How can we make osio-pipeline.a first class build environment for operators and being able to deploy to some environments,

There is probably go support and permission requirements (i.e: CRD available) first to do this,

Add Unit Tests for CD.groovy API

Need to setup CI server to run PR builds and tests:

Environment Dependency:

• oc CLI - version > oc v3.6.0+c4dd4cf

Test commands:

• run mvn test

Preferable CI:

• CICO
• Travis

Pipeline flow prompts for user input to approve application deployment to other environments though Jenkins file has only stage environment not run.

Feature Request:
Currently deployment of a project is indicated using annotations but the annotations are added only if there is a route. So in case of applications (e.g. penfold for MM) that do not have a route, the pipeline fails to indicate a successful deployment.

PR pipelines generate a new BC which would conflicts with template bc name, we need something like this in boosters :

https://github.com/chmouel/nodejs-health-check/commit/0b5e85c975f4fa293f85361d6bf3ddc3531d8ba5

can we do withouth ?

The fabric8-pipeline-library has a lot of different things in there and hacks like updating labels for preview URL. We need to investigate what it's doing and list them in an issue here.

If a keyword is missing from the template say "kind" then Jenkins shows null pointer exception.
Rather it should be handled with a proper message and stop build process asking to provide a proper template.

fabric8 already has it pipeline library. While OSIO-pipeline library is specific to the OpenShift.io.
Does it make sense to move it to https://github.com/openshiftio ?

We have BCs created on each PR, but when the PR is closed we are not cleaning this up

Implement unit tests for deploy API

given:

• deployable resources (excluding ImageStream, BuildConfig)

test:

• process all resources except build
• creates resources in a given namespace
• deployment refers rights image stream tag
• accepts the manual approval

Need to set up a CD/Release job so we can release semantic versions of the pipeline library.
In that way, Jenkinsfile would refer to some version of the pipeline library and it would not break pipeline by making changes the master branch.

Add the feature of patching the space label to all the resources with the value of openshift.io space name

We need this feature to show deployments etc. in the correct space in UI basically for java boosters
Basically the feature implemented in fabric8-pipeline-library, we need here also fabric8io/fabric8-pipeline-library#390

When building from a PR openshift creates a new branch which works well for us until we start the new-build we need to have a way to pass the reference of the branch to the template.

when #3 would be implemented we can auto detect (env variable i guess?) which branch has been checked out and automatically set it for us.

Write a unit tests for loadResources API

which can assert

• for a given resources file, it loads the resources
• for a given resources file containing many items (kind: List), it loads the resources
• for a given resource file, it validates and loads the resource

What if the user want to specify a new thing in the pipeline
For example a security scanner
How do we want to make it as generic as possible

Unit tests for utils.groovy methods

Utils.mergeMaps fails with the following error

org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods flatten java.util.List
	at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectStaticMethod(StaticWhitelist.java:189)
	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:114)
	at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:155)
	at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:159)
	at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:17)
	at io.openshift.Utils.mergeMaps(..../builds/6/libs/github.com/fabric8io/osio-pipeline/src/io/openshift/Utils.groovy:109)

Sub tasks:

• fix arbitrary delete of resources from stage, run spaces
  due to deployment constraints, current CD flow deletes the all resources which delete existing running service
• fix template processing flow
  Due to OpenShift plugin restriction deployment workflow applies DC upfront which triggers new deployment for existing running application.
• for each build pipeline creates two deployments
  As workflow deploys an application it rollout two application deployments instead of one.

Planner: https://openshift.io/openshiftio/Openshift_io/plan/detail/341

Docker builds are important when it comes import flow. However, with the current limitation of OpenShift Online S2I can't execute Docker build strategy with given Dockerfile.

In order to support Docker build, evaluate alternative tools to build an image from Dockerfile like Buildah expose this capability in build API

deploy command is too restrictive for multi-container scenarios. deploy requires certain resources to exist on the resource yaml but in the case of multi-container applications there can be multiple files that are applied. For instance if application requires 2 DeploymentConfigs one for a database and one for the application to be build, it is common (and perhaps mandatory) to separate the deployment configs to separate files and deploy them individually. An application can easily not have Service and Route.

When we have variable in the template we need to find a way how to get the user (or UI) to pass those paramters. Something like an hashmap in the user Jenkinsfile :

def buildParameters = [option:'value', Ref:'feature-branch', Build:'grunt']

which get then passe to the template,

we don't define a contract, it's up to the user to know those values from the booster documentation or other.

This goes with #2

When the DC cannot be deployed it waits forever, we need to handle this properly

This method makes it mandatory for the openshift template to have the RELEASE_VERSION parameter else there's a failure because of non-availability of meta

Is this intended or should we have something like :

// returns a map of parameter name: value by choosing from provided if the
// key is present in templateParams or uses default value
def applyDefaults(provided=[:], templateParams) {

  def params = [:]
  def setParam = { key, compute ->
    if (key in templateParams) {
      params[key] = provided[key] ?: compute()
    }
   else{
     params[key]  = compute()
   }  
  }

  setParam('SUFFIX_NAME') { "-${env.BRANCH_NAME}".toLowerCase() }
  setParam('SOURCE_REPOSITORY_REF') { Utils.shWithOutput(this, "git rev-parse --short HEAD") }
  setParam('SOURCE_REPOSITORY_URL') { Utils.shWithOutput(this, "git config remote.origin.url") }
  setParam('RELEASE_VERSION') { Utils.shWithOutput(this, "git rev-list --count HEAD") }
  return params
}

We want to be able deploy in a cluster which doesn't have a -run -stage but a single namespace

Problem:

At this moment there is less visibility about overall build progress and where the build is taking time. It makes hard to understand which step is taking time.

