8a7357d88b8c443abc56c3bde10a713e-a-user-submits-a-report-with-missing-checks-d3f8b89e-partners-hashicorp-vault-0.17.0 #82728
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request_target: | |
types: [opened, synchronize, reopened, edited, ready_for_review, labeled] | |
jobs: | |
setup: | |
name: Setup CI | |
runs-on: ubuntu-22.04 | |
outputs: | |
run_build: ${{ steps.check_build_required.outputs.run-build }} | |
verifier-action-image: ${{ steps.set-env.outputs.verifier-action-image }} | |
insecure_skip_tls_verify: ${{ steps.set-env.outputs.insecure_skip_tls_verify }} | |
if: | | |
github.event.pull_request.draft == false && | |
(github.event.action != 'labeled' || github.event.label.name == 'force-publish') && | |
github.actor != 'redhat-mercury-bot' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Python 3.x Part 1 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.10" | |
- name: Set up Python 3.x Part 2 | |
run: | | |
# set up python | |
python3 -m venv ve1 | |
cd scripts | |
../ve1/bin/pip3 install -r requirements.txt | |
../ve1/bin/pip3 install . | |
cd .. | |
- name: Check for CI changes | |
id: check_ci_changes | |
env: | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
run: | | |
# check if workflow testing should run. | |
echo "[INFO] check if PR contains only workflow changes and user is authorized" | |
ve1/bin/check-pr-for-ci --verify-user=${{ github.event.pull_request.user.login }} --api-url=${{ github.event.pull_request._links.self.href }} | |
- name: Check if PR created as part of release process | |
id: check_created_release_pr | |
if: ${{ steps.check_ci_changes.outputs.run-tests != true }} | |
env: | |
BOT_NAME: ${{ secrets.BOT_NAME }} | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
run: | | |
# check if PR was created as part of release processing | |
./ve1/bin/release-checker --api-url=${{ github.event.pull_request._links.self.href }} \ | |
--sender='${{ github.event.sender.login }}' \ | |
--pr_branch='${{ github.event.pull_request.head.ref }}' \ | |
--pr_body="${{ github.event.pull_request.body }}" \ | |
--pr_base_repo='${{ github.event.pull_request.base.repo.full_name }}' \ | |
--pr_head_repo='${{ github.event.pull_request.head.repo.full_name }}' | |
- name: Exit if build not required | |
id: check_build_required | |
env: | |
RUN_TESTS: ${{ steps.check_ci_changes.outputs.run-tests }} | |
NOT_CI_AUTHORIZED: ${{ steps.check_ci_changes.outputs.workflow-only-but-not-authorized }} | |
NO_CODE_TO_BUILD: ${{ steps.check_ci_changes.outputs.do-not-build }} | |
DEV_PR_FOR_RELEASE: ${{ steps.check_created_release_pr.outputs.dev_release_branch }} | |
CHARTS_PR_FOR_RELEASE: ${{ steps.check_created_release_pr.outputs.charts_release_branch }} | |
run: | | |
# exit if build not required | |
if [ "${RUN_TESTS}" == "true" ] || [ "${NOT_CI_AUTHORIZED}" == "true" ]; then | |
echo "The PR is workflow changes only - do not continue." | |
exit 0 | |
elif [ "${NO_CODE_TO_BUILD}" == "true" ]; then | |
echo "The PR does not contain changes which need build or test." | |
exit 0 | |
elif [ "${DEV_PR_FOR_RELEASE}" == "true" ]; then | |
echo "The PR is part of release processing for the development repository - do not continue." | |
elif [ "${CHART_PR_FOR_RELEASE}" == "true" ]; then | |
echo "The PR is part of release processing for the charts repository - do not continue." | |
else | |
echo "run-build=true" >> $GITHUB_OUTPUT | |
fi | |
- name: Set Environment | |
id: set-env | |
run: | | |
#set environment based on repository | |
if [ $GITHUB_REPOSITORY == "openshift-helm-charts/charts" ]; then | |
echo "Use latest verifier image" | |
echo "verifier-action-image=latest" >> $GITHUB_OUTPUT | |
else | |
echo "Use dev verifier image" | |
echo "verifier-action-image=0.1.0" >> $GITHUB_OUTPUT | |
fi | |
echo "insecure_skip_tls_verify=true" >> $GITHUB_OUTPUT | |
chart-verifier: | |
name: Run chart-verifier | |
runs-on: ubuntu-22.04 | |
needs: [setup] | |
outputs: | |
report_content: ${{ steps.check_report.outputs.report_content }} | |
redhat_to_community: ${{ steps.check_report.outputs.redhat_to_community }} | |
message_file: ${{ steps.pr_comment.outputs.message-file }} | |
message_text_base64: ${{ steps.encode_pr_comment.outputs.message-text-base64 }} | |
web_catalog_only: ${{ steps.check_pr_content.outputs.web_catalog_only }} | |
chart_entry_name: ${{ steps.check_pr_content.outputs.chart-entry-name }} | |
release_tag: ${{ steps.check_pr_content.outputs.release_tag }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Checkout PR Branch | |
