Merge pull request #27 from ai-cfia/26-as-a-devops-i-want-to-create-u…

…nit-tests-for-the-remove-previous-imagepy-script

issue #26: Migrated script from github-worflows. Missing unit and int…

dockerfiles/alloy/endpoints.json

@@ -21,4 +21,4 @@
             "insecureSkipVerify": true
         }
     }
-}
+}

dockerfiles/tempo/tempo.yaml

@@ -43,7 +43,7 @@ storage:
   trace:
     backend: local                     # Use the local filesystem for block storage. Not recommended for production systems.
     block:
-      bloom_filter_false_positive: .05 # Bloom filter false positive rate.  lower values create larger filters but fewer false positives.
+      bloom_filter_false_positive: .05  # Bloom filter false positive rate.  lower values create larger filters but fewer false positives.
     # Write Ahead Log (WAL) configuration.
     wal:
       path: /tmp/tempo/wal             # Directory to store the the WAL locally.
@@ -62,23 +62,23 @@ metrics_generator:
     # Span metrics create metrics based on span type, duration, name and service.
     span_metrics:
         # Configure extra dimensions to add as metric labels.
-        dimensions:
-          - http.method
-          - http.target
-          - http.status_code
-          - service.version
+      dimensions:
+        - http.method
+        - http.target
+        - http.status_code
+        - service.version
     # Service graph metrics create node and edge metrics for determinng service interactions.
     service_graphs:
         # Configure extra dimensions to add as metric labels.
-        dimensions:
-          - http.method
-          - http.target
-          - http.status_code
-          - service.version
+      dimensions:
+        - http.method
+        - http.target
+        - http.status_code
+        - service.version
     # Configure the local blocks processor.
     local_blocks:
-        # Ensure that metrics blocks are flushed to storage so TraceQL metrics queries against historical data.
-        flush_to_storage: true
+      # Ensure that metrics blocks are flushed to storage so TraceQL metrics queries against historical data.
+      flush_to_storage: true
   # The registry configuration determines how to process metrics.
   registry:
     collection_interval: 5s
@@ -91,4 +91,4 @@ metrics_generator:
 
 # Global override configuration.
 overrides:
-  metrics_generator_processors: ['service-graphs', 'span-metrics','local-blocks'] # The types of metrics generation to enable for each tenant.
+  metrics_generator_processors: ['service-graphs', 'span-metrics', 'local-blocks']  # The types of metrics generation to enable for each tenant.

