From 8010434514c21d82cdd9388304910cc378f4aef5 Mon Sep 17 00:00:00 2001 From: Jashandeep Sohi Date: Mon, 11 Dec 2023 22:45:17 -0800 Subject: [PATCH] add CD scripts & pre-commit hooks --- .gitignore | 2 ++ README.md | 77 +++++++++++++++++++++++++------------------- cd.nix | 56 ++++++++++++++++++++++++++++++++ flake.lock | 18 +++++------ flake.nix | 23 +++---------- skaffold-builder.nix | 20 ++++++++++++ 6 files changed, 134 insertions(+), 62 deletions(-) create mode 100644 cd.nix create mode 100644 skaffold-builder.nix diff --git a/.gitignore b/.gitignore index 26d999e..4ab0960 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ .devenv + +.pre-commit-config.yaml diff --git a/README.md b/README.md index 6d96535..80134c5 100644 --- a/README.md +++ b/README.md @@ -4,57 +4,66 @@ A reusable [devenv](https://devenv.sh/) w/ common tools needed for Kubernetes ## Usage +For a quick one-off shell with all the tools: + ```shell nix develop github:LCOGT/devenv-k8s --impure ``` ### Import -To import this devenv into another, add the following to your `devenv.yaml`: +Assuming you're using flake-parts, add the following to your `flake.nix`: ```diff -diff --git a/devenv.yaml b/devenv.yaml -index c7cb5ce..75410d4 100644 ---- a/devenv.yaml -+++ b/devenv.yaml -@@ -1,3 +1,8 @@ - inputs: - nixpkgs: - url: github:NixOS/nixpkgs/nixpkgs-unstable -+ k8s: -+ url: git+https://github.com/LCOGT/devenv-k8s -+ flake: true -+imports: -+ - k8s +diff --git a/flake.nix b/flake.nix +index 23e54fd..070e011 100644 +--- a/flake.nix ++++ b/flake.nix +@@ -5,10 +5,12 @@ + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + devenv.url = "github:cachix/devenv"; + nix2container.url = "github:nlewo/nix2container"; + nix2container.inputs.nixpkgs.follows = "nixpkgs"; + mk-shell-bin.url = "github:rrbutani/nix-mk-shell-bin"; ++ ++ devenv-k8s.url = "github:LCOGT/devenv-k8s"; + }; + + nixConfig = { + extra-trusted-public-keys = "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="; + extra-substituters = "https://devenv.cachix.org"; +@@ -24,11 +26,11 @@ + perSystem = { config, self', inputs', pkgs, system, ... }: { + + devenv.shells.default = { + # https://devenv.sh/reference/options/ + packages = [ +- ++ inputs'.devenv-k8s.devShells.default + ]; + + }; + + }; ``` +Next `nix develop --impure`, it will install the packages & scripts in this devenv +in addition to any project specific ones. -Or if using a flake-parts, add this repo to inputs and follow -https://devenv.sh/guides/using-with-flake-parts/#import-a-devenv-module - -Next time you do `devenv shell` or `nix develop --impure`, it will install all -packages listed in [devenv.nix](devenv.nix) in addition to any project specific ones. - -## Cache - -Some tools may require compiling. Run the following to setup the LCO Cachix Nix cache that will -let you pull pre-built binaries. This only needs to be done once. - -```shell -cachix use lco-public -``` - -## Updates +### Updates To pull in changes from upstream you need to run the following in the project that imports this: ```shell -devenv update +nix flake update devenv-k8s ``` -Or you can declaritively lock it to a specific ref. See https://devenv.sh/reference/yaml-options/. +## Cache -For flakes, +Some tools may require compiling. You can setup Nix to pull from a pre-built +binary cache. This only needs to be done once: ```shell -nix flake update devenv-k8s +nix profile install nixpkgs#cachix +cachix use lco-public ``` + diff --git a/cd.nix b/cd.nix new file mode 100644 index 0000000..a9a990a --- /dev/null +++ b/cd.nix @@ -0,0 +1,56 @@ +{ config, pkgs, ...