Setting up a GitOps flow for Object Types
You can think of each of your Warrant object types as similar to a table schema in a relational database. As your application evolves over time, you might need to edit your object types by changing/adding relations or even adding/removing entire types.
Given that changes to object types can be far-reaching (and potentially catastrophic in case of misconfiguration), we strongly recommend storing your object types directly in your repository and setting up a CI workflow to test and apply changes to your production environments.
In this guide, we'll cover:
- How to store your object types in your repository as json.
- How to set up a test script and a CI job that tests and safely applies object types changes in production.
Prerequisites
This guide assumes that you:
- Already have a Warrant account and access to your environments and API keys.
- Have the Warrant CLI installed.
- Have an existing Git repository or can create one for managing your object types.
1. Versioning your object types with Git
By default, you can edit your object types directly in the Warrant dashboard or via the Object Types API. Either of these options are great for quick iteration and testing as you build out your initial model.
Once you're live in production, the recommended approach to managing changes to your object types is via a Git repository. This provides a number of benefits including:
- Versioning - all changes to types are tracked, just like changes to your code.
- Easy rollbacks - changes can easily be rolled back via Git.
- Code reviews - changes to object types can be reviewed and approved before they're applied in production.
Create an object types directory in your repository
In your desired repository (new or existing), create a new warrant directory where you'll store your object types:
mkdir warrant
Download your existing object types
Using the Warrant CLI, download a copy of your object types schema to the directory (make sure you're in the correct warrant env first):
warrant objecttype list > warrant/object-types.json
Commit object types to main
The object-types.json file created above should contain a json array of your object types. Verify that's the case and then commit and push the file to main:
git add warrant/
git commit -m "Add Warrant object types schema"
Your object types are now stored in your repository. In the next section, we'll go over how to create a test script and CI job to automatically test and push object types changes to your production environments.
2. Setting up a test script & CI workflow
Now that your object types are committed to your Git repository, developers can submit pull requests to change them. The only step missing is to set up an automated CI workflow to run tests on these pull requests (to validate the changes) and automatically apply them to production on successful merges.
Create a test script
First, we'll create a test script that uses the Warrant CLI. The test cases you add will depend on your object types and access model. Check out the testing & validation guide for help with creating a test script. Save your test script in your warrant/ directory:
vi warrant/object-types-test.sh
Create a test environment for running tests
Before we can run tests in CI, we'll need to create a separate Warrant environment in which to apply object types schema changes and run tests prior to applying them in production:
- Head to your Warrant dashboard.
- Once logged in, click on Account (left nav bar) > Environments tab > Create Environment
- We recommend naming your new environment
ci-test.
Create a CI workflow
Now that we've created a test script and test environment, we can create a CI workflow that will run the tests on each pull request and apply the changes to production on successful merges.
Note that there are a number of CI systems including GitHub Actions, Jenkins, Buildkite etc. For the purposes of this guide, we'll set up a GitHub Actions workflow but you may use whatever system you'd like.
Here's the GitHub Actions workflow file you should add to your .github/workflows directory:
name: "Warrant Object Types CI"
on:
push:
branches: [main]
paths:
- "warrant/**"
pull_request:
branches: [main]
paths:
- "warrant/**"
jobs:
ci:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install Warrant CLI
run:
- name: Apply object types in test env
run: warrant objecttype apply -f object-types.json
working-directory: warrant
- name: Run tests
run: ./object-types-test.sh
working-directory: warrant
- name: Apply Object Types in prod env
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
run: warrant objecttype apply -f object-types.json
working-directory: warrant
This CI workflow accomplishes the following:
- All pull requests that contain changes in the
warrant/directory run the Warrant test script within the test environment. - Merges to
mainre-run the tests in the test environment and push the object types changes to your production environment.
End-to-end developer workflow
With this CI workflow defined, here's the end-to-end development workflow for modifying object types:
- Developer creates a new pull request with object types schema changes (json and/or Warrant tests).
- CI workflow applies the changes to the
ci-testenvironment and runs tests against it. - Once tests pass and the change is code reviewed, it can be merged into
main. - Upon merging into
main, CI workflow applies the changes in the production environment.