The stack.yml
file in this repo describes a set of stable services & plugins
in the Armory Platform.
The master
branch contains the latest version for each tested service.
See the release FAQ.
When Astrolabe opens a PR against this repo we treat it as a Release Candidate (RC), so we run an End to End test suite to validate the new service version against the current stack.
The Deploy Test Staging
job is responsible for deploy the new service version into SaaS staging. The SaaS staging environment has a Spinnaker instance with the service versions described in the stack.yml.
The configuration for the SaaS staging env is located in the spinnaker-saas repo.
We use a Spinnaker pipeline in staging to deploy the new service version. If the new service version is deployed successfully, we then run our pipeline-based end-to-end tests against the updated Spinnaker.
In the LTS release, every commit in the Armory extension projects generates a new Docker image. Astrolabe opens a PR with the new Docker image & the commit that the image belongs to. You can find the image tag & the commit in the body of the PR. We can find all the images from the LTS release in Artifactory
The Armory extension projects uses an OSS Service as base, currently the extension projects uses a LTS version that represents a commit in the OSS. A base artifact can be found here in the extension project. The base service version is maintained by Astrolabe.
The base artifacts points to a commit in the OSS projects but those artifact are jars or npm packages in Artifactory. The build ID of the artifact is the commit sha from the OSS project.
We use Spinnaker to upgrade itself using the Deploy RC to Staging
workflow enqueue PR checks so we deploy & test one new service version at a time
The pipeline uses a CLI to extract the k8s manifests for the service changed. Then, it patches the new image tag to use and apply the manifests in the staging env. it takes the configurations from SaaS staging env.
The pipelines are the same end-to-end tests that we use in preprod but we still are migrating them. A single pipeline is responsible for triggering all of the tests. if one of them ends with TERMINAL status, all the other pipelines stop.
When a PR check fails there could be three reasons why it's failing:
- it fails when deploying.
- An end-to-end pipeline failed.
- A false alarm.
Deploying and testing happen in different action steps. If the deploy failed we can get more information in the deploy pipeline.
Also, we can take a look at the pods in the cluster to check status & logs by the service changed. You can connect to the SaaS staging using this kubeconfig. Use the spinnaker
namespace.
kubectl --kubeconfig=cloud-staging-kube -n spinnaker get pods
If the end-to-end tests failed, we can only check which test failed by searching in the end-to-end pipeline. To identify executions in Spinnaker we send as payload the serviceName, image & tag.
You can take the logs for the service using kubectl
To retry the check, we need to re-run the Github Action. Only the end-to-end failures could be a false alarm.
We also run a subset of Google's Spinnaker test suite. We have a fork of that suite and a lightly altered fork of Citest, Google's Spinnaker test runner. The two repos are mostly untouched except for some build improvements and the ability to include an SSL client certificate.
Right now we're only running three of the tests:
You should be able to roughly follow the steps in the test actions. Be sure that you have Python 3 installed.
pip install pipenv
git clone --recurse-submodules git@github.com:armory-io/buildtool
cd buildtool/testing/citest
pipenv install
pipenv run python tests/<your-test-name>.py <flags>
This will get the tests running, but they probably won't pass. Most of the
tests have dependencies on other binaries. For example, the Kubernetes tests depend on
kubectl
to make assertions about Spinnaker's behavior.
If your test takes a --spinnaker_kubernetes_v2_account
parameter, your test
- Needs
kubectl
on thePATH
- Needs a kubeconfig (likely configured with the
$KUBECONFIG
environment variable) whosecurrent-context
points to the same cluster as--spinnaker_kubernetes_v2_account
.
Our fork of Citest has been modified to accept SSL client certificates using the environment variables listed below. Your client cert must not require a passphrase.
CLIENT_CERTIFICATE_PATH
- path to certificateCLIENT_CERTIFICATE_KEY_PATH
- path to private key