diff --git a/.delivery/build-cookbook/.kitchen.yml b/.delivery/build-cookbook/.kitchen.yml new file mode 100644 index 00000000..7275c391 --- /dev/null +++ b/.delivery/build-cookbook/.kitchen.yml @@ -0,0 +1,25 @@ +--- +driver: + name: vagrant + synced_folders: + - [<%= File.join(ENV['PWD'], '..', '..')%>, '/tmp/repo-data'] + +provisioner: + name: chef_zero + encrypted_data_bag_secret_key_path: 'secrets/fakey-mcfakerton' + data_bags_path: './data_bags' + +platforms: + - name: ubuntu-14.04 + - name: centos-7.1 + +suites: + - name: default + run_list: + - recipe[delivery_build::default] + - recipe[test] + attributes: + delivery_build: + delivery-cli: + artifact: 'https://delivery-packages.s3.amazonaws.com/cli/delivery-cli-20150706022129-1.x86_64.rpm' + checksum: '96ac99ed01466b8deb8d1c7366f4468dabf2282ad6b2ce7da8bd7edbc6ad673f' diff --git a/.delivery/build-cookbook/Berksfile b/.delivery/build-cookbook/Berksfile new file mode 100644 index 00000000..17ea2b56 --- /dev/null +++ b/.delivery/build-cookbook/Berksfile @@ -0,0 +1,16 @@ +# encoding: utf-8 +source 'https://supermarket.chef.io' + +metadata + +cookbook 'delivery-truck', + git: 'https://github.com/chef-cookbooks/delivery-truck.git', + branch: 'master' + +cookbook 'delivery-sugar', + git: 'https://github.com/chef-cookbooks/delivery-sugar.git', + branch: 'master' + +cookbook 'delivery-sugar-extras', + git: 'https://github.com/chef-cookbooks/delivery-sugar-extras.git', + branch: 'master' diff --git a/.delivery/build-cookbook/LICENSE b/.delivery/build-cookbook/LICENSE new file mode 100644 index 00000000..0e2d8592 --- /dev/null +++ b/.delivery/build-cookbook/LICENSE @@ -0,0 +1,3 @@ +Copyright 2015 The Authors + +All rights reserved, do not redistribute. diff --git a/.delivery/build-cookbook/README.md b/.delivery/build-cookbook/README.md new file mode 100644 index 00000000..28eb569c --- /dev/null +++ b/.delivery/build-cookbook/README.md @@ -0,0 +1,146 @@ +# build-cookbook + +A build cookbook for running the parent project through Chef Delivery + +This build cookbook should be customized to suit the needs of the parent project. Using this cookbook can be done outside of Chef Delivery, too. If the parent project is a Chef cookbook, we've detected that and "wrapped" [delivery-truck](https://github.com/chef-cookbooks/delivery-truck). That means it is a dependency, and each of its pipeline phase recipes is included in the appropriate phase recipes in this cookbook. If the parent project is not a cookbook, it's left as an exercise to the reader to customize the recipes as needed for each phase in the pipeline. + +## .delivery/config.json + +In the parent directory to this build-cookbook, the `config.json` can be modified as necessary. For example, phases can be skipped, publishing information can be added, and so on. Refer to customer support or the Chef Delivery documentation for assistance on what options are available for this configuration. + +## Test Kitchen - Local Verify Testing + +This cookbook also has a `.kitchen.yml` which can be used to create local build nodes with Test Kitchen to perform the verification phases, `unit`, `syntax`, and `lint`. When running `kitchen converge`, the instances will be set up like Chef Delivery "build nodes" with the [delivery_build cookbook](https://github.com/chef-cookbooks/delivery_build). The reason for this is to make sure that the same exact kind of nodes are used by this build cookbook are run on the local workstation as would run Delivery. It will run `delivery job verify PHASE` for the parent project. + +Modify the `.kitchen.yml` if necessary to change the platforms or other configuration to run the verify phases. After making changes in the parent project, `cd` into this directory (`.delivery/build-cookbook`), and run: + +``` +kitchen test +``` + +## Recipes + +Each of the recipes in this build-cookbook are run in the named phase during the Chef Delivery pipeline. The `unit`, `syntax`, and `lint` recipes are additionally run when using Test Kitchen for local testing as noted in the above section. + +## Making Changes - Cookbook Example + +When making changes in the parent project (that which lives in `../..