Merge pull request #1032 from snyk/test/sysdig-deploy

ivanstanev · web-flow · commit d33e93b170d0 · 2022-03-11T18:54:30.000Z
Test/sysdig deploy
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -154,7 +154,7 @@ jobs:
                 name: Notify Slack on failure
                 when: on_fail
         working_directory: ~/kubernetes-monitor
-    deploy_dev:
+    deploy_to_dev:
         docker:
             - auth:
                 password: $DOCKERHUB_PASSWORD
@@ -178,7 +178,7 @@ jobs:
                 name: Notify Slack on failure
                 when: on_fail
         working_directory: ~/kubernetes-monitor
-    deploy_prod:
+    deploy_to_prod:
         docker:
             - auth:
                 password: $DOCKERHUB_PASSWORD
@@ -201,6 +201,47 @@ jobs:
                 name: Notify Slack on failure
                 when: on_fail
         working_directory: ~/kubernetes-monitor
+    deploy_to_sysdig_integration_cluster:
+        docker:
+            - auth:
+                password: $DOCKERHUB_PASSWORD
+                username: $DOCKERHUB_USER
+              image: cimg/base:stable
+        steps:
+            - checkout
+            - run:
+                command: |
+                    LATEST_KUBECTL_VERSION=$(curl -L -s https://dl.k8s.io/release/stable.txt)
+                    curl -LO "https://dl.k8s.io/release/${LATEST_KUBECTL_VERSION}/bin/linux/amd64/kubectl"
+                    curl -LO "https://dl.k8s.io/${LATEST_KUBECTL_VERSION}/bin/linux/amd64/kubectl.sha256"
+                    echo "$(<kubectl.sha256) kubectl" | sha256sum --check
+                    sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
+                    # Ensure the kubectl command is runnable
+                    kubectl version --client
+                    # Prepare kubeconfig to point to the cluster
+                    mkdir ~/.kube || true
+                    printf "%s" "${SYSDIG_KUBECONFIG}" | base64 -d > ~/.kube/config
+                name: Install and prepare kubectl
+            - run:
+                command: |
+                    curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+                    chmod 700 get_helm.sh
+                    ./get_helm.sh
+                    # Ensure the Helm command is runnable
+                    helm version
+                name: Install Helm
+            - run:
+                command: |
+                    LATEST_TAG_WITH_V=`git describe --abbrev=0 --tags ${CIRCLE_SHA1}`
+                    LATEST_TAG=${LATEST_TAG_WITH_V:1}-approved
+                    ./scripts/slack/notify_deploy.py $LATEST_TAG sysdig-integration-cluster
+                    helm upgrade --install snyk-monitor ./snyk-monitor --namespace snyk-monitor --set image.tag=${LATEST_TAG} --set clusterName="Sysdig cluster" --set sysdig.enabled=true
+                name: Deploy to shared Sysdig cluster
+            - run:
+                command: ./scripts/slack/notify_failure.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
+                name: Notify Slack on failure
+                when: on_fail
+        working_directory: ~/kubernetes-monitor
     eks_integration_tests:
         machine:
             docker_layer_caching: true
@@ -1026,7 +1067,7 @@ workflows:
                     branches:
                         only:
                             - master
-            - deploy_prod:
+            - deploy_to_prod:
                 filters:
                     branches:
                         only:
@@ -1126,7 +1167,14 @@ workflows:
                     - integration_tests
                     - integration_tests_helm
                     - integration_tests_proxy
-            - deploy_dev:
