feat: Initial Action

.github/workflows/ci.yml

@@ -0,0 +1,116 @@
+name: CI
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - dev
+
+permissions:
+  # Allow action to write raw configs back to the repository.
+  contents: write
+
+# Run commits in order to prevent out of order write back commits.
+concurrency:
+  group: ${{ github.head_ref || github.ref_name }}
+  cancel-in-progress: false
+
+jobs:
+  shellcheck:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install ShellCheck
+        run: sudo apt-get install shellcheck
+
+      - name: Run ShellCheck
+        run: shellcheck -x -s bash entrypoint.sh
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        # This matrix allows us to test multiple bindplane versions.
+        # When writing back to the repo, we write to directories based
+        # on the bindplane version.
+        bindplane_versions:
+          - 1.40.0
+          - 1.37.0
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Detect Runner IP
+        run: echo "MAIN_IP=$(ip addr show | grep 'inet ' | grep -v '127.0.0.1' | awk '{print $2}' | cut -f1 -d'/' | head -n 1)" >> $GITHUB_ENV
+
+      - name: Print Runner IP
+        run: echo $MAIN_IP
+
+      - name: Pull BindPlane
+        run: docker pull ghcr.io/observiq/bindplane-ee:${{ matrix.bindplane_versions }}
+
+      - name: Start BindPlane
+        run: |
+          docker run \
+            -d \
+            --name bindplane \
+            -e BINDPLANE_USERNAME=admin \
+            -e BINDPLANE_PASSWORD=admin \
+            -e BINDPLANE_REMOTE_URL=http://${MAIN_IP}:3001 \
+            -e BINDPLANE_SESSION_SECRET=2c23c9d3-850f-4062-a5c8-3f9b814ae144 \
+            -e BINDPLANE_SECRET_KEY=8a5353f7-bbf4-4eea-846d-a6d54296b781 \
+            -e BINDPLANE_LOG_OUTPUT=stdout \
+            -e BINDPLANE_ACCEPT_EULA=true \
+            -p 3001:3001 \
+            ghcr.io/observiq/bindplane-ee:${{ matrix.bindplane_versions }}
+
+      - name: Wait for BindPlane
+        uses: nick-fields/retry@v2
+        with:
+          timeout_minutes: 1
+          polling_interval_seconds: 5
+          max_attempts: 10
+          shell: bash
+          command: docker exec bindplane /bindplane get agent
+
+      - name: Run BindPlane Action
+        # This should be replaced with a release action.
+        # <organization>/<repository>@<tag>
+        uses: ./
+        with:
+          # These values are hardcode to match the test instance used by
+          # this workflow. The instance does not persist. Consumers of 
+          # this action should always use secrets when passing in the remote
+          # url, bindplane_username, bindplane_password or api key.
+          #
+          # Remote url will never be localhost when running this action. The action
+          # executes in a container and localhost will always be the container's network
+          # and not the network of the bindplane instance, even if that instance
+          # is running within this runner.
+          bindplane_remote_url: http://${{ env.MAIN_IP }}:3001
+          bindplane_username: admin
+          bindplane_password: admin
+          destination_path: test/resources/destinations/resource.yaml
+          configuration_path: test/resources/configurations/resource.yaml
+          configuration_output_dir: test/otel/${{ matrix.bindplane_versions }}
+          target_branch: dev
+          # Token should have contents: write permissions
+          token: ${{ secrets.GITHUB_TOKEN }}
+          enable_otel_config_write_back: true
+          enable_auto_rollout: true
+
+      - name: Get Resources
+        if: always()
+        run: |
+          docker exec bindplane /bindplane get destinations
+          docker exec bindplane /bindplane get configurations
+
+      - name: Debug Container Logs
+        if: always()
+        run: docker logs bindplane

