shinofara/bin_update_pr_desc.py

## bin_update_pr_desc.py
# update_pr_desc.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-

import requests
import time
import json
import sys
import os

args = sys.argv

repo = args[1]
pr = args[2]
github_token = os.environ["_GITHUB_TOKEN"]

pr_url = "https://github.com/hoge-org/" + repo + "/pull/" + pr

# prの情報を取得
headers = {
    'Authorization': 'token ' + github_token,
    'Content-Type': 'application/json'
    }
r = requests.get("https://api.github.com/repos/hoge-org/" + repo + "/pulls/" + pr, headers=headers)
req =r.json()

pr_title = req['title']
pr_owner = req['user']['login']

# candidate_xxのpr_idを検索
# タイミング次第ではPRが存在しないので10秒おきに合計5回までリトライを行う
get_pr_url = 'https://api.github.com/repos/hoge-org/k8s/pulls?state=open&head=hoge-org:candidate_' + repo
candidate_pr_id = 0

r = requests.get(get_pr_url, headers=headers)
req =r.json()

for p in req:
    candidate_pr_id = p['number']


# idが取得できない場合は、PRのを新規作成
if candidate_pr_id == 0:
    url = 'https://api.github.com/repos/hoge-org/k8s/pulls'
    body = '- [ ] [#' + pr + ' ' + pr_title + '](' + pr_url + ') by ' + pr_owner + '\n'
    data = json.dumps({
        'title': "candidate_%s update" % (repo),
        'body': body,
        'head': "candidate_%s" % (repo),
        'base': "master"
        })

    r = requests.post(
        url,
        data,
        headers=headers)

    resp = r.json()
    candidate_pr_id = resp['number']
else:
    url = 'https://api.github.com/repos/hoge-org/k8s/pulls/%d' % (candidate_pr_id)
    r = requests.get(url, headers=headers)
    req = r.json()

    body = req['body']
    if not body:
        body = ''

    body += '- [ ] [#' + pr + ' ' + pr_title + '](' + pr_url + ') by ' + pr_owner + '\n'
    data = json.dumps({
             'body':body,
             })

    # candidate_xxを更新
    requests.post(
        url,
        data,
        headers=headers)

# レビュアーを追加
URL = "https://api.github.com/repos/hoge-org/hopge/pulls/%s/requested_reviewers" % (candidate_pr_id)
requests.post(
    URL,
    json.dumps({
        'reviewers': [pr_owner],
    }),
    headers=headers)

## cloudbuild.yaml
# cloudbuild.yaml
steps:
- name: gcr.io/cloud-builders/gcloud
  id: 'setup_ssh'
  entrypoint: 'bash'
  args:
  - '-c'
  - |
    <ここに秘密鍵をSecret Managerなどから取ってくる処理>
    git config --global url."git@github.com:".insteadOf "https://github.com/"
  volumes:
  - name: 'ssh'
    path: /root/.ssh

- name: 'gcr.io/cloud-builders/kubectl@sha256:c6e2282089393179097749249b70e9423850cfdb7cdc64dbb35ae123f1ee35d1'
  id: 'kubectl_apply'
  waitFor: ['-']
  dir: manifests/
  entrypoint: 'bash'
  env:
  - 'PROJECT=$PROJECT_ID'
  args:
  - '-c'
  - |
    cd ${_TARGET}

    # hoge-pj-clusterという名前のclusterが存在してるとします
    cluster_name=${PROJECT_ID}-cluster
    gcloud container clusters get-credentials ${cluster_name}

    # k8s secrets用のjsonをsecretmanagerから取得
    if [ -f "./secret/kustomization.yml" ]; then
      gcloud secrets  versions access latest --secret=${_TARGET}_secret --project ${PROJECT_ID} > secret/${_TARGET}_secret.yml
    fi

    kubectl kustomize ${PROJECT_ID} | kubectl apply -f -
    kubectl rollout status deploy/${_TARGET}-deployment

