Blueprint profiles

A blueprint profile directs SkyLounge on how to apply blueprints, job and step definitions, and parameters based on the labels on a repository. This further simplifies the onboarding of managed repositories by developer teams. Blueprint profiles are configured and maintained by platform teams.

Managing blueprint profiles

Blueprint profiles must be stored in a repository named skylounge-library. Blueprint profiles are configured in /profiles directory. The library repository must be registered with SkyLounge. Each profile resides in its own file. The filename minus .yml is used as the label (ex. webapp is the label for the profile in webapp.yml).

Labels can be used to select blueprints as well as job and step definitions. Additionally, blueprint profiles can be used to provide configuration values for parameters at the blueprint, workflow, job, or step level. Labels used in blueprint profiles are arbitrary strings and can be any value.

Blueprint profiles are used to generate a skylounge.yml file for a managed repository according to the labels on that repository. They have the added benefit of merging job and step definition parameters into the generated skylounge.yml. The example below will demonstrate these features.

Example

The example below demonstrates creating and applying a blueprint profile for web applications. The yml files below have comments to explain what is happening.

In this example, the organization:

  • Has applications written in JVM languages that use Gradle wrapper and applications written in nginx
  • Allows deployment to Google Cloud Run or the Cloud.gov platform
Path: <your-organization>/skylounge-library/profiles/webapp.yml

---
uri: sky-lounge/skylounge-library/blueprints/fisma/web-app/blueprint.yml # This is the blueprint uri
params:
  registry_url: us-central1-docker.pkg.dev/skylounge-common/skylounge-registry # This parameter will be set at the blueprint level in generated skylounge.yml files. 
workflows:
  development:
    jobs:
      build:
        - steps:
            unit-test:
              - label: gradlew # This step definition will be used for the unit-test step in the build job of the development workflow when the repository has the `gradlew` label.
                uri: sky-lounge/skylounge-library/steps/unit-test/gradlew/unit-test.yml
                params:
                  jvm_version: 17 # This parameter will be included in the skylounge.yml for the step.
              - label: nginx # This step definition will be used for the unit-test step in the build job of the development workflow when the repository has the `nginx` label.
                uri: sky-lounge/skylounge-library/steps/unit-test/nginx/unit-test.yml
            build-container-image:
              - label: gradlew # This step definition will be used for the build-container-image step in the build job of the development workflow when the repository has the `gradlew` label.
                uri: sky-lounge/skylounge-library/steps/pack/gradlew/build.yml
                params:
                  jvm_version: 17 # This parameter will be included in the skylounge.yml for the step.
              - label: nginx # This step definition will be used for the build-container-image step in the build job of the development workflow when the repository has the `nginx` label.
                uri: sky-lounge/skylounge-library/steps/pack/nginx/build.yml
      deploy:
        - label: cloud-run # This job will be used for deployment in the development workflow when the repository has the `cloud-run` label.
          uri: sky-lounge/skylounge-library/jobs/gcp/cloud-run/deploy/deploy.yml
          params: # These parameters will be included in the skylounge.yml for the deploy job.
            tf_state_bucket: tfstate.skylounge.dev
            dns_zone_name: skyloungedev
            cloud_run_location: us-central1
        - label: cloud-gov # This job will be used for deployment in the development workflow when the repository has the `cloud-gov` label.
          uri: sky-lounge/skylounge-library/jobs/cloudfoundry/deploy/deploy.yml
    params: # This parameter will be included in the skylounge.yml for the development workflow.
      project: skyloungedev
  production:
    jobs:
      deploy:
        - label: cloud-run # This job will be used for deployment in the production workflow when the repository has the `cloud-run` label.
          uri: sky-lounge/skylounge-library/jobs/gcp/cloud-run/deploy/deploy.yml
          params:
            tf_state_bucket: tfstate.skylounge.io
            dns_zone_name: skyloungeio
            cloud_run_location: us-central1
        - label: cloud-gov # This job will be used for deployment in the production workflow when the repository has the `cloud-gov` label.
          uri: sky-lounge/skylounge-library/jobs/cloudfoundry/deploy/deploy.yml
    params: # This parameter will be included in the skylounge.yml for the development workflow.
      project: skyloungeio