Dockerfile

@@ -0,0 +1,8 @@
+# Container image that runs your code
+FROM alpine:3.10
+
+RUN apk add --no-cache bash curl git jq
+
+COPY --chmod=0755 entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -1 +1,95 @@
-# bindplane-op-action
+[![CI](https://github.com/observIQ/bindplane-op-action/actions/workflows/ci.yml/badge.svg)](https://github.com/observIQ/bindplane-op-action/actions/workflows/ci.yml)
+
+# bindplane-op-action
+
+The BindPlane OP action can be used to deploy configurations to your BindPlane OP
+server. It also supports exporting the OpenTelemetry configurations back to the repository.
+
+## Configuration
+
+| Parameter                     | Default    | Description                     |
+| :---------------------------- | :--------- | :------------------------------ |
+| bindplane_remote_url          | required   | The endpoint that will be used to connect to BindPalne OP. |
+| bindplane_api_key             |            | API key used to authenticate to BindPlane. Required when BindPlane multi account is enabled or when running on BindPlane Cloud |
+| bindplane_username            |            | Username used to authenticate to BindPlane. Not required if API key is set. |
+| bindplane_password            |            | Password used to authenticate to BindPlane.
+| target_branch                 | required   | The branch that the action will use when applying resources to bindplane or when writing otel configs back to the repo. |
+| destination_path              |            | Path to the file which contains the BindPlane destination resources |
+| configuration_path            |            | Path to the file which contains the BindPlane configuration resources |
+| enable_otel_config_write_back | `false`    | Whether or not the action should write the raw OpenTelemetry configurations back to the repository. | 
+| configuration_output_dir      |            | When write back is enabled, this is the path that will be written to. |
+| token                         |            | The Github token that will be used to write to the repo. Usually secrets.GITHUB_TOKEN is sufficient. Requires the `contents.write` permission. |
+| enable_auto_rollout           | `false`    | When enabled, the action will trigger a rollout for any configuration that has been updated. |
+
+## Usage
+
+### Export Resources
+
+To get started, you must handle exporting your existing resources to the repository. Use
+the `bindplane get` commands with the `--export` flag.
+
+```bash
+bindplane get destination -o yaml --export > destination.yaml
+bindplane get configuration -o yaml --export > configuration.yaml
+```
+
+With the resources exported to the repository, you can move on to configuring the action
+using a new workflow.
+
+### Workflow
+
+The following workflow can be used as an example. It uses the same file paths
+created in the [Export Resources](#export-resources) section.
+
+This example will write the raw OTEL configurations back to the repository at the
+path `otel/`
+
+```yaml
+name: bindplane
+
+on:
+  push:
+    branches:
+      - main
+
+# Write back requires access to the repo
+permissions:
+  contents: write
+
+# Run commits in order to prevent out of order write back commits.
+concurrency:
+  group: ${{ github.head_ref || github.ref_name }}
+  cancel-in-progress: false
+
+jobs:
+  bindplane:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: observIQ/bindplane-op-action@main
+        with:
+          bindplane_remote_url: ${{ secrets.BINDPLANE_REMOTE_URL }}
+          bindplane_username: ${{ secrets.BINDPLANE_USERNAME }}
+          bindplane_password: ${{ secrets.BINDPLANE_PASSWORD }}
+          target_branch: main
+          destination_path: destination.yaml
+          configuration_path: configuration.yaml
+          enable_otel_config_write_back: true
+          configuration_output_dir: otel/
+          token: ${{ secrets.GITHUB_TOKEN }}
+          enable_auto_rollout: true
+```
+
+After the action is executed, you can expect to see OTEL configurations
+in the `otel/` directory.
+
+```
+otel
+├── k8s-cluster.yaml
+├── k8s-gateway.yaml
+└── k8s-node.yaml
+```

action.yml

@@ -0,0 +1,48 @@
+name: 'BindPlane OP Action'
+description: 'GitHub Action for BindPlane OP.'
+author: 'observIQ'
+
+inputs:
+  bindplane_remote_url:
+    description: 'The URL that will be used to connect to BindPlane OP'
+    required: true
+  bindplane_api_key:
+    description: 'The BindPlane OP API key that will be used to authenticate to BindPlane OP'
+  bindplane_username:
+    description: 'The BindPlane OP bindplane_username that will be used to authenticate to BindPlane OP'
+  bindplane_password:
+    description: 'The BindPlane OP bindplane_password that will be used to authenticate to BindPlane OP'
+  target_branch:
+    description: 'Resource apply and OTEL config write back will only happen when this branch is the current branch of the action'
+  destination_path:
+    description: 'Path to the file which contains the BindPlane destination resources'
+  configuration_path:
+    description: 'Path to the file which contains the BindPlane configuration resources'
+  enable_otel_config_write_back:
+    description: 'Enable OTEL raw config write back'
+    default: false
+  configuration_output_dir:
+    description: 'Path to the directory which will contain the rendered OTEL format of the configuration resources'
+  token:
+    description: 'The GitHub token used to authenticate to GitHub when writing OTEL configs back to the repo'
+  enable_auto_rollout:
+    description: 'When enabled, the action will trigger a rollout for all configurations that have been updated'
+    default: false
+
+runs:
+  using: 'docker'
+  image: 'Dockerfile'
+  # Arg order must match the order of the arg parsing
+  # in entrypoint.sh.
+  args:
+    - ${{ inputs.bindplane_remote_url }}
+    - ${{ inputs.bindplane_api_key }}
+    - ${{ inputs.bindplane_username }}
+    - ${{ inputs.bindplane_password }}
+    - ${{ inputs.target_branch }}
+    - ${{ inputs.destination_path }}
+    - ${{ inputs.configuration_path }}
+    - ${{ inputs.enable_otel_config_write_back }}
+    - ${{ inputs.configuration_output_dir }}
+    - ${{ inputs.token }}
+    - ${{ inputs.enable_auto_rollout }}