- name: gcr.io/cloud-builders/curl
  wait_for: ['kubectl_apply']
  entrypoint: 'bash'
  args:
    - '-c'
    - |
      app=$(echo ${_TARGET} | awk '{print toupper(substr($1,1,1))substr($1,2)}')
      environment=
      if [ "${PROJECT_ID}" = "hoge-stg" ]; then
        environment=Staging
      fi
      if [ "${PROJECT_ID}" = "hoge-prod" ]; then
        environment=Production
      fi
      ts=$(date +%s)
      channel=$_SLACK_CHANNEL

      # Cloud Build Link
      build_url="https://console.cloud.google.com/cloud-build/builds/${BUILD_ID}?project=${PROJECT_ID}"

      curl -X POST \
      --data-urlencode \
      "payload={ここのslackのペイロード}" \
      ${_SLACK_WEBHOOK_URL}

- name: gcr.io/cloud-builders/git
  id: 'create_release_tag'
  entrypoint: /bin/sh
  args:
  - '-c'
  - |
    if [ "${PROJECT_ID}" != "hoge-prod" ]; then exit 0; fi
    git clone git@github.com:hoge-org/${_TARGET}.git ./${_TARGET}
    cd ./${_TARGET}
    tag=$(TZ=TZ=Asia/Tokyo git log --date=format:'%Y-%m-%d-%H-%M-%S' --format="%ad" -n 1 | head -1)
    git tag ${tag}
    git push origin ${tag}
  volumes:
  - name: 'ssh'
    path: /root/.ssh
  waitFor: ['kubectl_apply', 'setup_ssh']

## manifests_hoge_kustomization.tpl.yml
bases:
- ../secret

resources:
- service.yml
- deployment.yml
- ingress.yml

imageTags:
- name: asia.gcr.io/hoge-dev/hoge
  newTag: COMMIT_SHA

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

## manifests_hoge_kustomization.yml
bases:
- ../secret

resources:
- service.yml
- deployment.yml
- ingress.yml

imageTags:
- name: asia.gcr.io/hoge-dev/hoge
  newTag: 8gdf277fa28bd6xxxxxxxxxxxxxx

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
	# update_pr_desc.py
	#!/usr/bin/env python
	# -- coding: utf-8 --

	import requests
	import time
	import json
	import sys
	import os

	args = sys.argv

	repo = args[1]
	pr = args[2]
	github_token = os.environ["_GITHUB_TOKEN"]

	pr_url = "https://github.com/hoge-org/" + repo + "/pull/" + pr

	# prの情報を取得
	headers = {
	'Authorization': 'token ' + github_token,
	'Content-Type': 'application/json'
	}
	r = requests.get("https://api.github.com/repos/hoge-org/" + repo + "/pulls/" + pr, headers=headers)
	req =r.json()

	pr_title = req['title']
	pr_owner = req['user']['login']

	# candidate_xxのpr_idを検索
	# タイミング次第ではPRが存在しないので10秒おきに合計5回までリトライを行う
	get_pr_url = 'https://api.github.com/repos/hoge-org/k8s/pulls?state=open&head=hoge-org:candidate_' + repo
	candidate_pr_id = 0

	r = requests.get(get_pr_url, headers=headers)
	req =r.json()

	for p in req:
	candidate_pr_id = p['number']


	# idが取得できない場合は、PRのを新規作成
	if candidate_pr_id == 0:
	url = 'https://api.github.com/repos/hoge-org/k8s/pulls'
	body = '- [ ] [#' + pr + ' ' + pr_title + '](' + pr_url + ') by ' + pr_owner + '\n'
	data = json.dumps({
	'title': "candidate_%s update" % (repo),
	'body': body,
	'head': "candidate_%s" % (repo),
	'base': "master"
	})

	r = requests.post(
	url,
	data,
	headers=headers)

	resp = r.json()
	candidate_pr_id = resp['number']
	else:
	url = 'https://api.github.com/repos/hoge-org/k8s/pulls/%d' % (candidate_pr_id)
	r = requests.get(url, headers=headers)
	req = r.json()

	body = req['body']
	if not body:
	body = ''

	body += '- [ ] [#' + pr + ' ' + pr_title + '](' + pr_url + ') by ' + pr_owner + '\n'
	data = json.dumps({
	'body':body,
	})

