New-feature, WiP: Ephemeral Environments for PRs — Uffizzi Integration

[ShrutiC-git]

Thank you for contributing to Harbor!

Comprehensive Summary of your change

This PR is adding support for preview environments for PR events (opened, sync'ed, reopened, etc) on Harbor, powered by Uffizzi.

This PR uses GHA workflows to build and provision preview environments. Utilizing docker-compose examples from Harbor, the PR uses docker-compose.uffizzi.yml to build open-sourced components of Harbor from source: Harbor portal, Harbor, registryctl, and jobservice. Building from source makes sure the latest changes are reflected in the preview.
The docker-compose also has Harbor core, Harbor registry, postgres charmuseum and redis containers, utilizing images from DockerHub.

Once a PR event is triggered — PR opened, PR synced, review requested — the build workflow will build Harbor portal, jobservice and harbor-registryctl from source along with other related services, and the preview workflow will either spin up a new preview or update an existing preview. The previews are ephemeral — so they live for only as long as needed.

A comment will be posted on the PR containing the URL of the preview environment, allowing contributors and maintainers to easily navigate to the preview.

To test this, the first step was opening a PR against my fork of Harbor, the uffizzi-build.yml file triggered the Build PR Image action. Once this action was completed, the uffizzi-preview.yml GHA-file triggered the Deploy Preview action. We use this 2-step workflow for open-source projects, to allow open-source projects to have previews for contributions from forks. Here is a more in-depth read into why we use a two-stage workflow.

• Here is the PR opened against my personal fork of Habor
• Here is the comment that was posted on my PR.
• Here is the preview environment that was created.

To log into the preview, use the following credentials:

• username: admin
• password: password

Issue being fixed

Fixes #18006

Please indicate you've done the following:

• Well Written Title and Summary of the PR
• Label the PR as needed. "release-note/ignore-for-release, release-note/new-feature, release-note/update, release-note/enhancement, release-note/community, release-note/breaking-change, release-note/docs, release-note/infra, release-note/deprecation"
• Accepted the DCO. Commits without the DCO will delay acceptance.
• Made sure tests are passing and test coverage is added if needed.
• Considered the docs impact and opened a new docs issue or PR with docs changes if needed in website repository.

cc @waveywaves

[ShrutiC-git]

On the preview, it seems some of the API endpoints from API Core return a 404 — namely some endpoints concerning jobservice (api/v2.0/jobservice). This PR is using Harbor core image from GitHub and it seems that some of the DB migration scripts for core might not be running.

I would really appreciate some help on how the issue with some of these endpoints can be resolved!

[codecov]

Codecov Report

Merging #18127 (3c85342) into main (e5e61d4) will decrease coverage by 0.03%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main   #18127      +/-   ##
==========================================
- Coverage   67.39%   67.36%   -0.03%     
==========================================
  Files         980      980              
  Lines      106778   106778              
  Branches     2662     2662              
==========================================
- Hits        71958    71930      -28     
- Misses      30947    30979      +32     
+ Partials     3873     3869       -4     

Flag	Coverage Δ
unittests	67.36% <ø> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 6 files with indirect coverage changes

[Vad1mo]

Thank you for your contribution, it is excellent to have a preview environment.
I need to investigate further, but I fear that your changes will break the current packaging and offering.
I would suggest putting the preview config and modifications into a preview subdirectory, so the code for preview does not interfere with our prod and release code.

[ShrutiC-git]

thanks for taking a look into this, @Vad1mo! You're right — I will move the changes into its own directory so it's efficient and not intrusive.
If we could go over the changes and other modifications over a call, that'd be really helpful design this more effectively. It'll help give more understanding into building other components which I was not able to find in the source code. Let me know if that sounds okay!

wrong button

[ShrutiC-git]

hi @OrlinVasilev ~ thanks for the review on this. Agree, the certs shouldn't be needed. I had added this for the config of the services, but these can be removed. I'll be cleaning the PR according to the suggestions (and will also point to some necessary changes, added to core code)

[ShrutiC-git]

hi, @Vad1mo @OrlinVasilev, I have moved preview-specific files to their own directory to keep the integration code separate. Also, as you pointed out, have removed the files that are not used in the service volumes. Thanks for helping clean this up!

Let me know how I can make it more efficient. We can probably add more modules to be built from source, but some of the co-dependencies were missing so currently we are limited to building 3 of Harbor components.

[OrlinVasilev]

@ShrutiC-git how we can test it ?

