By default all repositories from the configured GitHub organization are synced with GitLab. To select a subset of repositories to sync, set SYNC_REPOS_LIST env variable with a comma separated list of repositories.
For all repositories in the organization, a pr_XXX branch will be created in GitLab for every pull/XXX PR from GitHub.
Currently the following GitHub events are processed:
pull_request: enabled by default,DISABLE_PR_EVENTS_PROCESSINGdisables the processingpush: enabled by default,DISABLE_PUSH_EVENTS_PROCESSINGdisables the processingissue_comment: enabled by default,DISABLE_COMMENT_EVENTS_PROCESSINGdisables the processing
It's currently hosted on company-websites GKE Kubernetes cluster.
- A PR on
github/org/project-xissues a Github Webhook (configured to call the website k8s cluster) - the URL called is an API for the container
mender-test-runnerconfigured on the K8s cluster (currently three deployments:test-runner-mender-io,repos-sync-cfengine-com,repos-sync-northerntechhq-com) - the
mender-test-runnercontainer get the Org from the webhook and run a syncgithub/org/project-x -> gitlab/northern.tech/group/project-x
- The GH Org is mapped on main.go
// Mapping https://github.com/<org> -> https://gitlab.com/Northern.tech/<group> var gitHubOrganizationToGitLabGroup = map[string]string{ "mendersoftware": "Mender", "cfengine": "CFEngine", "NorthernTechHQ": "NorthernTechHQ", } - The GH Org settings have a Webhook in place:
- https://github.com/organizations/NorthernTechHQ/settings/hooks
- Payload URL: the URL of the FQDN set on the Ingress (like
https://repos-sync.northern.tech/) - Content-type:
application/x-www-form-urlencoded - Secret: the same set on the
GITHUB_SECRETon the K8s secret for the pod which is usually stored on Mystiko along - Which events would you like to trigger this webhook? Send me everything
- You have the required K8s resources:
- Configmap for possible customizations
- ManagedCertificate for GCP managed Certs (for the https://repos-sync.northern.tech)
- The actual deployment
- Secrets stored on Mystiko, path
mender/saas/k8s/gkewhich contains:GITHUB_TOKEN: themender-test-botuser PAT for GithubGITHUB_SECRET: the secret from the Webhook, like aboveGITLAB_TOKEN: themender-test-botuser PAT for Gitlabid_rsaandid_rsa.pub: SSH keys for themender-test-botuser
- Ingress configured for the new service:
- host: repos-sync.northern.tech http: paths: - backend: service: name: repos-sync-northerntechhq-com port: number: 8086 pathType: ImplementationSpecific
Commits to the master branch trigger a sync with the sre-tools repository, committing the new Docker image's SHA256 to the file kubernetes/mender-test-runner/test-runner-deployment.yaml. This, in turn, triggers a new application of the Kubernetes manifest files to the cluster.
- create service account with the following roles assigned:
Kubernetes Engine Developer,Kubernetes Engine Service AgentandViewer - create json key and make base64 encoded hash with removing new lines:
base64 /path/to/saved-key.json | tr -d \\n - in CI/CD project settings add
GCLOUD_SERVICE_KEYvariable where value is the hash
Apply secret from mystico:
$ pass mender/saas/k8s/gke/secret-test-runner-mender-io.yaml | kubectl apply -f -From the sre-tools repository:
$ kubectl apply -Rf kubernetes/mender-test-runner/We have a set of acceptance tests that run with recorded payloads from GitHub webhooks and check
the exact output of the integration-test-runner. The intention for changes in our CI infra
(namely, integration repository) do not go unnoticed.
The expected output of the tool is saved as golden files using a Pytest plugin for it. When changes are made that need update, you can automatically update the files with:
make acceptance-testing-build
make acceptance-testing-up
make acceptance-testing-update-golden-filesAfter that review the changes, commit, and submit them into a PR.
Also note that GITHUB_TOKEN and GITLAB_TOKEN env variables are required to run these tests.