It's better to log the timestamps on important activities like osio, scm

Something we have with fabric8-p-l too, the jenkins url shows as :

http://unconfigured-jenkins-location/job/**

cf openshiftio/openshift.io#1259

Add Unit Tests for CI.groovy

I was testing a Node + DB CRUD booster
https://github.com/sbose78/nodejs-rest-http-crud

The db was defined in .openshiftio/service.yaml

apiVersion: v1
items:
- apiVersion: v1
  kind: ImageStream
  metadata:
    annotations:
      openshift.io/generated-by: OpenShiftNewApp
    creationTimestamp: null
    labels:
      app: my-database
    name: my-database
  spec:
    tags:
    - annotations:
        openshift.io/imported-from: openshift/postgresql-92-centos7
      from:
        kind: DockerImage
        name: openshift/postgresql-92-centos7
      generation: null
      importPolicy: {}
      name: latest
      referencePolicy:
        type: ""
  status:
    dockerImageRepository: ""

While running the cd step which looked like this

cd {

    // override the RELEASE_VERSION template parameter
    def resources = processTemplate(params: [
        RELEASE_VERSION: "1.0.${env.BUILD_NUMBER}"
    ])
    def cm = loadResources(file: ".openshiftio/service.yaml")

    // performs an s2i build
    build resources: resources
    deploy resources: [resources,  cm], env: 'stage'
    deploy resources: [resources,  cm], env: 'run', approval: 'manual'
  }

..at the deploy step, the pipeline library tries to do a

oc tag -n usernamespace --alias=true usernamespace/my-database:1.0.1  my-database:1.0.1

which fails because the imagestream in the usernamespace doesn't exist. Only my node app's image stream exists in the usernamespace. The .openshiftio/service.yaml wasn't processed as part of build which is why the image stream doesn't exist.

Do you think allowing build to do something like build resources: [resources, cm] is a good idea?
https://github.com/sbose78/osio-pipeline/blob/master/vars/build.groovy#L4

I was trying to think how we want to do cI integrations, it may be good that we allow user to specify their custom postcommit hook :

https://docs.openshift.com/container-platform/3.4/dev_guide/builds/build_hooks.html#configuring-post-commit-build-hooks

For example on a bc i have add :

  postCommit:
    script: npm install --only=dev && npm test

to run unit tests after a bulds,

we can allow a different setting for PR build so we can implement CI and CD like this.

We could have local from jenkinsfile and global ones from a cfgmap

Do you think it would be reasonable to specify the custom path of files which the build tool depends upon?

Let's get E2E testing for this project ASAP,

How do we want to do this ?

We need to find a way to override the BuildConfig timeout.

Patching the spec of the buildconfig with the completionDeadlineSeconds option,

Ideally we want to have a different timeout by "cluster", i.e: if it's on OSIO
or on OSD.

• Proxy?
• Infrastructure issue?
• Language specific?
• PVs ?
• Gitlab way https://docs.gitlab.com/ee/ci/caching/#sharing-caches-across-the-same-branch

Library should five proper support for deployments of backing service deployments such as a database.

Implement a new function similar to processTemplate that processes helm charts and returns the resource to be deployed

To execute integration tests CI server needs an environment with the following setup

• Openshift cluster
• Jenkins deployment on OpenShift
• Can use Jenkins runner
• Can use DevCluster
  For this can use openshift.io with provisioned test accounts , but need to evaluate this option

#89

It is common to have multiple template files

Example:
https://github.com/nodeshift-starters/nodejs-rest-http-crud
has

• application.yaml
• service.yaml

Unit tests for processTemplate API

For https://github.com/sbose78/nodejs-health-check/blob/master/Jenkinsfile ,

How do I opt-out of analytics? To make this library re-usable, that would be a nice feature to have.

Exiting "Trigger OpenShift Build" successfully; build "nodejs-health-check-s2i-master-2" has completed with status:  [Complete].
[Pipeline] echo
invoking bayesian analytics
[Pipeline] retry
[Pipeline] {
[Pipeline] bayesianAnalysis
No direct or transitive dependencies found.
Running Bayesian stack analysis...
Bayesian API URL is https://recommender.api.openshift.io/api/v1

Following are prerequisites for executing integration tests:

• CI Environment
  • OpenShift cluster
  • Jenkins deployment
• Set of Jenkins jobs for booster projects

Implement unit tests for build API

given:

• build resources (ImageStream, BuildConfig)

test:

• creates build resources
• tags an image in ImageStream

Perhaps we can use oc apply --validate --dry-run to see if validation succeeds but it may also fail due to false negatives.

We currently don't make any difference between a CI and CD pipeline (it's all CD)

How are we going to do those ?

Create/Update pipeline library API's to integrate java boosters.

OSIO openshiftio/openshift.io#4319

How do we want to do secrets?

Should we let the user to do the secrets injection on openshift and reference it from their Jenkinsfile if needed?

The build.* event listener may need some information about the build, like source git url, commit id and build name etc.
Update build.end event to publish the above information as event arguments.

Here is an idea that we may want to investigate.

For dockerbuild or for other reasons why can perhaps offer to build on quay directly and pull the output image for CD,

We are currently using s2i build on openshift to build but what about we are going driver based and let the user specify he/she wants to build on quay instead as this seems to support it : https://docs.quay.io/guides/building.html

I would imagine that building on quay.io mean we avoid the start-build and only get metadatas from .openshift/application.yaml like the docker building context.

and would then be able to use the image built for -stage or -run

Investigation tasks :

• do we have access to the build feature on quay.
• how do we specify another secrets to osio pipeline
• how do we monitor the building process