owned this note
owned this note
Published
Linked with GitHub
# Eiffel Community CI/CD and Infrastructure
## Quick links
- [Introduction](#Introduction)
- [Implementation Phases](#Implementation-Phases)
- [Phase 1: Evaluation and setting up the basics](#Phase-1-Evaluation-and-Setting-Up-the-Basics)
- [Phase 2: Build Rollout](#Phase-2-Build-Rollout)
- [Phase 3: Bring up full-blown CI/CD](#Phase-3-Bring-up-full-blown-CICD)
- [Phase 4: Eiffel for Eiffel](#Phase-4-Eiffel-for-Eiffel)
- [Meeting Minutes](#Meeting-Minutes)
- [September 16, 2020](#September-16-2020)
- [May 15, 2023](#May-15-2023)
- [August 30, 2023](#August-30-2023)
- [September 8, 2023](#September-8-2023)
This document is used for sharing ideas with regards to how to establish CI/CD for [Eiffel Community](http://eiffel-community.github.io/) hosted on [Nordix](https://www.nordix.org/) infrastructure. The document is expected to contain detailed information about the implementation phases as well as the requirements.
# Introduction
The idea to establish infrastructure and CI/CD for Eiffel Community [was first brought up](https://github.com/eiffel-community/community/issues/47) in the context of setting up automated docker image builds for selected Eiffel repositories so they can be built automatically and consumed by the broader Eiffel Community.
This triggered further conversations within the community to see if it would be beneficial to explore bringing complete CI/CD for the community, running on the infrastructure provided by Nordix Community.
Please see the slides from [this link](https://docs.google.com/presentation/d/1-Qcbh0y7rJahG8-FMK2xKQ8vuH_tX3VfgzRgla-WTWE) for background information and the proposal.
This document focuses on the proposal to use infrastructure and services provided by Nordix Community to establish CI/CD for Eiffel Community.
# Implementation Phases
Implementation takes a phased approach to
- start collaboration between Eiffel and Nordix communities
- get members of Eiffel Community contributing to this work familiar with Nordix Infrastructure and services
- get necessary rights and permissions for members of Eiffel Community contributing to this work on Nordix Infrastructure
- provide value to Eiffel Community as quickly as possible without waiting for complete CI/CD to be built from scratch
Proposed phases are
- Phase 1: Evaluation and setting up the basics
- Phase 2: Build Rollout
- Phase 3: Bring up full-blown CI/CD
- Phase 4: Eiffel for Eiffel
## DONE: Phase 1: Evaluation and Setting Up the Basics
Please note that this phase is considered as completed. Please look at the next phase.
This phase aims to bring up builds of selected Eiffel projects to evaluate Nordix Infrastructure and start collaboration between Eiffel and Nordix communities. This phase will provide a proof of concept and a give an example for how this setup could work.
The high level build process is
- build container image
- tag container image
- push container image to [Nordix Container Image Registry](http://registry.nordix.org/)
Selected projects to enable builds for are
- [Eiffel Gerrit Herald](https://github.com/eiffel-community/eiffel-gerrit-herald)
- [Eiffel Intelligence (frontend)](https://github.com/eiffel-community/eiffel-intelligence)
- [Eiffel Intelligence (backend)](https://github.com/eiffel-community/eiffel-intelligence-frontend)
- [Eiffel RemREM Publish](https://github.com/eiffel-community/eiffel-remrem-publish)
- [Eiffel RemREM Generate](https://github.com/eiffel-community/eiffel-remrem-generate)
Infrastructure Requirements
- build server (need specs like distro if significant, docker version or versions of other tools)
- Jenkins jobs to run builds
- repository on Nordix Container Image Registry for the selected projects
- \<addme\>
## IN PROGRESS: Phase 2: Build Rollout
This phase aims to enable builds for all the projects hosted by Eiffel Community on Nordix Infrastructure. Phase 2 will build all the wanted projects leveraging the experience from phase 1.
