Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ACTION] Proposal 1: Trigger and Deploy #84

Closed
1 of 5 tasks
dipankardas011 opened this issue Apr 10, 2024 · 14 comments · Fixed by #88
Closed
1 of 5 tasks

[ACTION] Proposal 1: Trigger and Deploy #84

dipankardas011 opened this issue Apr 10, 2024 · 14 comments · Fixed by #88

Comments

@dipankardas011
Copy link
Contributor

dipankardas011 commented Apr 10, 2024

Task Description

Goals to achieve

  • We first need to draft the proposal Proposal 1: Trigger and Deploy #88
  • Find a way to trigger the execution of the GitHub Action on the Falco side needs to be defined (e.g. webhook) Resource
  • Ask Falco to implement the trigger on their hand
  • Define GH Action steps: Falco needs to be deployed via Flux
  • Test the deployment via Falco trigger
@dipankardas011 dipankardas011 changed the title [FEATURE-TRACKING] Deploy Pipeline [FEATURE-TRACKING] Deploy Pipeline and Trigger Apr 10, 2024
@AntonioDiTuri
Copy link
Contributor

AntonioDiTuri commented Apr 10, 2024

Could you rename it to [ACTION] Proposal: Trigger and Deploy?

Since this would be the chronological order.
Could you also add this to the high level goals?

Under goals to achieve you could already give an high level overview:

  • Find a way to trigger the execution of the GitHub Action on the Falco side needs to be defined (e.g. webhook)
  • Ask Falco to implement the trigger on their hand
  • Define GH Action steps: Falco needs to be deployed via Flux
  • Test the deployment via Falco trigger

Thanks in advance!

@dipankardas011 dipankardas011 changed the title [FEATURE-TRACKING] Deploy Pipeline and Trigger [FEATURE-TRACKING] Trigger and Deploy Apr 10, 2024
@dipankardas011
Copy link
Contributor Author

Under goals to achieve you could already give an high level overview:

are we planning for each goal as a workable issue and a PR?

@AntonioDiTuri
Copy link
Contributor

AntonioDiTuri commented Apr 10, 2024

This is just an action issue to draft the proposal. Sorry I have mistyped in slack. Could you also rename the title of the issue to reflect the ACTION issue?

We first need to draft the proposal with the proposal document: https://github.com/cncf-tags/green-reviews-tooling/blob/main/docs/proposals/proposal-000-template.md

You can also add this to the description.

In the proposal we can define the different user stories with an issue each that can reflect the 4 goals :)

@dipankardas011 dipankardas011 changed the title [FEATURE-TRACKING] Trigger and Deploy [ACTION-TRACKING] Trigger and Deploy Apr 11, 2024
@dipankardas011 dipankardas011 changed the title [ACTION-TRACKING] Trigger and Deploy [ACTION] Trigger and Deploy Apr 11, 2024
@rossf7
Copy link
Contributor

rossf7 commented Apr 16, 2024

@AntonioDiTuri thank you for suggesting the goals. I reviewed them too and came up with this list with some minor changes.

Goals

  • Trigger GitHub Action workflow in green-reviews-tooling repo when Falco needs to be tested
  • Ask Falco team to implement the trigger
  • Deploy correct version of Falco in GitHub Action using Flux
  • Test the deployment via the Falco trigger

Non-Goals**

  • Creating cluster nodes on demand

@dipankardas011 Could you start creating the proposal and open a draft PR with the goals filled in?

If you think we're missing any goals feel free to add. Let's leave user stories for now. We can add later if needed.

Triggering GitHub Action

For triggering the workflow AIUI we could use a webhook to trigger a workflow_dispatch event.
https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch

It allows providing custom inputs and as a minimum I think we need the name of the CNCF project and the version to be deployed.
https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#providing-inputs

It would be good to try this out and add the curl command to the proposal.

We could use the existing tofu workflow for testing but its probably safer to add a new workflow that just logs the inputs. WDYT?

Deploying Falco

For deploying Falco with Flux I think we could change the repo structure so the current Falco kustomization is not reconciled by source-controller. Instead we create it in the github action workflow and delete it when the workflow completes.

@AntonioDiTuri
Copy link
Contributor

Hi @rossf7 thanks for refining the goals and non goals.

Few considerations:

  1. It would be nice to have first version of the GH that we can trigger ourself manually.
  2. After that is working we could implement the trigger via web-hook.

Do you think you can already contact the Falco team to discuss how to implement a v.0.1 of the trigger via web-hook on their side?

