: ./.github/workflows/publish-images.yaml
+
+  publish_charts:
+    needs: [publish_images]
+    uses: ./.github/workflows/publish-charts.yaml

.github/workflows/tox.yaml

@@ -0,0 +1,38 @@
+name: Tox unit tests
+
+on:
+  workflow_call:
+
+jobs:
+  build:
+    name: Tox unit tests and linting
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ['3.10']
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        python -m pip install tox
+
+    - name: Test with tox
+      run: tox
+
+    # TODO(tylerchristie): add unit tests
+    # - name: Generate coverage reports
+    #   run: tox -e cover
+
+    - name: Archive code coverage results
+      uses: actions/upload-artifact@v4
+      with:
+        name: code-coverage-report
+        path: cover/

.gitignore

@@ -72,5 +72,4 @@ context
 
 
 # don't check in django bits
-coral_credits/settings.py
 db.sqlite3

.stestr.conf

@@ -1,3 +1,3 @@
 [DEFAULT]
-test_path=./azimuth_caas_operator/tests
+test_path=./coral-credits/tests
 top_dir=./

Dockerfile

@@ -0,0 +1,66 @@
+FROM ubuntu:jammy as build-image
+
+RUN apt-get update && \
+    apt-get upgrade -y && \
+    apt-get install --no-install-recommends python3.10-venv git -y && \
+    rm -rf /var/lib/apt/lists/*
+
+# build into a venv we can copy across
+RUN python3 -m venv /venv
+ENV PATH="/venv/bin:$PATH"
+
+COPY ./requirements.txt /coral-credits/requirements.txt
+RUN pip install -U pip setuptools
+RUN pip install --requirement /coral-credits/requirements.txt
+
+# Django fails to load templates if this is installed the "regular" way
+# If we use an editable mode install then it works
+COPY . /coral-credits
+RUN pip install --no-deps -e /coral-credits
+
+#
+# Now the image we run with
+#
+FROM ubuntu:jammy as run-image
+
+RUN apt-get update && \
+    apt-get upgrade -y && \
+    apt-get install --no-install-recommends python3 tini ca-certificates -y && \
+    rm -rf /var/lib/apt/lists/*
+
+# Copy across the venv
+COPY --from=build-image /venv /venv
+ENV PATH="/venv/bin:$PATH"
+
+# Copy across the app
+COPY --from=build-image /coral-credits /coral-credits
+
+# Create the user that will be used to run the app
+ENV APP_UID 1001
+ENV APP_GID 1001
+ENV APP_USER app
+ENV APP_GROUP app
+RUN groupadd --gid $APP_GID $APP_GROUP && \
+    useradd \
+      --no-create-home \
+      --no-user-group \
+      --gid $APP_GID \
+      --shell /sbin/nologin \
+      --uid $APP_UID \
+      $APP_USER
+
+# Don't buffer stdout and stderr as it breaks realtime logging
+ENV PYTHONUNBUFFERED 1
+
+# Install application configuration using flexi-settings
+ENV DJANGO_SETTINGS_MODULE flexi_settings.settings
+ENV DJANGO_FLEXI_SETTINGS_ROOT /etc/coral-credits/settings.py
+COPY ./etc/coral-credits /etc/coral-credits
+RUN mkdir -p /etc/coral-credits/settings.d
+
+# By default, serve the app on port 8080 using the app user
+EXPOSE 8080
+USER $APP_UID
+ENTRYPOINT ["tini", "-g", "--"]
+#TODO(tylerchristie): use gunicorn + wsgi like azimuth
+CMD ["python", "/coral-credits/manage.py", "runserver", "0.0.0.0:8080"]

charts/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: coral-credits
+description: Helm chart for deploying the Coral Credits API.
+type: application
+# The version and appVersion are set by the CI script
+version: 0.1.0
+appVersion: "main"

charts/files/settings/01-django.yaml

@@ -0,0 +1,19 @@
+SECRET_KEY: {{ .Values.settings.secretKey | default (randAlphaNum 64) }}
+DEBUG: {{ .Values.settings.debug }}
+DATABASES:
+  default:
+    ENGINE: {{ .Values.settings.database.engine | default "django.db.backends.sqlite3" }}
+    NAME: {{ .Values.settings.database.name | default "/data/db.sqlite3" }}
+    {{- if .Values.settings.database.user }}
+    USER: {{ .Values.settings.database.user }}
+    {{- end }}
+    {{- if .Values.settings.database.password }}
+    PASSWORD: {{ .Values.settings.database.password }}
+    {{- end }}
+    {{- if .Values.settings.database.host }}
+    HOST: {{ .Values.settings.database.host }}
+    {{- end }}
+    {{- if .Values.settings.database.port }}
+    PORT: {{ .Values.settings.database.port }}
+    {{- end }}
+