[ShrutiC-git]

hey, @OrlinVasilev -

To test this, here's what I had done:

The first step was opening a PR against my fork of Harbor, the uffizzi-build.yml file triggered the Build PR Image action. Once this action was completed, the uffizzi-preview.yml GHA-file triggered the Deploy Preview action. We use this 2-step workflow for open-source projects, to allow open-source projects to have previews for contributions from forks. Here is a more in-depth read into why we use a two-stage workflow.

• Here is the PR opened against my personal fork of Habor
• Here is the comment that was posted on my PR.
• Here is the preview environment that was created.

To log into the preview, use the following credentials:

• username: admin
• password: password

For previews on this repo, this PR needs to be merged. That is because the Deploy Preview action is a workflow_run type of action and needs the action file (uffizzi-preview.yml) to be in the default branch of the PR.

Here's an in-depth read on why we use the 2-stage workflow, if you'd like to know why we have the workflows separated out into two separate actions.

[OrlinVasilev]

@ShrutiC-git - the backstage environment looks quite good and responsive, is there a way to make that available for tests with Harbor and possibly to do some demo on our next community meeting thanks!

[ShrutiC-git]

hey @OrlinVasilev, thanks for looking further into this.

is there a way to make that available for tests with Harbor

could you maybe explain what you mean by this? What would be helpful for the community?

were you able to take a look at the preview environment link for Harbor (linked in the comment above)? How does that look so far?

[OrlinVasilev]

@ShrutiC-git thank you!

@goharbor/all-maintainers can you take a look here: Thank you!
https://app.uffizzi.com/github.com/ShrutiC-git/harbor/pull/8

username: admin
password: password

[ShrutiC-git]

monitoring this too, @OrlinVasilev.

Let me know what changes we can make to these ephemeral environments to align with what the community needs.

[jpthurman]

@OrlinVasilev what's the appetite here? Do you want to move forward?
cc @ShrutiC-git

[OrlinVasilev]

@jpthurman - waiting the rest of the @goharbor/all-maintainers to test it and share some thought
It's great for testing UI changes, for the core components not so much as we cannot access the underneath containers/pods and check logs and troubleshoot if needed
But I like it for the UI/UX side it's solid

BTW do you plan to leave it free for the OS projects or we can expect some changes in the policy in the future?
Orlix

[OrlinVasilev]

as a follow up question can we make it on demand so we can exclude the possibility our pipelines to depend on it?

[jpthurman]

Hi @OrlinVasilev
-You can access each container's logs via the Uffizzi UI - are you needing deeper access at the infrastructure level?
-If this is purely open source and not tied to a profit mechanism we can keep it free. If you could provide special recognition in your README that would be quite helpful
-Can you elaborate on what you would like to see with "on-demand"?

[OrlinVasilev]

@jpthurman we are CNCF graduated project as such is 101% open source, of course there are companies which are building products and services based on Harbor!

If we decide to continue with this adding you to the readme it's for sure there!

On demand I mean, to tune it so we have these preview envs in special conditions like only UI is impacted or something like that I suppose that can be managed on the github action workflow level!

[jpthurman]

Hi @OrlinVasilev

Great - yes the service will be free for Harbor

For on-demand yes you can set the GHA for whatever scenarios you can imagine. What's in this PR is the template used across many Open Source projects and they are quite happy with it.

How much longer do you plan to get feedback from harbor community? Do you want to set a time period for feedback?

When you are ready we can update this PR (I'm sure it's a little stale) and you can merge. Tagging @ShrutiC-git

[github-actions]

This PR is being marked stale due to a period of inactivty. If this PR is still relevant, please comment or remove the stale label. Otherwise, this PR will close in 30 days.

[OrlinVasilev]

@ShrutiC-git @jpthurman hi folks :) are you still interested to do a live session during our community meetings :) so we can finally decide and merge this one :))

[jpthurman]

Hi @OrlinVasilev!
Given where we are timing-wise I think the project would benefit longer term from our pending helm support. Would it work for us to update the PR in the next 60 days or so and then demo?

[OrlinVasilev]

@jpthurman fantastic! Let's park that for now then! BTW do you need any help with the helm part maybe I can contribute :)

[jpthurman]

@OrlinVasilev perhaps, a few things to square away on our end - we'll circle back. Thanks!

[OrlinVasilev]

@jpthurman will be waiting :)

[OrlinVasilev]

Updated one is on the way!