Skip to content

Commit

Permalink
feat: build binaries and Docker images in CI
Browse files Browse the repository at this point in the history
For releases we need to have Docker images and binary images available for the
user to actually run influxdb3. These CI changes will build the binaries on a
release tag and the Docker image as well, test, sign, and publish them and make
them available for download.

Co-Authored-By: Brandon Pfeifer <bpfeifer@influxdata.com>
  • Loading branch information
mgattozzi and bnpfeife committed Mar 26, 2024
1 parent 12636ca commit 2d78d18
Show file tree
Hide file tree
Showing 20 changed files with 845 additions and 75 deletions.
425 changes: 361 additions & 64 deletions .circleci/config.yml

Large diffs are not rendered by default.

51 changes: 51 additions & 0 deletions .circleci/packages/config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@

version:
release:
match: '^v[0-9]+.[0-9]+.[0-9]+'
value: '{{env.CIRCLE_TAG[1:]}}'
default:
value: '3.x-{{env.CIRCLE_SHA1[:8]}}'

sources:
- binary: /tmp/workspace/artifacts/influxdb3-edge_x86_64-unknown-linux-musl.tar.gz
target: artifacts/
arch: amd64
plat: linux

- binary: /tmp/workspace/artifacts/influxdb3-edge_aarch64-unknown-linux-musl.tar.gz
target: artifacts/
arch: arm64
plat: linux

- binary: /tmp/workspace/artifacts/influxdb3-edge_aarch64-apple-darwin.tar.gz
target: artifacts/
arch: amd64
plat: darwin

- binary: /tmp/workspace/artifacts/influxdb3-edge_x86_64-pc-windows-gnu.tar.gz
target: artifacts/
arch: amd64
plat: windows

packages:
- name: influxdb3
description: Monolithic time-series database.
license: MIT/Apache-2.0
binaries:
- influxdb3
- influxdb3.exe
extras:
- source: LICENSE-APACHE
target: usr/share/influxdb3/LICENSE-APACHE

- source: LICENSE-MIT
target: usr/share/influxdb3/LICENSE-MIT

- source: README.md
target: usr/share/influxdb3/README.md
#perm_overrides:
deb_recommends:
- influxdb3-cli
#conflicts:
#depends:
source: .circleci/packages/influxdb3
16 changes: 16 additions & 0 deletions .circleci/packages/influxdb3/control/post-install
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash

BIN_DIR=/usr/bin
DATA_DIR=/var/lib/influxdb3
LOG_DIR=/var/log/influxdb3

# Distribution-specific logic
if [[ -f /etc/debian_version ]]; then
# Ownership for RH-based platforms is set in build.py via the `rmp-attr` option.
# We perform ownership change only for Debian-based systems.
# Moving these lines out of this if statement would make `rmp -V` fail after installation.
chown -R -L influxdb:influxdb $LOG_DIR
chown -R -L influxdb:influxdb $DATA_DIR
chmod 755 $LOG_DIR
chmod 755 $DATA_DIR
fi
2 changes: 2 additions & 0 deletions .circleci/packages/influxdb3/control/post-uninstall
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
#!/bin/bash

22 changes: 22 additions & 0 deletions .circleci/packages/influxdb3/control/pre-install
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
#!/bin/bash

DATA_DIR=/var/lib/influxdb3
USER=influxdb3
GROUP=influxdb3
LOG_DIR=/var/log/influxdb3

if ! id influxdb3 &>/dev/null; then
useradd --system -U -M influxdb3 -s /bin/false -d $DATA_DIR
fi

# check if DATA_DIR exists
if [ ! -d "$DATA_DIR" ]; then
mkdir -p $DATA_DIR
chown $USER:$GROUP $DATA_DIR
fi

# check if LOG_DIR exists
if [ ! -d "$LOG_DIR" ]; then
mkdir -p $LOG_DIR
chown $USER:$GROUP $DATA_DIR
fi
Empty file.
Empty file.
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ RUST_VERSION="$(sed -E -ne 's/channel = "(.*)"/\1/p' rust-toolchain.toml)"
COMMIT_SHA="$(git rev-parse HEAD)"
COMMIT_TS="$(env TZ=UTC0 git show --quiet --date='format-local:%Y-%m-%dT%H:%M:%SZ' --format="%cd" HEAD)"
NOW="$(date --utc --iso-8601=seconds)"
REPO_URL="https://github.com/influxdata/influxdb_iox"
REPO_URL="https://github.com/influxdata/influxdb"

exec docker buildx build \
--build-arg CARGO_INCREMENTAL="no" \
Expand All @@ -22,8 +22,8 @@ exec docker buildx build \
--label org.opencontainers.image.url="$REPO_URL" \
--label org.opencontainers.image.revision="$COMMIT_SHA" \
--label org.opencontainers.image.vendor="InfluxData Inc." \
--label org.opencontainers.image.title="InfluxDB IOx, '$PACKAGE'" \
--label org.opencontainers.image.description="InfluxDB IOx production image for package '$PACKAGE'" \
--label org.opencontainers.image.title="InfluxDB3 Edge" \
--label org.opencontainers.image.description="InfluxDB3 Edge Image" \
--label com.influxdata.image.commit-date="$COMMIT_TS" \
--label com.influxdata.image.package="$PACKAGE" \
--progress plain \
Expand Down
8 changes: 8 additions & 0 deletions .circleci/scripts/package-validation/debian
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/bin/bash
set -o errexit \
-o nounset \
-o pipefail

path="$(dirname "$(realpath "${BASH_SOURCE[0]}")")"

