chore: add developer-hub-0.2.0 #2302
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request_target: | |
| types: [opened, synchronize, reopened, edited, ready_for_review, labeled] | |
| jobs: | |
| chart-certification: | |
| name: Chart Certification | |
| runs-on: ubuntu-22.04 | |
| if: | | |
| github.event.pull_request.draft == false && | |
| (github.event.action != 'labeled' || github.event.label.name == 'force-publish') && | |
| github.actor != 'redhat-mercury-bot' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Set up Python 3.x Part 1 | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: "3.9" | |
| - name: Set up Python 3.x Part 2 | |
| run: | | |
| # set up python | |
| python3 -m venv ve1 | |
| cd scripts && ../ve1/bin/pip3 install -r requirements.txt && cd .. | |
| cd scripts && ../ve1/bin/python3 setup.py install && cd .. | |
| - name: Check for CI changes | |
| id: check_ci_changes | |
| env: | |
| BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| run: | | |
| # check if workflow testing should run. | |
| echo "[INFO] check if PR contains only workflow changes and user is authorized" | |
| ve1/bin/check-pr-for-ci --verify-user=${{ github.event.pull_request.user.login }} --api-url=${{ github.event.pull_request._links.self.href }} | |
| - name: Check if PR created as part of release process | |
| id: check_created_release_pr | |
| if: ${{ steps.check_ci_changes.outputs.run-tests != true }} | |
| env: | |
| BOT_NAME: ${{ secrets.BOT_NAME }} | |
| BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| run: | | |
| # check if PR was created as part of release processing | |
| ./ve1/bin/release-checker --api-url=${{ github.event.pull_request._links.self.href }} \ | |
| --sender='${{ github.event.sender.login }}' \ | |
| --pr_branch='${{ github.event.pull_request.head.ref }}' \ | |
| --pr_body="${{ github.event.pull_request.body }}" \ | |
| --pr_base_repo='${{ github.event.pull_request.base.repo.full_name }}' \ | |
| --pr_head_repo='${{ github.event.pull_request.head.repo.full_name }}' | |
| - name: Exit if build not required | |
| id: check_build_required | |
| env: | |
| RUN_TESTS: ${{ steps.check_ci_changes.outputs.run-tests }} | |
| NOT_CI_AUTHORIZED: ${{ steps.check_ci_changes.outputs.workflow-only-but-not-authorized }} | |
| NO_CODE_TO_BUILD: ${{ steps.check_ci_changes.outputs.do-not-build }} | |
| DEV_PR_FOR_RELEASE: ${{ steps.check_created_release_pr.outputs.dev_release_branch }} | |
| CHARTS_PR_FOR_RELEASE: ${{ steps.check_created_release_pr.outputs.charts_release_branch }} | |
| run: | | |
| # exit if build not required | |
| if [ "${RUN_TESTS}" == "true" ] || [ "${NOT_CI_AUTHORIZED}" == "true" ]; then | |
| echo "The PR is workflow changes only - do not continue." | |
| exit 0 | |
| elif [ "${NO_CODE_TO_BUILD}" == "true" ]; then | |
| echo "The PR does not contain changes which need build or test." | |
| exit 0 | |
| elif [ "${DEV_PR_FOR_RELEASE}" == "true" ]; then | |
| echo "The PR is part of release processing for the development repository - do not continue." | |
| elif [ "${CHART_PR_FOR_RELEASE}" == "true" ]; then | |
| echo "The PR is part of release processing for the charts repository - do not continue." | |
| else | |
| echo "run-build=true" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Set Environment | |
| id: set-env | |
| run: | | |
| #set environment based on repository | |
| if [ $GITHUB_REPOSITORY == "openshift-helm-charts/charts" ]; then | |
| echo "Use latest verifier image" | |
| echo "verifier-action-image=latest" >> $GITHUB_OUTPUT | |
| else | |
| echo "Use dev verifier image" | |
| echo "verifier-action-image=0.1.0" >> $GITHUB_OUTPUT | |
| fi | |
| echo "insecure_skip_tls_verify=true" >> $GITHUB_OUTPUT | |
| - name: Checkout | |
| if: ${{ steps.check_build_required.outputs.run-build == 'true' }} | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| path: "pr-branch" | |
| - name: Check PR Content | |
| id: check_pr_content | |
| if: ${{ steps.check_build_required.outputs.run-build == 'true' }} | |
| continue-on-error: true | |
| env: | |
| GITHUB_REF: ${{ github.ref }} | |
| BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| run: | | |
| INDEX_BRANCH=$(if [ "${GITHUB_REF}" = "refs/heads/main" ]; then echo "refs/heads/gh-pages"; else echo "${GITHUB_REF}-gh-pages"; fi) | |
| ./ve1/bin/check-pr-content --index-branch=${INDEX_BRANCH} --repository=${{ github.repository }} --api-url=${{ github.event.pull_request._links.self.href }} | |
| - name: Add 'content-ok' label | |
| uses: actions/github-script@v3 | |
| if: ${{ steps.check_pr_content.outcome == 'success'}} | |
| continue-on-error: true | |
| with: | |
| github-token: ${{secrets.GITHUB_TOKEN}} | |
| script: | | |
| github.issues.addLabels({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| labels: ['content-ok'] | |
| }) | |
| - name: Remove 'content-ok' label | |
| uses: actions/github-script@v3 | |
| if: ${{ steps.check_pr_content.outcome == 'failure' && contains( github.event.pull_request.labels.*.name, 'content-ok') }} | |
| continue-on-error: true | |
| with: | |
| github-token: ${{secrets.GITHUB_TOKEN}} | |
| script: | | |
| github.issues.removeLabel({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| name: 'content-ok' | |
| }) | |
| - name: Reflect on PR Content check | |
| if: ${{ steps.check_pr_content.outcome == 'failure'}} | |
| run: | | |
| echo "The 'PR Content check' step has failed." | |
| exit 1 | |
| - name: Remove 'authorized-request' label from PR | |
| uses: actions/github-script@v3 | |
| if: ${{ steps.check_build_required.outputs.run-build == 'true' && contains( github.event.pull_request.labels.*.name, 'authorized-request') }} | |
| continue-on-error: true | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| var issue_number = ${{ github.event.number }}; | |
| github.issues.removeLabel({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: Number(issue_number), | |
| name: 'authorized-request' | |
| }) | |
| - name: install chart verifier for action | |
| uses: redhat-actions/openshift-tools-installer@v1 | |
| with: | |
| source: github | |
| skip_cache: true | |
| chart-verifier: ${{ steps.set-env.outputs.verifier-action-image }} | |
| - name: determine verify requirements | |
| if: ${{ steps.check_build_required.outputs.run-build == 'true' }} | |
| id: verify_requires | |
| env: | |
| BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| working-directory: ./pr-branch | |
| run: | | |
| ../ve1/bin/get-verify-params --directory=pr --api-url=${{ github.event.pull_request._links.self.href }} | |
| - name: Install oc | |
| if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }} | |
| uses: redhat-actions/openshift-tools-installer@v1 | |
| with: | |
| oc: latest | |
| - name: Set cluster login params | |
| id: login-params | |
| if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }} | |
| run: | | |
| #calculate cluster params | |
| API_SERVER=$( echo -n ${{ secrets.API_SERVER }} | base64 -d) | |
| echo "API_SERVER=${API_SERVER}" >> $GITHUB_OUTPUT | |
| - uses: redhat-actions/oc-login@v1 | |
| id: oc_login | |
| if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }} | |
| with: | |
| openshift_server_url: ${{ steps.login-params.outputs.API_SERVER }} | |
| openshift_token: ${{ secrets.CLUSTER_TOKEN }} | |
| insecure_skip_tls_verify: ${{ steps.set-env.outputs.insecure_skip_tls_verify }} | |
| - name: create service account | |
| id: create_service_account | |
| if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }} | |
| env: | |
| API_SERVER: ${{ steps.login-params.outputs.API_SERVER }} | |
| BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| run: | | |
| ve1/bin/sa-for-chart-testing --create charts-${{ github.event.number }} --token token.txt --server ${API_SERVER} | |
| echo "delete_namespace=true" >> $GITHUB_OUTPUT | |
| echo $KUBECONFIG | |
| - uses: redhat-actions/[email protected] | |
| id: run-verifier | |
| if: ${{ steps.verify_requires.outputs.report_needed == 'true' }} | |
| with: | |
| chart_uri: ${{ steps.verify_requires.outputs.verify_uri }} | |
| verify_args: ${{ steps.verify_requires.outputs.verify_args }} | |
| report_type: all | |
| fail: false | |
| - name: check-verifier-result | |