` from this directory), or in the recipes in this build cookbook, there is a bespoke workflow for Chef Delivery. As an example, we'll discuss a Chef Cookbook as the parent. + +First, create a new branch for the changes. + +``` +git checkout -b testing-build-cookbook +``` + +Next, increment the version in the metadata.rb. This should be in the *parent*, not in this, the build-cookbook. If this is not done, the verify phase will fail. + +``` +% git diff + +-version '0.1.0' ++version '0.1.1' +``` + +The change we'll use for an example is to install the `zsh` package. Write a failing ChefSpec in the cookbook project's `spec/unit/recipes/default_spec.rb`. + +```ruby +require 'spec_helper' + +describe 'godzilla::default' do + context 'When all attributes are default, on an unspecified platform' do + let(:chef_run) do + runner = ChefSpec::ServerRunner.new + runner.converge(described_recipe) + end + + it 'installs zsh' do + expect(chef_run).to install_package('zsh') + end + end +end +``` + +Commit the local changes as work in progress. The `delivery job` expects to use a clean git repository. + +``` +git add ../.. +git commit -m 'WIP: Testing changes' +``` + +From *this* directory (`.delivery/build-cookbook`, relative to the parent cookbook project), run + +``` +cd .delivery/build-cookbook +kitchen converge +``` + +This will take some time at first, because the VMs need to be created, Chef installed, the Delivery CLI installed, etc. Later runs will be faster until they are destroyed. It will also fail on the first VM, as expected, because we wrote the test first. Now edit the parent cookbook project's default recipe to install `zsh`. + +``` +cd ../../ +$EDITOR/recipes/default.rb +``` + +It should look like this: + +``` +package 'zsh' +``` + +Create another commit. + +``` +git add . +git commit -m 'WIP: Install zsh in default recipe' +``` + +Now rerun kitchen from the build-cookbook. + +``` +cd .delivery/build-cookbook +kitchen converge +``` + +This will take awhile because it will now pass on the first VM, and then create the second VM. We should have warned you this was a good time for a coffee break. + +``` +Recipe: test::default + +- execute HOME=/home/vagrant delivery job verify unit --server localhost --ent test --org kitchen + * execute[HOME=/home/vagrant delivery job verify lint --server localhost --ent test --org kitchen] action run + - execute HOME=/home/vagrant delivery job verify lint --server localhost --ent test --org kitchen + + - execute HOME=/home/vagrant delivery job verify syntax --server localhost --ent test --org kitchen + +Running handlers: +Running handlers complete +Chef Client finished, 3/32 resources updated in 54.665445968 seconds +Finished converging (1m26.83s). +``` + +Victory is ours! Our verify phase passed on the build nodes. + +We are ready to run this through our Delivery pipeline. Simply run `delivery review` on the local system from the parent project, and it will open a browser window up to the change we just added. + +``` +cd ../.. +delivery review +``` + +## FAQ + +### Why don't I just run rspec, foodcritic/rubocop, knife cookbook test on my local system? + +An objection to the Test Kitchen approach is that it is much faster to run the unit, lint, and syntax commands for the project on the local system. That is totally true, and also totally valid. Do that for the really fast feedback loop. However, the dance we do with Test Kitchen brings a much higher degree of confidence in the changes we're making, that everything will run on the build nodes in Chef Delivery. We strongly encourage this approach before actually pushing the changes to Delivery. + +### Why do I have to make a commit every time? + +When running `delivery job`, it expects to merge the commit for the changeset against the clean master branch. If we don't save our progress by making a commit, our local changes aren't run through `delivery job` in the Test Kitchen build instances. We can always perform an interactive