A Hubot CI/CD Pipeline Bot for Openshift Container Platform (OCP) with Mattermost adapter.
The goal of this project is to automate our CI/CD pipelines for Applications built and deployed on Openshift Container Platform in order to increase deployment velocity. A ChatOps approach increases visibility and gives distributed developers more freedom to test and deploy.
This project is based on a Dev, Test, Stage, Prod deployment model to meet our needs, but could be adapted to any workflow.
This document will break down the build config and deployment steps required to run pipeline-bot.
- Currently expanding OCP api calls to include build from template and watch
- add responders to include git checkout and deploy to teardown environments in OCP
- update output formatting to Mattermost
- Github Action - On closed PR (github action "Push")to DEV branch - send Hubot payload with env param
- Hubot - receive github payload - verify pipeline has been defined
- Hubot - build and deploy - Openshift or jenkins
- Hubot - start post deploy - post deployment tasks as OCP template job
- Hubot - start test - start tests as OCP template job
- Hubot - receive test payload - associate test results with pipeline
- Hubot - promote - if conditions pass then promote to next environment / or open PR to Master
Currently defined in post deploy script This script will define any ocp jobs that are required to run post deployment. OCP jobs are defined as Env Var from config map. This is a temporary solution for now.
Currently defined in test script This script will define any ocp jobs that are required to run test. OCP jobs are defined as Env Var from config map. This is a temporary solution for now.
Step by step how to build Hubot instance from start
HINT see below for build and deploy from this repo as boilerplate
-
local install of project
brew install node npm install -g yo generator-hubot mkdir pipeline-bot cd pipeline-bot yo hubot
-
answer questions provided at prompt required by Hubot builder
$ Owner 'my.email@domain.bc.ca' $ Bot name 'pipeline-bot' $ Description 'CI/CD Pipeline Bot' $ Bot adapter 'matteruser'
-
enable
git
on local project dir -
update dependencies
- update package.json with appropriate fields and values. see example in repo
- update external-scripts.json with appropriate packages. see example in repo
-
commit changes on local project
-
create remote github repo and push to remote
-
create new imagestream in OCP
oc create imagestream pipeline-bot
-
create tag for imagestream in OCP
oc tag pipeline-bot pipeline-bot:latest
-
create new build using Source Build Strategy in OCP
oc new-build nodejs:10~https://github.com/bcgov/pipeline-bot.git -l app=bot
-
required env var in deployment config via secrets or config maps
MATTERMOST_HOST= <url-to-mattermost> MATTERMOST_GROUP= <mattermost-group> MATTERMOST_USER= <mattermost-username> MATTERMOST_PASSWORD= <mattermost-password> HUBOT_MATTERMOST_CHANNEL= <mattermost-channel> HUBOT_OCPAPIKEY= <ocp-token> HUBOT_OCPDOMAIN= <ocp-domain> HUBOT_ACL= <conifg for access control list> # see Access Control HUBOT_DEV_APITEST_TEMPLATE= <url-to-test-template.json> HUBOT_TEST_APITEST_TEMPLATE= <url-to-test-template.json> HUBOT_TEST_POSTDEPLOY_TEMPLATE= <url-to-post-template.json> HUBOT_STAGE_POSTDEPLOY_TEMPLATE= <url-to-post-template.json> HUBOT_TEST_NAMESPACE= <ocp-namespace-to-run-test-in> HUBOT_CONFIG_PATH= <url-to-config-map> # see Pipeline Config HUBOT_GITHUB_TOKEN= <github token for repo access> HUBOT_JENKINS_URL= <url to jenkins instance> HUBOT_JENKINS_AUTH= <user:token>
-
first time deploy in OCP
oc new-app pipeline-bot:latest
12 . set up github action on repo:
BOT_KEY= <gateway token>
BOT_URL= <url to Bot instance>
Example: github action to send to Hubot
```
name: dev_push
on:
push:
branches:
- dev
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
with:
ref: dev
- name: Send Payload
run: |
curl -X POST -H "Content-Type: application/json" -H "apikey: ${{ secrets.BOT_KEY }}" -d @$GITHUB_EVENT_PATH https://${{ secrets.BOT_URL }}/hubot/github/dev
```
https://github.com/emptywee/acl-hubot
define config map in OCP and injected as env var HUBOT_ACL
required for scripts/acl.coffee
{
"groups":
{
"admins": [ "<mattermost-username-1>", "mattermost-username-2", "mattermost-username-3"]
},
"commands":
{
"restricted":
{
"build": [ "admins" ],
"deploy": [ "admins" ],
"brain": [ "admins" ],
"buildanddeploy": [ "admins" ]
}
}
}
Hubot will reference this file to lookup buildconfig and deployment configs, and namespaces required to make the api calls to OCP or Jenkins Job Name.
Please see Reference Config File
Example:
{
"pipelines": [
{
"name": "<appName>",
"repo": "<user/repo>",
"prToMasterAfter": "test",
"dev": {
"build": {
"buildconfig": "<ocp-bc-name>",
"namespace": "<ocp-bc-namespace>"
},
"deploy": {
"deployconfig": "<ocp-dc-name>",
"namespace": "<ocp-dc-namespace>"
}
},
"test": {
"build": {
"buildconfig": "<ocp-bc-name>",
"namespace": "<ocp-bc-namespace>"
},
"deploy": {
"deployconfig": "<ocp-dc-name>",
"namespace": "<ocp-dc-namespace>"
}
},
"prod": {
"build": {
"jenkinsjob":"job/jenkins-job-path/"
}
}
}
]
}
dockerfile in this repo is for local build development only and not to be used for production.
currently used for test scripts and example test routes for local testing and examples only.
payload examples for references from github and OCP sources, includes readme with curl examples.
Hubot allows us to create custom responders to interact directly with the bot.
defined in scripts/responders.coffee
A list of commands are available by running cmd <hubotname> help
Steps to deploy directly from fork of this repo:
-
fork this repo
-
change bot name update -name argument in both files
- /bin/hubot
- /bin/hubot.cmd
exec node_modules/.bin/hubot --name "<my-bot-name>" "$@"
-
create new build using Source Build Strategy in OCP
oc new-build nodejs:10~https://github.com/<forked/repo>.git -l app=bot
-
define required env var in deployment config via secrets or config maps
- as listed above
-
define access control list as config map
- as listed above
-
define pipeline config map
- as listed above
-
first time deploy in OCP
oc new-app pipeline-bot:latest