"${path}/validate" deb "${1}"
97 changes: 97 additions & 0 deletions .circleci/scripts/package-validation/redhat
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
#!/bin/bash
set -o errexit \
-o nounset \
-o pipefail

# $1 -> architecture
# $2 -> package path
case ${1} in
x86_64) arch=x86_64 ;;
aarch64) arch=arm64 ;;
esac

package="$(realpath "${2}")"

path="$(dirname "$(realpath "${BASH_SOURCE[0]}")")"

terraform_init() {
pushd "${path}/tf" &>/dev/null

# Unfortunately, CircleCI doesn't offer any RPM based machine images.
# This is required to test the functionality of the systemd services.
# (systemd doesn't run within docker containers). This will spawn a
# Amazon Linux instance in AWS.
terraform init
terraform apply \
-auto-approve \
-var "architecture=${1}" \
-var "package_path=${2}" \
-var "identifier=${CIRCLE_JOB}"

popd &>/dev/null
}

terraform_free() {
pushd "${path}/tf" &>/dev/null

terraform destroy \
-auto-approve \
-var "architecture=${1}" \
-var "package_path=${2}" \
-var "identifier=${CIRCLE_JOB}"

popd &>/dev/null
}

terraform_ip() {
pushd "${path}/tf" &>/dev/null

terraform output -raw node_ssh

popd &>/dev/null
}


# This ensures that the associated resources within AWS are released
# upon exit or when encountering an error. This is setup before the
# call to "terraform apply" so even partially initialized resources
# are released.
# shellcheck disable=SC2064
trap "terraform_free \"${arch}\" \"${package}\"" \
SIGINT \
SIGTERM \
ERR \
EXIT

function terraform_setup()
{
# TODO(bnpfeife): remove this once the executor is updated.
#
# Unfortunately, terraform provided by the CircleCI executor is *terribly*
# out of date. Most Linux distributions are disabling "ssh-rsa" public key
# algorithms which this uses to remote into the ec2 instance . This
# installs the latest version of terraform.
#
# Addendum: the "terraform_version" CircleCI option is broken!
sudo tee /etc/apt/sources.list.d/hashicorp.list <<EOF >/dev/null || true
deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main
EOF

curl -fL https://apt.releases.hashicorp.com/gpg | gpg --dearmor | \
sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg >/dev/null

export DEBIAN_FRONTEND=noninteractive
sudo -E apt-get update
sudo -E apt-get install --yes terraform
}

terraform_setup

terraform_init "${arch}" "${package}"

printf 'Setup complete! Testing %s... (this takes several minutes!)' "${1}"

# Since terraform *just* created this instance, the host key is not
# known. Therefore, we'll disable StrictHostKeyChecking so ssh does
# not wait for user input.
ssh -o 'StrictHostKeyChecking=no' "ec2-user@$(terraform_ip)" 'sudo ./validate rpm ./influxdb3.rpm'
114 changes: 114 additions & 0 deletions .circleci/scripts/package-validation/tf/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 2.70"
}
}
}

variable "architecture" {
type = string
}

variable "identifier" {
type = string
}

variable "package_path" {
type = string
}

provider "aws" {
region = "us-east-1"
}

data "aws_ami" "test_ami" {
most_recent = true

filter {
name = "name"
values = ["al20*-ami-20*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
filter {
name = "architecture"
values = [var.architecture]
}

owners = ["137112412989"]
}

resource "aws_security_group" "influxdb_test_package_sg" {
ingress {
description = "Allow ssh connection"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}

egress {
description = "Allow all outgoing"
from_port = 0
to_port = 0
protocol = "all"
cidr_blocks = ["0.0.0.0/0"]
}
}

resource "aws_instance" "test_instance" {
count = 1
ami = data.aws_ami.test_ami.id
instance_type = var.architecture == "x86_64" ? "t2.micro" : "c6g.medium"
key_name = "circleci-oss-test"
vpc_security_group_ids = [aws_security_group.influxdb_test_package_sg.id]

tags = {
Name = format("circleci_%s_test_%s", var.identifier, var.architecture)
}

provisioner "file" {
source = var.package_path
destination = "/home/ec2-user/influxdb3.rpm"

connection {
type = "ssh"
user = "ec2-user"
host = self.public_dns
agent = true
}
}

provisioner "file" {
source = "../validate"
destination = "/home/ec2-user/validate"

connection {
type = "ssh"
user = "ec2-user"
host = self.public_dns
agent = true
}
}

provisioner "remote-exec" {
inline = [
"chmod +x /home/ec2-user/validate",
]

connection {
type = "ssh"
user = "ec2-user"
host = self.public_dns
agent = true
}
}
}

output "node_ssh" {
value = aws_instance.test_instance.0.public_dns
}
Loading

0 comments on commit 2d78d18

Please sign in to comment.