Taskfile.yml

version: "3"

vars:
  ENV: "{{.ENV}}"
  FROM: "{{.FROM}}"
  TO: "{{.TO}}"
  FORCE: "{{.FORCE}}"
  NAMESPACE:
    sh: |
      if [ -z "{{.ENV}}" ]; then
        echo "ERROR: ENV variable is not set" >&2
        exit 1
      elif [ "{{.ENV}}" = "poc" ]; then
        echo "hmpps-delius-alfrsco-{{.ENV}}"
      else
        echo "hmpps-delius-alfresco-{{.ENV}}"
      fi
  BUCKET_NAME:
    sh: kubectl get secret s3-bucket-output -n {{.NAMESPACE}} -o jsonpath='{.data.BUCKET_NAME}' | base64 --decode
  OPEN_SEARCH_PREFIX:
    sh: kubectl get svc --namespace {{.NAMESPACE}} | grep 'opensearch-proxy-service-cloud-platform' | awk '{ print $1 }'
  OPENSEARCH_HOST:
    sh: echo "{{.OPEN_SEARCH_PREFIX}}.{{.NAMESPACE}}.svc.cluster.local"
  MESSAGEBROKER_URL:
    sh: |
      kubectl get secrets amazon-mq-broker-secret -o json | \
      jq -r ".data | map_values(@base64d) | .BROKER_URL" | \
      sed -e 's/(/\\(/g' -e 's/)/\\)/g' -e 's/,/\\,/g'
  ALLOWLIST:
    sh: yq 'join(",")' ./kustomize/{{.ENV}}/allowlist.yaml
  RDS_JDBC_URL:
    sh: kubectl get secrets rds-instance-output --namespace {{.NAMESPACE}} -o json | jq -r ".data | map_values(@base64d) | .RDS_JDBC_URL"
  DEBUG: "false"
  DEBUG_FLAG:
    sh: if [ "{{.DEBUG}}" = "true" ]; then echo "--debug"; else echo ""; fi
  HELM_POST_RENDERER_ARGS:
    sh: if [ "{{.DEBUG}}" = "true" ]; then echo "-d true"; else echo "-d false"; fi
  ATOMIC: "true"
  ATOMIC_FLAG:
    sh: if [ "{{.ATOMIC}}" = "true" ]; then echo "--atomic"; else echo ""; fi
  CHART_VERSION: "7.0.3"

tasks:
  # Perform a helm upgrade on the alfresco-content-services chart
  helm_upgrade:
    cmds:
      - echo "NAMESPACE set to {{.NAMESPACE}}"
      - echo "BUCKET_NAME set to {{.BUCKET_NAME}}"
      - echo "OPEN_SEARCH_PREFIX set to {{.OPEN_SEARCH_PREFIX}}"
      - echo "OPENSEARCH_HOST set to {{.OPENSEARCH_HOST}}"
      - echo "RDS_JDBC_URL set to {{.RDS_JDBC_URL}}"
      - echo "DEBUG set to {{.DEBUG}}"
      - task: helm_repo_add
      - task: update_allowlist
      - task: helm_upgrade_install
        vars:
          NAMESPACE: "{{.NAMESPACE}}"
          BUCKET_NAME: "{{.BUCKET_NAME}}"
          OPENSEARCH_HOST: "{{.OPENSEARCH_HOST}}"
          RDS_JDBC_URL: "{{.RDS_JDBC_URL}}"
          DEBUG_FLAG: "{{.DEBUG_FLAG}}"
          ATOMIC_FLAG: "{{.ATOMIC_FLAG}}"
      - task: reset_allowlist
    silent: true

  prepare_namespace:
    internal: true
    cmds:
      - |
        export BUCKET_NAME=$(kubectl get secrets s3-bucket-output -o jsonpath='{.data.BUCKET_NAME}' | base64 -d)
        if [ "${ENV}" = "poc" ]; then
          export NAMESPACE=hmpps-delius-alfrsco-${ENV}
        else
          export NAMESPACE=hmpps-delius-alfresco-${ENV}
        fi
        export OPENSEARCH_PREFIX=$(kubectl get svc --namespace ${NAMESPACE} | grep 'opensearch-proxy-service-cloud-platform' | awk '{ print $1 }')
        export OPENSEARCH_HOST=${OPENSEARCH_PREFIX}.${NAMESPACE}.svc.cluster.local
        export RDS_JDBC_URL=$(kubectl get secrets rds-instance-output --namespace ${NAMESPACE} -o json | jq -r ".data | map_values(@base64d) | .RDS_JDBC_URL")
        export EXTRACTED=$(yq 'join(",")' ./kustomize/${ENV}/allowlist.yaml)
        echo "Using namespace: ${NAMESPACE}"

