Files
pikasTech-unidesk/scripts/issue-60-deploy-json-executor-preflight-contract-test.ts
T

171 lines
11 KiB
TypeScript

import { readFileSync } from "node:fs";
import {
compareDeployJsonExecutorMirrors,
deployJsonDriftResult,
deployJsonSourceOfTruth,
encodeDeployJsonServiceContract,
k3sManifestExecutorMirror,
parseDeployJsonServiceContract,
type DeployJsonServiceContract,
type DeployJsonExecutorMirror,
} from "./src/deploy-json-contract";
import { rootPath } from "./src/config";
import { runArtifactRegistryCommand } from "./src/artifact-registry";
type JsonRecord = Record<string, unknown>;
function assertCondition(condition: unknown, message: string, detail: unknown = {}): void {
if (!condition) throw new Error(`${message}: ${JSON.stringify(detail)}`);
}
function asRecord(value: unknown, label: string): JsonRecord {
assertCondition(typeof value === "object" && value !== null && !Array.isArray(value), `${label} must be an object`, value);
return value as JsonRecord;
}
function asArray(value: unknown, label: string): unknown[] {
assertCondition(Array.isArray(value), `${label} must be an array`, value);
return value;
}
interface ContractCase {
serviceId: string;
expectedRuntimeImage: string;
driftPort: number;
}
function deployService(environment: "dev" | "prod", serviceId: string): DeployJsonServiceContract {
const deploy = asRecord(JSON.parse(readFileSync(rootPath("deploy.json"), "utf8")) as unknown, "deploy.json");
const environments = asRecord(deploy.environments, "deploy.json.environments");
const env = asRecord(environments[environment], `deploy.json.environments.${environment}`);
const services = asArray(env.services, `deploy.json.environments.${environment}.services`);
const raw = services.find((item) => asRecord(item, `${environment} service`).id === serviceId);
assertCondition(raw !== undefined, `deploy.json must contain ${environment}/${serviceId}`);
return parseDeployJsonServiceContract(raw, `deploy.json.environments.${environment}.services.${serviceId}`);
}
const deploySource = readFileSync(rootPath("scripts/src/deploy.ts"), "utf8");
assertCondition(deploySource.includes('"--deploy-json-service", encodeDeployJsonServiceContract(service)'), "deploy executor must pass deploy.json service contract into artifact-registry", {});
const cases: ContractCase[] = [
{
serviceId: "mdtodo",
expectedRuntimeImage: "unidesk-mdtodo",
driftPort: 4268,
},
{
serviceId: "decision-center",
expectedRuntimeImage: "unidesk-decision-center",
driftPort: 4278,
},
];
const verifiedServices: string[] = [];
for (const item of cases) {
const service = deployService("dev", item.serviceId);
const artifact = asRecord(service.artifact, `${item.serviceId} artifact`);
const consumer = asRecord(service.consumer, `${item.serviceId} consumer`);
const targetContract = asRecord(consumer.target, `${item.serviceId} consumer target`);
const runtime = asRecord(service.runtime, `${item.serviceId} runtime`);
const memory = asRecord(runtime.memory, `${item.serviceId} runtime memory`);
const health = asRecord(runtime.health, `${item.serviceId} runtime health`);
const commit = String(service.commitId);
const sourceOfTruth = deployJsonSourceOfTruth(service, "dev");
const applyPlan = asRecord(await runArtifactRegistryCommand([
"deploy-service",
"--env",
"dev",
"--service",
item.serviceId,
"--commit",
commit,
"--source-repo",
service.repo,
"--deploy-ref",
`origin/master:deploy.json#environments.dev.services.${item.serviceId}`,
"--deploy-json-service",
encodeDeployJsonServiceContract(service),
"--dry-run",
]), `${item.serviceId} artifact-registry dry-run result`);
const applyTarget = asRecord(applyPlan.target, `${item.serviceId} artifact-registry target`);
const applyRegistry = asRecord(applyPlan.registry, `${item.serviceId} artifact-registry registry`);
const applyRuntime = asRecord(applyPlan.runtime, `${item.serviceId} artifact-registry runtime`);
const applyRuntimeMemory = asRecord(applyRuntime.memory, `${item.serviceId} artifact-registry runtime memory`);
const applyRuntimeHealth = asRecord(applyRuntime.health, `${item.serviceId} artifact-registry runtime health`);
const applyDriftCheck = asRecord(applyPlan.driftCheck, `${item.serviceId} artifact-registry driftCheck`);
assertCondition(applyPlan.sourceOfTruth !== undefined, `${item.serviceId} artifact-registry dry-run should expose deploy.json sourceOfTruth`, applyPlan);
assertCondition(JSON.stringify(applyPlan.sourceOfTruth) === JSON.stringify(sourceOfTruth), `${item.serviceId} artifact-registry sourceOfTruth must enumerate deploy.json fields`, applyPlan.sourceOfTruth);
assertCondition(applyDriftCheck.ok === true, `${item.serviceId} artifact-registry dry-run must report a passing drift preflight`, applyDriftCheck);
assertCondition(applyRegistry.repository === artifact.repository, `${item.serviceId} artifact-registry dry-run repository must come from deploy.json`, applyRegistry);
assertCondition(applyRegistry.tag === commit, `${item.serviceId} artifact-registry dry-run tag must be deploy.json commitId`, applyRegistry);
assertCondition(applyRegistry.imageRef === `127.0.0.1:5000/${artifact.repository}:${commit}`, `${item.serviceId} artifact-registry imageRef must be deploy.json artifact repository + commit`, applyRegistry);
assertCondition(applyTarget.namespace === targetContract.namespace, `${item.serviceId} artifact-registry dry-run namespace must come from deploy.json`, applyTarget);