	# candidate_xxを更新
	requests.post(
	url,
	data,
	headers=headers)

	# レビュアーを追加
	URL = "https://api.github.com/repos/hoge-org/hopge/pulls/%s/requested_reviewers" % (candidate_pr_id)
	requests.post(
	URL,
	json.dumps({
	'reviewers': [pr_owner],
	}),
	headers=headers)
	# cloudbuild.yaml
	steps:
	- name: gcr.io/cloud-builders/gcloud
	id: 'setup_ssh'
	entrypoint: 'bash'
	args:
	- '-c'
	- \|
	<ここに秘密鍵をSecret Managerなどから取ってくる処理>
	git config --global url."git@github.com:".insteadOf "https://github.com/"
	volumes:
	- name: 'ssh'
	path: /root/.ssh

	- name: 'gcr.io/cloud-builders/kubectl@sha256:c6e2282089393179097749249b70e9423850cfdb7cdc64dbb35ae123f1ee35d1'
	id: 'kubectl_apply'
	waitFor: ['-']
	dir: manifests/
	entrypoint: 'bash'
	env:
	- 'PROJECT=$PROJECT_ID'
	args:
	- '-c'
	- \|
	cd ${_TARGET}

	# hoge-pj-clusterという名前のclusterが存在してるとします
	cluster_name=${PROJECT_ID}-cluster
	gcloud container clusters get-credentials ${cluster_name}

	# k8s secrets用のjsonをsecretmanagerから取得
	if [ -f "./secret/kustomization.yml" ]; then
	gcloud secrets versions access latest --secret=${_TARGET}_secret --project ${PROJECT_ID} > secret/${_TARGET}_secret.yml
	fi

	kubectl kustomize ${PROJECT_ID} \| kubectl apply -f -
	kubectl rollout status deploy/${_TARGET}-deployment

	- name: gcr.io/cloud-builders/curl
	wait_for: ['kubectl_apply']
	entrypoint: 'bash'
	args:
	- '-c'
	- \|
	app=$(echo ${_TARGET} \| awk '{print toupper(substr($1,1,1))substr($1,2)}')
	environment=
	if [ "${PROJECT_ID}" = "hoge-stg" ]; then
	environment=Staging
	fi
	if [ "${PROJECT_ID}" = "hoge-prod" ]; then
	environment=Production
	fi
	ts=$(date +%s)
	channel=$_SLACK_CHANNEL

	# Cloud Build Link
	build_url="https://console.cloud.google.com/cloud-build/builds/${BUILD_ID}?project=${PROJECT_ID}"

	curl -X POST \
	--data-urlencode \
	"payload={ここのslackのペイロード}" \
	${_SLACK_WEBHOOK_URL}

	- name: gcr.io/cloud-builders/git
	id: 'create_release_tag'
	entrypoint: /bin/sh
	args:
	- '-c'
	- \|
	if [ "${PROJECT_ID}" != "hoge-prod" ]; then exit 0; fi
	git clone git@github.com:hoge-org/${_TARGET}.git ./${_TARGET}
	cd ./${_TARGET}
	tag=$(TZ=TZ=Asia/Tokyo git log --date=format:'%Y-%m-%d-%H-%M-%S' --format="%ad" -n 1 \| head -1)
	git tag ${tag}
	git push origin ${tag}
	volumes:
	- name: 'ssh'
	path: /root/.ssh
	waitFor: ['kubectl_apply', 'setup_ssh']
	bases:
	- ../secret

	resources:
	- service.yml
	- deployment.yml
	- ingress.yml

	imageTags:
	- name: asia.gcr.io/hoge-dev/hoge
	newTag: COMMIT_SHA

	apiVersion: kustomize.config.k8s.io/v1beta1
	kind: Kustomization