74a5e59d704f4148a368d9f06679bf54-an-authorized-user-submits-a-chart-with-incorrect-version-8c009dd-partners-hashicorp-vault-0.17.0 #97470
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release-Workflow | |
on: | |
pull_request_target: | |
types: [opened, synchronize, reopened, edited, ready_for_review, labeled] | |
jobs: | |
check-contributor: | |
name: Check contributor | |
uses: ./.github/workflows/check-contributor.yml | |
with: | |
user: ${{ github.event.pull_request.user.login }} | |
chart-workflow-release: | |
name: Chart Workflow Release | |
needs: [check-contributor] | |
runs-on: ubuntu-22.04 | |
if: | | |
github.event.pull_request.draft == false && | |
needs.check-contributor.outputs.is-repo-owner == 'true' | |
steps: | |
- name: Checkout Base Branch | |
uses: actions/checkout@v4 | |
- name: Checkout Pull Request | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.ref }} | |
repository: ${{ github.event.pull_request.head.repo.full_name }} | |
token: ${{ secrets.BOT_TOKEN }} | |
fetch-depth: 0 | |
path: "pr-branch" | |
- name: Set up Python 3.x Part 1 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.10" | |
- name: Set up Python scripts in pr-branch | |
working-directory: ./pr-branch | |
run: | | |
# set up python scripts | |
echo "set up python script in $PWD" | |
python3 -m venv ve1 | |
cd scripts | |
../ve1/bin/pip3 install -r requirements.txt | |
../ve1/bin/pip3 install . | |
cd .. | |
- name: Check if dev repo is targetted, only release file is in PR and user is authorized | |
id: check_only_version_in_PR_and_authorized | |
working-directory: ./pr-branch | |
env: | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
run: | | |
# if dev repo is targetted check if release file only is included in PR and if so that user is authorized. | |
./ve1/bin/release-checker --api-url=${{ github.event.pull_request._links.self.href }} \ | |
--sender=${{ github.event.sender.login }} \ | |
--pr_base_repo='${{ github.event.pull_request.base.repo.full_name }}' | |
- name: Check if PR created as part of release process | |
id: check_created_release_pr | |
working-directory: ./pr-branch | |
if: ${{ steps.check_only_version_in_PR_and_authorized.outputs.PR_includes_release_only != 'true' }} | |
env: | |
BOT_NAME: ${{ secrets.BOT_NAME }} | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
run: | | |
# check if PR was created as part of release processing | |
./ve1/bin/release-checker --api-url=${{ github.event.pull_request._links.self.href }} \ | |
--sender='${{ github.event.sender.login }}' \ | |
--pr_branch='${{ github.event.pull_request.head.ref }}' \ | |
--pr_body="${{ github.event.pull_request.body }}" \ | |
--pr_base_repo='${{ github.event.pull_request.base.repo.full_name }}' \ | |
--pr_head_repo='${{ github.event.pull_request.head.repo.full_name }}' | |
- name: Reflect on PR Content | |
id: reflect_on_pr_content | |
env: | |
RELEASE_INFO_ONLY: ${{ steps.check_only_version_in_PR_and_authorized.outputs.PR_includes_release_only }} | |
NOT_AUTHORIZED: ${{ steps.check_only_version_in_PR_and_authorized.outputs.sender_not_authorized }} | |
DEV_PR_FOR_RELEASE: ${{ steps.check_created_release_pr.outputs.dev_release_branch }} | |
run: | | |
# Determine if and how processing should continue' | |
if [ "${NOT_AUTHORIZED}" == 'true' ]; then | |
echo "Unauthorized Request" | |
exit 1 | |
elif [ "${RELEASE_INFO_ONLY}" == 'true' ]; then | |
echo "PR contains only release_info file" | |
echo "create_pull_requests=true" >> $GITHUB_OUTPUT | |
elif [ "${DEV_PR_FOR_RELEASE}" != 'true' ]; then | |
echo "No release work to do" | |
exit | |
fi | |
- name: Run All Tests | |
if: ${{ steps.reflect_on_pr_content.outputs.create_pull_requests == 'true' }} | |
working-directory: ./pr-branch | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
BOT_NAME: ${{ secrets.BOT_NAME }} | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
PR_NUMBER: ${{ github.event.pull_request.number }} | |
PR_BODY: "Test triggered by release PR ${{ github.event.pull_request.html_url }}." | |
run: | | |
ve1/bin/behave tests/functional/behave_features/ --tags=full --logging-level=WARNING --no-capture --no-color | |
- name: Checkout charts repo | |
if: ${{ steps.reflect_on_pr_content.outputs.create_pull_requests == 'true' }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.base.ref }} | |
repository: ${{ steps.check_only_version_in_PR_and_authorized.outputs.charts_repo }} | |
token: ${{ secrets.BOT_TOKEN }} | |
path: "charts-repo" | |
- name: Checkout development repo | |
if: ${{ steps.reflect_on_pr_content.outputs.create_pull_requests == 'true' }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.base.ref }} | |
repository: ${{ github.event.pull_request.base.repo.full_name }} | |
