/codefresh-pr

A recipe for automating GitHub Pull Request release CI pipelines with Kubernetes, Helm and Codefresh.

Primary LanguageSmarty

Codefresh PR demo

A recipe for automating GitHub Pull Request release CI pipelines with Kubernetes, Helm and Codefresh.

Container registry, K8S cluster, and Helm

Although Codefresh can connect to other K8S cloud providers and container registries, for simplicity, this tutorial assumes a functioning GKE K8S cluster and GCR registry.

  1. In cloud console, note the GCP project name associated with your GKE cluster for use farther below.
  2. Create a new namespace if you don't have one you want to use for this demo. I recommend kubectl create ns codefresh, but the NAMESPACE environment variable required by this demo app is configurable.
  3. Helm must be installed, and you must be able to connect to Tiller to your desired namespace. The simplest way to secure your Tiller installation is the first approach (restart tiller with --listen=localhost:44134 flag) outlined in this excellent article by @anguslees. If you take a more complicated approach, this tutorial assumes you know what you're doing.

Connect your cluster and registry to Codefresh

In Codefresh UI:

  1. Connect your GKE cluster
  2. Connect your GCR registry

Set up a GitHub repo for a Codefresh pipeline

In GitHub UI:

  1. Fork this repo
  2. Create and save a new GitHub Personal access token, setting the repo scope

Connect your repository to Codefresh

In Codefresh UI:

  1. Create a Codefresh account with a GitHub user, if you haven't alrady done so. Note this demo is for GitHub - if you already have a Codefresh account connected to another git provider:

    Currently, it is possible to have only one git provider per account. You have to create a separate Codefresh account for each of your git providers.

    Be sure to accept the permission request for Codefresh to access your git provider account.

  2. Add your fork of this repo as a (GitHub) repository

  3. Create and save a new Codefresh API key

Configure a PR action filter pipeline

You will create two pipelines. This first pipeline will filter PR actions to only those you wish to trigger a Pull Request release: if the actions are one of "opened", "reopened", "synchronize", or "closed", this will trigger the second pipeline responsible for building the PR release. Note that a future feature of Codefresh - allowing selection of Pull Request actions to trigger a build - will make this first step unnecessary.

  1. Name your first pipeline "PR action filter"
  2. Under Configuration > General Settings > Automated build:
    1. Trigger flow on select All Branches and Tags
    2. Add webhook toggle On
    3. Trigger by select only Pull request opened
  3. Under Configuration > Environment Variables fill out the New variable key and value fields, and click Add variable for each of the below vars:
    1. PORT = 3000
    2. REGISTRY_DOMAIN = gcr.io
    3. REGISTRY_ACCOUNT = [your GCP project ID]
    4. NAMESPACE = [your desired K8S namespace]
    5. GITHUB_TOKEN = [your GitHub personal access token]
    6. API_KEY = [your Codefresh API key]
    7. PIPELINE_ID = [the ID of the next pipeline you will create. See next section]
  4. Under WORKFLOW toggle from Basic to YAML, and select Inline YAML
    1. Paste the contents of codefresh-actions.yaml from this repo into the textarea
    2. Note that we recommend Inline YAML for security reasons. The Use YAML from Repository option draws from the PR branch, and this can be a security risk (for example, an unprivileged user submitting a PR to a public repo could run arbitrary kubectl commands on the connected cluster)
  5. Click Save to save these configurations for this pipeline

Configure a PR release pipeline

Triggered only by the first "PR action filter" pipeline, this pipeline is responsible for building the Pull Request release, and updating the PR accordingly.

  1. Click Add Pipeline
  2. Name this second pipeline "PR release"
  3. Copy the pipeline ID, and add to the PIPELINE_ID environment variable in the previous pipeline (you can get the ID from the Codefresh CLI or by temporarily enabling the webhook option which contains the ID)
  4. Do not enable Configuration > General Settings > Automated build > Add webhook
  5. Do not bother configuring Configuration > Environment Variables, as they will be ignored since this pipeline is only built from the previous one, which in YAML is configured to pass along it's own environment variables.
  6. Under WORKFLOW toggle from Basic to YAML, and select Inline YAML
    1. Paste the contents of codefresh.yaml from this repo into the textarea
    2. Note that we recommend Inline YAML for security reasons. See explanation above
  7. Click Save to save these configurations for this pipeline

Create a test Pull Request

In GitHub UI:

  1. Browse to your new test repo
  2. Click Create new file
  3. Name your file test (file can be empty), select Create a new branch for this commit and start a pull request, and click Propose new file
  4. On the next page, click Create pull request

Expected results

In GitHub UI (or API):

  1. During build, the Pull Request Status should contain two pending checks:
    1. Codefresh - Build is pending or running, linking to the Codefresh build
    2. PR Release — Waiting for successful build
  2. On success, the Pull Request Status should contain two successful checks:
    1. Codefresh - Build passed, linking to the Codefresh build
    2. PR Release — Deployed to codefresh namespace, linking to the built PR release (printing only "Hello")