Helm Chart: Reduce number of failed pods from jobs (#657)

* feat: reduce failedJobsHistoryLimit to 1 * feat: reduce backoffLimit to 0 * ci: simplify publish pipeline * ci: rename unit test job * fix: add service account to all components * chore: formatting * chore: remove extractVersionFromGitTag.js
nmshd · May 17, 2024 · 3ad797e · 3ad797e
1 parent b689a60
commit 3ad797e
Show file tree

Hide file tree

Showing 8 changed files with 32 additions and 95 deletions.
diff --git a/.ci/extractVersionFromGitTag.js b/.ci/extractVersionFromGitTag.js
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -4,13 +4,14 @@ on:
   push:
     tags: "*"
 
+permissions:
+  contents: read
+  packages: write
+
 jobs:
   publish-admin-cli:
     name: Publish Admin CLI Container Image
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -22,11 +23,6 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Extract version from git tag
-        id: extract-version-from-git-tag
-        run: echo "VERSION=$(./.ci/extractVersionFromGitTag.js)" >> $GITHUB_OUTPUT
-        env:
-          GIT_TAG: ${{ github.ref_name }}
       - name: Log in to Docker Hub for accessing the cloud builder
         uses: docker/login-action@v3
         with:
@@ -41,15 +37,12 @@ jobs:
       - name: Build and Push Container Image
         run: ./.ci/acli/buildContainerImage.js
         env:
-          TAG: ${{ steps.extract-version-from-git-tag.outputs.VERSION }}
+          TAG: ${{ github.ref_name }}
           PUSH: 1
 
   publish-admin-ui:
     name: Publish Admin UI Container Image
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -61,11 +54,6 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Extract version from git tag
-        id: extract-version-from-git-tag
-        run: echo "VERSION=$(./.ci/extractVersionFromGitTag.js)" >> $GITHUB_OUTPUT
-        env:
-          GIT_TAG: ${{ github.ref_name }}
       - name: Log in to Docker Hub for accessing the cloud builder
         uses: docker/login-action@v3
         with:
@@ -80,15 +68,12 @@ jobs:
       - name: Build and Push Container Image
         run: ./.ci/aui/buildContainerImage.js
         env:
-          TAG: ${{ steps.extract-version-from-git-tag.outputs.VERSION }}
+          TAG: ${{ github.ref_name }}
           PUSH: 1
 
   publish-consumer-api:
     name: Publish Consumer API Container Image
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -100,11 +85,6 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Extract version from git tag
-        id: extract-version-from-git-tag
-        run: echo "VERSION=$(./.ci/extractVersionFromGitTag.js)" >> $GITHUB_OUTPUT
-        env:
-          GIT_TAG: ${{ github.ref_name }}
       - name: Log in to Docker Hub for accessing the cloud builder
         uses: docker/login-action@v3
         with:
@@ -119,15 +99,12 @@ jobs:
       - name: Build and Push Container Image
         run: ./.ci/capi/buildContainerImage.js
         env:
-          TAG: ${{ steps.extract-version-from-git-tag.outputs.VERSION }}
+          TAG: ${{ github.ref_name }}
           PUSH: 1
 
   publish-event-handler:
     name: Publish Event Handler Service Container Image
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -139,11 +116,6 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Extract version from git tag
-        id: extract-version-from-git-tag
-        run: echo "VERSION=$(./.ci/extractVersionFromGitTag.js)" >> $GITHUB_OUTPUT
-        env:
-          GIT_TAG: ${{ github.ref_name }}
       - name: Log in to Docker Hub for accessing the cloud builder
         uses: docker/login-action@v3
         with:
@@ -158,31 +130,17 @@ jobs:
       - name: Build and Push Container Image
         run: ./.ci/eh/buildContainerImage.js
         env:
-          TAG: ${{ steps.extract-version-from-git-tag.outputs.VERSION }}
+          TAG: ${{ github.ref_name }}
           PUSH: 1
 
   publish-database-migrator:
     name: Publish Database Migrator Container Image
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Install script dependencies
         run: npm install --prefix ./.ci
-      - name: Docker Login
-        uses: docker/[email protected]
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Extract version from git tag
-        id: extract-version-from-git-tag
-        run: echo "VERSION=$(./.ci/extractVersionFromGitTag.js)" >> $GITHUB_OUTPUT
-        env:
-          GIT_TAG: ${{ github.ref_name }}
       - name: Log in to Docker Hub for accessing the cloud builder
         uses: docker/login-action@v3
         with:
@@ -197,15 +155,12 @@ jobs:
       - name: Build and Push Container Image
         run: ./.ci/dbm/buildContainerImage.js
         env:
-          TAG: ${{ steps.extract-version-from-git-tag.outputs.VERSION }}
+          TAG: ${{ github.ref_name }}
           PUSH: 1
 