Given the following skylounge.yml template for the blueprint:

Path: sky-lounge/skylounge-library/blueprints/fisma/web-app/skylounge.yml

---
blueprint-uri: sky-lounge/skylounge-library/blueprints/fisma/web-app/blueprint.yml
workflows:
  - workflow: development
    jobs:
      - job: build
        steps:
          - step: unit-test
            uri: # Enter the URI to the step definition used to run unit tests for your application. Example: sky-lounge/public-skylounge-library/steps/unit-test/java/gradlew/unit-test.yml
          - step: build-container-image
            uri: # Enter the URI to the step definition used to build the container image for your application. Example: sky-lounge/public-skylounge-library/steps/build/pack/java/gradlew/build.yml
        params:
          build_paths: # An array of paths which trigger the build job on change. Example: [\"src/**\", \"build.gradle\", \"service.yaml\"]
      - job: deploy
      - job: integration-test
        uri: # The URI to your integration tests. Example: sky-lounge/hello-app/skylounge/integration-test.yml
  - workflow: production
    jobs:
      - job: deploy
  - workflow: daily-scans
    jobs:
      - job: owasp-zap-full-scan
        params:
          endpoint_to_scan: # The production endpoint to scan. Example: https://dashboard.skylounge.io
params:
  registry_url: # The artifact registry url where container images are stored. Example: us-central1-docker.pkg.dev/skylounge-common/skylounge-registry

A managed repository with the labels of webapp, gradlew, and cloud-run will receive a pull request with the following generated skylounge.yml. The additional parameters below are inserted by SkyLounge from the job and step definitions (for example the jar-path under development > build > build-container-image and build_paths under development > build). In doing so, SkyLounge has generated the complete skylounge.yml based on the job and step definition selections. Again, this is easier for developer teams.

blueprint-uri: sky-lounge/skylounge-library/blueprints/fisma/web-app/blueprint.yml
workflows:
- workflow: development
  jobs:
    - job: build
      steps:
        - step: unit-test
          uri: sky-lounge/skylounge-library/steps/unit-test/gradlew/unit-test.yml
          params:
            jvm_version: 17
        - step: build-container-image
          uri: sky-lounge/skylounge-library/steps/pack/gradlew/build.yml
          params:
            jar_path: # Path to the jar file
            jvm_version: 17
      params:
        build_paths: # An array of paths which trigger the build job on change. Example: [\"src/**\", \"build.gradle\", \"service.yaml\"]
    - job: deploy
      uri: sky-lounge/skylounge-library/jobs/gcp/cloud-run/deploy/deploy.yml
      params:
        cloud_run_domain: # The domain to configure for your application. Example: dashboard.skylounge.dev
        cloud_run_invoker: # OPTIONAL - The name of the user allowed to invoke your Cloud Run service. For any authenticated Google user, use `allUsers`. For public access, leave it empty. Example: allUsers
        cloud_run_location: us-central1
        dns_zone_name: skyloungedev
        tf_state_bucket: tfstate.skylounge.dev
    - job: integration-test
      uri: # The URI to your integration tests. Example: sky-lounge/hello-app/skylounge/integration-test.yml
  params:
    project: skyloungedev
- workflow: production
  jobs:
    - job: deploy
      uri: sky-lounge/skylounge-library/jobs/gcp/cloud-run/deploy/deploy.yml
      params:
        cloud_run_domain: # The domain to configure for your application. Example: dashboard.skylounge.dev
        cloud_run_invoker: # OPTIONAL - The name of the user allowed to invoke your Cloud Run service. For any authenticated Google user, use `allUsers`. For public access, leave it empty. Example: allUsers
        cloud_run_location: us-central1
        dns_zone_name: skyloungeio
        tf_state_bucket: tfstate.skylounge.io
  params:
    project: skyloungeio
- workflow: daily-scans
  jobs:
    - job: owasp-zap-full-scan
      params:
        endpoint_to_scan: # The production endpoint to scan. Example: https://dashboard.skylounge.io
params:
  registry_url: us-central1-docker.pkg.dev/skylounge-common/skylounge-registry

The development team can fill in the additional details for the managed repository before committing the file.