How do I test my changes?
In all cases, you first need to get or generate expected secrets in secrets/{SERVICE}/dev/
.
docker-compose
(quick & dirty)
Before you follow Running packit-service locally:
- get/generate the secrets
- run
DEPLOYMENT=dev make render-secrets-from-templates
to createpackit-service.yaml
andfedora.toml
from their templates andextra-vars.yml
- copy the
secrets/{SERVICE}/dev/*
tosecrets/{SERVICE}/dev/
in clonedpackit-service
repo
oc cluster up
(slow & better)
Because we run the service in OpenShift the more reliable way to test it
is to run an Openshift cluster locally and deploy the service there.
oc cluster up
spawns the Openshift (v3) cluster.
Create secrets/packit/dev/
,
cd vars/packit; cp dev_template.yml dev.yml
and
in dev.yml
set api_key
to the output of oc whoami -t
.
Run DEPLOYMENT=dev make deploy
.
That will also push locally built images (:dev
) into the cluster's registry
(make sure you have push_dev_images: true
in vars/packit/dev.yml
).
MiniShift
Similar to above 'oc cluster up' you can run minishift to get
a local OpenShift cluster.
In addition to the above, you need to use docker
and oc
from the minishift environment after you start minishift:
$ eval $(minishift docker-env)
$ eval $(minishift oc-env)
$ oc config use-context minishift
and then build worker & service images (make worker; make service
in packit-service
repo)
with Docker, before you run DEPLOYMENT=dev make deploy
.
Staging (quick & reliable, but don't break it)
If you're fairly sure your changes won't do any harm, you can temporarily get hold of staging instance for that.
For example, in case of packit-worker
:
- in cloned packit-service repo:
make worker
podman tag quay.io/packit/packit-worker:dev quay.io/packit/packit-worker:stg
podman push quay.io/packit/packit-worker:stg
- in deployment:
DEPLOYMENT=stg make import-images
Once you're done you should revert to older image. Or it will be automatically replaced once a packit-service PR is merged.
Zuul
We have to encrypt the secrets, because we are using them in Zuul CI. This repository provides helpful playbook to do this with one command:
DEPLOYMENT=stg make zuul-secrets
How are the secrets encrypted?
Zuul provides a public key for every project. The ansible playbook downloads Zuul repository and pass the project tenant and name as parameters to encryption script. This script then encrypts files with public key of the project. For more information please refer to official docs.