   publish-identity-deletion-jobs:
     name: Publish Identity Deletion Jobs Image
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -217,11 +172,6 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Extract version from git tag
-        id: extract-version-from-git-tag
-        run: echo "VERSION=$(./.ci/extractVersionFromGitTag.js)" >> $GITHUB_OUTPUT
-        env:
-          GIT_TAG: ${{ github.ref_name }}
       - name: Log in to Docker Hub for accessing the cloud builder
         uses: docker/login-action@v3
         with:
@@ -236,15 +186,12 @@ jobs:
       - name: Build and Push Container Image
         run: ./.ci/idj/buildContainerImage.js
         env:
-          TAG: ${{ steps.extract-version-from-git-tag.outputs.VERSION }}
+          TAG: ${{ github.ref_name }}
           PUSH: 1
 
   publish-helm-chart:
     name: Publish Helm Chart
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
     needs:
       - publish-admin-cli
       - publish-admin-ui
@@ -259,16 +206,11 @@ jobs:
         env:
           USER: ${{ github.actor }}
           PASSWORD: ${{ secrets.GITHUB_TOKEN }}
-      - name: Extract version from git tag
-        id: extract-version-from-git-tag
-        run: echo "VERSION=$(./.ci/extractVersionFromGitTag.js)" >> $GITHUB_OUTPUT
-        env:
-          GIT_TAG: ${{ github.ref_name }}
       - name: Build Helm Chart
         run: ./.ci/helm/buildChart.js
         env:
-          VERSION: ${{ steps.extract-version-from-git-tag.outputs.VERSION }}
+          VERSION: ${{ github.ref_name }}
       - name: Push Helm Chart
         run: ./.ci/helm/pushChart.js
         env:
-          VERSION: ${{ steps.extract-version-from-git-tag.outputs.VERSION }}
+          VERSION: ${{ github.ref_name }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -43,9 +43,9 @@ jobs:
       - name: Check formatting
         run: ./.ci/checkFormatting.sh
 
-  test:
+  unit-test:
     runs-on: ubuntu-latest
-    name: Run Tests
+    name: Run Unit Tests
     steps:
       - name: Checkout
         uses: actions/checkout@v4

diff --git a/helm/templates/admincli/deployment.yaml b/helm/templates/admincli/deployment.yaml
@@ -19,6 +19,9 @@ spec:
       labels:
         app: {{ .Values.admincli.name }}
     spec:
+      {{- with .Values.global.serviceAccount.name}}
+      serviceAccountName: {{ . }}
+      {{- end }}
       {{- with .Values.admincli.podSecurityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}

diff --git a/helm/templates/cancelstaledeletionprocesses/cronjob.yaml b/helm/templates/cancelstaledeletionprocesses/cronjob.yaml
@@ -18,6 +18,9 @@ spec:
       backoffLimit: {{ .Values.cancelstaledeletionprocesses.backoffLimit }}
       template:
         spec:
+          {{- with .Values.global.serviceAccount.name}}
+          serviceAccountName: {{ . }}
+          {{- end }}
           restartPolicy: Never
           {{- with .Values.cancelstaledeletionprocesses.podSecurityContext }}
           securityContext:

diff --git a/helm/templates/eventhandler/deployment.yaml b/helm/templates/eventhandler/deployment.yaml
@@ -24,6 +24,9 @@ spec:
       labels:
         app: {{ .Values.eventhandler.name }}
     spec:
+      {{- with .Values.global.serviceAccount.name}}
+      serviceAccountName: {{ . }}
+      {{- end }}
       {{- with .Values.eventhandler.podSecurityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}

diff --git a/helm/templates/sendidentitydeletionreminders/cronjob.yaml b/helm/templates/sendidentitydeletionreminders/cronjob.yaml
@@ -18,6 +18,9 @@ spec:
       backoffLimit: {{ .Values.sendidentitydeletionreminders.backoffLimit }}
       template:
         spec:
+          {{- with .Values.global.serviceAccount.name}}
+          serviceAccountName: {{ . }}
+          {{- end }}
           restartPolicy: Never
           {{- with .Values.sendidentitydeletionreminders.podSecurityContext }}
           securityContext:

diff --git a/helm/values.yaml b/helm/values.yaml
@@ -334,8 +334,8 @@ sendidentitydeletionreminders:
 
   schedule: "0 3 * * *"
   successfulJobsHistoryLimit: 0
-  failedJobsHistoryLimit: 10
-  backoffLimit: 5
+  failedJobsHistoryLimit: 1
+  backoffLimit: 0
 
   image:
     repository: "ghcr.io/nmshd/backbone-identity-deletion-jobs"
@@ -379,8 +379,8 @@ cancelstaledeletionprocesses:
 
   schedule: "0 3 * * *"
   successfulJobsHistoryLimit: 0
-  failedJobsHistoryLimit: 10
-  backoffLimit: 5
+  failedJobsHistoryLimit: 1
+  backoffLimit: 0
 
   image:
     repository: "ghcr.io/nmshd/backbone-identity-deletion-jobs"
@@ -424,8 +424,8 @@ actualidentitydeletion:
 
   schedule: "0 3 * * *"
   successfulJobsHistoryLimit: 0
-  failedJobsHistoryLimit: 10
-  backoffLimit: 5
+  failedJobsHistoryLimit: 1
+  backoffLimit: 0
 
   image:
     repository: "ghcr.io/nmshd/backbone-identity-deletion-jobs"
@@ -656,4 +656,3 @@ global:
     logging:
       minimumLevel:
         default: Error
-