werft
werft copied to clipboard
Adapt CLI to validate server config
Description
Unfortunately, I've lost count of how many times we had to roll back Werft upgrades because we failed to specify a valid werft configuration.
This PR is adding a new command to Werft CLI so we can validate a config file before updating a Werft server.
Alternative approaches
Dedicated config
package used by both CLI and Server
I've noticed that we have a Config
type under pkg/werft.go
and also cmd/server/run.go
. I wanted to merge those two into a single one into a dedicated package, so it becomes easier to make LoadConfig
testable.
I gave up after 30m trying because go modules are too hard to understand 😅
Would still love to see the configuration being split into a dedicated package though, just couldn't find time to understand everything and make the split myself :/
Just tested with a real configuration that we run in io-dev and it fails :/
Converting to draft again
Config:
werft:
baseURL: <omitted>
gcOlderThan: "172800m" # 120 days
workspaceNodePathPrefix: /mnt/disks/ssd0/builds
cleanupJobSpec:
serviceAccount: werft
imagePullSecrets:
- name: <omitted>
nodeSelector:
"dev/workload": workload
service:
webReadOnly: false
webPort: 8080
grpcPort: 7777
prometheusPort: 9500
pprofPort: 6060
jobSpecRepos:
- github.com/gitpod-io/ops:main
- github.com/gitpod-com/gitpod:prs/slow-swap
executor:
namespace: werft
preperationTimeout: 10m
totalTimeout: 300m
storage:
logsPath: /mnt/logs
jobsConnectionString: host=werft-postgresql dbname=<omitted> user=<omitted> password=<omitted> connect_timeout=5 sslmode=disable
plugins:
- name: "github-repo"
type:
- repository
config:
privateKeyPath: <omitted>
appID: <omitted>
installationID: <omitted>
- name: "github-integration"
type:
- integration
config:
baseURL: <omitted>
webhookSecret: <omitted>
privateKeyPath: <omitted>
appID: <omitted>
installationID: <omitted>
pullRequestComments:
enabled: true
requiresOrg: []
requiresWriteAccess: true
updateComment: true
- name: cron
type:
- integration
config:
tasks: []
Error:
2022/04/11 10:56:28 yaml: unmarshal errors:
line 6: field serviceAccount not found in type werft.configPodSpec
line 7: field imagePullSecrets not found in type werft.configPodSpec
line 9: field nodeSelector not found in type werft.configPodSpec
line 32: field privateKeyPath not found in type yaml.Node
line 33: field appID not found in type yaml.Node
line 34: field installationID not found in type yaml.Node
line 39: field baseURL not found in type yaml.Node
line 40: field webhookSecret not found in type yaml.Node
line 41: field privateKeyPath not found in type yaml.Node
line 42: field appID not found in type yaml.Node
line 43: field installationID not found in type yaml.Node
line 44: field pullRequestComments not found in type yaml.Node
line 53: field tasks not found in type yaml.Node
exit status 1
I think we'll want to introduce a dry-run to server. Most of the validation happens at runtime by the plugins. Validating strict fit into structures won't result in what you'd expect.