rebase, and modify the original changeset message in Delivery with `delivery review --edit`. The latter won't modify the git commits, only the changeset in Delivery. + +### What do I do next? + +Make changes in the cookbook project as required for organizational goals and needs. Modify the `build-cookbook` as necessary for the pipeline phases that the cookbook should go through. + +### What if I get stuck? + +Contact Chef Support, or your Chef Customer Success team and they will help you get unstuck. diff --git a/.delivery/build-cookbook/chefignore b/.delivery/build-cookbook/chefignore new file mode 100644 index 00000000..4ace6023 --- /dev/null +++ b/.delivery/build-cookbook/chefignore @@ -0,0 +1,97 @@ +# Put files/directories that should be ignored in this file when uploading +# or sharing to the community site. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +Icon? +nohup.out +ehthumbs.db +Thumbs.db + +# SASS # +######## +.sass-cache + +# EDITORS # +########### +\#* +.#* +*~ +*.sw[a-z] +*.bak +REVISION +TAGS* +tmtags +*_flymake.* +*_flymake +*.tmproj +.project +.settings +mkmf.log + +## COMPILED ## +############## +a.out +*.o +*.pyc +*.so +*.com +*.class +*.dll +*.exe +*/rdoc/ + +# Testing # +########### +.watchr +.rspec +spec/* +spec/fixtures/* +test/* +features/* +Guardfile +Procfile +.kitchen/ +.kitchen.local.yml + +# SCM # +####### +.git +*/.git +.gitignore +.gitmodules +.gitconfig +.gitattributes +.svn +*/.bzr/* +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Cookbooks # +############# +CONTRIBUTING + +# Strainer # +############ +Colanderfile +Strainerfile +.colander +.strainer + +# Vagrant # +########### +.vagrant +Vagrantfile + +# Travis # +########## +.travis.yml diff --git a/.delivery/build-cookbook/data_bags/keys/delivery_builder_keys.json b/.delivery/build-cookbook/data_bags/keys/delivery_builder_keys.json new file mode 100644 index 00000000..af375ea8 --- /dev/null +++ b/.delivery/build-cookbook/data_bags/keys/delivery_builder_keys.json @@ -0,0 +1 @@ +{"id": "delivery_builder_keys"} \ No newline at end of file diff --git a/.delivery/build-cookbook/metadata.rb b/.delivery/build-cookbook/metadata.rb new file mode 100644 index 00000000..b286958c --- /dev/null +++ b/.delivery/build-cookbook/metadata.rb @@ -0,0 +1,12 @@ +name 'build-cookbook' +maintainer 'Dominik Richter' +maintainer_email 'drichter@chef.io' +license 'all_rights' +version '0.1.0' + +depends 'docker', '~> 1.0' +depends 'fancy_execute' +depends 'chef-sugar' +depends 'delivery-truck' +depends 'delivery-sugar' +depends 'delivery-sugar-extras' diff --git a/.delivery/build-cookbook/recipes/default.rb b/.delivery/build-cookbook/recipes/default.rb new file mode 100644 index 00000000..59b1ba80 --- /dev/null +++ b/.delivery/build-cookbook/recipes/default.rb @@ -0,0 +1,37 @@ +# encoding: utf-8 +# Cookbook Name:: build-cookbook +# Recipe:: default +# +# Copyright (c) 2015 Chef Software Inc., All Rights Reserved. + +include_recipe 'delivery-truck::default' + +# create a persistant gem cache per builder for the entire project +gem_cache = File.join(node['delivery']['workspace']['root'], "../../../project_gem_cache") +directory gem_cache do + # set the owner to the dbuild so that the other recipes can write to here + owner node['delivery_builder']['build_user'] + mode "0755" + recursive true + action :create +end + +# ensure we always have a docker group with the build user as a member +group 'docker' do + members [node['delivery_builder']['build_user']] +end + +package 'build-essential' + +# get docker +docker_service 'dockerd' do + action [:create, :start] + host 'unix:///var/run/docker.sock' + group 'docker' + provider Chef::Provider::DockerService::Execute +end + +log 'system info' do + message `uname -a; docker --version; ls -lha /var/run/docker.sock` + level :warn +end diff --git a/.delivery/build-cookbook/recipes/deploy.rb b/.delivery/build-cookbook/recipes/deploy.rb new file mode 100644 index 00000000..0a10ef2b --- /dev/null +++ b/.delivery/build-cookbook/recipes/deploy.rb @@ -0,0 +1,5 @@ +# +# Cookbook Name:: build-cookbook +# Recipe:: default +# +# Copyright (c) 2015 The Authors, All Rights Reserved. diff --git a/.delivery/build-cookbook/recipes/functional.rb b/.delivery/build-cookbook/recipes/functional.rb new file mode 100644 index 00000000..0a10ef2b --- /dev/null +++ b/.delivery/build-cookbook/recipes/functional.rb @@ -0,0 +1,5 @@ +# +# Cookbook Name:: build-cookbook +# Recipe:: default +# +# Copyright (c) 2015 The Authors, All Rights Reserved. diff --git a/.delivery/build-cookbook/recipes/lint.rb b/.delivery/build-cookbook/recipes/lint.rb new file mode 100644 index 00000000..248c1057 --- /dev/null +++ b/.delivery/build-cookbook/recipes/lint.rb @@ -0,0 +1,14 @@ +# +# Cookbook Name:: build-cookbook +# Recipe:: lint +# +# Copyright (c) 2015 Chef Software Inc., All Rights Reserved. +# Author:: Dominik Richter + +include_recipe 'build-cookbook::prepare' + +execute 'rubocop' do + command 'bundle exec rake lint' + cwd node['delivery_builder']['repo'] + user node['delivery_builder']['build_user'] +end diff --git a/.delivery/build-cookbook/recipes/prepare.rb b/.delivery/build-cookbook/recipes/prepare.rb new file mode 100644 index 00000000..5c18ebe7 --- /dev/null +++ b/.delivery/build-cookbook/recipes/prepare.rb @@ -0,0 +1,21 @@ +# +# Cookbook Name:: build-cookbook +# Recipe:: prepare +# +# Copyright (c) 2015 Chef Software Inc., All Rights Reserved. +# Author:: Dominik Richter + +repo_dir = node['delivery_builder']['repo'] +cache_dir = File.join(repo_dir, '.cache') + +directory cache_dir do + owner node['delivery_builder']['build_user'] + mode '0755' +end + +execute 'bundle install' do + command 'bundle install --without=integration --without=tools --path='+cache_dir + cwd repo_dir + user node['delivery_builder']['build_user'] +end + diff --git a/.delivery/build-cookbook/recipes/provision.rb b/.delivery/build-cookbook/recipes/provision.rb new file mode 100644 index 00000000..0a10ef2b --- /dev/null +++ b/.delivery/build-cookbook/recipes/provision.rb @@ -0,0 +1,5 @@ +# +# Cookbook Name:: build-cookbook +# Recipe:: default +# +# Copyright (c) 2015 The Authors, All Rights Reserved. diff --git a/.delivery/build-cookbook/recipes/publish.rb b/.delivery/build-cookbook/recipes/publish.rb new file mode 100644 index 00000000..0a10ef2b --- /dev/null +++ b/.delivery/build-cookbook/recipes/publish.rb @@ -0,0 +1,5 @@ +# +# Cookbook Name:: build-cookbook +# Recipe:: default +# +# Copyright (c) 2015 The Authors, All Rights Reserved. diff --git a/.delivery/build-cookbook/recipes/quality.rb b/.delivery/build-cookbook/recipes/quality.rb new file mode 100644 index 00000000..0a10ef2b --- /dev/null +++ b/.delivery/build-cookbook/recipes/quality.rb @@ -0,0 +1,5 @@ +# +# Cookbook Name:: build-cookbook +# Recipe:: default +# +# Copyright (c) 2015 The Authors, All Rights Reserved. diff --git a/.delivery/build-cookbook/recipes/security.rb b/.delivery/build-cookbook/recipes/security.rb new file mode 100644 index 00000000..0a10ef2b --- /dev/null +++ b/.delivery/build-cookbook/recipes/security.rb @@ -0,0 +1,5 @@ +# +# Cookbook Name:: build-cookbook +# Recipe:: default +# +# Copyright (c) 2015 The Authors, All Rights Reserved. diff --git a/.delivery/build-cookbook/recipes/smoke.rb b/.delivery/build-cookbook/recipes/smoke.rb new file mode 100644 index 00000000..0a10ef2b --- /dev/null +++ b/.delivery/build-cookbook/recipes/smoke.rb @@ -0,0 +1,5 @@ +# +# Cookbook Name:: build-cookbook +# Recipe:: default +# +# Copyright (c) 2015 The Authors, All Rights Reserved. diff --git a/.delivery/build-cookbook/recipes/syntax.rb b/.delivery/build-cookbook/recipes/syntax.rb new file mode 100644 index 00000000..0a10ef2b --- /dev/null +++ b/.delivery/build-cookbook/recipes/syntax.rb @@ -0,0 +1,5 @@ +# +# Cookbook Name:: build-cookbook +# Recipe:: default +# +# Copyright (c) 2015 The Authors, All Rights Reserved. diff --git a/.delivery/build-cookbook/recipes/unit.rb b/.delivery/build-cookbook/recipes/unit.rb new file mode 100644 index 00000000..3f27f479 --- /dev/null +++ b/.delivery/build-cookbook/recipes/unit.rb @@ -0,0 +1,21 @@ +# +# Cookbook Name:: build-cookbook +# Recipe:: unit +# +# Copyright (c) 2015 Chef Software Inc., All Rights Reserved. +# Author:: Dominik Richter + +include_recipe 'build-cookbook::prepare' + +home = node['delivery_builder']['repo'] + +{ + 'mock test resources' => 'rake test', + 'docker tests' => 'rake test:docker', +}.each do |title, test| + execute title do + command 'bundle exec '+test + cwd home + user node['delivery_builder']['build_user'] + end +end diff --git a/.delivery/build-cookbook/secrets/fakey-mcfakerton b/.delivery/build-cookbook/secrets/fakey-mcfakerton new file mode 100644 index 00000000..e69de29b diff --git a/.delivery/build-cookbook/test/fixtures/cookbooks/test/metadata.rb b/.delivery/build-cookbook/test/fixtures/cookbooks/test/metadata.rb new file mode 100644 index 00000000..17250391 --- /dev/null +++ b/.delivery/build-cookbook/test/fixtures/cookbooks/test/metadata.rb @@ -0,0 +1,2 @@ +name 'test' +version '0.1.0' \ No newline at end of file diff --git a/.delivery/build-cookbook/test/fixtures/cookbooks/test/recipes/default.rb b/.delivery/build-cookbook/test/fixtures/cookbooks/test/recipes/default.rb new file mode 100644 index 00000000..c26a70a8 --- /dev/null +++ b/.delivery/build-cookbook/test/fixtures/cookbooks/test/recipes/default.rb @@ -0,0 +1,7 @@ +%w(unit lint syntax).each do |phase| + # TODO: This works on Linux/Unix. Not Windows. + execute "HOME=/home/vagrant delivery job verify #{phase} --server localhost --ent test --org kitchen" do + cwd '/tmp/repo-data' + user 'vagrant' + end +end diff --git a/.delivery/cli.toml b/.delivery/cli.toml new file mode 100644 index 00000000..800e2588 --- /dev/null +++ b/.delivery/cli.toml @@ -0,0 +1,7 @@ +api_protocol = "https" +enterprise = "chef" +git_port = "8989" +organization = "audit" +pipeline = "master" +server = "delivery.chef.co" +user = "drichter" diff --git a/.delivery/config.json b/.delivery/config.json new file mode 100644 index 00000000..ffac9b9e --- /dev/null +++ b/.delivery/config.json @@ -0,0 +1,22 @@ +{ + "version": "2", + "build_cookbook": { + "name": "build-cookbook", + "path": ".delivery/build-cookbook" + }, + "delivery-truck": { + "publish": { + "github": "chef/train" + } + }, + "skip_phases": [ + "syntax", + "security", + "quality", + "smoke", + "deploy" + ], + "build_nodes": { + "unit": ["name:builder*-7.delivery.chef.co"] + } +} diff --git a/Gemfile b/Gemfile index 9e9ddcc3..ab614beb 100644 --- a/Gemfile +++ b/Gemfile @@ -1,4 +1,22 @@ +# encoding: utf-8 source 'https://rubygems.org' - gemspec +group :test do + gem 'bundler', '~> 1.5' + gem 'minitest', '~> 5.5' + gem 'rake', '~> 10' + gem 'rubocop', '~> 0.33.0' + gem 'simplecov', '~> 0.10' +end + +group :integration do + gem 'test-kitchen', '~> 1.4' + gem 'kitchen-vagrant' + gem 'concurrent-ruby', '~> 0.9' +end + +group :tools do + gem 'pry', '~> 0.10' + gem 'license_finder' +end diff --git a/test/integration/docker_run.rb b/test/integration/docker_run.rb index f72bb1e4..eac7bcae 100644 --- a/test/integration/docker_run.rb +++ b/test/integration/docker_run.rb @@ -7,8 +7,7 @@ class DockerRunner def initialize(conf_path = nil) - @conf_path = conf_path || - ENV['config'] + @conf_path = conf_path || ENV['config'] unless File.file?(@conf_path) fail "Can't find configuration in #{@conf_path}" end @@ -63,6 +62,7 @@ def run_on_target(name, &block) end def provision_image(image, prov, files) + tries ||= 3 return image if prov['script'].nil? path = File.join(File.dirname(@conf_path), prov['script']) unless File.file?(path) @@ -73,6 +73,8 @@ def provision_image(image, prov, files) dst = "/bootstrap#{files.length}.sh" files.push(dst) image.insert_local('localPath' => path, 'outputPath' => dst) + rescue StandardError => _ + retry unless (tries -= 1).zero? end def bootstrap_image(name, image) @@ -109,10 +111,10 @@ def start_container(name, version = nil) fail "Can't find nor pull docker image #{name}" if image.nil? - image, scripts = bootstrap_image(name, image) - @docker_run_tickets.acquire(1) + image, scripts = bootstrap_image(name, image) + puts "--> start docker #{name}" container = Docker::Container.create( 'Cmd' => %w{sleep 3600},