getbranches / conf Goto Github PK

It might make sense for us to refactor to using autopilot on GKE. Having talked to some Google reps, and using it for some time on another project, it seems more like what we want.

We pay a bit more per resource, but the resource usage is lowered since we no longer have to have nodes running that we don't need. We're not big users for Kubernetes, so I think it makes sense.

We need bjerk bot (or some other bot) in order to run the sync_labels workflow

      error: Running program '/home/runner/work/conf/conf' failed with an unhandled exception:
      Error: Github token has expired

See example action run

This issue was generated by todo-issue based on a TODO comment in 0120514. It's been assigned to @simenandre because they committed the code.

To deploy anything to Cloud Run, we need to store Docker artefacts in either Artifact Registry or Container Registry.

Seeing as Artifact Registry is the new thing, hence I think we should use that.

Goal

To ensure that we can quickly deploy infrastructure, we'd like a simple Pulumi setup.

I've given this repository access to a folder in Bjerk's Google Cloud Plattform account. I guess we'll move to our setup at some point, but I think that should be later (?).

Working branch: https://github.com/getbranches/conf/tree/epic-first-install

Work items

Engineering ⚙️

• #4
• #5

I have no idea where the logs from procore-abax are ending up now that the service is running in the kubernetes cluster. Is our slack notification setup not designed with kuberenetes in mind?

This issue was generated by todo-issue based on a TODO comment in 57c5a6f. It's been assigned to @simenandre because they committed the code.

I get a DNS_PROBE_FINISHED_NXDOMAIN when attempting to connect.

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

• chore(deps): update helm release caddy-ingress-controller to v1.1.0
• chore(deps): update vaultwarden:ext-image docker tag to v1.30.3
• chore(deps): update actions/github-script action to v7
• chore(deps): update google-github-actions/auth action to v2
• chore(deps): update google-github-actions/deploy-cloudrun action to v2
• chore(deps): update peter-evans/create-pull-request action to v6
• chore(deps): update pulumi/actions action to v5
• fix(deps): update dependency @pulumi/gcp to v7
• chore(deps): lock file maintenance
• 🔐 Create all rate-limited PRs at once 🔐

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): update pnpm to v8.15.1
• chore(deps): update unleash:ext-image docker tag to v5.9.3
• chore(deps): update actions/setup-node action to v4
• chore(deps): update dependency @bjerk/eslint-config to v6
• chore(deps): update dependency @types/node to v20
• chore(deps): update docker/build-push-action action to v5
• chore(deps): update docker/login-action action to v3
• chore(deps): update docker/metadata-action action to v5
• chore(deps): update docker/setup-buildx-action action to v3
• chore(deps): update toshimaru/auto-author-assign action to v2
• Click on this checkbox to rebase all open PRs at once

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

See log message

It appears we are missing a lot of environment variables.

See this log message for more details

We probably want to release getbranches/conf, our infrastructure as code project as Apache 2.0.

I've asked Pulumi to grant Branches a free Team license for our organization, which probably makes this project more visible. It would be nice if people knew if they could reuse the stuff we have here :)

Reference: pulumi/team-edition-for-open-source#8

It seems that the option to allow YubiKeys for 2FA is currently disabled. If possible, please enable this. Thanks

Some builds are failing, we probably need simenandre/setup-gke-gcloud-auth-plugin.

Abax-VWFS needs to communicate with VWFS through a specific IP address. Therefore we need to set up something like VPC. It's unclear how difficult this is to achieve in a kubernetes cluster. This might be worth reading though. It has been suggeted that we move this service to Cloud Run to make things simpler.

This error pops up seemingly at the time we are trying to run the daily sync operation

As the only backups we need are database backups, I suggest we use Google Storage Buckets as our main storage for backups and use the instructed backup setup from Postgres Operator (which is what we use to manage our databases).

See logs

We need to provide this API key to the cron job

We probably want reuseable workflows, that is used in GitHub Actions.

I propose that we'll have workflows that build a Docker and deploys it.

View on pulumi cloud

The drift check is detecting a change to some google cloud resources. Looking at the diff shows us that there are some service-accounts that pulumi wants to remove from a project IAM member. I suspect that google cloud is adding some extra stuff to this IAM member automatically. Since this happens every time this resource is modified, it becomes a sisyphean task for pulumi, meaning that a diff is detected every single time and the drift check keeps on failing every day.

We should add a cron job that runs every so often and performs a sync operation. Not immediately urgent, but something we want eventually

See the abax-procore cron job for inspiration:

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Location: .github/renovate.json
Error type: The renovate configuration file contains some invalid settings
Message: Regex Managers must contain datasourceTemplate configuration or regex group named datasource