+            - deploy_to_dev:
+                filters:
+                    branches:
+                        only:
+                            - staging
+                requires:
+                    - tag_and_push
+            - deploy_to_sysdig_integration_cluster:
                 filters:
                     branches:
                         only:
diff --git a/.circleci/config/@config.yml b/.circleci/config/@config.yml
@@ -97,7 +97,11 @@ workflows:
             - integration_tests_helm
             - integration_tests_proxy
           <<: *staging_branch_only_filter
-      - deploy_dev:
+      - deploy_to_dev:
+          requires:
+            - tag_and_push
+          <<: *staging_branch_only_filter
+      - deploy_to_sysdig_integration_cluster:
           requires:
             - tag_and_push
           <<: *staging_branch_only_filter
@@ -106,7 +110,7 @@ workflows:
     jobs:
       - publish:
           <<: *master_branch_only_filter
-      - deploy_prod:
+      - deploy_to_prod:
           requires:
             - publish
           <<: *master_branch_only_filter
diff --git a/.circleci/config/jobs/@jobs.yml b/.circleci/config/jobs/@jobs.yml
@@ -380,31 +380,6 @@ tag_and_push:
         command: ./scripts/slack/notify_failure.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
         when: on_fail
 
-deploy_dev:
-  docker:
-    - image: cimg/node:16.13
-      auth:
-        username: $DOCKERHUB_USER
-        password: $DOCKERHUB_PASSWORD
-  working_directory: ~/kubernetes-monitor
-  steps:
-    - checkout
-    - install_python_requests
-    - run:
-        name: Deploy to dev
-        command: |
-          LATEST_TAG_WITH_V=`git describe --abbrev=0 --tags ${CIRCLE_SHA1}` &&
-          LATEST_TAG=${LATEST_TAG_WITH_V:1}-approved &&
-          ./scripts/slack/notify_deploy.py $LATEST_TAG dev &&
-          curl -s --fail --show-error -i -H "Accept: application/json" -H "Content-Type: application/json" \
-              -X POST -d "{\"docker_sha\":\"${LATEST_TAG}\", \
-                            \"commit_hash\":\"${CIRCLE_SHA1}\"}" \
-              https://my.dev.snyk.io/${DEV_DEPLOY_TOKEN}
-    - run:
-        name: Notify Slack on failure
-        command: ./scripts/slack/notify_failure.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
-        when: on_fail
-
 ######################## MERGE TO MASTER ########################
 publish:
   docker:
@@ -469,27 +444,3 @@ publish:
         name: Notify Slack on failure
         command: ./scripts/slack/notify_failure.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
         when: on_fail
-
-deploy_prod:
-  docker:
-    - image: cimg/node:16.13
-      auth:
-        username: $DOCKERHUB_USER
-        password: $DOCKERHUB_PASSWORD
-  working_directory: ~/kubernetes-monitor
-  steps:
-    - checkout
-    - install_python_requests
-    - run:
-        name: Deploy to prod
-        command: |
-          LATEST_TAG_WITH_V=`git describe --abbrev=0 --tags ${CIRCLE_SHA1}` &&
-          LATEST_TAG=${LATEST_TAG_WITH_V:1} &&
-          ./scripts/slack/notify_deploy.py $LATEST_TAG prod &&
-          curl -s --fail --show-error -i -H "Accept: application/json" -H "Content-Type: application/json" \
-              -X POST -d "{}" \
-              https://my.prod.snyk.io/${PROD_DEPLOY_TOKEN}
-    - run:
-        name: Notify Slack on failure
-        command: ./scripts/slack/notify_failure.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
-        when: on_fail
diff --git a/.circleci/config/jobs/deploy_to_dev.yml b/.circleci/config/jobs/deploy_to_dev.yml
@@ -0,0 +1,25 @@
+docker:
+  - image: cimg/node:16.13
+    auth:
+      username: $DOCKERHUB_USER
