Initial Commit

packages/k8s/src/hooks/cleanup-job.ts

@@ -0,0 +1,5 @@
+import { podPrune } from '../k8s'
+
+export async function cleanupJob(): Promise<void> {
+  await podPrune()
+}

packages/k8s/src/hooks/constants.ts

@@ -0,0 +1,58 @@
+import { v4 as uuidv4 } from 'uuid'
+
+export function getRunnerPodName(): string {
+  const name = process.env.ACTIONS_RUNNER_POD_NAME
+  if (!name) {
+    throw new Error(
+      "'ACTIONS_RUNNER_POD_NAME' env is required, please contact your self hosted runner administrator"
+    )
+  }
+  return name
+}
+
+export function getJobPodName(): string {
+  return `${getRunnerPodName().substring(
+    0,
+    MAX_POD_NAME_LENGTH - '-workflow'.length
+  )}-workflow`
+}
+
+export function getStepPodName(): string {
+  return `${getRunnerPodName().substring(
+    0,
+    MAX_POD_NAME_LENGTH - ('-step'.length + STEP_POD_NAME_SUFFIX_LENGTH)
+  )}-step-${uuidv4().substring(0, STEP_POD_NAME_SUFFIX_LENGTH)}`
+}
+
+export function getVolumeClaimName(): string {
+  const name = process.env.ACTIONS_RUNNER_CLAIM_NAME
+  if (!name) {
+    throw new Error(
+      "'ACTIONS_RUNNER_CLAIM_NAME' is required, please contact your self hosted runner administrator"
+    )
+  }
+  return name
+}
+
+const MAX_POD_NAME_LENGTH = 63
+const STEP_POD_NAME_SUFFIX_LENGTH = 8
+export const JOB_CONTAINER_NAME = 'job'
+
+export class RunnerInstanceLabel {
+  runnerhook: string
+  constructor() {
+    this.runnerhook = process.env.ACTIONS_RUNNER_POD_NAME as string
+  }
+
+  get key(): string {
+    return 'runner-pod'
+  }
+
+  get value(): string {
+    return this.runnerhook
+  }
+
+  toString(): string {
+    return `runner-pod=${this.runnerhook}`
+  }
+}

packages/k8s/src/hooks/index.ts

@@ -0,0 +1,4 @@
+export * from './cleanup-job'
+export * from './prepare-job'
+export * from './run-script-step'
+export * from './run-container-step'

