Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: refactor and improve badge verification task #249

Merged
merged 12 commits into from
Sep 26, 2024

Conversation

justinthelaw
Copy link
Contributor

@justinthelaw justinthelaw commented Sep 25, 2024

  • Uses UDS CLI-vendored yq and kubectl to perform the badge verification task.
  • Adds a relative PACKAGE_DIR task variable for mono-repos with multiple UDS capes (e.g., LeapfrogAI)
  • Fixes the case where clusters contain multiple Package CRs (e.g., LeapfrogAI bundle deployment)
  • Gracefully handles when a package doesn't have a Package CR and makes that an error
  • Reorganizes script into easier-to-read sections

@justinthelaw justinthelaw added the enhancement New feature or request label Sep 25, 2024
@justinthelaw justinthelaw self-assigned this Sep 25, 2024
@justinthelaw justinthelaw requested review from a team as code owners September 25, 2024 21:21
@justinthelaw justinthelaw requested review from a team as code owners September 25, 2024 21:21
@justinthelaw justinthelaw changed the title chore: use uds cli-vendored yq in badge verification task chore: use uds vendored yq and adds relative dir to badge task Sep 25, 2024
@justinthelaw
Copy link
Contributor Author

This was tested locally using the following branch: https://github.com/defenseunicorns/leapfrogai/tree/1050-featuds-add-uds-badge-task-and-workflow

tasks/badge.yaml Outdated Show resolved Hide resolved
tasks/badge.yaml Outdated Show resolved Hide resolved
tasks/badge.yaml Outdated Show resolved Hide resolved
@justinthelaw justinthelaw marked this pull request as draft September 26, 2024 16:42
@justinthelaw justinthelaw changed the title chore: use uds vendored yq and adds relative dir to badge task chore: refactor and improve badge verification task Sep 26, 2024
@justinthelaw justinthelaw marked this pull request as ready for review September 26, 2024 18:19
@justinthelaw
Copy link
Contributor Author

Example output of the badge task:

root@law-server /home/jlaw/dev/leapfrogai 1050-featuds-add-uds-badge-task-and-workflow 10s
❯ uds run badge:verify-uds-badge-api --no-progress

  •  Running "Verify API"

  •  Running "Verify that the package meets UDS badging standards"
📃 Setup Package Variables
  ℹ️  Chart Path: chart
  ℹ️  Group Name: package
  ℹ️  Common Zarf: true
  ℹ️  Package Directory: packages/api

 NOTE  Using config file
  ℹ️  Package Name: leapfrogai-api
  ℹ️  Installing kubectl-validate...
  ✅ kubectl-validate installed

🔍 Package Structure Validation

 NOTE  Using config file
  ℹ️  Namespace: leapfrogai

 NOTE  Using config file
  ✅ No manifests present in common/zarf.yaml

 NOTE  Using config file
  ✅ No manifests present in zarf.yaml

 NOTE  Using config file
  ✅ At least one flavor defined in zarf.yaml

🔍 Package Testing Validation
  ✅ Tests folder exists and has files

🔍 Versioning Validation

 NOTE  Using config file

 NOTE  Using config file
  ⚠️ Version is not consistent across flavors and package

🔍 UDS Config Chart Validation
  ℹ️  Validating uds-config chart...
  ✅ uds-config chart is valid

🔍 Exemptions Validation

 NOTE  Using config file
  ✅ No exemptions present

📃 Get the UDS Package CR
  ℹ️  Retrieved UDS Package JSON for leapfrogai-api

🔍 Istio Validation
  ℹ️  Endpoints: leapfrogai-api.uds.dev
  ❌ Endpoint leapfrogai-api.uds.dev is returning 404


 NOTE  Using config file

 NOTE  Using config file
  ❌ Not all pods have the istio sidecar


 NOTE  Using config file
  ✅ Peerauthentication is set to strict

  ✅ Network policies are defined
  ℹ️  Non-IntraNamespace network policies: 3
  ℹ️  Non-IntraNamespace network policies with selectors: 0
  ❌ Not all applicable network policies are using selectors
  ℹ️  Non-IntraNamespace, non-KubeAPI network policies: 3
  ℹ️  Non-IntraNamespace, non-KubeAPI network policies with ports: 0
  ❌ Not all applicable network policies are using ports
  ⚠️  Network policies with 'remoteGenerated: Anywhere' are present, review needed