| id: check-verifier-result | |
| if: ${{ always() && steps.run-verifier.outcome == 'failure' }} | |
| run: | | |
| error_message="The chart verifier returned an error when trying to obtain a verification report for the chart." | |
| echo "verifier_error_message=$error_message" >> $GITHUB_OUTPUT | |
| - name: Check Report | |
| id: check_report | |
| if: ${{ steps.check_build_required.outputs.run-build == 'true' }} | |
| env: | |
| BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| VENDOR_TYPE: ${{ steps.check_pr_content.outputs.category }} | |
| WEB_CATALOG_ONLY: ${{ steps.check_pr_content.outputs.webCatalogOnly }} | |
| REPORT_GENERATED: ${{ steps.verify_requires.outputs.report_needed }} | |
| GENERATED_REPORT_PATH: ${{ steps.run-verifier.outputs.report_file }} | |
| REPORT_SUMMARY_PATH: ${{ steps.run-verifier.outputs.report_info_file }} | |
| WORKFLOW_WORKING_DIRECTORY: "../pr" | |
| run: | | |
| cd pr-branch | |
| ../ve1/bin/chart-pr-review --directory=../pr --verify-user=${{ github.event.pull_request.user.login }} --api-url=${{ github.event.pull_request._links.self.href }} | |
| cd .. | |
| - name: Delete Namespace | |
| if: ${{ always() && steps.oc_login.conclusion == 'success' }} | |
| env: | |
| KUBECONFIG: /tmp/ci-kubeconfig | |
| run: | | |
| API_SERVER=$( echo -n ${{ secrets.API_SERVER }} | base64 -d) | |
| oc login --token=${{ secrets.CLUSTER_TOKEN }} --server=${API_SERVER} --insecure-skip-tls-verify=${{ steps.set-env.outputs.insecure_skip_tls_verify }} | |
| ve1/bin/sa-for-chart-testing --delete charts-${{ github.event.number }} | |
| - name: Save PR artifact | |
| env: | |
| BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| if: ${{ always() && steps.check_build_required.outputs.run-build == 'true' }} | |
| run: | | |
| ve1/bin/pr-artifact --directory=./pr --pr-number=${{ github.event.number }} --api-url=${{ github.event.pull_request._links.self.href }} | |
| - name: Prepare PR comment | |
| id: pr_comment | |
| if: ${{ always() && steps.check_build_required.outputs.run-build == 'true' }} | |
| env: | |
| BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| PR_CONTENT_ERROR_MESSAGE: ${{ steps.check_pr_content.outputs.pr-content-error-message }} | |
| OWNERS_ERROR_MESSAGE: ${{ steps.check_pr_content.outputs.owners-error-message }} | |
| COMMUNITY_MANUAL_REVIEW: ${{ steps.check_report.outputs.community_manual_review_required }} | |
| OC_INSTALL_RESULT: ${{ steps.install-oc.conclusion }} | |
| VERIFIER_ERROR_MESSAGE: ${{ steps.check-verifier-result.outputs.verifier_error_message }} | |
| run: | | |
| ve1/bin/pr-comment ${{ steps.check_pr_content.outcome }} ${{ steps.run-verifier.outcome }} ${{ steps.check_report.conclusion }} | |
| - name: Comment on PR | |
| if: ${{ always() && steps.check_build_required.outputs.run-build == 'true' }} | |
| uses: actions/github-script@v3 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| var fs = require('fs'); | |
| var issue_number = ${{ github.event.number }}; | |
| var comment = fs.readFileSync('./pr/comment', {encoding:'utf8', flag:'r'}); | |
| github.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: Number(issue_number), | |
| body: comment | |
| }); | |
| - name: Add 'authorized-request' label to PR | |
| if: ${{ always() && steps.check_pr_content.outcome == 'success' && steps.run-verifier.outcome != 'failure' && steps.check_build_required.outputs.run-build == 'true' }} | |
| uses: actions/github-script@v3 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| var fs = require('fs'); | |
| var issue_number = ${{ github.event.number }}; | |
| var vendor_label = fs.readFileSync('./pr/vendor'); | |
| var chart_name = fs.readFileSync('./pr/chart'); | |
| if (vendor_label.toString() !== "" && chart_name.toString() !== "") { | |
| github.issues.addLabels({ | |
| issue_number: Number(issue_number), | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| labels: ['authorized-request'] | |
| })}; | |
| - name: Approve PR | |
| id: approve_pr | |
| if: ${{ steps.check_report.conclusion == 'success' }} | |
| uses: hmarr/auto-approve-action@v3 | |
| with: | |
| # The token we use for this changes for the Sandbox repository because the sandbox repository | |
| # receives PRs from the openshift-helm-charts-bot, and that same bot cannot approve its own | |
| # PRs which breaks workflows. Instead, for the Sandbox repo, we approve with the GHA bot. | |
| github-token: ${{ github.repository == 'openshift-helm-charts/sandbox' && secrets.GITHUB_TOKEN || secrets.BOT_TOKEN }} | |
| - name: Merge PR | |
| id: merge_pr | |
| if: ${{ steps.approve_pr.conclusion == 'success' }} | |
| uses: pascalgn/[email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| MERGE_METHOD: squash | |
| MERGE_LABELS: "" | |
| - name: Check for PR merge | |
| if: ${{ steps.check_build_required.outputs.run-build == 'true' }} | |
| env: | |
| BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| run: | | |
| ./ve1/bin/check-auto-merge --api-url=${{ github.event.pull_request._links.self.href }} | |
| - name: Block until there is no running workflow | |
| if: ${{ steps.check_build_required.outputs.run-build == 'true' }} | |
| uses: softprops/turnstyle@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Configure Git | |
| if: ${{ steps.check_build_required.outputs.run-build == 'true' }} | |
| run: | | |
| git config --global user.name "github-actions[bot]" | |
| git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| - name: Release Charts | |
| if: ${{ steps.check_build_required.outputs.run-build == 'true' }} | |
| env: | |
| BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| GITHUB_REF: ${{ github.ref }} | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| REPORT_CONTENT: ${{steps.check_report.outputs.report_content}} | |
| CHART_ENTRY_NAME: ${{ steps.check_pr_content.outputs.chart-entry-name }} | |
| CHART_NAME_WITH_VERSION: ${{ steps.check_pr_content.outputs.chart-name-with-version }} | |
| REDHAT_TO_COMMUNITY: ${{ steps.check_report.outputs.redhat_to_community }} | |
| WEB_CATALOG_ONLY: ${{ steps.check_pr_content.outputs.webCatalogOnly }} | |
| id: release-charts | |
| run: | | |
| tar zxvf ./scripts/dependencies/helm-chart-releaser/chart-releaser_1.2.0_linux_amd64.tar.gz | |
| sudo cp -f cr /usr/local/bin/cr | |
| INDEX_BRANCH=$(if [ "${GITHUB_REF}" = "refs/heads/main" ]; then echo "refs/heads/gh-pages"; else echo "${GITHUB_REF}-gh-pages"; fi) | |
| CWD=`pwd` | |
| cd pr-branch | |
| ../ve1/bin/chart-repo-manager --repository=${{ github.repository }} --index-branch=${INDEX_BRANCH} --api-url=${{ github.event.pull_request._links.self.href }} --pr-number=${{ github.event.number }} | |
| cd ${CWD} | |
| - name: Release | |
| if: ${{ steps.release-charts.outputs.tag != '' }} | |
| uses: softprops/[email protected] | |
| continue-on-error: true | |
| with: | |
| tag_name: ${{ steps.release-charts.outputs.tag }} | |
| files: | | |
| ${{ steps.release-charts.outputs.report_file }} | |
| ${{ steps.release-charts.outputs.public_key_file }} | |
| fail_on_unmatched_files: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Add metrics | |
| if: ${{ always() && steps.check_build_required.outputs.run-build == 'true' && env.GITHUB_REPOSITORY != 'openshift-helm-charts/sandbox' }} | |
| env: | |
| BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| run: | | |
| if [ $GITHUB_REPOSITORY == "openshift-helm-charts/charts" ]; then | |
| WRITE_KEY=${{ secrets.SEGMENT_WRITE_KEY }} | |
| ID_PREFIX="helm-metric-pr" | |
| echo "Use segment production write key" | |
| else | |
| WRITE_KEY=${{ secrets.SEGMENT_TEST_WRITE_KEY }} | |
| ID_PREFIX="helm-test-metric-pr" | |
| echo "Use segment test write key" | |
| fi | |
| if [ "${WRITE_KEY}" != "" ]; then | |
| echo "add PR run metric" | |
| ve1/bin/metrics --write-key="${WRITE_KEY}" \ | |
| --metric-type="pull_request" \ | |
| --message-file="${{ steps.pr_comment.outputs.message-file }}" \ | |
| --pr-number="${{ github.event.number }}" \ | |
| --pr-action="${{ github.event.action }}" \ | |
| --repository="${GITHUB_REPOSITORY}" \ | |
| --prefix="${ID_PREFIX}" \ | |
| --pr_dir="./pr-branch" | |
| else | |
| echo "Do not collect metrics, required segment write key is not set" | |
| fi |