packages/k8s/src/hooks/prepare-job.ts

@@ -0,0 +1,197 @@
+import * as core from '@actions/core'
+import * as io from '@actions/io'
+import * as k8s from '@kubernetes/client-node'
+import {
+  ContextPorts,
+  PodPhase,
+  prepareJobArgs,
+  writeToResponseFile
+} from 'hooklib'
+import path from 'path'
+import {
+  containerPorts,
+  createPod,
+  isAuthPermissionsOK,
+  isPodContainerAlpine,
+  namespace,
+  podPrune,
+  requiredPermissions,
+  waitForPodPhases
+} from '../k8s'
+import {
+  containerVolumes,
+  DEFAULT_CONTAINER_ENTRY_POINT,
+  DEFAULT_CONTAINER_ENTRY_POINT_ARGS
+} from '../k8s/utils'
+import { JOB_CONTAINER_NAME } from './constants'
+
+export async function prepareJob(
+  args: prepareJobArgs,
+  responseFile
+): Promise<void> {
+  await podPrune()
+  if (!(await isAuthPermissionsOK())) {
+    throw new Error(
+      `The Service account needs the following permissions ${JSON.stringify(
+        requiredPermissions
+      )} on the pod resource in the '${namespace}' namespace. Please contact your self hosted runner administrator.`
+    )
+  }
+  await copyExternalsToRoot()
+  let container: k8s.V1Container | undefined = undefined
+  if (args.container?.image) {
+    core.info(`Using image '${args.container.image}' for job image`)
+    container = createPodSpec(args.container, JOB_CONTAINER_NAME, true)
+  }
+
+  let services: k8s.V1Container[] = []
+  if (args.services?.length) {
+    services = args.services.map(service => {
+      core.info(`Adding service '${service.image}' to pod definition`)
+      return createPodSpec(service, service.image.split(':')[0])
+    })
+  }
+  if (!container && !services?.length) {
+    throw new Error('No containers exist, skipping hook invocation')
+  }
+  let createdPod: k8s.V1Pod | undefined = undefined
+  try {
+    createdPod = await createPod(container, services, args.registry)
+  } catch (err) {
+    await podPrune()
+    throw new Error(`failed to create job pod: ${err}`)
+  }
+
+  if (!createdPod?.metadata?.name) {
+    throw new Error('created pod should have metadata.name')
+  }
+
+  try {
+    await waitForPodPhases(
+      createdPod.metadata.name,
+      new Set([PodPhase.RUNNING]),
+      new Set([PodPhase.PENDING])
+    )
+  } catch (err) {
+    await podPrune()
+    throw new Error(`Pod failed to come online with error: ${err}`)
+  }
+
+  core.info('Pod is ready for traffic')
+
+  let isAlpine = false
+  try {
+    isAlpine = await isPodContainerAlpine(
+      createdPod.metadata.name,
+      JOB_CONTAINER_NAME
+    )
+  } catch (err) {
+    throw new Error(`Failed to determine if the pod is alpine: ${err}`)
+  }
+
+  generateResponseFile(responseFile, createdPod, isAlpine)
+}
+
+function generateResponseFile(
+  responseFile: string,
+  appPod: k8s.V1Pod,
+  isAlpine
+): void {
+  const response = {
+    state: {},
+    context: {},
+    isAlpine
+  }
+
+  const mainContainer = appPod.spec?.containers?.find(
+    c => c.name === JOB_CONTAINER_NAME
+  )
+  if (mainContainer) {
+    const mainContainerContextPorts: ContextPorts = {}
+    if (mainContainer?.ports) {
+      for (const port of mainContainer.ports) {
+        mainContainerContextPorts[port.containerPort] =
+          mainContainerContextPorts.hostPort
+      }
+    }
+
+    response.context['container'] = {
+      image: mainContainer.image,
+      ports: mainContainerContextPorts
+    }
+  }
+
+  const serviceContainers = appPod.spec?.containers.filter(
+    c => c.name !== JOB_CONTAINER_NAME
+  )
+  if (serviceContainers?.length) {
+    response.context['services'] = serviceContainers.map(c => {
+      if (!c.ports) {
+        return
+      }
+
+      const ctxPorts: ContextPorts = {}
+      for (const port of c.ports) {
+        ctxPorts[port.containerPort] = port.hostPort
+      }
+
+      return {
+        image: c.image,
+        ports: ctxPorts
+      }
+    })
+  }
+  writeToResponseFile(responseFile, JSON.stringify(response))
+}
+
+async function copyExternalsToRoot(): Promise<void> {
+  const workspace = process.env['RUNNER_WORKSPACE']
+  if (workspace) {
+    await io.cp(
+      path.join(workspace, '../../externals'),
+      path.join(workspace, '../externals'),
+      { force: true, recursive: true, copySourceDirectory: false }
+    )
+  }
+}
+
+function createPodSpec(
+  container,
+  name: string,
+  jobContainer = false
+): k8s.V1Container {
+  core.info(JSON.stringify(container))
+  if (!container.entryPointArgs) {
+    container.entryPointArgs = DEFAULT_CONTAINER_ENTRY_POINT_ARGS
+  }
+  container.entryPointArgs = DEFAULT_CONTAINER_ENTRY_POINT_ARGS
+  if (!container.entryPoint) {
+    container.entryPoint = DEFAULT_CONTAINER_ENTRY_POINT
+  }
+  const podContainer = {
+    name,
+    image: container.image,
+    command: [container.entryPoint],
+    args: container.entryPointArgs,
+    ports: containerPorts(container)
+  } as k8s.V1Container
+  if (container.workingDirectory) {
+    podContainer.workingDir = container.workingDirectory
+  }
+
+  podContainer.env = []
+  for (const [key, value] of Object.entries(
+    container['environmentVariables']
+  )) {
+    if (value && key !== 'HOME') {
+      podContainer.env.push({ name: key, value: value as string })
+    }
+  }
+
+  podContainer.volumeMounts = containerVolumes(
+    container.userMountVolumes,
+    jobContainer
+  )
+
+  return podContainer
+}