if: ${{ needs.setup.outputs.run_build == 'true' }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.ref }} | |
repository: ${{ github.event.pull_request.head.repo.full_name }} | |
path: "pr-branch" | |
- name: Set up Python 3.x Part 1 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.10" | |
- name: Set up Python 3.x Part 2 | |
run: | | |
# set up python | |
python3 -m venv ve1 | |
cd scripts | |
../ve1/bin/pip3 install -r requirements.txt | |
../ve1/bin/pip3 install . | |
cd .. | |
- name: Check PR Content | |
id: check_pr_content | |
if: ${{ needs.setup.outputs.run_build == 'true' }} | |
continue-on-error: true | |
env: | |
GITHUB_REF: ${{ github.ref }} | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
run: | | |
INDEX_BRANCH=$(if [ "${GITHUB_REF}" = "refs/heads/main" ]; then echo "refs/heads/gh-pages"; else echo "${GITHUB_REF}-gh-pages"; fi) | |
./ve1/bin/check-pr-content --index-branch=${INDEX_BRANCH} --repository=${{ github.repository }} --api-url=${{ github.event.pull_request._links.self.href }} | |
- name: Add 'content-ok' label | |
uses: actions/github-script@v7 | |
if: ${{ steps.check_pr_content.outcome == 'success'}} | |
continue-on-error: true | |
with: | |
github-token: ${{secrets.GITHUB_TOKEN}} | |
script: | | |
github.rest.issues.addLabels({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
labels: ['content-ok'] | |
}) | |
- name: Remove 'content-ok' label | |
uses: actions/github-script@v7 | |
if: ${{ steps.check_pr_content.outcome == 'failure' && contains( github.event.pull_request.labels.*.name, 'content-ok') }} | |
continue-on-error: true | |
with: | |
github-token: ${{secrets.GITHUB_TOKEN}} | |
script: | | |
github.rest.issues.removeLabel({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
name: 'content-ok' | |
}) | |
- name: Reflect on PR Content check | |
if: ${{ steps.check_pr_content.outcome == 'failure'}} | |
run: | | |
echo "The 'PR Content check' step has failed." | |
exit 1 | |
- name: Remove 'authorized-request' label from PR | |
uses: actions/github-script@v7 | |
if: ${{ needs.setup.outputs.run_build == 'true' && contains( github.event.pull_request.labels.*.name, 'authorized-request') }} | |
continue-on-error: true | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
var issue_number = ${{ github.event.number }}; | |
github.rest.issues.removeLabel({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
issue_number: Number(issue_number), | |
name: 'authorized-request' | |
}) | |
- name: install chart verifier for action | |
uses: redhat-actions/openshift-tools-installer@v1 | |
with: | |
source: github | |
skip_cache: true | |
chart-verifier: "${{ needs.setup.outputs.verifier-action-image }}" | |
- name: determine verify requirements | |
if: ${{ needs.setup.outputs.run_build == 'true' }} | |
id: verify_requires | |
env: | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
working-directory: ./pr-branch | |
run: | | |
../ve1/bin/get-verify-params --directory=pr --api-url=${{ github.event.pull_request._links.self.href }} | |
- name: Install oc | |
id: install-oc | |
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }} | |
uses: redhat-actions/openshift-tools-installer@v1 | |
with: | |
oc: latest | |
- name: Set cluster login params | |
id: login-params | |
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }} | |
run: | | |
#calculate cluster params | |
API_SERVER=$( echo -n ${{ secrets.API_SERVER }} | base64 -d) | |
echo "API_SERVER=${API_SERVER}" >> $GITHUB_OUTPUT | |
- uses: redhat-actions/oc-login@v1 | |
id: oc_login | |
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }} | |
with: | |
openshift_server_url: ${{ steps.login-params.outputs.API_SERVER }} | |
openshift_token: ${{ secrets.CLUSTER_TOKEN }} | |
insecure_skip_tls_verify: ${{ needs.setup.outputs.insecure_skip_tls_verify }} | |
- name: create service account | |
id: create_service_account | |
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }} | |
env: | |
API_SERVER: ${{ steps.login-params.outputs.API_SERVER }} | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
run: | | |
ve1/bin/sa-for-chart-testing --create charts-${{ github.event.number }} --token token.txt --server ${API_SERVER} | |
echo "delete_namespace=true" >> $GITHUB_OUTPUT | |
echo $KUBECONFIG | |
- uses: redhat-actions/chart-verifier@v1 | |
id: run-verifier | |
if: ${{ steps.verify_requires.outputs.report_needed == 'true' }} | |
with: | |
chart_uri: ${{ steps.verify_requires.outputs.verify_uri }} | |
verify_args: ${{ steps.verify_requires.outputs.verify_args }} | |
report_type: all | |