assertCondition(applyTarget.deployment === targetContract.deployment, `${item.serviceId} artifact-registry dry-run deployment must come from deploy.json`, applyTarget);
assertCondition(applyTarget.service === targetContract.service, `${item.serviceId} artifact-registry dry-run service must come from deploy.json`, applyTarget);
assertCondition(asArray(applyTarget.deployments, `${item.serviceId} artifact-registry deployments`).some((deployment) => asRecord(deployment, "deployment").name === targetContract.deployment), `${item.serviceId} artifact-registry deployments must come from deploy.json target`, applyTarget);
assertCondition(applyTarget.stableImage === targetContract.stableImage, `${item.serviceId} artifact-registry stableImage must come from deploy.json`, applyTarget);
assertCondition(applyTarget.runtimeImage === `${item.expectedRuntimeImage}:${commit}`, `${item.serviceId} artifact-registry runtimeImage must derive from deploy.json stableImage + commit`, applyTarget);
assertCondition(applyTarget.manifestRepoPath === targetContract.manifestRepoPath, `${item.serviceId} artifact-registry manifest path must come from deploy.json`, applyTarget);
assertCondition(applyRuntime.sourceOfTruth === "deploy.json", `${item.serviceId} artifact-registry runtime source must be deploy.json`, applyRuntime);
assertCondition(applyRuntime.containerPort === runtime.containerPort, `${item.serviceId} artifact-registry runtime port must come from deploy.json`, applyRuntime);
assertCondition(applyRuntime.healthPath === runtime.healthPath, `${item.serviceId} artifact-registry runtime healthPath must come from deploy.json`, applyRuntime);
assertCondition(applyRuntimeMemory.request === memory.request && applyRuntimeMemory.limit === memory.limit, `${item.serviceId} artifact-registry memory must come from deploy.json`, applyRuntimeMemory);
assertCondition(applyRuntimeHealth.deployMetadataRequired === health.deployMetadataRequired, `${item.serviceId} artifact-registry deploy metadata requirement must come from deploy.json`, applyRuntimeHealth);
const implicitPlan = asRecord(await runArtifactRegistryCommand([
"deploy-service",
"--env",
"dev",
"--service",
item.serviceId,
"--commit",
commit,
"--dry-run",
]), `${item.serviceId} implicit deploy.json dry-run result`);
assertCondition(asRecord(implicitPlan.registry, `${item.serviceId} implicit registry`).repository === artifact.repository, `${item.serviceId} implicit artifact-registry dry-run must read deploy.json from file`, implicitPlan);
assertCondition(asRecord(implicitPlan.driftCheck, `${item.serviceId} implicit driftCheck`).ok === true, `${item.serviceId} implicit artifact-registry dry-run must drift-check deploy.json`, implicitPlan);
const manifestMirror = k3sManifestExecutorMirror(service);
assertCondition(manifestMirror !== null, `${item.serviceId} deploy.json contract should locate a k8s manifest mirror`);
const cleanDrifts = compareDeployJsonExecutorMirrors(service, "dev", [manifestMirror!]);
assertCondition(cleanDrifts.length === 0, `${item.serviceId} current k8s manifest mirror should match deploy.json contract`, cleanDrifts);
const driftMirror: DeployJsonExecutorMirror = {
...manifestMirror!,
runtime: {
...manifestMirror!.runtime,
containerPort: item.driftPort,
memory: {
...manifestMirror!.runtime?.memory,
limit: "384Mi",
},
health: {
...manifestMirror!.runtime?.health,
deployMetadataRequired: false,
},
},
};
const drift = compareDeployJsonExecutorMirrors(service, "dev", [driftMirror]);
const driftResult = deployJsonDriftResult(service, "dev", drift);
const driftPayload = asRecord(driftResult.drift, `${item.serviceId} drift result payload`);
const driftItems = asArray(driftPayload.items, `${item.serviceId} drift result items`).map((entry) => asRecord(entry, "drift item"));
assertCondition(driftResult.ok === false, `${item.serviceId} drift result must be non-ok`, driftResult);
assertCondition(driftResult.error === "deploy-json-drift", `${item.serviceId} drift result should use structured deploy-json-drift error`, driftResult);
assertCondition(driftItems.some((entry) => entry.field === "runtime.containerPort" && entry.expected === runtime.containerPort && entry.actual === item.driftPort), `${item.serviceId} drift result should report port mismatch`, driftItems);
assertCondition(driftItems.some((entry) => entry.field === "runtime.memory.limit" && entry.expected === "512Mi" && entry.actual === "384Mi"), `${item.serviceId} drift result should report memory mismatch`, driftItems);
assertCondition(driftItems.some((entry) => entry.field === "runtime.health.deployMetadataRequired" && entry.expected === true && entry.actual === false), `${item.serviceId} drift result should report deploy metadata requirement mismatch`, driftItems);
verifiedServices.push(item.serviceId);
}
process.stdout.write(`${JSON.stringify({
ok: true,
checks: [
"deploy executor passes the deploy.json service contract to artifact-registry dry-run",
"artifact-registry dry-run reads k3s user-service image, target, port, memory and deploy metadata fields from deploy.json",
"k8s manifest target/port/memory/deploy metadata are treated as derived mirrors and checked for drift",
"drift preflight returns structured deploy-json-drift with field-level expected/actual values",
],
services: verifiedServices,
}, null, 2)}\n`);