uds-core/tasks.yaml at main · defenseunicorns/uds-core · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
# Copyright 2024-2026 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial

variables:
  - name: FLAVOR
    default: upstream

  - name: LAYER

includes:
  - create: ./tasks/create.yaml
  - setup: ./tasks/setup.yaml
  - deploy: ./tasks/deploy.yaml
  - test: ./tasks/test.yaml
  - lint: ./tasks/lint.yaml
  - diagrams: ./tasks/diagrams.yaml

tasks:
  - name: default
    actions:
      - description: "Build, deploy and test UDS Core"
        task: test-uds-core

  - name: dev-setup
    description: "Create k3d cluster with istio"
    inputs:
      istio_components:
        description: "Comma separated list of istio components to deploy"
        default: ""
    actions:
      - description: "Create the dev cluster"
        task: setup:create-k3d-cluster

      - description: "Create required namespaces"
        cmd: |
          ./uds zarf tools kubectl create ns uds-policy-exemptions
          ./uds zarf tools kubectl create ns istio-system
          ./uds zarf tools kubectl create ns pepr-system

      - description: "Deploy the UDS CRDs and apply all hack dev manifests"
        cmd: |
          ./uds zarf tools kubectl apply -f src/pepr/uds-cluster-crds/templates/
          ./uds zarf tools kubectl apply -f hack/dev-manifests/

      # Note: the `registry-url` flag used here requires uds 0.19.2+
      - description: "Deploy the Istio source package with Zarf Dev"
        cmd: "./uds zarf dev deploy src/istio --flavor upstream --registry-url docker.io --components=${{ .inputs.istio_components }}"

      # Note: Since this is a dev deploy without any `--flavor` it only deploys the CRDs (other components are flavored)
      - description: "Deploy the Prometheus-Stack source package with Zarf Dev to only install the CRDs"
        cmd: "./uds zarf dev deploy src/prometheus-stack"

      - description: "Dev instructions"
        cmd: |
          echo "Next steps:"
          echo "  - To test & develop the Pepr module, run 'npx pepr dev' from a Javascript debug terminal"
          echo "  - Otherwise run 'npx pepr deploy' to deploy the Pepr module to the cluster"
          echo "  - Additional source packages can be deployed with 'zarf dev deploy src/<package> --flavor upstream'"

  - name: slim-dev
    actions:
      - description: "Build slim dev bundle"
        task: create:k3d-slim-dev-bundle

      - description: "Deploy slim dev bundle"
        task: deploy:k3d-slim-dev-bundle

  - name: slim-dev-ha
    description: "Build and deploy slim dev bundle with HA configuration"
    actions:
      - description: "Setup HA PostgreSQL"
        task: setup:ha-postgres
      - description: "Setup HA Redis"
        task: setup:ha-redis
      - description: "Build slim dev bundle"
        task: create:k3d-slim-dev-bundle
      - description: "Deploy slim dev bundle with HA configuration"
        task: deploy:k3d-slim-dev-bundle-ha

  - name: dev-identity
    description: "Create k3d cluster with istio, Pepr, Keycloak, and Authservice for development"
    actions:
      - task: dev-setup

      - description: "Deploy Pepr"
        cmd: "npx pepr deploy --yes"

      - description: "Deploy Keycloak + Authservice"
        cmd: "./uds run dev-deploy --set LAYER=identity-authorization --no-progress"

  - name: dev-deploy
    description: "Deploy the given core layer with Zarf Dev"
    actions:
      - cmd: "./uds zarf dev deploy packages/${LAYER} --flavor ${FLAVOR} --components '*'"

  - name: setup-cluster
    description: "Create a k3d Cluster and Initialize with Zarf"
    actions:
      - task: setup:k3d-test-cluster

  - name: create-standard-package
    description: "Create UDS Core Zarf Package, `upstream` flavor default, use --set FLAVOR={flavor} to change"
    actions:
      - task: create:standard-package

  - name: test-single-layer
    description: "Deploys k3d cluster, layer dependencies and the provided layer (based on LAYER variable)"
    actions:
      - task: test:layer-dependencies
      - task: test:single-layer

  - name: deploy-standard-bundle
    actions:
      - task: deploy:k3d-standard-bundle

  - name: test-uds-core
    description: "Build and test UDS Core"
    actions:
      - task: test:uds-core

  - name: test-uds-core-multi-node
    description: "Deploys UDS Core on a multi-node cluster (based on K3D_EXTRA_ARGS variable)"
    actions:
      - task: test:uds-core
        with:
          K3D_EXTRA_ARGS: "--servers 3 --agents 2"

