From 1daa0ef097d30dfeed4a79320f770a3eaae514ab Mon Sep 17 00:00:00 2001 From: Gero Posmyk-Leinemann Date: Fri, 20 Sep 2024 14:49:17 +0000 Subject: [PATCH] automations for basic preview tasks WIP: IDP not working, yet --- .devcontainer/devcontainer.json | 3 +- .gitpod/automations.yaml | 39 +++++++++++++++++++ .../workflow/preview/configure-workspace.sh | 21 +++++++--- 3 files changed, 57 insertions(+), 6 deletions(-) create mode 100644 .gitpod/automations.yaml diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 4ee0385c521932..dc93b892684c54 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -12,7 +12,8 @@ ], "remoteEnv": { "GIT_EDITOR": "code --wait", - "KUBE_EDITOR": "code --wait" + "KUBE_EDITOR": "code --wait", + "PREVIEW_ENV_DEV_SA_KEY_PATH": "/home/gitpod/.config/gcloud/preview-environment-dev-sa.json" }, "features": { "ghcr.io/devcontainers/features/docker-in-docker:2": { diff --git a/.gitpod/automations.yaml b/.gitpod/automations.yaml new file mode 100644 index 00000000000000..b60ce77b48da33 --- /dev/null +++ b/.gitpod/automations.yaml @@ -0,0 +1,39 @@ +tasks: + setup-workspace: + name: setup workspace + triggeredBy: + - postEnvironmentStart + command: | + export PREVIEW_ENV_DEV_SA_KEY_PATH="/home/gitpod/.config/gcloud/preview-environment-dev-sa.json" + leeway run dev/preview:configure-workspace + leeway run dev/preview/previewctl:install + preview-create: + name: create preview + dependsOn: + - setup-workspace + triggeredBy: + - manual + command: | + export PREVIEW_ENV_DEV_SA_KEY_PATH="/home/gitpod/.config/gcloud/preview-environment-dev-sa.json" + previewctl create + preview-delete: + name: delete preview + dependsOn: + - setup-workspace + triggeredBy: + - manual + command: | + export PREVIEW_ENV_DEV_SA_KEY_PATH="/home/gitpod/.config/gcloud/preview-environment-dev-sa.json" + previewctl delete +services: + preview-update-kubectx: + name: update kubectx + # trigger: + # - onStart + # dependsOn: + # - setup-workspace + # TODO(gpl): would be great if we could depend on a task - or use "gitpod auto task start setup-workspace --wait" + commands: + start: | + leeway run dev/preview/previewctl:install + previewctl install-context --watch diff --git a/dev/preview/workflow/preview/configure-workspace.sh b/dev/preview/workflow/preview/configure-workspace.sh index 9ea79e86c4c911..f17e96957ff896 100755 --- a/dev/preview/workflow/preview/configure-workspace.sh +++ b/dev/preview/workflow/preview/configure-workspace.sh @@ -19,13 +19,24 @@ if [ -z "${PREVIEW_ENV_DEV_SA_KEY_PATH:-}" ]; then fi if [ -f "/usr/local/gitpod/config/initial-spec.json" ]; then + # gcloud iam workload-identity-pools create-cred-config \ + # projects/184212049955/locations/global/workloadIdentityPools/gitpod-next/providers/gitpod-next-provider \ + # --service-account=preview-environmnet-dev@gitpod-dev-preview.iam.gserviceaccount.com \ + # --service-account-token-lifetime-seconds=1h \ + # --output-file="${PREVIEW_ENV_DEV_SA_KEY_PATH}" \ + # --executable-command='node /workspace/gitpod/dev/next-oidc/oidc.js' \ + # --executable-timeout-millis=5000 + + #projects/184212049955/locations/global/workloadIdentityPools/catfood/providers/catfood-provider \ gcloud iam workload-identity-pools create-cred-config \ - projects/184212049955/locations/global/workloadIdentityPools/gitpod-next/providers/gitpod-next-provider \ + projects/184212049955/locations/global/workloadIdentityPools/app-gitpod/providers/app-gitpod-provider \ --service-account=preview-environmnet-dev@gitpod-dev-preview.iam.gserviceaccount.com \ - --service-account-token-lifetime-seconds=1h \ - --output-file="${PREVIEW_ENV_DEV_SA_KEY_PATH}" \ - --executable-command='node /workspace/gitpod/dev/next-oidc/oidc.js' \ - --executable-timeout-millis=5000 + --subject-token-type="urn:ietf:params:oauth:token-type:jwt" \ + --credential-source-type="json" \ + --executable-command='gitpod-new idp token --audience="//iam.googleapis.com/projects/184212049955/locations/global/workloadIdentityPools/app-gitpod/providers/app-gitpod-provider" --gcloud' \ + --executable-timeout-millis=5000 \ + --executable-output-file="/tmp/gcloud-oidc.json" \ + --output-file="${PREVIEW_ENV_DEV_SA_KEY_PATH}" elif [[ -n "${PREVIEW_ENV_DEV_CRED:-}" ]]; then echo "${PREVIEW_ENV_DEV_CRED}" >"${PREVIEW_ENV_DEV_SA_KEY_PATH}" fi