Add CI base images pipeline (#551)

* Initial commit for base image pipeline
* Add basic python3, nodejs, java tests
* Update ci README

TODO: 
* add more tests

Author: zimengyang

ci/README.md

@@ -5,9 +5,10 @@ Dispatch Concourse server can be accessed via [ci.dispatchframework.io](https://
 
 ## Current pipelines
 
-Dispatch CI consists (as of today) of two pipelines:
+Dispatch CI consists (as of today) of the following pipelines:
 * `dispatch-pr` - executed for every Pull Request. runs basic syntax checks, unit tests and coverage.
 * `e2e` - executed for open PRs with `run-e2e` label.
+* `base-images` - executed for open PRs on every language base images
 
 New pipelines will be added as needed.
 
@@ -17,7 +18,22 @@ E2E pipeline runs 3 jobs:
 
 * `build-images` - compiles binaries, builds docker images and pushes them to a docker registry with tag based on date and commit id.
 * `deploy-dispatch` - Deploys dispatch o one of pre-created k8s clusters. Access to these clusters is managed using [Pool resource](https://github.com/concourse/pool-resource).
-* `run-tests` - Executes all tests defined in `e2e/tests`. Tests are written using [Bats](https://github.com/sstephenson/bats). 
+* `run-tests` - Executes all tests defined in `e2e/tests`. Tests are written using [Bats](https://github.com/sstephenson/bats).
+
+### Base Images pipeline
+
+`base-images` has several jobs:
+* `create-gke-cluster` and `delete-gke-cluster`: create and delete gke cluster. Both jobs are triggered manually.
+* `install-dispatch`: deploys dispatch running instance, triggered by every Dispatch release and will update the existing dispatch instance automatically.
+* `uninstall-dispatch`: uninstalls dispatch, triggered manually.
+
+For each specific language, will have following jobs:
+* `build-<LANGUAGE>-base-image`: builds base image based on language pr.
+* `test-<LANGUAGE>-base-image`: runs tests on the base image from above pr. And report status back to github pull request.
+
+To add tests for a base image:
+* `dispatch/ci/base-images/tests/<LANGUAGE>/task.yml`: concourse ci job yml runs tests. Customize this file to add more language-specific tests preparation.
+* `dispatch/ci/base-images/tests/<LANGUAGE>/tests.bats`: bats file contains all tests functions. Tests inside this file will be executed by default.
 
 
 ## Introduction to Concourse
@@ -43,7 +59,7 @@ dispatch-pr  no      yes
 ```
 $ fly -t dispatch jobs -p dispatch-pr
 name            paused  status     next
-dispatch-basic  no      succeeded  n/a 
+dispatch-basic  no      succeeded  n/a
 ```
 
 Pipelines in Concourse revolve around three main concepts: *tasks*, *jobs* and *resources* (read more about them [here](http://concourse.ci/concepts.html)).

ci/base-images/base-image-tag.yml

@@ -0,0 +1,30 @@
+---
+platform: linux
+
+image_resource:
+  type: docker-image
+  source:
+    repository: vmware/dispatch-golang-ci
+    tag: "1.10"
+
+inputs:
+- name: base-image
+
+outputs:
+- name: build-context
+
+run:
+  path: /bin/bash
+  args:
+  - -c
+  - |
+    set -e -x -u
+
+    cp -r base-image/* build-context/
+
+    pushd base-image
+      export IMAGE_TAG="$(date +'%y%m%d%H%M%S')-$(git rev-parse --short HEAD)"
+    popd
+
+    echo ${IMAGE_TAG} > build-context/tag
+    echo "tag=${IMAGE_TAG}" > build-context/keyval.properties

ci/base-images/config-dispatch-env.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+cp dispatch-release/dispatch-linux /usr/local/bin/dispatch
+chmod +x /usr/local/bin/dispatch
+
+export INSTALL_DISPATCH=0
+export CI=true
+export TERM=linux
+export DISPATCH_ORGANIZATION=ci-org
+export DISPATCH_SERVICE_ACCOUNT="ci-org/ci-user"
+export DISPATCH_JWT_PRIVATE_KEY=$(pwd)/ci-keys/ci-user.key
+
+mkdir -p ~/.dispatch
+
+export LOADBALANCER_IP=$(kubectl get svc/ingress-nginx-ingress-controller -n kube-system -o json | jq -r '.status.loadBalancer.ingress[0].ip')
+export API_GATEWAY_IP=$(kubectl get svc/api-gateway-kongproxy -n kong -o json | jq -r '.status.loadBalancer.ingress[0].ip')
+cp dispatch/ci/base-images/configs/dispatch-config.json ~/.dispatch/config.json
+sed -i "s/LOADBALANCER_IP/$LOADBALANCER_IP/g" ~/.dispatch/config.json
+sed -i "s/CURRENT_CONTEXT/$(echo $LOADBALANCER_IP | tr '.' '-')/g" ~/.dispatch/config.json
+
+export API_GATEWAY_HTTPS_HOST="https://${API_GATEWAY_IP}:443"
+export API_GATEWAY_HTTP_HOST="http://${API_GATEWAY_IP}:80"