The high level build process is
- build artifacts
- build container images
- tag container images
- push container images to [Nordix Container Image Registry](http://registry.nordix.org/)
- store other types of artifacts on [Nordix Artifactory](https://artifactory.nordix.org/)
- \<addme\>
Projects to enable builds for are
- \<addme\>
Infrastructure Requirements
- build server (need specs like distro if significant, docker version or versions of other tools). The build server must have possibility to:
- compile Java code
- build docker images
- Jenkins jobs to run builds
- repositories on Nordix Container Image Registry for the projects
- \<addme\>
## Phase 3: Bring up full-blown CI/CD
This phase aims to establish full-blown CI/CD for Eiffel Community on Nordix Infrastructure including continuous deployment of Eiffel components on Eiffel Domain running in Nordix Infrastructure. Phase 3 will not only build the wanted project but also enable deployment of them.
The high level CI/CD process is
- run tests (unit, integration, whatever)
- deploy the built projects
- \<addme\>
Infrastructure Requirements
- servers to host the deployed projects
- \<addme\>
## Phase 4: Eiffel for Eiffel
This phase aims to use Eiffel for Eiffel as part of Eiffel Community CI/CD. Phase 4 aims to show the full solution where we also send and use Eiffel events for all parts in the CI/CD process.
The high level Eiffel process is
- send Eiffel events for all steps in the process both during CI and CD
- \<addme\>
Infrastructure Requirements
- servers to host Eiffel services such as ER, REMReM and Message bus
- \<addme\>
# Comments & Ideas
## Webhooks?
In order to allow jobs on Nordix Jenkins to be triggered upon merge of a PR or direct push, the repos should be configured with webhooks.
* Click Settings on the repository
* Click Manage Access
* Click Invite teams or people
* Add nordixinfra and give write permission
* Payload URL: https://jenkins.nordix.org/github-webhook/
## Placement of the Jenkins config
* See https://gerrit.nordix.org/plugins/gitiles/infra/cicd/+/refs/heads/master/jjb/eiffel
## Deployment Techniques
How should we deploy the Eiffel components on Nordix?
* Easy2Use?
* ArgoCD?
* Other?
# Meeting Minutes
## September 16, 2020
### Participants
* Mattias Linner, Eiffel Community/Ericsson
* Robert Tomczyk, Nordix Community/Ericsson Software Technology
* Fatih Degirmenci, Eiffel & Nordix Communities/Ericsson Software Technology
### Meeting Notes
* Currently the artifacts for Eiffel Community is built manually by a community member.
* The repositories for container image based projects have Dockerfiles.
* The build process for these repositories is as simple as running docker build command.
* The resulting artifact is currently pushed to Docker hub.
* The overall build process is
* Manually tag the repo of the project
* Build the container image
* Tag the container image with the tag applied in the repo
* Push the tagged the container image to docker hub
* Release events of GitHub could be listened to trigger a release job which builds, tags, and pushes container images to container image registry
* There could be at least 2 pipelines
* post-merge pipeline: building latest version of the container image and storing it on container image registry
* release pipeline: building released versions and taggging/pushing released versions. possible tags are Pre-release, Release
* the jobs/pipelines could be retriggered using keywords as well
* Pipelines and builds can be developed using a sandbox repository, eiffel-community/sandbox project
* Nordix Infra user will require permission to use GitHub API for Eiffel projects
* There are some restrictions on Travis that blocks running further tests
* Think about future infra consolidation and bring this topic to Eiffel TC
* The current manual build process will not be impacted until TC approves move of builds to Nordix Infra
* We need to think about how to handle Eiffel Community CI/CD stuff (jobs, scripts)
* We may need to fork Gerrit Herald for basic build development if needed
* Nordix Container Image Registry, Harbor, will enable proxying for Docker Hub so Docker Hub will not be hit as many times.
### Action Items
* Fatih to come up with full list of candidate projects to establish projects.
* Mattias to create an issue in eiffel-community/community repo, asking creation of eiffel-community/sandbox project to develop builds and CI/CD for the community.
