external-plugins: add netlify-preview plugin to retry deploy previews

.prow-images.yaml

@@ -38,5 +38,6 @@ images:
     arch: all
   - dir: cmd/external-plugins/needs-rebase
   - dir: cmd/external-plugins/cherrypicker
+  - dir: cmd/external-plugins/netlify-preview
   - dir: cmd/external-plugins/refresh
   - dir: cmd/ghproxy

cmd/external-plugins/netlify-preview/config/config.go

@@ -0,0 +1,64 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package config
+
+import (
+	"fmt"
+	"os"
+
+	"sigs.k8s.io/yaml"
+)
+
+type Config struct {
+	Repos map[string]Repo `json:"repos,omitempty"`
+}
+
+type Repo struct {
+	SiteID string `json:"site_id,omitempty"`
+}
+
+func Load(path string) (*Config, error) {
+	data, err := os.ReadFile(path)
+	if err != nil {
+		return nil, err
+	}
+	var cfg Config
+	if err := yaml.UnmarshalStrict(data, &cfg); err != nil {
+		return nil, err
+	}
+	if err := cfg.Validate(); err != nil {
+		return nil, err
+	}
+	return &cfg, nil
+}
+
+func (c *Config) Validate() error {
+	for repo, cfg := range c.Repos {
+		if cfg.SiteID == "" {
+			return fmt.Errorf("missing site_id for repo %q", repo)
+		}
+	}
+	return nil
+}
+
+func (c *Config) Repo(org, repo string) (Repo, bool) {
+	if c == nil {
+		return Repo{}, false
+	}
+	cfg, ok := c.Repos[org+"/"+repo]
+	return cfg, ok
+}

cmd/external-plugins/netlify-preview/config/config_test.go

@@ -0,0 +1,61 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package config
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+func TestLoad(t *testing.T) {
+	dir := t.TempDir()
+	path := filepath.Join(dir, "config.yaml")
+	if err := os.WriteFile(path, []byte(`repos:
+  kubernetes/website:
+    site_id: site-123
+`), 0600); err != nil {
+		t.Fatalf("failed to write config: %v", err)
+	}
+
+	cfg, err := Load(path)
+	if err != nil {
+		t.Fatalf("failed to load config: %v", err)
+	}
+
+	repo, ok := cfg.Repo("kubernetes", "website")
+	if !ok {
+		t.Fatal("expected kubernetes/website mapping")
+	}
+	if repo.SiteID != "site-123" {
+		t.Fatalf("expected site id %q, got %q", "site-123", repo.SiteID)
+	}
+}
+
+func TestLoadRejectsMissingSiteID(t *testing.T) {
+	dir := t.TempDir()
+	path := filepath.Join(dir, "config.yaml")
+	if err := os.WriteFile(path, []byte(`repos:
+  kubernetes/website: {}
+`), 0600); err != nil {
+		t.Fatalf("failed to write config: %v", err)
+	}
+
+	if _, err := Load(path); err == nil {
+		t.Fatal("expected error for missing site id")
+	}
+}