}: +{ + config = { + pre-commit.hooks = { + kustomize-build-staging = { + enable = false; + name = "Ensure staging kustomization output is up to date"; + pass_filenames = false; + raw.always_run = true; + entry = "${pkgs.kustomize}/bin/kustomize build staging/ --output output/staging/manifest.yaml"; + }; + + kustomize-build-prod = { + enable = false; + name = "Ensure prod kustomization output is up to date"; + pass_filenames = false; + raw.always_run = true; + entry = "${pkgs.kustomize}/bin/kustomize build prod/ --output output/prod/manifest.yaml"; + }; + }; + + scripts.kustomize-build-staging.exec = '' + set -xe + pushd $DEVENV_ROOT + kustomize build staging/ --output output/staging/manifest.yaml + popd + ''; + + scripts.cd-update-staging.exec = '' + set -ex + + if test -z "$1"; then + echo "first argument should be an absolute path to the skaffold build output" + exit 1 + fi + + if test -z "$2"; then + echo "second argument should be the git commit hash" + exit 1 + fi + + pushd staging/ + + kpt pkg update base@$2 + + if test -f "$1"; then + pushd cd-set-images + sh -xe <(cat $1 | jq -r '.builds[] | "kustomize edit set image \(.imageName)=\(.tag)"') + popd + fi + popd + + kustomize build staging/ --output output/staging/manifest.yaml + ''; + }; +} diff --git a/flake.lock b/flake.lock index f38da78..b6bf1fa 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1701187605, - "narHash": "sha256-NctguPdUeDVLXFsv6vI1RlEiHLsXkeW3pgZe/mwn1BU=", + "lastModified": 1702239828, + "narHash": "sha256-H+z5LY1XslLLIlsh0pirHmveD7Eh6QQUT96VNSRJW9w=", "owner": "cachix", "repo": "devenv", - "rev": "a7c4dd8f4eb1f98a6b8f04bf08364954e1e73e4f", + "rev": "895e8403410c3ec14d1e8cae94e88b4e7e2e8c2f", "type": "github" }, "original": { @@ -245,11 +245,11 @@ ] }, "locked": { - "lastModified": 1700389764, - "narHash": "sha256-hMsZ741ri9c4ZQpB6mgLY8KErk0yXVAOUjfNkP1nbbw=", + "lastModified": 1701981188, + "narHash": "sha256-oXFdqisYyJ77yDZ3OaAGp+GYUS6e3tWFuavl/AgBdRI=", "owner": "nlewo", "repo": "nix2container", - "rev": "4400b77e14f3095ee3215a9a5e0f9143bc0e8f2d", + "rev": "3e84a0a7b94419846acd9c52c4c497c618b2cb7e", "type": "github" }, "original": { @@ -362,11 +362,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1701436327, - "narHash": "sha256-tRHbnoNI8SIM5O5xuxOmtSLnswEByzmnQcGGyNRjxsE=", + "lastModified": 1702151865, + "narHash": "sha256-9VAt19t6yQa7pHZLDbil/QctAgVsA66DLnzdRGqDisg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "91050ea1e57e50388fa87a3302ba12d188ef723a", + "rev": "666fc80e7b2afb570462423cb0e1cf1a3a34fedd", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 287d912..7aacf58 100644 --- a/flake.nix +++ b/flake.nix @@ -40,7 +40,7 @@ systems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; - perSystem = { config, self', inputs', pkgs, system, ... }: { + perSystem = { config, self', inputs', pkgs, system, lib, ... }: { # Per-system attributes can be defined here. The self' and inputs' # module parameters provide easy access to attributes of the same # system. @@ -52,8 +52,8 @@ name = "devenv-k8s"; imports = [ - # This is just like the imports in devenv.nix. - # See https://devenv.sh/guides/using-with-flake-parts/#import-a-devenv-module + ./skaffold-builder.nix + ./cd.nix ]; # https://devenv.sh/packages/ @@ -65,27 +65,12 @@ pkgs.kubeseal pkgs.kubernetes-helm pkgs.kustomize + pkgs.jq inputs'.kpt.packages.default inputs'.octopilot.packages.default ]; - scripts.skaffold-builder-buildx.exec = '' - set -ex - - args="" - - if test "$PUSH_IMAGE" = true; then - args+="--push " - fi - - if test -n "$PLATFORMS"; then - args+="--platform $PLATFORMS " - fi - - docker buildx build "$BUILD_CONTEXT" --tag $IMAGE $args $SKAFFOLD_BUILDX_ARGS - ''; - # See full reference at https://devenv.sh/reference/options/ }; diff --git a/skaffold-builder.nix b/skaffold-builder.nix new file mode 100644 index 0000000..5412f63 --- /dev/null +++ b/skaffold-builder.nix @@ -0,0 +1,20 @@ +{ ...}: +{ + config = { + scripts.skaffold-builder-buildx.exec = '' + set -ex + + args="" + + if test "$PUSH_IMAGE" = true; then + args+="--push " + fi + + if test -n "$PLATFORMS"; then + args+="--platform $PLATFORMS " + fi + + docker buildx build "$BUILD_CONTEXT" --tag $IMAGE $args $SKAFFOLD_BUILDX_ARGS + ''; + }; +}