* Mattias to help reaching out to Tobias when questions raised about build/tag/release process
* Mattias to login to [Nordix Gerrit](https://gerrit.nordix.org/)
* Team to aim for getting builds for Gerrit Herald established by TC Meeting on September 28th
## May 15, 2023
### Participants
* Emil Bäckmark, Ericsson
* Adam Kenihan, Nordix Community / Ericsson Software Technology
* Andrew Fenner, Nordix Community / Ericsson Software Technology
### Meeting Notes
* Deploy Eiffel Easy2Use on Nordix before the Eiffel Summit on June 13-14
* Deployment could probably be done by Ericsson (Panos)
* Access for Panos on the jump host need to be set up. Emil to mail Robert and Andrew to request that
* Nauman can help with Eiffel related support from Nordix
* Ingress config needed? Yes, Nauman/Robert can help out on that.
* Eiffel for Eiffel
* What infrastructure components / Eiffel services to actually use in such a set up is not yet defined
* Message bus
* Database - ER? GoER?
* Event sender - REMReM? Some SDK?
* CI/CD Engine
* Alternative 1: Existing Nordix Jenkins instance
* Sub alternative 1: Eiffel Intelligence and Ericsson Jenkins plugin (FEM) in combination
* Cons: EI is complex, FEM is not open-source
* Sub alternative 2: Axis [Eiffel broadcaster](https://github.com/jenkinsci/eiffel-broadcaster-plugin) (only for sending events) combined with some triggering engine? How does Axis trigger on events?
* Alternative 2: Other CI engine than Jenkins? Probably not feasible at the moment, since there are no other CI engine with known Eiffel support
* All Eiffel services deployed as part of "Eiffel for Eiffel" need to be treated as "in-production" and monitored as such
* Could use the existing Grafana instance combined with some event visualizations and maybe more
* To be called from GitHub actions in the Eiffel repositories
* Set up trigger internally in Ericsson to trigger on Eiffel releases? Require Message bus federations from Nordix to Ericsson.
* Next steps
* Assuming that Easy2Use fulfills the needs for Eiffel production, we should do a second deployment of Easy2Use on Nordix once the first deployment is done.
* Mid/long-term we could instead use explicit Helm chart deployments.
* Is there a binary of (Ericsson) Visualization Engine on DockerHub that can be deployed on Nordix?
## August 30, 2023
### Participants
* Emil Bäckmark, Ericsson
* Mattias Linnér, Ericsson
* Panagiotis Efstratiou, Ericsson
* Jainad Chinta, Ericsson/TCS
### Meeting Notes
* Running via Jenkins might be an option if we can't run selfhosted runners in the Eiffel community or if we run out of GitHub actions minutes.
* Bases on that we don't have to store the Jenkins files in nordix gerrit but rather in the corresponding GitHub Eiffel repository.
* Emil and Mattias to check with Nordix people
* Run Jenkins pipeline from file in GitHub repo
* Have you any other ideas on how to get this working good.
* Thoughs behind setting up selfhosted runner for the Nordix Organization. Could we do the same for the Eiffel organization or is there any problems?
* Panos to continue with trying out self hosted runner under Nordix organization
## September 8, 2023
### Participants
Akash Rajguru, Nordix Community / Ericsson Software Technology
Andrew Fenner, Nordix Community / Ericsson Software Technology
Robert Tomczyk, Nordix Community / Ericsson Software Technology
Sankar Palanivel(?), Nordix Community / Ericsson Software Technology
Emil Bäckmark, Ericsson
Mattias Linnèr, Ericsson
Panagiotis Efstratiou, Ericsson
### Meeting Notes
* Discussed what our what needs are
* Andrew showed an example of running a Jenkins pipeline stored in GitHub running on the Jenkins server in Nordix
* We discussed how to solve security. Some alternatives on this:
1. We want the limit the workloads run on Nordix by letting someone approve the PR before the workload is run.
1. We only let certain members of a group/community whos PR should run workloads.
#### Outstanding issues
* Currently the Jenkins is picked from main and not the one from the PR
* Limit the workload running
* Can one approve running workloads via chat approval like https://github.com/marketplace/actions/manual-workflow-approval
* Can we limit the allowed PR authors that can run workloads to a team