I am not an expert of Webhook but I asked GPT and it is giving me this as an example:

name: Trigger Green Reviews

on:
  workflow_run:
    workflows: Falco-manual-trigger // to decide what event will trigger the green reviews in a first version
    types:
      - completed

jobs:
  trigger_green_review:
    steps:
      - name: Trigger Green Review GH
        uses: actions/github-script@v4 // not sure if this is relevant
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { owner, repo } = context.repo;
            const workflow_id = 'Name of your workflow in Green Reviews';
            const ref = 'main'; // Or whatever branch you want to trigger
            const response = await octokit.actions.createWorkflowDispatch({
              owner,
              repo,
              workflow_id,
              ref
            });
            console.log(response);

It can be improved a lot but at least it made me think about the token, do you think we need to create one?
Do you also think it could be enough to show Falco what we would like to achieve?

@rossf7
Copy link
Contributor

rossf7 commented Apr 16, 2024

It would be nice to have first version of the GH that we can trigger ourself manually.

@AntonioDiTuri Agree, that will help with testing.

Do you think you can already contact the Falco team to discuss how to implement a v.0.1 of the trigger via web-hook on their side?

I'd prefer we research a bit more first to present a working solution. I think we will need a token but I haven't had time to investigate that yet.

We could use the github-script action to trigger. I've also seen examples with curl. If we use an action the version will need to be updated from time to time. I'd go with whichever option involves the least maintenance.

@AntonioDiTuri
Copy link
Contributor

Yes sure that was just an example to be taken as "pseudocode".
Take a moment to think a better solution but I would say let's not over-engineer it.
It is enough to show Falco the high level idea. In this way we will enable to start the discussion on their hand and we can work out the implementation details in the meanwhile.
WDYT?

@dipankardas011
Copy link
Contributor Author

dipankardas011 commented Apr 16, 2024

@rossf7 should we create a single PR or multiple PR for each sub-goals?

or can you create a main feature branch to which we can create a PR instead of main branch?

@dipankardas011
Copy link
Contributor Author

dipankardas011 commented Apr 16, 2024

for now I am going with a new branch for each sub-goal

@rossf7
Copy link
Contributor

rossf7 commented Apr 16, 2024

should we create a single PR or multiple PR for each sub-goals?

@dipankardas011 sorry for late reply but please create a single PR.

Separate PRs means more work to review and the proposal should be a few pages of markdown at most. We can always split later if needed and we can create separate issues to implement

@dipankardas011
Copy link
Contributor Author

dipankardas011 commented Apr 16, 2024

Creating cluster nodes on demand

@rossf7
Copy link
Contributor

rossf7 commented Apr 17, 2024

@dipankardas011 thanks for creating the draft PR. I left feedback there.

To try things out I created an action that just echoes out the 3 inputs.

curl -X POST \
     -H "Accept: application/vnd.github.v3+json" \
     -H "Authorization: token $GITHUB_PAT" \
     https://api.github.com/repos/rossf7/green-reviews-tooling/actions/workflows/trigger_test.yaml/dispatches \
     -d '{"ref":"main", "inputs": {"cncf_project": "falco", "cncf_project_sub": "modern-ebpf","version":"0.37.0"}}'

I used a fine grained PAT that has

  • Read access to code and metadata
  • Read write access to actions

We'll need to create that and provide it to the Falco team.

Feedback welcome and Dipankar if it makes sense you could add the curl and token details to the proposal?

As a next step I'll create a discussion in the Falco repo to get feedback. I should be able to do that later today or tomorrow.

@dipankardas011
Copy link
Contributor Author

dipankardas011 commented Apr 17, 2024

@dipankardas011 thanks for creating the draft PR. I left feedback there.

To try things out I created an action that just echoes out the 3 inputs.

curl -X POST \
     -H "Accept: application/vnd.github.v3+json" \
     -H "Authorization: token $GITHUB_PAT" \
     https://api.github.com/repos/rossf7/green-reviews-tooling/actions/workflows/trigger_test.yaml/dispatches \
     -d '{"ref":"main", "inputs": {"cncf_project": "falco", "cncf_project_sub": "modern-ebpf","version":"0.37.0"}}'

I used a fine grained PAT that has

  • Read access to code and metadata
  • Read write access to actions

We'll need to create that and provide it to the Falco team.

Feedback welcome and Dipankar if it makes sense you could add the curl and token details to the proposal?

As a next step I'll create a discussion in the Falco repo to get feedback. I should be able to do that later today or tomorrow.

thanks that is interesting

@rossf7
Copy link
Contributor

rossf7 commented May 8, 2024

Proposal PR is ready for review #88 and I've started a discussion to get feedback from the Falco team falcosecurity/cncf-green-review-testing#17

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants