Infrastructure: Add pull request deployment using Helm

[kliwniloc]

Checklist

General

• I tested all changes and their related features with all corresponding user types on a test server.
• This is a small issue that I tested locally and was confirmed by another developer on a test server.
• Language: I followed the guidelines for inclusive, diversity-sensitive, and appreciative language.
• I chose a title conforming to the naming conventions for pull requests.

Server

None

Client

None

Changes affecting Programming Exercises

None

Description

This Pull Request merges the Helm chart from https://github.com/ls1intum/artemis-helm with my changes proposed in ls1intum/artemis-helm#18 and adds GitHub action workflows to continuously deploy pull requests to Kubernetes.

Problem

Artemis incorporates Continuous Delivery in its development workflow to perform
testing and Quality Assurance on code.
In the existing architecture, the administrators maintain over 20 virtual
machines with different version control systems and continuous integration systems for Artemis test
servers to deploy the pull requests on.
scaling those instances is a manual process limiting the number of available
test instances.
Often, the instances are not redeployed after every code review, which is
prone to configuration drift over time, leading to broken test servers and deployment related errors during
pull request deployment review.

Motivation

The advancements in modern software deployment practices, epitomized by adopting
containerization and orchestration technologies such as Kubernetes, underscore a
pivotal shift towards more efficient, reliable, and scalable application
management.
The deployment and continuous development of complex
platforms like Artemis encapsulates the pressing need for deployment
architectures that not only scale but also simplify operational complexities.

Leveraging Kubernetes to scale and manage Artemis' pull request
deployments transforms Artemis's quality assurance workflow.
This approach mitigates the configuration drift and enhances the efficiency and
reliability of testing environments.
Developers can assure higher quality standards and faster iteration cycles by
enabling on-demand, scalable test instances.
This is critical in an academic setting where the platform's stability and
functionality directly affect the learning outcomes and overall user experience.

Changes to the Helm Chart:

Dependencies Updated:

• Updated the digest for prometheus dependency in Chart.lock.
• Updated artemisVersion to 7.5.0 in values.yaml.

Template Updates:

• Corrected casing for continuous integration values in _helpers.tpl.
• Updated artemis-ci-configmap.yml with new continuous integration parameters.
• Updated artemis-configmap.yml to include JWT for registry security.
• Updated artemis-vcs-configmap.yml to support a more generic version control configurations.

Deployment Changes

• Added resource definitions to activemq-broker, artemis-mysql.yml, and jhipster-registry configurable via values.yaml (Introduced resource requests and limits for artemis, database, registry, and broker.)
• Removed redundant secret references in _artemis-deployment.yml and artemis-statefulset.yaml.

These changes incorporate configuration values of newer Artemis releases coming from the artemis ansible collection https://github.com/ls1intum/artemis-ansible-collection.

Testing

Check this PR deployment.

Summary by CodeRabbit

Summary by CodeRabbit

• New Features

  • Added a new section in the Helm chart's NOTES.txt file with detailed instructions for accessing the Artemis application based on service type.
  • Introduced several new template functions to enhance the configurability of the Artemis Helm chart, including functions for generating names, labels, and service account names.
  • Added a new test server entry with updated deployment instructions for Kubernetes in the documentation.

• Chores

  • Updated the .gitignore file to exclude files and directories named charts.

[coderabbitai]

Walkthrough

The pull request introduces several changes to the Helm chart for the Artemis application. A new entry, charts/, is added to the .gitignore file to prevent tracking of any files or directories named charts. The NOTES.txt file is updated to provide detailed instructions for accessing the application based on service types, including handling for ingress, NodePort, LoadBalancer, and ClusterIP configurations. Additionally, multiple template functions are defined in _helpers.tpl to enhance the chart's templating capabilities, allowing for more dynamic deployments.

Changes

File Path	Change Summary
helm/.gitignore	Added entry charts/ to ignore files or directories named charts.
helm/artemis/templates/NOTES.txt	Introduced a new section with instructions for accessing the application based on service type configurations.
helm/artemis/templates/_helpers.tpl	Added multiple template functions: artemis.name, artemis.fullname, artemis.chart, artemis.labels, artemis.selectorLabels, artemis.serviceAccountName, and artemis.springprofiles.
docs/dev/testservers.rst	Added new test server entry https://pr*.artemis-k8s.ase.cit.tum.de and updated Kubernetes deployment instructions.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Helm
    participant Application

    User->>Helm: Deploy Artemis Chart
    Helm->>Application: Check service type (Ingress, NodePort, LoadBalancer, ClusterIP)
    Application-->>Helm: Return service details
    Helm-->>User: Provide access instructions based on service type

Loading

Possibly related PRs

• Development: Update test server documentation #8790: This PR updates the documentation for test server deployment, which includes changes to the docs/dev/testservers.rst file, similar to the main PR that also modifies this file by adding a new test server entry and updating deployment instructions.

Suggested labels

component:Programming

Suggested reviewers

• b-fein

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai or @coderabbitai title anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 8

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: ASSERTIVE

📥 Commits

Files that changed from the base of the PR and between c442c93 and dd28cb9.

⛔ Files ignored due to path filters (35)

• .github/workflows/helm_pr_deployment.yml is excluded by !**/*.yml
• .github/workflows/helm_pr_deployment_delete.yml is excluded by !**/*.yml
• helm/artemis/Chart.lock is excluded by !**/*.lock, !**/*.lock
• helm/artemis/Chart.yaml is excluded by !**/*.yaml
• helm/artemis/templates/autoscaler/horizontal-pod-autoscaler.yml is excluded by !**/*.yml
• helm/artemis/templates/configmaps/activemq-broker-configmap.yml is excluded by !**/*.yml
• helm/artemis/templates/configmaps/artemis-ci-configmap.yml is excluded by !**/*.yml
• helm/artemis/templates/configmaps/artemis-configmap.yml is excluded by !**/*.yml
• helm/artemis/templates/configmaps/artemis-mysql-configmap.yml is excluded by !**/*.yml
• helm/artemis/templates/configmaps/artemis-usermanagement-configmap.yml is excluded by !**/*.yml
• helm/artemis/templates/configmaps/artemis-vcs-configmap.yml is excluded by !**/*.yml
• helm/artemis/templates/configmaps/jhipster-registry-configmap.yml is excluded by !**/*.yml
• helm/artemis/templates/configmaps/jhipster-registry-env-configmap.yml is excluded by !**/*.yml
• helm/artemis/templates/deployments/_artemis-deployment.yml is excluded by !**/*.yml
• helm/artemis/templates/deployments/activemq-broker.yml is excluded by !**/*.yml
• helm/artemis/templates/deployments/artemis-deployment-profile.yaml is excluded by !**/*.yaml
• helm/artemis/templates/deployments/artemis-deployment.yaml is excluded by !**/*.yaml
• helm/artemis/templates/ingresses/ingress.yaml is excluded by !**/*.yaml
• helm/artemis/templates/monitors/podmonitor.yml is excluded by !**/*.yml
• helm/artemis/templates/pvc/artemis-mysql.yml is excluded by !**/*.yml
• helm/artemis/templates/pvc/artemis.yml is excluded by !**/*.yml
• helm/artemis/templates/secrets/activemq-broker-secrets.yml is excluded by !**/*.yml
• helm/artemis/templates/secrets/artemis-secrets.yml is excluded by !**/*.yml
• helm/artemis/templates/secrets/artemis-usermanagement-secrets.yml is excluded by !**/*.yml
• helm/artemis/templates/secrets/jhipster-registry-secrets.yml is excluded by !**/*.yml
• helm/artemis/templates/services/activemq-broker-service.yml is excluded by !**/*.yml
• helm/artemis/templates/services/artemis-service-profile.yaml is excluded by !**/*.yaml
• helm/artemis/templates/services/artemis-service.yaml is excluded by !**/*.yaml
• helm/artemis/templates/services/jhipster-registry-service.yaml is excluded by !**/*.yaml
• helm/artemis/templates/services/mysql-service.yaml is excluded by !**/*.yaml
• helm/artemis/templates/statefulsets/artemis-mysql.yml is excluded by !**/*.yml
• helm/artemis/templates/statefulsets/artemis-statefulset.yaml is excluded by !**/*.yaml
• helm/artemis/templates/statefulsets/jhipster-registry.yml is excluded by !**/*.yml
• helm/artemis/templates/tests/test-connection.yaml is excluded by !**/*.yaml
• helm/artemis/values.yaml is excluded by !**/*.yaml

📒 Files selected for processing (3)

• helm/.gitignore (1 hunks)
• helm/artemis/templates/NOTES.txt (1 hunks)
• helm/artemis/templates/_helpers.tpl (1 hunks)

🧰 Additional context used

🪛 LanguageTool

helm/artemis/templates/NOTES.txt

[uncategorized] ~9-~9: Loose punctuation mark.
Context: ...ervices {{ include "artemis.fullname" . }}) export NODE_IP=$(kubectl get nodes ...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~14-~14: Loose punctuation mark.
Context: ... svc -w {{ include "artemis.fullname" . }}' export SERVICE_IP=$(kubectl get svc...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~15-~15: Loose punctuation mark.
Context: ...pace }} {{ include "artemis.fullname" . }} --template "{{"{{ range (index .status...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~18-~18: Loose punctuation mark.
Context: ...tes.io/name={{ include "artemis.name" . }},app.kubernetes.io/instance={{ .Release...

(UNLIKELY_OPENING_PUNCTUATION)

🔇 Additional comments (6)

helm/artemis/templates/_helpers.tpl (6)

1-6: LGTM: Name template follows Helm best practices

The implementation correctly handles name overrides and follows Kubernetes naming conventions.

---

8-24: LGTM: Fullname template handles all edge cases

The implementation properly handles all name override scenarios and follows Kubernetes naming conventions.

---

26-31: LGTM: Chart name template handles version formatting correctly

The implementation properly sanitizes version strings and follows naming conventions.

---

45-51: LGTM: Selector labels follow Kubernetes best practices

The implementation includes the minimum required labels for reliable pod selection.

---

53-62: LGTM: Service account naming logic is correct

The implementation properly handles service account creation and naming scenarios.

---

1-82: Verify template usage in other Helm resources

The helper templates look good overall. Let's verify their usage across the Helm chart.

✅ Verification successful

Let me gather more specific information about the template usage to verify their correctness.

---

Helper templates are correctly used across the Helm chart

The verification shows that all helper templates defined in _helpers.tpl are properly used across the Helm chart resources:

• artemis.name is used for app name labels and pod selectors
• artemis.fullname is consistently used for resource naming across deployments, services, and other resources
• artemis.labels is properly indented and used for metadata labels
• artemis.selectorLabels is correctly applied in pod templates and service selectors
• artemis.springprofiles is properly used in configmaps and statefulsets for Spring profile configuration

The templates follow Helm best practices with proper indentation and consistent usage patterns.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the usage of template functions across the Helm chart

echo "Checking template function usage..."
rg -l "include \"artemis\." helm/artemis/templates/

echo "Checking for potential template syntax errors..."
rg -l "{{-?\s*include\s+[\"']artemis\.[^\"']+[\"']\s*\." helm/artemis/templates/ | \
  while read -r file; do
    echo "Analyzing $file..."
    cat "$file" | grep -n "{{-\?\s*include\s\+\"artemis\."
  done

Length of output: 1157

---

Script:

#!/bin/bash
# Check specific template function usage patterns
echo "Checking artemis.name usage..."
rg "include \"artemis.name\"" helm/artemis/templates/ -A 1

echo -e "\nChecking artemis.fullname usage..."
rg "include \"artemis.fullname\"" helm/artemis/templates/ -A 1

echo -e "\nChecking artemis.labels usage..."
rg "include \"artemis.labels\"" helm/artemis/templates/ -A 1

echo -e "\nChecking artemis.selectorLabels usage..."
rg "include \"artemis.selectorLabels\"" helm/artemis/templates/ -A 1

echo -e "\nChecking artemis.serviceAccountName usage..."
rg "include \"artemis.serviceAccountName\"" helm/artemis/templates/ -A 1

echo -e "\nChecking artemis.springprofiles usage..."
rg "include \"artemis.springprofiles\"" helm/artemis/templates/ -A 1

Length of output: 8263

[github-actions]

🚀 Deployed PR #9618 to https://pr9618.artemis-k8s.ase.cit.tum.de

⏳ It might take up to 10 minutes to fully start up.

[github-actions]

🚀 Deployed PR #9618 to https://pr9618.artemis-k8s.ase.cit.tum.de

⏳ It might take up to 10 minutes to fully start up.

[Hialus]

Looked through the GitHub action parts and left some small notes.
Some general stuff:

• Please also document this on Confluence
• Please add a motivation to your PR description
• How can devs log into the test servers?
• You are currently 250+ commits behind develop

[github-actions]

🚀 Deployed PR #9618 to https://pr9618.artemis-k8s.ase.cit.tum.de

⏳ It might take up to 10 minutes to fully start up.

[github-actions]

🚀 Deployed PR #9618 to https://pr9618.artemis-k8s.ase.cit.tum.de

⏳ It might take up to 10 minutes to fully start up.

[github-actions]

🚀 Deployed PR #9618 to https://pr9618.artemis-k8s.ase.cit.tum.de

⏳ It might take up to 10 minutes to fully start up.

[Mtze]

Where should I document this on confluence?

Please add it to the documentation inside the repo -> https://docs.artemis.cit.tum.de/dev/testservers.html

File path:docs/dev/testservers/github

[iyannsch]

Nice change! I think this will really make the test flow much smoother and would also allow to have new DBs for every test 😍

RE: Automatically deploy to K8s and not wait for admin (mtze) approval. I think in order to really profit from this enhancement, the student must be trusted enough to deploy to K8s at their own will. Potentially, this opens up the option for deployers/students to run any pod with any functionality on the cluster by modifying the helm charts. In the system, any abuse can be detected using logs and analytics, tracked to the student, and disciplinary actions can take place. Thus, I see no problem here.

When adding multiple labels at the same time, the job is currently executing multiple times. After removing the barrier of manual approval, this would re-deploy the commit multiple times drastically increasing setup time. Please make sure that the job only successfully executed exactly once 👍

[kliwniloc]

Thanks for the Feedback!

When adding multiple labels at the same time, the job is currently executing multiple times. After removing the barrier of manual approval, this would re-deploy the commit multiple times drastically increasing setup time. Please make sure that the job only successfully executed exactly once 👍

This should be fixed with the cancel-in-progress setting in f4da4ed

Regarding the Approvals: Anybody with admin access can change this in the Environments - this does not require any changes to my pr.

[github-actions]

🚀 Deployed PR #9618 to https://pr9618.artemis-k8s.ase.cit.tum.de

⏳ It might take up to 10 minutes to fully start up.

[krusche]

When a developer or tester wants to verify that the changes work on a newly set up environment, this is a great addition. However, I see a few challenges / limitations:

1. Waiting 10min for the deployment after waiting around 10min for the build is rather lengthy. The deployment to other test servers typically takes 1-2min.

2. The newly set up test server does not contain any test data which might be required to test the feature / bugfix developed in the PR. Creating this data from scratch can be cumbersome and time consuming. Developers typically have their test data available on existing test servers.

3. When I understand this correctly, the deployment only supports one specific configuration at the moment: ICL with MySQL. How can testers verify that other configurations (e.g. Jenkins and Postgres) work as well? How can they test features related to Iris, Athena or LTI when those are not activated?

Please mention those limitations as part of the PR and the documentation so everyone has a good understanding of the advantages and limitations of the new deployment option!