ci/base-images/config-gke-env.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# config gke environment: account, project and zone
+set -e +x -u
+
+: ${GKE_ZONE:="us-west1-c"}
+
+echo "Setting up GKE key"
+echo ${GKE_KEY} | base64 --decode --ignore-garbage > ${HOME}/gcloud-service-key.json
+echo "Activating GKE account"
+gcloud auth activate-service-account --key-file ${HOME}/gcloud-service-key.json >/dev/null 2>&1
+echo "Setting GKE project"
+gcloud config set project ${GKE_PROJECT_ID} >/dev/null 2>&1
+echo "Setting default GKE compute zone"
+gcloud config set compute/zone ${GKE_ZONE} >/dev/null 2>&1
+
+set -x

ci/base-images/config-k8s-env.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# config k8s cluster environment: get cluster credentials
+set -e +x -u
+
+export cluster_name=$(cat k8s-cluster/keyval.properties | grep "cluster_name" | cut -d'=' -f2)
+gcloud container clusters get-credentials ${cluster_name}
+
+helm init -c
+helm repo remove local
+
+set -x

ci/base-images/configs/dispatch-config.json

@@ -0,0 +1,14 @@
+{
+  "current": "CURRENT_CONTEXT",
+  "contexts": {
+    "CURRENT_CONTEXT": {
+      "host": "LOADBALANCER_IP",
+      "port": 443,
+      "organization": "",
+      "cookie": "",
+      "insecure": true,
+      "json": false,
+      "namespace": "dispatch"
+    }
+  }
+}

ci/base-images/configs/dispatch-install.yml

@@ -0,0 +1,14 @@
+ingress:
+  serviceType: LoadBalancer
+apiGateway:
+  serviceType: LoadBalancer
+  host: 10.0.0.1
+dispatch:
+  host: 10.0.0.1
+  port: 443
+  faas: FAAS
+  eventTransport: EVENT_TRANSPORT
+  image:
+    host: DOCKER_REGISTRY_HOST
+    tag: IMAGE_TAG
+  skipAuth: false

ci/base-images/gke-cluster-create.yml

@@ -0,0 +1,39 @@
+---
+platform: linux
+
+image_resource:
+  type: docker-image
+  source:
+    repository: vmware/dispatch-k8s-ci
+    tag: v0.0.12
+
+params:
+  GKE_KEY:
+  GKE_PROJECT_ID:
+  K8S_VERSION: 1.9.6-gke.1
+  GKE_ZONE: us-west1-c
+  CLUSTER_NAME_SUFFIX: job
+
+inputs:
+- name: dispatch
+
+outputs:
+- name: k8s-cluster
+
+run:
+  path: /bin/bash
+  args:
+  - -c
+  - |
+    set -e -x -u
+
+    source dispatch/ci/base-images/config-gke-env.sh
+
+    export cluster_name=dispatch-ci-${CLUSTER_NAME_SUFFIX}-$(date +%s)-${RANDOM}
+    echo "cluster_name=${cluster_name}" > k8s-cluster/name
+
+    gcloud container clusters create -m n1-standard-2 --cluster-version ${K8S_VERSION} ${cluster_name}
+    gcloud container clusters get-credentials ${cluster_name}
+    kubectl create clusterrolebinding tiller-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default
+
+    helm init --wait