  update_allowlist:
    internal: true
    dir: ./kustomize/{{.ENV}}
    cmds:
      - |
        export ALLOWLIST={{.ALLOWLIST}}
        yq '.metadata.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" = strenv(ALLOWLIST)' -i ./patch-ingress-repository.yaml
        yq '.metadata.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" = strenv(ALLOWLIST)' -i ./patch-ingress-share.yaml

  helm_repo_add:
    internal: true
    cmds:
      - helm repo add alfresco https://kubernetes-charts.alfresco.com/stable --force-update

  helm_upgrade_install:
    internal: true
    dir: ./kustomize/{{.ENV}}
    cmds:
      - |
        helm upgrade --install alfresco-content-services alfresco/alfresco-content-services --version {{.CHART_VERSION}} --namespace {{.NAMESPACE}} \
        --values=../base/values.yaml --values=../base/values-versions.yaml --values=values.yaml \
        --set s3connector.config.bucketName={{.BUCKET_NAME}} \
        --set database.url={{.RDS_JDBC_URL}} \
        --set-string messageBroker.url="{{.MESSAGEBROKER_URL}}" \
        --set global.search.url=http://{{.OPENSEARCH_HOST}}:8080 \
        --set global.search.host={{.OPENSEARCH_HOST}} \
        --wait --timeout=60m \
        --post-renderer ../kustomizer.sh --post-renderer-args "{{.HELM_POST_RENDERER_ARGS}}" \
        {{.DEBUG_FLAG}} {{.ATOMIC_FLAG}}
        echo " "
        echo "***** Helm upgrade completed *****"
        echo "Helm revision: $(helm list -n {{.NAMESPACE}} | grep alfresco-content-services | awk '{print $10}')"
        echo "Chart version: $(helm list -n {{.NAMESPACE}} | grep alfresco-content-services | awk '{print $9}')"
        echo "ACS Version: $(helm list -n {{.NAMESPACE}} | grep alfresco-content-services | awk '{print $10}')"
        echo " "

  reset_allowlist:
    internal: true
    dir: ./kustomize/{{.ENV}}
    cmds:
      - yq '.metadata.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" = "placeholder"' -i patch-ingress-repository.yaml
      - yq '.metadata.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" = "placeholder"' -i patch-ingress-share.yaml

  # reindexes by id from the FROM_ID to the TO_ID
  # ID FORMAT: alf-node id
  reindex_by_id:
    cmds:
      - |
        helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromId={{.FROM}}" --set "toId={{.TO}}" --namespace {{.NAMESPACE}}

  # reindexes by date from the FROM_DATE to the TO_DATE
  # DATE FORMAT: YYYYMMDDHHMM
  reindex_by_date:
    cmds:
      - |
        helm install "reindex-default-$(openssl rand -hex 4)" ./jobs/reindex_date --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromTime={{.FROM}}" --set "toTime={{.TO}}" --namespace {{.NAMESPACE}}

  # reindex_by_date_metadata-only:
  #   cmds:
  #     - |
  #       helm install "reindex-default-date-meta" ./jobs/reindex_date --set "global.elasticsearch.host={{.OPENSEARCH_HOST}}" --set "fromTime=202402010100" --set "toTime=202402100100" --set "content=false" --namespace {{.NAMESPACE}}

  # uninstalls all helm releases with the prefix
  helm_uninstall_prefix:
    vars:
      PREFIX: "{{.PREFIX}}"
    cmds:
      - |
        helm list -n {{.NAMESPACE}} -q | grep "^{{.PREFIX}}" | while IFS= read -r release; do
          echo "Uninstalling release: $release"
          helm uninstall "$release" -n "$NAMESPACE"
        done

  kubectl_remove_pods_prefix:
    vars:
      PREFIX: "{{.PREFIX}}"
      FORCE_FLAG:
        sh: if [ "{{.FORCE}}" = "true" ]; then echo "--force"; else echo ""; fi
    cmds:
      - |
        kubectl get pods -n {{.NAMESPACE}} | grep "^{{.PREFIX}}" | awk '{print $1}' | while IFS= read -r pod; do
          echo "Deleting pod: $pod"
          kubectl delete pod "$pod" -n "$NAMESPACE" {{.FORCE_FLAG}}
        done