cmd/external-plugins/netlify-preview/main.go

@@ -0,0 +1,147 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// netlify-preview retries Netlify deploy previews for pull requests.
+package main
+
+import (
+	"flag"
+	"fmt"
+	"net/http"
+	"os"
+	"strconv"
+	"time"
+
+	"github.com/sirupsen/logrus"
+
+	previewconfig "sigs.k8s.io/prow/cmd/external-plugins/netlify-preview/config"
+	"sigs.k8s.io/prow/cmd/external-plugins/netlify-preview/netlify"
+	netlifypreview "sigs.k8s.io/prow/cmd/external-plugins/netlify-preview/plugin"
+	"sigs.k8s.io/prow/pkg/config/secret"
+	"sigs.k8s.io/prow/pkg/flagutil"
+	prowflagutil "sigs.k8s.io/prow/pkg/flagutil"
+	pluginsflagutil "sigs.k8s.io/prow/pkg/flagutil/plugins"
+	"sigs.k8s.io/prow/pkg/interrupts"
+	"sigs.k8s.io/prow/pkg/logrusutil"
+	"sigs.k8s.io/prow/pkg/pjutil"
+	"sigs.k8s.io/prow/pkg/pluginhelp/externalplugins"
+)
+
+type options struct {
+	port int
+
+	pluginsConfig          pluginsflagutil.PluginOptions
+	dryRun                 bool
+	github                 prowflagutil.GitHubOptions
+	instrumentationOptions prowflagutil.InstrumentationOptions
+	logLevel               string
+
+	webhookSecretFile string
+	netlifyTokenFile  string
+	configPath        string
+	netlifyAPIURL     string
+}
+
+func (o *options) Validate() error {
+	for idx, group := range []flagutil.OptionGroup{&o.github} {
+		if err := group.Validate(o.dryRun); err != nil {
+			return fmt.Errorf("%d: %w", idx, err)
+		}
+	}
+	if o.netlifyTokenFile == "" {
+		return fmt.Errorf("--netlify-token-file is required")
+	}
+	if o.configPath == "" {
+		return fmt.Errorf("--config-path is required")
+	}
+	if o.netlifyAPIURL == "" {
+		return fmt.Errorf("--netlify-api-url is required")
+	}
+	return nil
+}
+
+func gatherOptions() options {
+	o := options{}
+	fs := flag.NewFlagSet(os.Args[0], flag.ExitOnError)
+	fs.IntVar(&o.port, "port", 8888, "Port to listen on.")
+	fs.BoolVar(&o.dryRun, "dry-run", true, "Dry run for testing. Uses API tokens but does not mutate.")
+	fs.StringVar(&o.webhookSecretFile, "hmac-secret-file", "/etc/webhook/hmac", "Path to the file containing the GitHub HMAC secret.")
+	fs.StringVar(&o.netlifyTokenFile, "netlify-token-file", "/etc/netlify-preview/token", "Path to the file containing the Netlify API token.")
+	fs.StringVar(&o.configPath, "config-path", "/etc/netlify-preview/config.yaml", "Path to the netlify-preview plugin config file.")
+	fs.StringVar(&o.netlifyAPIURL, "netlify-api-url", "https://api.netlify.com", "Base URL for the Netlify API.")
+	fs.StringVar(&o.logLevel, "log-level", "debug", fmt.Sprintf("Log level is one of %v.", logrus.AllLevels))
+	o.pluginsConfig.PluginConfigPathDefault = "/etc/plugins/plugins.yaml"
+	for _, group := range []flagutil.OptionGroup{&o.github, &o.instrumentationOptions, &o.pluginsConfig} {
+		group.AddFlags(fs)
+	}
+	fs.Parse(os.Args[1:])
+	return o
+}
+
+func main() {
+	logrusutil.ComponentInit()
+	o := gatherOptions()
+	if err := o.Validate(); err != nil {
+		logrus.Fatalf("Invalid options: %v", err)
+	}
+
+	logLevel, err := logrus.ParseLevel(o.logLevel)
+	if err != nil {
+		logrus.WithError(err).Fatal("Failed to parse loglevel")
+	}
+	logrus.SetLevel(logLevel)
+	log := logrus.StandardLogger().WithField("plugin", netlifypreview.PluginName)
+
+	if err := secret.Add(o.webhookSecretFile); err != nil {
+		logrus.WithError(err).Fatal("Error starting webhook secret agent.")
+	}
+	if err := secret.Add(o.netlifyTokenFile); err != nil {
+		logrus.WithError(err).Fatal("Error starting Netlify token secret agent.")
+	}
+
+	pluginAgent, err := o.pluginsConfig.PluginAgent()
+	if err != nil {
+		log.WithError(err).Fatal("Error loading plugin config.")
+	}
+	previewConfig, err := previewconfig.Load(o.configPath)
+	if err != nil {
+		log.WithError(err).Fatal("Error loading netlify-preview config.")
+	}
+	githubClient, err := o.github.GitHubClient(o.dryRun)
+	if err != nil {
+		logrus.WithError(err).Fatal("Error getting GitHub client.")
+	}
+
+	serv := &server{
+		tokenGenerator: secret.GetTokenGenerator(o.webhookSecretFile),
+		ghc:            githubClient,
+		netlifyClient:  netlify.NewClient(o.netlifyAPIURL, http.DefaultClient, secret.GetTokenGenerator(o.netlifyTokenFile)),
+		pluginConfig:   pluginAgent,
+		previewConfig:  previewConfig,
+		log:            log,
+		dryRun:         o.dryRun,
+	}
+
+	health := pjutil.NewHealthOnPort(o.instrumentationOptions.HealthPort)
+	health.ServeReady()
+
+	mux := http.NewServeMux()
+	mux.Handle("/", serv)
+	externalplugins.ServeExternalPluginHelp(mux, log, netlifypreview.HelpProvider)
+	httpServer := &http.Server{Addr: ":" + strconv.Itoa(o.port), Handler: mux}
+	defer interrupts.WaitForGracefulShutdown()
+	interrupts.ListenAndServe(httpServer, 5*time.Second)
+}

