Merge pull request #93 from microsoft/feature/create-e2e-deployment

Feature/create e2e deployment

Author: paullatzelsperger

.github/workflows/build-docker.yaml

@@ -47,34 +47,78 @@ jobs:
       - name: Build NAR file
         run: ./gradlew nar
 
-      # until improved container support is enabled for the repo, we'll stick with V1 of the action
-      - name: Push to GitHub Packages
-        uses: docker/build-push-action@v1
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
         with:
-          path: external/nifi
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-          registry: docker.pkg.github.com
-          repository: microsoft/data-appliance-gx/nifi
-          tag_with_ref: false
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: external/nifi
+          push: true
+          platforms: linux/amd64,linux/arm64
+          cache-to: type=inline
+          tags: beardyinc/nifi:latest
 
 
         # we can enable the v2 of the docker build once the improved container support has been enabled for the repo:
         # https://bit.ly/3hB5sJ6
 
-#      - name: Login to Github Container Registry
-#        uses: docker/login-action@v1
-#        with:
-#          registry: ghcr.io
-#          username: ${{ github.repository_owner }}
-#          password: ${{ secrets.GITHUB_TOKEN }}
-#
-#      - name: Build and push
-#        uses: docker/build-push-action@v2
-#        with:
-#          context: external/nifi
-#          pull: true
-#          push: true
-#          #          cache-from: type=registry,ref=microsoft/data-appliance-gx/nifi:latest
-#          cache-to: type=inline
-#          tags: ghcr.io/microsoft/data-appliance-gx/nifi:latest
+      #      - name: Login to Github Container Registry
+      #        uses: docker/login-action@v1
+      #        with:
+      #          registry: ghcr.io
+      #          username: ${{ github.repository_owner }}
+      #          password: ${{ secrets.GITHUB_TOKEN }}
+      #
+      #      - name: Build and push
+      #        uses: docker/build-push-action@v2
+      #        with:
+      #          context: external/nifi
+      #          pull: true
+      #          push: true
+      #          #          cache-from: type=registry,ref=microsoft/data-appliance-gx/nifi:latest
+      #          cache-to: type=inline
+      #          tags: ghcr.io/microsoft/data-appliance-gx/nifi:latest
+
+  build-connector-image:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up JDK 11
+        uses: actions/setup-java@v1
+        with:
+          java-version: '11'
+
+      - name: Build Azure Image
+        run: ./gradlew clean shadowJar
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: distributions/demo-e2e
+          pull: true
+          push: true
+          platforms: linux/amd64,linux/arm64
+          cache-to: type=inline
+          tags: beardyinc/dagx-demo:latest

