[werft] Update previews to use analytics token from secret

.werft/jobs/build/deploy-to-preview-environment.ts

@@ -36,10 +36,10 @@ interface DeploymentConfig {
     domain: string;
     monitoringDomain: string;
     url: string;
-    analytics?: Analytics;
     cleanSlateDeployment: boolean;
     installEELicense: boolean;
     withObservability: boolean;
+    analytics: Analytics;
 }
 
 export async function deployToPreviewEnvironment(werft: Werft, jobConfig: JobConfig) {
@@ -51,25 +51,17 @@ export async function deployToPreviewEnvironment(werft: Werft, jobConfig: JobCon
     const monitoringDomain = `${destname}.preview.gitpod-dev.com`;
     const url = `https://${domain}`;
 
-    let analytics: Analytics | null;
-    if ((jobConfig.analytics || "").startsWith("segment|")) {
-        analytics = {
-            type: "segment",
-            token: jobConfig.analytics!.substring("segment|".length),
-        };
-    }
-
     const deploymentConfig: DeploymentConfig = {
         version,
         destname,
         namespace,
         domain,
         monitoringDomain,
         url,
-        analytics,
         cleanSlateDeployment,
         installEELicense,
         withObservability,
+        analytics: jobConfig.analytics,
     };
 
     // We set all attributes to false as default and only set it to true once the each process is complete.

.werft/jobs/build/installer/installer.ts

@@ -1,12 +1,8 @@
 import { execStream } from "../../../util/shell";
 import { Werft } from "../../../util/werft";
+import { Analytics } from "../job-config";
 import { CORE_DEV_KUBECONFIG_PATH, PREVIEW_K3S_KUBECONFIG_PATH } from "../const";
 
-export type Analytics = {
-    type: string;
-    token: string;
-};
-
 export type InstallerOptions = {
     werft: Werft;
     previewName: string;
@@ -31,7 +27,7 @@ export class Installer {
             DEV_KUBE_CONTEXT: "gke_gitpod-core-dev_europe-west1-b_core-dev",
             PREVIEW_K3S_KUBE_PATH: PREVIEW_K3S_KUBECONFIG_PATH,
             PREVIEW_NAME: this.options.previewName,
-            GITPOD_ANALYTICS_SEGMENT_TOKEN: this.options.analytics?.token || "",
+            GITPOD_ANALYTICS: this.options.analytics,
             GITPOD_WORKSPACE_FEATURE_FLAGS: this.options.workspaceFeatureFlags.join(" "),
             GITPOD_WITH_SLOW_DATABASE: this.options.withSlowDatabase,
             GITPOD_WITH_EE_LICENSE: this.options.withEELicense,

.werft/jobs/build/job-config.ts

@@ -4,8 +4,10 @@ import {previewNameFromBranchName} from "../../util/preview";
 
 type WithIntegrationTests = "skip" | "all" | "workspace" | "ide" | "webapp";
 
+export type Analytics = "skip" | "segment";
+
 export interface JobConfig {
-    analytics: string;
+    analytics: Analytics;
     buildConfig: any;
     cleanSlateDeployment: boolean;
     cluster: string;
@@ -93,7 +95,7 @@ export function jobConfig(werft: Werft, context: any): JobConfig {
     const publishToNpm = "publish-to-npm" in buildConfig || mainBuild;
     const publishToJBMarketplace = "publish-to-jb-marketplace" in buildConfig || mainBuild;
     const publishToKots = "publish-to-kots" in buildConfig || withSelfHostedPreview || mainBuild;
-    const analytics = buildConfig["analytics"];
+
     const localAppVersion = mainBuild || "with-localapp-version" in buildConfig ? version : "unknown";
     const retag = "with-retag" in buildConfig ? "" : "--dont-retag";
     const cleanSlateDeployment = mainBuild || "with-clean-slate-deployment" in buildConfig;
@@ -105,6 +107,7 @@ export function jobConfig(werft: Werft, context: any): JobConfig {
     const recreateVm = mainBuild || "recreate-vm" in buildConfig;
     const withSlowDatabase = "with-slow-database" in buildConfig && !mainBuild;
 
+    const analytics = parseAnalytics(werft, sliceId, buildConfig["analytics"])
     const withIntegrationTests = parseWithIntegrationTests(werft, sliceId, buildConfig["with-integration-tests"]);
     const withPreview = decideWithPreview({werft, sliceID: sliceId, buildConfig, mainBuild, withIntegrationTests})
 
@@ -225,6 +228,17 @@ function decideWithPreview(options: { werft: Werft, sliceID: string, buildConfig
     return false
 }
 
+export function parseAnalytics(werft: Werft, sliceId: string, value: string): Analytics {
+    switch (value) {
+        case "segment":
+            return "segment"
+    }
+
+    werft.log(sliceId, "Analytics is not enabled")
+    return "skip";
+}
+
+
 export function parseWithIntegrationTests(werft: Werft, sliceID: string, value?: string): WithIntegrationTests {
     switch (value) {
         case null:

dev/preview/workflow/preview/deploy-gitpod.sh

@@ -23,7 +23,7 @@ GITPOD_AGENT_SMITH_TOKEN_HASH="$(echo -n "$GITPOD_AGENT_SMITH_TOKEN" | sha256sum
 GITPOD_CONTAINER_REGISTRY_URL="eu.gcr.io/gitpod-core-dev/build/";
 GITPOD_IMAGE_PULL_SECRET_NAME="gcp-sa-registry-auth";
 GITPOD_PROXY_SECRET_NAME="proxy-config-certificates";
-GITPOD_ANALYTICS_SEGMENT_TOKEN="${GITPOD_ANALYTICS_SEGMENT_TOKEN:-}"
+GITPOD_ANALYTICS="${GITPOD_ANALYTICS:-}"
 GITPOD_WITH_EE_LICENSE="${GITPOD_WITH_EE_LICENSE:-true}"
 GITPOD_WORKSPACE_FEATURE_FLAGS="${GITPOD_WORKSPACE_FEATURE_FLAGS:-}"
 GITPOD_WITH_SLOW_DATABASE="${GITPOD_WITH_SLOW_DATABASE:-false}"
@@ -456,7 +456,15 @@ fi
 #
 # includeAnalytics
 #
-if [[ -n "${GITPOD_ANALYTICS_SEGMENT_TOKEN}" ]]; then
+if [[ "${GITPOD_ANALYTICS}" == "segment" ]]; then
+
+  GITPOD_ANALYTICS_SEGMENT_TOKEN=$(kubectl \
+    --kubeconfig "${DEV_KUBE_PATH}" \
+    --context "${DEV_KUBE_CONTEXT}" \
+    --namespace werft \
+    get secret "segment-staging-write-key" -o jsonpath='{.data.token}' \
+  | base64 -d)
+
   yq w -i "${INSTALLER_CONFIG_PATH}" analytics.writer segment
   yq w -i "${INSTALLER_CONFIG_PATH}" analytics.segmentKey "${GITPOD_ANALYTICS_SEGMENT_TOKEN}"
   yq w -i "${INSTALLER_CONFIG_PATH}" 'workspace.templates.default.spec.containers.(name==workspace).env[+].name' "GITPOD_ANALYTICS_WRITER"