STONEBLD-1844 Add controller for PipelineRuns #210
Conversation
stuartwdouglas
force-pushed
the
STONEBLD-1844
branch
3 times, most recently
from
e98daf6 to
6a7cb16
Compare
| for i := range components.Items { | ||
| comp := components.Items[i] | ||
| if comp.Spec.Application == updatedComponent.Spec.Application && slices.Contains(updatedComponent.Spec.BuildNudgesRef, comp.Name) { | ||
| //TODO: Do the nudge |
There was a problem hiding this comment.
Nudge would be a complicated operation that takes some time and involves dealing with git provider API.
What if nudge for one of the components fails? What if it's transient/consistent error?
There was a problem hiding this comment.
This story was just about getting it to the point where we can print the message in the logs. I assume we will need a retry count mechanism with back off, we don't want to retry indefinitely, but we also don't want a single transient failure to stop the update.
There was a problem hiding this comment.
Probably a question for the future implementation, but how would we distinguish already nudged components from not nudged one in case if error?
There was a problem hiding this comment.
We will need to add an annotation with the state information. Also nudging should be idempotent, if you run the same nudge again it should figure out that there is an existing PR, and the update to the PR would result in the same commit.
There was a problem hiding this comment.
I have added support for this.
There was a problem hiding this comment.
Something to bear in mind with error handling too is that the actual updates will be async, and error handling will also need to be done through watching the job/pipeline that is doing the update.
stuartwdouglas
force-pushed
the
STONEBLD-1844
branch
2 times, most recently
from
db77258 to
b835e5a
Compare
|
@mmorhun I think I have addressed everything |
stuartwdouglas
force-pushed
the
STONEBLD-1844
branch
3 times, most recently
from
785a945 to
ea5e6b5
Compare
stuartwdouglas
force-pushed
the
STONEBLD-1844
branch
from
ea5e6b5 to
8683378
Compare
stuartwdouglas
force-pushed
the
STONEBLD-1844
branch
4 times, most recently
from
8d27a99 to
b611547
Compare
stuartwdouglas
force-pushed
the
STONEBLD-1844
branch
2 times, most recently
from
7e37caa to
faae7fa
Compare
| ctrllog "sigs.k8s.io/controller-runtime/pkg/log" | ||
| "sigs.k8s.io/controller-runtime/pkg/predicate" | ||
| "sigs.k8s.io/controller-runtime/pkg/reconcile" | ||
| "strings" |
There was a problem hiding this comment.
nitpick: probably "strings" should go to the "standard" block and the block moved to the beginning.
| alreadyProcessed := map[string]bool{} | ||
| if pipelineRun.Annotations != nil && pipelineRun.Annotations[AlreadyNudgedAnnotationName] != "" { | ||
| list := strings.Split(pipelineRun.Annotations[AlreadyNudgedAnnotationName], ",") | ||
| for _, i := range list { |
There was a problem hiding this comment.
using i as a string key is confusing
| } | ||
| val = val + i | ||
| } | ||
| pipelineRun.Annotations[AlreadyNudgedAnnotationName] = val |
There was a problem hiding this comment.
What if a new build will start in meantime?
There was a problem hiding this comment.
That is what I mentioned above about builds going stale. When I perform the 'nudge' I could check for currently running pipelines for the same component that are older than the current state, and if they exist and are still running mark them as already nudged and remove the finalizer.
The other approach would be that when a pipeline finishes we check if a newer pipeline exists and has finished, however I don't think that approach will work very well as the pruner may have removed already completed pipelines.
There was a problem hiding this comment.
I have implemented the stale check logic
stuartwdouglas
force-pushed
the
STONEBLD-1844
branch
2 times, most recently
from
132430a to
daa0e1c
Compare
|
/retest |
1 similar comment
|
/retest |
stuartwdouglas
force-pushed
the
STONEBLD-1844
branch
from
1006851 to
c307dd6
Compare
|
/retest |
stuartwdouglas
force-pushed
the
STONEBLD-1844
branch
11 times, most recently
from
2487aab to
1822dc9
Compare
| if err != nil { | ||
| return ctrl.Result{}, err | ||
| } | ||
| log.Error(nudgeErr, fmt.Sprintf("component update of as a result of a build of %s failed", updatedComponent.Name), l.Audit, "true") |
There was a problem hiding this comment.
Should this log be moved before Get?
| @@ -65,7 +65,7 @@ func (r *PaCPipelineRunPrunerReconciler) SetupWithManager(mgr ctrl.Manager) erro | |||
| Complete(r) | |||
| } | |||
|
|
|||
| //+kubebuilder:rbac:groups=tekton.dev,resources=pipelineruns,verbs=get;list;watch;delete;deletecollection | |||
| //+kubebuilder:rbac:groups=tekton.dev,resources=pipelineruns,verbs=get;list;watch;delete;deletecollection;update;patch | |||
There was a problem hiding this comment.
Can we avoid adding these permissions here?
There was a problem hiding this comment.
Apparently not, I tried adding them to the new controller and the ones here took precedence. Seemed to be an issue with the controller gen.
|
I had some comments here before they got lost in the github history, not sure if you've had a chance to address them: #210 (comment) (and the following ones) |
controllers/renovate_util.go
Outdated
| func GetAllGithubInstallations(ctx context.Context, client client.Client, eventRecorder record.EventRecorder, componentList []v1alpha1.Component) (string, []installationStruct, error) { | ||
| log := log2.FromContext(ctx) | ||
| // Check if GitHub Application is used, if not then skip | ||
| pacSecret := v1.Secret{} | ||
| globalPaCSecretKey := types.NamespacedName{Namespace: buildServiceNamespaceName, Name: prepare.PipelinesAsCodeSecretName} |
There was a problem hiding this comment.
General review-ability observation: next time, it would be nice to split the PR into commits that make it easier to review. Specifically, some of the changes in this PR just move code from one place to another - it would have been nice to do that in a separate commit and explain that there's no change in functionality, that it's just moving code around. (I'm not actually sure that there are no changes in the code that got moved, just assuming that's true).
Having it all in a single commit makes it hard to focus on the things that matter, first one has to figure out what is or isn't a relevant change
stuartwdouglas
force-pushed
the
STONEBLD-1844
branch
2 times, most recently
from
8e2cb96 to
f93c48d
Compare
This controller looks for build PipelineRuns and will record an event that a downstream component should be 'nudged'. The controller then uses renovate to perform the 'nudge' and updates the downstream repositories with the new hash.
stuartwdouglas
force-pushed
the
STONEBLD-1844
branch
from
f93c48d to
2e52d4d
Compare
|
|
/retest |
1 similar comment
|
/retest |
| index := strings.LastIndex(image, ":") | ||
| if index != -1 { |
There was a problem hiding this comment.
To not to have func wide variable index, you can do:
if index := strings.LastIndex(image, ":"); index != -1 {
This controller looks for build PipelineRuns and will record an event that a downstream component should be 'nudged'.
This is the first part of STONEBLD-1756.