+      password: $DOCKERHUB_PASSWORD
+working_directory: ~/kubernetes-monitor
+steps:
+  - checkout
+  - install_python_requests
+
+  - run:
+      name: Deploy to dev
+      command: |
+        LATEST_TAG_WITH_V=`git describe --abbrev=0 --tags ${CIRCLE_SHA1}` &&
+        LATEST_TAG=${LATEST_TAG_WITH_V:1}-approved &&
+        ./scripts/slack/notify_deploy.py $LATEST_TAG dev &&
+        curl -s --fail --show-error -i -H "Accept: application/json" -H "Content-Type: application/json" \
+            -X POST -d "{\"docker_sha\":\"${LATEST_TAG}\", \
+                          \"commit_hash\":\"${CIRCLE_SHA1}\"}" \
+            https://my.dev.snyk.io/${DEV_DEPLOY_TOKEN}
+
+  - run:
+      name: Notify Slack on failure
+      command: ./scripts/slack/notify_failure.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
+      when: on_fail
diff --git a/.circleci/config/jobs/deploy_to_prod.yml b/.circleci/config/jobs/deploy_to_prod.yml
@@ -0,0 +1,24 @@
+docker:
+  - image: cimg/node:16.13
+    auth:
+      username: $DOCKERHUB_USER
+      password: $DOCKERHUB_PASSWORD
+working_directory: ~/kubernetes-monitor
+steps:
+  - checkout
+  - install_python_requests
+
+  - run:
+      name: Deploy to prod
+      command: |
+        LATEST_TAG_WITH_V=`git describe --abbrev=0 --tags ${CIRCLE_SHA1}` &&
+        LATEST_TAG=${LATEST_TAG_WITH_V:1} &&
+        ./scripts/slack/notify_deploy.py $LATEST_TAG prod &&
+        curl -s --fail --show-error -i -H "Accept: application/json" -H "Content-Type: application/json" \
+            -X POST -d "{}" \
+            https://my.prod.snyk.io/${PROD_DEPLOY_TOKEN}
+
+  - run:
+      name: Notify Slack on failure
+      command: ./scripts/slack/notify_failure.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
+      when: on_fail
diff --git a/.circleci/config/jobs/deploy_to_sysdig_integration_cluster.yml b/.circleci/config/jobs/deploy_to_sysdig_integration_cluster.yml
@@ -0,0 +1,44 @@
+docker:
+  - image: cimg/base:stable
+    auth:
+      username: $DOCKERHUB_USER
+      password: $DOCKERHUB_PASSWORD
+working_directory: ~/kubernetes-monitor
+steps:
+  - checkout
+
+  - run:
+      name: Install and prepare kubectl
+      command: |
+        LATEST_KUBECTL_VERSION=$(curl -L -s https://dl.k8s.io/release/stable.txt)
+        curl -LO "https://dl.k8s.io/release/${LATEST_KUBECTL_VERSION}/bin/linux/amd64/kubectl"
+        curl -LO "https://dl.k8s.io/${LATEST_KUBECTL_VERSION}/bin/linux/amd64/kubectl.sha256"
+        echo "$(<kubectl.sha256) kubectl" | sha256sum --check
+        sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
+        # Ensure the kubectl command is runnable
+        kubectl version --client
+        # Prepare kubeconfig to point to the cluster
+        mkdir ~/.kube || true
+        printf "%s" "${SYSDIG_KUBECONFIG}" | base64 -d > ~/.kube/config
+
+  - run:
+      name: Install Helm
+      command: |
+        curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+        chmod 700 get_helm.sh
+        ./get_helm.sh
+        # Ensure the Helm command is runnable
+        helm version
+
+  - run:
+      name: Deploy to shared Sysdig cluster
+      command: |
+        LATEST_TAG_WITH_V=`git describe --abbrev=0 --tags ${CIRCLE_SHA1}`
+        LATEST_TAG=${LATEST_TAG_WITH_V:1}-approved
+        ./scripts/slack/notify_deploy.py $LATEST_TAG sysdig-integration-cluster
+        helm upgrade --install snyk-monitor ./snyk-monitor --namespace snyk-monitor --set image.tag=${LATEST_TAG} --set clusterName="Sysdig cluster" --set sysdig.enabled=true
+
+  - run:
+      name: Notify Slack on failure
+      when: on_fail
+      command: ./scripts/slack/notify_failure.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