remove-previous-image/remove_previous_image.py

@@ -0,0 +1,92 @@
+"""
+
+This script is based on this documentation:
+https://docs.github.com/en/rest/packages/packages?apiVersion=2022-11-28
+
+"""
+
+import os
+import requests
+from requests.auth import HTTPBasicAuth
+
+"""
+Delete the old container (based on the previous tag)
+"""
+def delete_old_image(version_id, org, headers, auth):
+    url_delete_previous_version = f"https://api.github.com/orgs/{org}/packages/container/{container_name}/versions/{version_id}"
+    response = requests.delete(url_delete_previous_version, headers=headers, auth=auth)
+    if response.status_code == 204:
+        print('Previous container deleted!')
+    else:
+        raise Exception(f"Error deleting the previous container: {response.status_code} {response.text}")
+
+"""
+Find the previous tag for a specific container.
+Delete the previous tag if it exists and it is not the current one. This wont delete the current tag or older PR tags.
+Check if tags is not empty and check if the len is == 1. If that is the case, it means that the only tag is the previous one.
+"""
+def find_previous_container_tag(response, unique_tag):
+    version_id = None
+    for version in response:
+        print(f"Found tags {version['metadata']['container']['tags']})")
+        tags = version['metadata']['container']['tags']
+        if unique_tag not in tags and len(tags) == 1 and tags:
+            version_id = version['id']
+            print(f"Previous tag found {tags[0]} with version_id {version_id}")
+            return tags[0], version_id
+
+    raise Exception(f"Container name {container_name} not found or the only tag found was the current one. If that is the case, you can ignore this error.")
+
+"""
+Get all GCR containers information
+"""
+def get_container_tags(org, container_name, auth, headers, container_path):
+    get_versions = f"https://api.github.com/orgs/{org}/packages/container/{container_name}/versions"
+    response = requests.get(get_versions, headers=headers, auth=auth)
+
+    try:
+        response.raise_for_status()
+    except requests.exceptions.HTTPError as e:
+        raise Exception(f"Error getting the previous tag for the container {container_path} : {e}")
+
+    return response
+
+def print_console(message):
+    print("====================================")
+    print(message)
+
+if __name__ == "__main__":
+    registry = os.getenv("REGISTRY")
+    github_token = os.getenv("GITHUB_TOKEN")
+    container_name = os.getenv("CONTAINER_NAME")
+    unique_tag = os.getenv("UNIQUE_TAG")
+    user = os.getenv("USER")
+    current_commit = os.getenv("CURRENT_COMMIT")
+
+    headers = {
+        "Accept": "application/vnd.github.v3+json",
+    }
+    auth = HTTPBasicAuth(user, github_token)
+
+    unique_tag_formatted = unique_tag.replace("/", "-")
+
+    container_path = f"{registry}/{container_name}:{unique_tag_formatted}"
+    org = registry.split("/")[1]
+
+    print_console(f"Getting all tags for this container {container_path}...")
+    response = get_container_tags(org, container_name, auth, headers, container_path)
+    print("Done!")
+
+    """
+    If there's no previous image to delete, we will stop the script (sys.exit()).
+    """
+    print_console("Looking for the previous tag...")
+    try:
+        previous_tag, version_id = find_previous_container_tag(response.json(), unique_tag_formatted)
+    except Exception as e:
+        print(e)
+    print("Done!")
+
+    print_console(f"Deleting the previous container with tag ({previous_tag}) and version_id {version_id}...")
+    delete_old_image(version_id, org, headers, auth)
+    print("Done!")

remove-previous-image/requirements.txt

@@ -0,0 +1 @@
+requests

setup.py

@@ -0,0 +1,25 @@
+from setuptools import setup, find_packages
+
+setup(
+    name='devsecops-scripts',
+    version='1.0.0',
+    packages=find_packages(),
+    entry_points={
+        'console_scripts': [
+            'remove-previous-images=remove_previous_image.remove_previous_image:main',
+            'webtop-template=webtop_template.webtop_template:main',
+        ],
+    },
+    url='https://github.com/ai-cfia/devops.git',
+    author='ai-cfia',
+    author_email='[email protected]',
+    description='Every devops script used in dev, uat and production',
+    long_description=open('README.md').read(),
+    long_description_content_type='text/markdown',
+    install_requires=[
+        'requests',
+        'jinja2',
+        'PyGithub',
+        'python-dotenv'
+    ],
+)

webtop-template/templates/webtop-secrets.yaml.j2

@@ -3,7 +3,7 @@ apiVersion: v1
 metadata:
   name: {{ username }}-webtop-secrets
   annotations:
-    avp.kubernetes.io/path: "kv/data/webtop/test"
+    avp.kubernetes.io/path: "kv/data/webtop/{{ username }}"
     avp.kubernetes.io/secret-version: "1"
 stringData:
   PUID: <PUID>

webtop-template/main.py → webtop-template/webtop_template.py

@@ -1,4 +1,3 @@
-import sys
 import os
 from dotenv import load_dotenv
 
@@ -61,11 +60,10 @@ def create_github_pr(username, gh_access_token):
     print(f"Pull request created: {pr.html_url}")
 
 if __name__ == '__main__':
-    username = sys.argv[1]
-
     load_dotenv()
 
     gh_access_token = os.getenv("GITHUB_ACCESS_TOKEN")
+    username = os.getenv("USERNAME")
 
     render_template(username)
     create_github_pr(username, gh_access_token)