.github/workflows/terraform.yaml

@@ -0,0 +1,108 @@
+# This workflow installs the latest version of Terraform CLI and configures the Terraform CLI configuration file
+# with an API token for Terraform Cloud (app.terraform.io). On pull request events, this workflow will run
+# `terraform init`, `terraform fmt`, and `terraform plan` (speculative plan via Terraform Cloud). On push events
+# to the main branch, `terraform apply` will be executed.
+#
+# Documentation for `hashicorp/setup-terraform` is located here: https://github.com/hashicorp/setup-terraform
+#
+# To use this workflow, you will need to complete the following setup steps.
+#
+# 1. Create a `main.tf` file in the root of this repository with the `remote` backend and one or more resources defined.
+#   Example `main.tf`:
+#     # The configuration for the `remote` backend.
+#     terraform {
+#       backend "remote" {
+#         # The name of your Terraform Cloud organization.
+#         organization = "example-organization"
+#
+#         # The name of the Terraform Cloud workspace to store Terraform state files in.
+#         workspaces {
+#           name = "example-workspace"
+#         }
+#       }
+#     }
+#
+#     # An example resource that does nothing.
+#     resource "null_resource" "example" {
+#       triggers = {
+#         value = "A example resource that does nothing!"
+#       }
+#     }
+#
+#
+# 2. Generate a Terraform Cloud user API token and store it as a GitHub secret (e.g. TF_API_TOKEN) on this repository.
+#   Documentation:
+#     - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html
+#     - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets
+#
+# 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action.
+#   Example:
+#     - name: Setup Terraform
+#       uses: hashicorp/setup-terraform@v1
+#       with:
+#         cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+name: 'Terraform'
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+    environment: production
+    env:
+      ARM_CLIENT_ID: ${{ secrets.AZURE_AD_CIENT_ID }}
+      ARM_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }}
+      ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_AD_SUBSCRIPTION_ID }}
+      ARM_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }}
+      TF_VAR_CERTIFICATE: ${{ secrets.PRIMARY_APP_ID_CERT }}
+      AWS_DEFAULT_REGION: "us-east-1"
+      AWS_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.S3_SECRET_ACCESS_KEY }}
+
+    # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          # terraform_version: 0.13.0:
+          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+      - name: Terraform Format
+        id: fmt
+        run: terraform -chdir=scripts fmt -check
+
+      - name: Terraform Init
+        id: init
+        run: terraform -chdir=scripts init
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform -chdir=scripts validate -no-color
+
+      - name: Terraform Plan
+        id: plan
+        if: github.event_name == 'pull_request'
+        run: terraform -chdir=scripts plan -no-color -var "resourcesuffix=dev" -var "backend_account_key=${{ secrets.TF_BACKEND_KEY }}"
+
+
+      - name: Taint the connector instance
+        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+        run: terraform -chdir=scripts taint azurerm_container_group.connector-instance
+        continue-on-error: true
+
+      - name: Terraform Apply
+        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+        run: terraform -chdir=scripts apply -var "resourcesuffix=dev" -var "backend_account_key=${{ secrets.TF_BACKEND_KEY }}" -auto-approve

.github/workflows/verify.yaml

@@ -9,11 +9,13 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Set up JDK 11
+        id: setup-jdk
         uses: actions/setup-java@v1
         with:
           java-version: '11'
 
       - name: Gradle Test Core
+        id: test
         env:
           AZ_STORAGE_SAS: ${{ secrets.AZ_STORAGE_SAS }}
           AZ_STORAGE_KEY: ${{ secrets.AZ_STORAGE_KEY }}
@@ -23,6 +25,7 @@ jobs:
         run: ./gradlew clean check -x :extensions:catalog:catalog-atlas:check -x :extensions:security:security-azure:check  -x :extensions:transfer:transfer-nifi:check -x :external:nifi:processors:check
 
       - name: Publish Unit Test Results
+        id: publish-results
         uses: EnricoMi/publish-unit-test-result-action@v1
         if: always()
         with:
@@ -48,6 +51,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Set up JDK 11
+        id: setup-jdk
         uses: actions/setup-java@v1
         with:
           java-version: '11'
@@ -62,6 +66,7 @@ jobs:
         run: ./gradlew extensions:transfer:transfer-nifi:check
 
       - name: Test Atlas Integration
+        id: atlas-integration
         run: ./gradlew extensions:catalog:catalog-atlas:check
 
 
@@ -76,13 +81,15 @@ jobs:
           java-version: '11'
 
       - name: Test Custom Nifi Processors
+        id: custom-nifi-processors
         env:
           S3_SECRET_ACCESS_KEY: ${{ secrets.S3_SECRET_ACCESS_KEY }}
           S3_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_KEY_ID }}
           AZ_STORAGE_SAS: ${{ secrets.AZ_STORAGE_SAS }}
         run: ./gradlew external:nifi:processors:check
 
       - name: Test Azure Vault Integration
+        id: azure-vault-tests
         env:
           AZ_STORAGE_SAS: ${{ secrets.AZ_STORAGE_SAS }}
         run: ./gradlew extensions:security:security-azure:check

