diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index aaa578d5..347c2c50 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -21,6 +21,16 @@ jobs: - name: Create k8s Kind Cluster run: ctlptl create cluster kind --registry=ctlptl-registry + - name: Cache Helm Output + id: cache-helm-ooutput + uses: actions/cache@v5 + with: + path: .helm-cache + key: ${{ github.ref_name }} + restore-keys: | + develop + ${{ github.base_ref }} + - name: Test Using Local Config run: tilt ci --timeout "5m" diff --git a/Tiltfile b/Tiltfile index a6436a8e..21b5bbbf 100644 --- a/Tiltfile +++ b/Tiltfile @@ -8,6 +8,7 @@ config.define_string("faf-data-dir", args=False, usage="Directory where the FAF config.define_string("base-domain", args=False, usage="Base Domain to use for all faf services. Defaults to faforever.localhost") config.define_string_list("local-services", args=False, usage="Names of services that you intend to run locally") cfg = config.parse() +is_ci = os.getenv("CI", False) windows_bash_path = cfg.get("windows-bash-path", "C:\\Program Files\\Git\\bin\\bash.exe") host_ip = cfg.get("host-ip", "") local_services = cfg.get("local-services", []) @@ -102,18 +103,24 @@ def helm_with_build_cache(chart, namespace="", values=[], set=[], specifier = "" command.extend(value_flags) command.extend(set_flags) command.extend(["--set", "baseDomain=" + base_domain]) - - deps = [chart] - deps.extend(values) - agnostic_local_resource(name=chart_resource + "-helm", cmd=command, labels=["helm"], deps=deps, allow_parallel=True) - if not os.path.exists(cached_yaml): + if is_ci: agnostic_local(command) + objects = read_yaml_stream(cached_yaml) + if not objects: + fail("No objects found for chart " + chart) + else: + deps = [chart] + deps.extend(values) + agnostic_local_resource(name=chart_resource + "-helm", cmd=command, labels=["helm"], deps=deps, allow_parallel=True) + + if not os.path.exists(cached_yaml): + agnostic_local(command) - objects = read_yaml_stream(cached_yaml) - if not objects: - agnostic_local(command) objects = read_yaml_stream(cached_yaml) + if not objects: + agnostic_local(command) + objects = read_yaml_stream(cached_yaml) watch_file(cached_yaml) @@ -144,7 +151,7 @@ def helm_with_build_cache(chart, namespace="", values=[], set=[], specifier = "" entryPoints = spec["entryPoints"] if "websecure" in entryPoints: entryPoints.append("web") - if containers or job_template_containers: + if not is_ci and (containers or job_template_containers): metadata = object["metadata"] if "annotations" not in metadata or not metadata["annotations"]: metadata["annotations"] = {} @@ -245,8 +252,9 @@ k8s_resource(new_name="namespaces", objects=["faf-infra:namespace", "faf-apps:na k8s_resource(new_name="clusterroles", objects=["read-cm-secrets:clusterrole"], labels=["core"]) k8s_resource(new_name="init-apps", objects=["init-apps:serviceaccount:faf-infra", "init-apps:serviceaccount:faf-apps", "allow-init-apps-read-app-config-infra:rolebinding", "allow-init-apps-read-app-config-apps:rolebinding"], resource_deps=["clusterroles"], labels=["core"]) -k8s_yaml(helm_with_build_cache("disabled/reloader", namespace="faf-ops", values=["config/local.yaml"])) -k8s_resource(workload="release-name-reloader", new_name="reloader", objects=["release-name-reloader:serviceaccount", "release-name-reloader-metadata-role:role", "release-name-reloader-role:clusterrole", "release-name-reloader-metadata-role-binding:rolebinding", "release-name-reloader-role-binding:clusterrolebinding"], resource_deps=["namespaces"], labels=["core"]) +if