🔍 Keycloak/SSO Validation
  ⚠️  No SSO configuration found, review needed

🔍 Monitoring Validation
  ℹ️  No monitors defined in the package, checking for ServiceMonitors

 NOTE  Using config file
  ℹ️  No ServiceMonitors defined, checking for PodMonitors

 NOTE  Using config file
  ❌ No monitors defined

❌ 5 errors found
⚠️  3 warnings found

  ✔  Completed "Verify that the package meets UDS badging standards"

  ✔  Completed "Verify API"

root@law-server /home/jlaw/dev/leapfrogai 1050-featuds-add-uds-badge-task-and-workflow
❯ uds run badge:verify-uds-badge-vllm --no-progress

  •  Running "Verify vLLM"

  •  Running "Verify that the package meets UDS badging standards"
📃 Setup Package Variables
  ℹ️  Chart Path: chart
  ℹ️  Group Name: package
  ℹ️  Common Zarf: false
  ℹ️  Package Directory: packages/vllm

 NOTE  Using config file
  ℹ️  Package Name: vllm
  ℹ️  Installing kubectl-validate...
  ✅ kubectl-validate installed

🔍 Package Structure Validation
  ⚠️  There is no common zarf.yaml file

 NOTE  Using config file
  ℹ️  Namespace: leapfrogai

 NOTE  Using config file
  ✅ No manifests present in zarf.yaml

 NOTE  Using config file
  ✅ At least one flavor defined in zarf.yaml

🔍 Package Testing Validation
  ✅ Tests folder exists and has files

🔍 Versioning Validation

 NOTE  Using config file

 NOTE  Using config file
  ⚠️ Version is not consistent across flavors and package

🔍 UDS Config Chart Validation
  ℹ️  Validating uds-config chart...
  ✅ uds-config chart is valid

🔍 Exemptions Validation

 NOTE  Using config file
  ✅ No exemptions present

📃 Get the UDS Package CR
  ⛔  UDS Package CR does not exist for vllm

⛔ 1 failures found
⚠️  2 warnings found

  ✔  Completed "Verify that the package meets UDS badging standards"

  ✔  Completed "Verify vLLM"

@justinthelaw
Copy link
Contributor Author

justinthelaw commented Sep 26, 2024

If we think this is valuable, I also created a summarization script for multi-verification tasks:

root@law-server /home/jlaw/dev/leapfrogai 1050-featuds-add-uds-badge-task-and-workflow
❯ .github/scripts/summarizeVerification.sh
-----------------------------
Package: leapfrogai-api
❌ Errors: 5
⚠️  Warnings: 3

❌ Error Descriptions:
  - Endpoint leapfrogai-api.uds.dev is returning 404
  - Not all pods have the istio sidecar
  - Not all applicable network policies are using selectors
  - Not all applicable network policies are using ports
  - No monitors defined

⚠️  Warning Descriptions:
  - Version is not consistent across flavors and package
  - Network policies with 'remoteGenerated: Anywhere' are present, review needed
  - No SSO configuration found, review needed
-----------------------------
Package: vllm
⛔ Failures: 1
⚠️  Warnings: 2

⛔ Failure Descriptions:
  - UDS Package CR does not exist for vllm

⚠️  Warning Descriptions:
  - There is no common zarf.yaml file
  - Version is not consistent across flavors and package

andrewg-xyz
andrewg-xyz previously approved these changes Sep 26, 2024
Copy link
Contributor

@Racer159 Racer159 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is fine for now - this PR really points to this tool needing to be rewritten into a real language like go with more robust checks in the future

@justinthelaw justinthelaw merged commit 82e63be into main Sep 26, 2024
9 checks passed
@justinthelaw justinthelaw deleted the 248-use-uds-vendored-yq-in-badgeverify-badge-task branch September 26, 2024 22:22
This was referenced Dec 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

bug: badge verification task doesn't use uds-vendored cli tools and fails on monorepos
5 participants