.gitignore

@@ -46,3 +46,5 @@ distributions/azure/azure.properties
 
 .DS_Store
 **/secrets
+kubeconfig
+**/dagx-config.properties

build.gradle.kts

@@ -8,7 +8,7 @@ plugins {
 }
 
 repositories {
-    jcenter()
+    mavenCentral()
 }
 
 val jetBrainsAnnotationsVersion: String by project
@@ -21,7 +21,7 @@ val configFs by extra { System.getProperty("configuration.fs", "disabled") }
 subprojects {
 
     repositories {
-        jcenter()
+        mavenCentral()
         maven {
             url = uri("https://maven.iais.fraunhofer.de/artifactory/eis-ids-public/")
         }

common/src/main/java/com/microsoft/dagx/common/string/StringUtils.java

@@ -24,4 +24,8 @@ public static boolean isNullOrBlank(String str) {
     public static boolean equalsIgnoreCase(String str1, String str2) {
         return str1 == null ? str2 == null : str1.equalsIgnoreCase(str2);
     }
+
+    public static String toString(Object nullable) {
+        return nullable != null ? nullable.toString() : null;
+    }
 }

core/src/main/java/com/microsoft/dagx/system/DefaultServiceExtensionContext.java

@@ -13,12 +13,7 @@
 import com.microsoft.dagx.spi.types.TypeManager;
 import com.microsoft.dagx.util.TopologicalSort;
 
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 import java.util.stream.Collectors;
 
 import static com.microsoft.dagx.spi.system.ServiceExtension.LoadPhase.DEFAULT;
@@ -48,8 +43,8 @@ public DefaultServiceExtensionContext(TypeManager typeManager, Monitor monitor,
         this.monitor = monitor;
         this.serviceLocator = serviceLocator;
         // register as services
-        this.services.put(TypeManager.class, typeManager);
-        this.services.put(Monitor.class, monitor);
+        services.put(TypeManager.class, typeManager);
+        services.put(Monitor.class, monitor);
     }
 
     public void initialize() {

core/src/main/java/com/microsoft/dagx/system/ExtensionLoader.java

@@ -45,6 +45,7 @@ public static void loadVault(DefaultServiceExtensionContext context) {
             context.getMonitor().info("Secrets vault not configured. Defaulting to null vault.");
         }
         vaultExtension.initialize(context.getMonitor());
+        vaultExtension.intializeVault(context);
         context.registerService(Vault.class, vaultExtension.getVault());
         context.registerService(PrivateKeyResolver.class, vaultExtension.getPrivateKeyResolver());
         context.registerService(CertificateResolver.class, vaultExtension.getCertificateResolver());

distributions/azure/build.gradle.kts

@@ -37,7 +37,7 @@ dependencies {
     implementation(project(":extensions:configuration:configuration-fs"))
 
     implementation(project(":extensions:catalog:catalog-atlas"))
-    implementation(project(":extensions:catalog:catalog-atlas-dataseed"))
+    implementation(project(":extensions:dataseed:dataseed-atlas"))
     implementation(project(":extensions:transfer:transfer-store-memory"))
 
     implementation(project(":extensions:policy:policy-registry-memory"))

distributions/demo-e2e/Dockerfile

@@ -0,0 +1,18 @@
+FROM openjdk:11-jre-slim
+
+WORKDIR /app
+COPY ./build/libs/dagx-demo-e2e.jar /app
+#COPY ./dagx-config-docker.properties /app/dagx-config.properties
+#COPY ./cert.pfx /cert
+
+EXPOSE 8181
+
+ENTRYPOINT java \
+    -Ddagx.vault.clientid=${CLIENTID} \
+    -Ddagx.vault.tenantid=${TENANTID} \
+    -Ddagx.vault.certificate=/cert/cert.pfx \
+    -Ddagx.vault.name=${VAULTNAME} \
+    -Ddagx.atlas.url=${ATLAS_URL} \
+    -Ddagx.nifi.url=${NIFI_URL} \
+    -Ddagx.nifi.flow.url=${NIFI_FLOW_URL} \
+    -Djava.security.edg=file:/dev/.urandom -jar dagx-demo-e2e.jar