packages/k8s/src/hooks/run-container-step.ts

@@ -0,0 +1,69 @@
+import * as k8s from '@kubernetes/client-node'
+import * as core from '@actions/core'
+import { PodPhase } from 'hooklib'
+import {
+  createJob,
+  getContainerJobPodName,
+  getPodLogs,
+  getPodStatus,
+  waitForJobToComplete,
+  waitForPodPhases
+} from '../k8s'
+import { JOB_CONTAINER_NAME } from './constants'
+import { containerVolumes } from '../k8s/utils'
+
+export async function runContainerStep(stepContainer): Promise<number> {
+  if (stepContainer.dockerfile) {
+    throw new Error('Building container actions is not currently supported')
+  }
+  const container = createPodSpec(stepContainer)
+  const job = await createJob(container)
+  if (!job.metadata?.name) {
+    throw new Error(
+      `Expected job ${JSON.stringify(
+        job
+      )} to have correctly set the metadata.name`
+    )
+  }
+
+  const podName = await getContainerJobPodName(job.metadata.name)
+  await waitForPodPhases(
+    podName,
+    new Set([PodPhase.COMPLETED, PodPhase.RUNNING]),
+    new Set([PodPhase.PENDING])
+  )
+  await getPodLogs(podName, JOB_CONTAINER_NAME)
+  await waitForJobToComplete(job.metadata.name)
+  // pod has failed so pull the status code from the container
+  const status = await getPodStatus(podName)
+  if (!status?.containerStatuses?.length) {
+    core.warning(`Can't determine container status`)
+    return 0
+  }
+
+  const exitCode =
+    status.containerStatuses[status.containerStatuses.length - 1].state
+      ?.terminated?.exitCode
+  return Number(exitCode) || 0
+}
+
+function createPodSpec(container): k8s.V1Container {
+  const podContainer = new k8s.V1Container()
+  podContainer.name = JOB_CONTAINER_NAME
+  podContainer.image = container.image
+  if (container.entryPoint) {
+    podContainer.command = [container.entryPoint, ...container.entryPointArgs]
+  }
+
+  podContainer.env = []
+  for (const [key, value] of Object.entries(
+    container['environmentVariables']
+  )) {
+    if (value && key !== 'HOME') {
+      podContainer.env.push({ name: key, value: value as string })
+    }
+  }
+  podContainer.volumeMounts = containerVolumes()
+
+  return podContainer
+}

packages/k8s/src/hooks/run-script-step.ts

@@ -0,0 +1,38 @@
+/* eslint-disable @typescript-eslint/no-unused-vars */
+import { RunScriptStepArgs } from 'hooklib'
+import { execPodStep } from '../k8s'
+import { JOB_CONTAINER_NAME } from './constants'
+
+export async function runScriptStep(
+  args: RunScriptStepArgs,
+  state,
+  responseFile
+): Promise<void> {
+  const cb = new CommandsBuilder(
+    args.entryPoint,
+    args.entryPointArgs,
+    args.environmentVariables
+  )
+  await execPodStep(cb.command, state.jobPod, JOB_CONTAINER_NAME)
+}
+
+class CommandsBuilder {
+  constructor(
+    private entryPoint: string,
+    private entryPointArgs: string[],
+    private environmentVariables: { [key: string]: string }
+  ) {}
+
+  get command(): string[] {
+    const envCommands: string[] = []
+    if (
+      this.environmentVariables &&
+      Object.entries(this.environmentVariables).length
+    ) {
+      for (const [key, value] of Object.entries(this.environmentVariables)) {
+        envCommands.push(`${key}=${value}`)
+      }
+    }
+    return ['env', ...envCommands, this.entryPoint, ...this.entryPointArgs]
+  }
+}