ci/base-images/gke-cluster-delete.yml

@@ -0,0 +1,62 @@
+---
+platform: linux
+
+image_resource:
+  type: docker-image
+  source:
+    repository: vmware/dispatch-k8s-ci
+    tag: v0.0.12
+
+params:
+  GKE_KEY:
+  GKE_PROJECT_ID:
+  MAX_ATTEMPTS: 18
+  TIMEOUT: 10
+
+inputs:
+- name: dispatch
+- name: k8s-cluster
+
+run:
+  path: /bin/bash
+  args:
+  - -c
+  - |
+    set -e -x -u
+
+    source dispatch/ci/base-images/config-gke-env.sh
+    source dispatch/ci/base-images/config-k8s-env.sh
+
+    set +x
+
+    # Delete load balancers
+    while read -r line && [[ -n ${line} ]]; do
+        namespace=$(echo $line | awk '{print $1;}')
+        svc_name=$(echo $line | awk '{print $2;}')
+        attempts=0
+
+        kubectl delete -n ${namespace} svc ${svc_name}
+
+        # Wait until LB is deleted asynchronously before deleting cluster (Workaround for https://github.com/kubernetes/kubernetes/issues/51701)
+        until (kubectl get -n ${namespace} events | grep ${svc_name} | grep -q DeletedLoadBalancer); do
+            sleep ${TIMEOUT}
+            attempts=$((attempts+1))
+
+            # Prevent possible infinite loop
+            if [[ ${attempts} -ge ${MAX_ATTEMPTS} ]]; then
+                break
+            fi
+        done
+    done <<< $(kubectl get svc --all-namespaces | grep LoadBalancer)
+
+    # Persistant storage info
+    export PERSISTANT_STORAGE=$(kubectl -n dispatch get pv -o json | jq -r '.items[0].spec.gcePersistentDisk.pdName // empty')
+
+    # Delete cluster
+    gcloud container clusters delete --quiet ${cluster_name}
+    # Delete persistent storage
+    if [[ -n ${PERSISTANT_STORAGE} ]]; then
+      gcloud compute disks delete --quiet ${PERSISTANT_STORAGE}
+    fi
+
+    set -x

ci/base-images/install-dispatch.yml

@@ -0,0 +1,91 @@
+---
+platform: linux
+
+image_resource:
+  type: docker-image
+  source:
+    repository: vmware/dispatch-k8s-ci
+    tag: v0.0.12
+
+params:
+  GKE_KEY:
+  GKE_PROJECT_ID:
+  DOCKER_REGISTRY_HOST:
+  FAAS: openfaas
+  EVENT_TRANSPORT: kafka
+
+inputs:
+- name: dispatch
+- name: dispatch-release
+- name: k8s-cluster
+
+
+outputs:
+- name: ci-keys
+
+run:
+  path: /bin/bash
+  args:
+  - -c
+  - |
+    set -e -x -u
+
+    source dispatch/ci/base-images/config-gke-env.sh
+    source dispatch/ci/base-images/config-k8s-env.sh
+
+    cp dispatch-release/dispatch-linux /usr/local/bin/dispatch
+    chmod +x /usr/local/bin/dispatch
+
+    export IMAGE_TAG="v$(cat dispatch-release/version)"
+
+    set +x
+    cp dispatch/ci/base-images/configs/dispatch-install.yml install.yml
+    set -x
+
+    # setup install config file
+    sed -i "s/IMAGE_TAG/${IMAGE_TAG}/g" install.yml
+    sed -i "s#DOCKER_REGISTRY_HOST#${DOCKER_REGISTRY_HOST}#g" install.yml
+    sed -i "s/FAAS/${FAAS}/g" install.yml
+    sed -i "s/EVENT_TRANSPORT/${EVENT_TRANSPORT}/g" install.yml
+
+    cp -r dispatch/charts ./charts
+
+    dispatch install --file install.yml --charts-dir ./charts
+
+    # setup Dispatch config
+    mkdir -p ~/.dispatch
+
+    export LOADBALANCER_IP=$(kubectl get svc/ingress-nginx-ingress-controller -n kube-system -o json | jq -r '.status.loadBalancer.ingress[0].ip')
+    cp dispatch/ci/base-images/configs/dispatch-config.json ~/.dispatch/config.json
+    sed -i "s/LOADBALANCER_IP/$LOADBALANCER_IP/g" ~/.dispatch/config.json
+    sed -i "s/CURRENT_CONTEXT/$(echo $LOADBALANCER_IP | tr '.' '-')/g" ~/.dispatch/config.json
+
+    # Bootstrap Dispatch with default org, service-accounts
+    dispatch manage bootstrap --bootstrap-org ci-org
+
+    if (dispatch iam get serviceaccount | grep -q ci-user)
+    then
+      # delete servcie account first
+      dispatch iam delete serviceaccount ci-user
+    fi
+
+    if (dispatch iam get policy | grep -q ci-user-admin-policy)
+    then
+      # delete svc acct policy
+      dispatch iam delete policy ci-user-admin-policy
+    fi
+
+    # generate svc-acct keys
+    openssl genrsa -out ci-keys/ci-user.key 4096
+    openssl rsa -in ci-keys/ci-user.key -pubout -outform PEM -out ci-keys/ci-user.key.pub
+
+    # Create ci-user service account
+    dispatch iam create serviceaccount \
+      ci-user \
+      --public-key ci-keys/ci-user.key.pub
+
+    # Create super-admin policy for the service account
+    dispatch iam create policy \
+      ci-user-admin-policy \
+      --subject ci-user --action "*" --resource "*" \
+      --global