not is_ci: + k8s_yaml(helm_with_build_cache("disabled/reloader", namespace="faf-ops", values=["config/local.yaml"])) + k8s_resource(workload="release-name-reloader", new_name="reloader", objects=["release-name-reloader:serviceaccount", "release-name-reloader-metadata-role:role", "release-name-reloader-role:clusterrole", "release-name-reloader-metadata-role-binding:rolebinding", "release-name-reloader-role-binding:clusterrolebinding"], resource_deps=["namespaces"], labels=["core"]) storage_yaml = helm_with_build_cache("cluster/storage", values=["config/local.yaml"], set=["dataPath="+data_absolute_path]) storage_yaml = to_hostpath_storage(storage_yaml, use_named_volumes=use_named_volumes) @@ -409,4 +417,4 @@ proxy_local_service_if_set(service_name="faf-ws-bridge", service_chart="apps/faf icebreaker_deps = ["faf-db-migrations", "ory-hydra"] + rabbitmq_setup_resources icebreaker_labels = ["api"] icebreaker_patch = {"HYDRA_URL": "http://ory-hydra:4444", "XIRSYS_ENABLED": "false", "XIRSYS_TURN_ENABLED": "false", "CLOUDFLARE_ENABLED": "false"} -proxy_local_service_if_set(service_name="faf-icebreaker", service_chart="apps/faf-icebreaker", service_namespace="faf-apps", service_deps=icebreaker_deps, service_labels=icebreaker_labels, config_patch=icebreaker_patch) +proxy_local_service_if_set(service_name="faf-icebreaker", service_chart="apps/faf-icebreaker", service_namespace="faf-apps", service_deps=icebreaker_deps, service_labels=icebreaker_labels, additional_values=["apps/faf-icebreaker/values-prod.yaml"], config_patch=icebreaker_patch) diff --git a/apps/faf-icebreaker/templates/deployment.yaml b/apps/faf-icebreaker/templates/deployment.yaml index f38ed8ef..cae2a4a5 100644 --- a/apps/faf-icebreaker/templates/deployment.yaml +++ b/apps/faf-icebreaker/templates/deployment.yaml @@ -32,7 +32,7 @@ spec: - name: geolite-db mountPath: /usr/share/GeoIP containers: - - image: faforever/faf-icebreaker:1.1.9 + - image: "faforever/faf-icebreaker:{{ .Values.image.tag }}" imagePullPolicy: Always name: faf-icebreaker envFrom: diff --git a/apps/faf-icebreaker/values-prod.yaml b/apps/faf-icebreaker/values-prod.yaml new file mode 100644 index 00000000..eae12ab9 --- /dev/null +++ b/apps/faf-icebreaker/values-prod.yaml @@ -0,0 +1,2 @@ +image: + tag: 1.1.9 \ No newline at end of file diff --git a/apps/faf-icebreaker/values-test.yaml b/apps/faf-icebreaker/values-test.yaml new file mode 100644 index 00000000..cf939488 --- /dev/null +++ b/apps/faf-icebreaker/values-test.yaml @@ -0,0 +1,2 @@ +image: + tag: main \ No newline at end of file diff --git a/apps/faf-user-service/templates/ingress.yaml b/apps/faf-user-service/templates/ingress.yaml index eb6236b5..343015bc 100644 --- a/apps/faf-user-service/templates/ingress.yaml +++ b/apps/faf-user-service/templates/ingress.yaml @@ -1,3 +1,25 @@ +{{- if .Values.cors.enabled }} +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: faf-user-service-cors +spec: + headers: + accessControlAllowMethods: + - "GET" + - "POST" + - "OPTIONS" + accessControlAllowHeaders: + - "Content-Type" + - "Authorization" + - "X-HMAC" + accessControlAllowOriginListRegex: + {{- toYaml .Values.cors.allowOriginListRegex | nindent 6 }} + accessControlAllowCredentials: true + accessControlMaxAge: 600 + addVaryHeader: true +--- +{{- end }} apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: @@ -11,3 +33,7 @@ spec: services: - name: faf-user-service port: 8080 + {{- if .Values.cors.enabled }} + middlewares: + - name: faf-user-service-cors + {{- end }} diff --git a/apps/faf-user-service/templates/local-secret.yaml b/apps/faf-user-service/templates/local-secret.yaml index 043b4b58..f31836fd 100644 --- a/apps/faf-user-service/templates/local-secret.yaml +++ b/apps/faf-user-service/templates/local-secret.yaml @@ -11,4 +11,5 @@ stringData: JWT_HMAC_SECRET: "banana" LOBBY_SECRET: "banana" REPLAY_SECRET: "banana" + ALTCHA_HMAC_KEY: "bananabananabananabanana" {{- end}} diff --git a/apps/faf-user-service/values-test.yaml b/apps/faf-user-service/values-test.yaml new file mode 100644 index 00000000..7901fc26 --- /dev/null +++ b/apps/faf-user-service/values-test.yaml @@ -0,0 +1,5 @@ +cors: + enabled: true + allowOriginListRegex: + - "^https?://localhost(:[0-9]+)?$" + - "^https?://127\\.0\\.0\\.1(:[0-9]+)?$" diff --git a/apps/faf-user-service/values.yaml b/apps/faf-user-service/values.yaml index e0d9d50a..851514ec 100644 --- a/apps/faf-user-service/values.yaml +++ b/apps/faf-user-service/values.yaml @@ -1,2 +1,5 @@ infisical-secret: name: faf-user-service +cors: + enabled: false + allowOriginListRegex: [] diff --git a/apps/ory-hydra/templates/ingress.yaml b/apps/ory-hydra/templates/ingress.yaml index d0278271..5d87404d 100644 --- a/apps/ory-hydra/templates/ingress.yaml +++ b/apps/ory-hydra/templates/ingress.yaml @@ -1,3 +1,24 @@ +{{- if .Values.cors.enabled }} +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: ory-hydra-cors +spec: + headers: + accessControlAllowMethods: + - "GET" + - "POST" + - "OPTIONS" + accessControlAllowHeaders: + - "Content-Type" + - "Authorization" + - "X-HMAC" + accessControlAllowOriginListRegex: + {{- toYaml .Values.cors.allowOriginListRegex | nindent 6 }} + accessControlMaxAge: 600 + addVaryHeader: true +--- +{{- end }} apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: @@ -11,3 +32,7 @@ spec: services: - name: ory-hydra port: 4444 + {{- if .Values.cors.enabled }} + middlewares: + - name: ory-hydra-cors + {{- end }} diff --git a/apps/ory-hydra/values-test.yaml b/apps/ory-hydra/values-test.yaml new file mode 100644 index 00000000..7901fc26 --- /dev/null +++ b/apps/ory-hydra/values-test.yaml @@ -0,0 +1,5 @@ +cors: + enabled: true + allowOriginListRegex: + - "^https?://localhost(:[0-9]+)?$" + - "^https?://127\\.0\\.0\\.1(:[0-9]+)?$" diff --git a/apps/ory-hydra/values.yaml b/apps/ory-hydra/values.yaml index 4cae75c0..11124786 100644 --- a/apps/ory-hydra/values.yaml +++ b/apps/ory-hydra/values.yaml @@ -3,6 +3,9 @@ image: tag: "v25.4.0" infisical-secret: name: ory-hydra +cors: + enabled: false + allowOriginListRegex: [] clients: - name: "FAF Client" id: "2e8808cf-5889-469b-b2c3-01f0cc58c4af" diff --git a/cluster/argocd/Chart.yaml b/cluster/argocd/Chart.yaml index f1d641b9..8a52f2bd 100644 --- a/cluster/argocd/Chart.yaml +++ b/cluster/argocd/Chart.yaml @@ -3,5 +3,5 @@ name: argocd version: 1.0.0 dependencies: - name: argo-cd - version: 9.4.17 + version: 9.5.13 repository: https://argoproj.github.io/argo-helm