  - name: test-uds-core-ha
    description: "Build and test UDS Core"
    actions:
      - task: setup:ha-postgres
      - task: setup:ha-redis
      - task: test:uds-core-ha

  - name: test-uds-core-ha-upgrade
    description: "Test an upgrade from the latest released UDS Core package with HA to current branch with HA"
    actions:
      - task: setup:ha-postgres
      - task: setup:ha-redis
      - task: test:uds-core-ha-upgrade

  - name: test-uds-core-upgrade
    description: "Test an upgrade from the latest released UDS Core package to current branch"
    actions:
      - task: test:uds-core-upgrade

  - name: lint-check
    description: "Run linting checks"
    actions:
      - task: lint:check

  - name: k8s-version-check
    description: "Verify documented k8s version matches CI config"
    actions:
      - task: lint:k8s-version-check

  - name: lint-fix
    description: "Fix linting issues"
    actions:
      - task: lint:fix

  # This task does not clone in/manage docs outside of the core repo so you may hit some 404s during development
  # This task does not run the integration-script in the uds-docs repo, the sidebar will not be the same as the live docs
  - name: dev-docs
    description: "Start the dev docs server"
    actions:
      - description: "Cleanup previous runs"
        cmd: |
          rm -rf uds-docs
      - description: "Clone the docs repo and symlink the reference docs"
        cmd: |
          git clone https://github.com/defenseunicorns/uds-docs.git uds-docs
          mkdir -p uds-docs/src/content/docs/core

          # Symlink only dirs listed in sidebarOrder (mirrors integration-script cleanup logic)
          allowed=$(./uds zarf tools yq -r '.sidebarOrder[] | (.dir // .)' docs/docs.config.json)
          for dir in $(pwd)/docs/*/; do
            name="$(basename "$dir")"
            echo "$allowed" | grep -qx "$name" && ln -s "$dir" uds-docs/src/content/docs/core/
          done
          # Also symlink the top-level index page if present
          [ -f "$(pwd)/docs/index.mdx" ] && ln -s "$(pwd)/docs/index.mdx" uds-docs/src/content/docs/core/
          ln -s $(pwd)/docs/.c4 uds-docs/src/content/docs/.c4
          ln -s $(pwd)/docs/.images uds-docs/src/content/docs/core/.images
      - description: "Create product config for dev server"
        cmd: |
          mkdir -p uds-docs/.product-configs

          jq '. + {repo: "defenseunicorns/uds-core"}' docs/docs.config.json \
            > uds-docs/.product-configs/uds-core.json
      - description: "Start the docs server with npm (this will run until you stop it)"
        cmd: |
          # Actual startup takes up to a minute because of the npm install
          cd uds-docs && npm i && npm run dev

  - name: uds-docs-validate
    description: "Validate and build uds-docs with latest uds-core docs"
    actions:
      - description: "Cleanup previous runs"
        cmd: |
          rm -rf uds-docs
      - description: "Clone the docs repo"
        cmd: git clone https://github.com/defenseunicorns/uds-docs.git uds-docs
      - description: "UDS Docs Integration Script"
        cmd: cd uds-docs && npm i && DOCS_OVERRIDES="uds-core=$(pwd)/.." npm run build

  - name: update-diagrams
    description: "Regenerate C4 and D2 Diagrams"
    actions:
      - description: "Regenerate C4 Diagrams"
        task: diagrams:c4-update

  - name: check-ca-certs
    description: "Checks CA certificates for updates"
    actions:
      - cmd: npx ts-node --project scripts/root-ca-retriever/tsconfig.json scripts/root-ca-retriever/index.ts --check

  - name: update-ca-certs
    description: "Updates CA certificates"
    actions:
      - cmd: npx ts-node --project scripts/root-ca-retriever/tsconfig.json scripts/root-ca-retriever/index.ts
      - description: "Add license headers to generated CA configmap"
        shell:
          darwin: bash
          linux: bash
        cmd: |
          # check for addlicense bin
          if [ -x "$HOME/go/bin/addlicense" ]; then
            echo "addlicense installed in $HOME/go/bin"
          else
            echo "Error: addlicense is not installed in $HOME/go/bin" >&2
            exit 1
          fi
          $HOME/go/bin/addlicense -l "AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial" -s=only -v -c "Defense Unicorns" src/pepr/uds-operator-config/templates/uds-ca-certs.yaml