Create a cronjob to autorelease Foyle. (#321)

* Use a cronjob to perioidically run hydros to release Foyle.

cicd/README.md

@@ -0,0 +1,34 @@
+# Foyle CICD
+
+* We use a cronjob to regularly run [hydros](https://github.com/jlewi/hydros) to release Foyle
+
+```bash
+kustomize build releaser | kubectl apply -f -
+```
+
+## Create one off job
+
+* You can fire off a job from the cron job
+
+```bash {"id":"01JAX9F0VQW4RWK80WNCNANSWD","interactive":"true"}
+kubectl create job --from=cronjob/release-cron one-off-release -n foyle-cicd
+```
+
+```bash {"id":"01JAX9G3MYCXPPHJP06G0CWDPY","interactive":"false"}
+# 1. Check the status of the one-off job and its pods to ensure everything is running correctly.
+kubectl -n foyle-cicd get jobs
+kubectl -n foyle-cicd get pods -n foyle-cicd
+```
+
+```bash
+kubectl -n foyle-cicd get pods -w
+```
+
+* Fetch the logs for the K8s job one-off-release
+* Use gcloud to fetch them from gcloud
+* I noticed that in some k8s the labels k8s-pod weren't attached. I wonder if that happens because the pod and VM didn't live long enough?
+
+```bash {"id":"01JAX9PE1ZQATY0R0RTMVAWSEQ","interactive":"false"}
+# Fetch the logs for the one-off K8s job using gcloud
+gcloud logging read "resource.type=\"k8s_container\" AND labels.\"k8s-pod/batch_kubernetes_io/job-name\"=\"one-off-release\"" --limit=100
+```

cicd/releaser/config.yaml

@@ -0,0 +1,11 @@
+apiVersion: ""
+kind: ""
+logging:
+    level: info
+    sinks:
+        - json: true
+          path: stderr        
+gitHub:
+    appID: 315982
+    privateKey: gcpsecretmanager:///projects/foyle-dev/secrets/foyle-ghapp-key/versions/latest
+workDir: /tmp/hydros_work_dir

cicd/releaser/cronjob.yaml

@@ -0,0 +1,82 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: release-cron
+  namespace: foyle-cicd
+spec:
+  schedule: "0 20 * * *"
+  timeZone: "America/Los_Angeles"
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            component: hydros
+        spec:
+          initContainers:
+          - name: clone
+            image: us-west1-docker.pkg.dev/foyle-public/images/hydros/hydros
+            command:
+            - /hydros
+            - --config=/config/config.yaml
+            - clone
+            - --repo=https://github.com/jlewi/foyle.git
+            # TODO(https://github.com/jlewi/hydros/issues/89): Update clone to use viper configuration
+            - --ghapp-id=315982
+            - --private-key=gcpsecretmanager:///projects/foyle-dev/secrets/foyle-ghapp-key/versions/latest
+            - --work-dir=/tmp/hydros_work_dir
+            resources:
+              limits:
+                cpu: "4"
+                memory: 4Gi
+              requests:
+                cpu: "4"
+                memory: 4Gi
+            volumeMounts:
+            - name: config
+              mountPath: /config
+              readOnly: true
+            - name: data
+              mountPath: /tmp
+              readOnly: false
+          containers:
+          - image: us-west1-docker.pkg.dev/foyle-public/images/hydros/hydros
+            name: hydros
+            #image: amd64/busybox
+            # command:
+            # - tail
+            # - -f
+            # - /dev/null
+            command:
+            - /hydros
+            - --config=/config/config.yaml
+            - apply
+            - /tmp/hydros_work_dir/github.com/jlewi/foyle/releasing.yaml
+            env:
+            - name: GITHUB_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: github-token-ghcr
+                  key: GITHUB_TOKEN
+            resources:
+              limits:
+                cpu: "4"
+                memory: 4Gi
+              requests:
+                cpu: "4"
+                memory: 4Gi
+            volumeMounts:
+            - name: config
+              mountPath: /config
+              readOnly: true
+            - name: data
+              mountPath: /tmp
+              readOnly: false
+          restartPolicy: OnFailure
+          serviceAccountName: foyle-cicd
+          volumes:
+          - name: config
+            configMap:
+              name: config
+          - name: data
+            emptyDir: {}

cicd/releaser/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: foyle-cicd
+metadata:
+  labels:
+    environment: dev
+resources:
+- namespace.yaml
+- cronjob.yaml
+- serviceaccount.yaml
+configMapGenerator:
+- name: config
+  files:
+    - config.yaml

cicd/releaser/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: foyle-cicd

cicd/releaser/serviceaccount.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: foyle-cicd
+  namespace: foyle-cicd
+  annotations:
+    iam.gke.io/gcp-service-account: developer@foyle-dev.iam.gserviceaccount.com