token: ${{ secrets.BOT_TOKEN }} | |
path: "dev-repo" | |
- name: Checkout stage repo | |
if: ${{ steps.reflect_on_pr_content.outputs.create_pull_requests == 'true' }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.base.ref }} | |
repository: ${{ steps.check_only_version_in_PR_and_authorized.outputs.stage_repo }} | |
token: ${{ secrets.BOT_TOKEN }} | |
path: "stage-repo" | |
- name: Set up Python 3.x Part 1 | |
if: ${{ steps.reflect_on_pr_content.outputs.create_pull_requests == 'true' }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.10" | |
- name: Set up Python scripts on dev branch | |
run: | | |
# set up python scripts | |
echo "set up python script in $PWD" | |
python3 -m venv ve1 | |
cd scripts | |
../ve1/bin/pip3 install -r requirements.txt | |
../ve1/bin/pip3 install . | |
cd .. | |
- name: Check if version updated | |
id: check_version_updated | |
if: ${{ steps.reflect_on_pr_content.outputs.create_pull_requests == 'true' }} | |
env: | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
run: | | |
# check if version file was changed | |
./ve1/bin/release-checker --version=${{ steps.check_only_version_in_PR_and_authorized.outputs.PR_version }} | |
- name: Sync the repositories | |
id: sync_repositories | |
if: ${{ steps.check_version_updated.outputs.release_updated == 'true' }} | |
env: | |
BOT_NAME: ${{ secrets.BOT_NAME }} | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
run: | | |
./ve1/bin/releaser --version=${{ steps.check_only_version_in_PR_and_authorized.outputs.PR_version }}\ | |
--pr_dir="./pr-branch" \ | |
--development_dir="./dev-repo" \ | |
--charts_dir="./charts-repo" \ | |
--stage_dir="./stage-repo" \ | |
--dev_pr_body="${{ steps.check_only_version_in_PR_and_authorized.outputs.PR_release_body }}" \ | |
--target_branch="${{ github.event.pull_request.base.ref }}" \ | |
--target_repository="${{ github.event.pull_request.base.repo.full_name }}" | |
- name: Determine if merge and release are needed | |
id: check_merge_and_release | |
env: | |
REPOSITORIES_SYNCED: ${{ steps.check_version_updated.outputs.release_updated }} | |
CHART_PR_ERROR: ${{ steps.sync_repositories.outputs.charts_pr_error }} | |
DEV_PR_ERROR: ${{ steps.sync_repositories.outputs.dev_pr_error }} | |
STAGE_PR_ERROR: ${{ steps.sync_repositories.outputs.stage_pr_error }} | |
DEV_PR_NOT_NEEDED: ${{ steps.sync_repositories.outputs.dev_pr_not_needed }} | |
DEV_PR_FOR_RELEASE: ${{ steps.check_created_release_pr.outputs.dev_release_branch }} | |
run: | | |
# determine what should be done next | |
# mitigate unmatched quote error in bash | |
if [ "${REPOSITORIES_SYNCED}" == 'true' ]; then | |
if [ "${CHART_PR_ERROR}" == 'true' ]; then | |
echo "Error creating charts pull request" | |
exit 1 | |
elif [ "${DEV_PR_ERROR}" == 'true' ]; then | |
echo "Error creating development pull request" | |
exit 1 | |
elif [ "${STAGE_PR_ERROR}" == 'true' ]; then | |
echo "Error creating stage pull request" | |
exit 1 | |
else | |
echo "At least one PR was created - merge this one" | |
echo "merge=true" >> $GITHUB_OUTPUT | |
fi | |
if [ "${DEV_PR_NOT_NEEDED}" == 'true' ]; then | |
echo "No dev PR so create release" | |
echo "release_body=${{ steps.check_only_version_in_PR_and_authorized.outputs.PR_release_body }}" >> $GITHUB_OUTPUT | |
echo "release_tag=${{ steps.check_only_version_in_PR_and_authorized.outputs.PR_version }}" >> $GITHUB_OUTPUT | |
fi | |
elif [ "${DEV_PR_FOR_RELEASE}" == 'true' ]; then | |
echo "Dev PR so create release" | |
echo "merge=true" >> $GITHUB_OUTPUT | |
echo "release_body=${{ github.event.pull_request.body }}" >> $GITHUB_OUTPUT | |
echo "release_tag=${{ steps.check_created_release_pr.outputs.PR_version }}" >> $GITHUB_OUTPUT | |
fi | |
- name: Approve PR | |
id: approve_pr | |
if: ${{ steps.check_merge_and_release.outputs.merge == 'true' }} | |
uses: hmarr/auto-approve-action@v4 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Merge PR | |
id: merge_pr | |
if: ${{ steps.check_merge_and_release.outputs.merge == 'true' }} | |
uses: pascalgn/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
MERGE_METHOD: squash | |
MERGE_LABELS: "" | |
- name: Check for PR merge | |
if: ${{ steps.check_merge_and_release.outputs.merge == 'true' }} | |
env: | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
run: | | |
./ve1/bin/check-auto-merge --api-url=${{ github.event.pull_request._links.self.href }} | |
- name: Create the the release | |
id: create_release | |
if: ${{ steps.check_merge_and_release.outputs.release_tag != '' }} | |
uses: softprops/action-gh-release@v2 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
tag_name: ${{ steps.check_merge_and_release.outputs.release_tag }} | |
body: ${{ steps.check_merge_and_release.outputs.release_body }} |