cmd/external-plugins/netlify-preview/netlify/client.go

@@ -0,0 +1,107 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package netlify
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+// Deploy is the subset of Netlify deploy data needed to retry PR deploy previews.
+type Deploy struct {
+	ID           string    `json:"id"`
+	Context      string    `json:"context"`
+	State        string    `json:"state"`
+	ReviewID     int       `json:"review_id"`
+	Branch       string    `json:"branch"`
+	DeploySSLURL string    `json:"deploy_ssl_url"`
+	CreatedAt    time.Time `json:"created_at"`
+}
+
+type Client struct {
+	baseURL        string
+	httpClient     *http.Client
+	tokenGenerator func() []byte
+}
+
+func NewClient(baseURL string, httpClient *http.Client, tokenGenerator func() []byte) *Client {
+	if httpClient == nil {
+		httpClient = http.DefaultClient
+	}
+	return &Client{
+		baseURL:        strings.TrimRight(baseURL, "/"),
+		httpClient:     httpClient,
+		tokenGenerator: tokenGenerator,
+	}
+}
+
+func (c *Client) ListDeploys(ctx context.Context, siteID string) ([]Deploy, error) {
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, fmt.Sprintf("%s/api/v1/sites/%s/deploys", c.baseURL, url.PathEscape(siteID)), nil)
+	if err != nil {
+		return nil, err
+	}
+	c.authorize(req)
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode < 200 || resp.StatusCode > 299 {
+		body, _ := io.ReadAll(resp.Body)
+		return nil, fmt.Errorf("list deploys returned %s: %s", resp.Status, strings.TrimSpace(string(body)))
+	}
+	var deploys []Deploy
+	if err := json.NewDecoder(resp.Body).Decode(&deploys); err != nil {
+		return nil, err
+	}
+	return deploys, nil
+}
+
+func (c *Client) RetryDeploy(ctx context.Context, deployID string) error {
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, fmt.Sprintf("%s/api/v1/deploys/%s/retry", c.baseURL, url.PathEscape(deployID)), nil)
+	if err != nil {
+		return err
+	}
+	c.authorize(req)
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode < 200 || resp.StatusCode > 299 {
+		body, _ := io.ReadAll(resp.Body)
+		return fmt.Errorf("retry deploy returned %s: %s", resp.Status, strings.TrimSpace(string(body)))
+	}
+	return nil
+}
+
+func (c *Client) authorize(req *http.Request) {
+	if c.tokenGenerator == nil {
+		return
+	}
+	token := strings.TrimSpace(string(c.tokenGenerator()))
+	if token == "" {
+		return
+	}
+	req.Header.Set("Authorization", "Bearer "+token)
+}