fail: false | |
- name: check-verifier-result | |
id: check-verifier-result | |
if: ${{ always() && steps.run-verifier.outcome == 'failure' }} | |
run: | | |
error_message="The chart verifier returned an error when trying to obtain a verification report for the chart." | |
echo "verifier_error_message=$error_message" >> $GITHUB_OUTPUT | |
- name: Get profile version set in report provided by the user | |
id: get-profile-version | |
if: ${{ needs.setup.outputs.run_build == 'true' && steps.verify_requires.outputs.report_provided == 'true' }} | |
uses: mikefarah/yq@v4 | |
with: | |
cmd: yq '.metadata.tool.profile.version' ${{ format('./pr-branch/{0}', steps.verify_requires.outputs.provided_report_relative_path) }} | |
- name: Get the range of Kubernetes versions set in the report provided by the user | |
id: get-kube-range | |
if: ${{ needs.setup.outputs.run_build == 'true' && steps.verify_requires.outputs.report_provided == 'true' }} | |
continue-on-error: true | |
uses: mikefarah/yq@v4 | |
with: | |
cmd: yq '.metadata.chart.kubeversion' ${{ format('./pr-branch/{0}', steps.verify_requires.outputs.provided_report_relative_path) }} | |
- name: Get the corresponding range of OCP versions | |
id: get-ocp-range | |
if: ${{ needs.setup.outputs.run_build == 'true' && steps.verify_requires.outputs.report_provided == 'true' }} | |
continue-on-error: true | |
uses: ./.github/actions/get-ocp-range | |
with: | |
kube-version-range: ${{ steps.get-kube-range.outputs.result }} | |
- name: Only ignore errors in get-ocp-range for profile in version v1.0 | |
if: ${{ (steps.get-kube-range.outcome == 'failure' || steps.get-ocp-range.outcome == 'failure') && steps.get-profile-version.outputs.result != 'v1.0' }} | |
run: | | |
echo "::error file=.github/workflows/build.yaml::Failure in get-ocp-range, mandatory for profile version ${{ steps.get-profile-version.outputs.result }}" | |
exit 1 | |
- name: Check Report | |
id: check_report | |
if: ${{ needs.setup.outputs.run_build == 'true' }} | |
env: | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
VENDOR_TYPE: ${{ steps.check_pr_content.outputs.category }} | |
WEB_CATALOG_ONLY: ${{ steps.check_pr_content.outputs.web_catalog_only }} | |
REPORT_GENERATED: ${{ steps.verify_requires.outputs.report_needed }} | |
GENERATED_REPORT_PATH: ${{ steps.run-verifier.outputs.report_file }} | |
REPORT_SUMMARY_PATH: ${{ steps.run-verifier.outputs.report_info_file }} | |
WORKFLOW_WORKING_DIRECTORY: "../pr" | |
OCP_VERSION_RANGE: ${{ steps.get-ocp-range.outputs.ocp-version-range }} | |
run: | | |
cd pr-branch | |
../ve1/bin/chart-pr-review \ | |
--directory=../pr \ | |
--verify-user=${{ github.event.pull_request.user.login }} \ | |
--api-url=${{ github.event.pull_request._links.self.href }} | |
cd .. | |
- name: Delete Namespace | |
if: ${{ always() && steps.oc_login.conclusion == 'success' }} | |
env: | |
KUBECONFIG: /tmp/ci-kubeconfig | |
run: | | |
API_SERVER=$( echo -n ${{ secrets.API_SERVER }} | base64 -d) | |
oc login --token=${{ secrets.CLUSTER_TOKEN }} --server=${API_SERVER} --insecure-skip-tls-verify=${{ needs.setup.outputs.insecure_skip_tls_verify }} | |
ve1/bin/sa-for-chart-testing --delete charts-${{ github.event.number }} | |
- name: Save PR artifact | |
env: | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
if: ${{ always() && needs.setup.outputs.run_build == 'true' }} | |
run: | | |
ve1/bin/pr-artifact --directory=./pr --pr-number=${{ github.event.number }} --api-url=${{ github.event.pull_request._links.self.href }} | |
- name: Prepare PR comment | |
id: pr_comment | |
if: ${{ always() && needs.setup.outputs.run_build == 'true' }} | |
env: | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
PR_CONTENT_ERROR_MESSAGE: ${{ steps.check_pr_content.outputs.pr-content-error-message }} | |
OWNERS_ERROR_MESSAGE: ${{ steps.check_pr_content.outputs.owners-error-message }} | |
COMMUNITY_MANUAL_REVIEW: ${{ steps.check_report.outputs.community_manual_review_required }} | |
OC_INSTALL_RESULT: ${{ steps.install-oc.outcome }} | |
VERIFIER_ERROR_MESSAGE: ${{ steps.check-verifier-result.outputs.verifier_error_message }} | |
run: | | |
ve1/bin/pr-comment ${{ steps.check_pr_content.outcome }} ${{ steps.run-verifier.outcome }} ${{ steps.check_report.conclusion }} | |
# Note(komish): This step is a temporary fix for the metrics step in the next job | |
# which expects the PR comment to exist at the specified filesystem location. | |
- name: Encode PR Comment for Metrics | |
id: encode_pr_comment | |
if: ${{ always() && needs.setup.outputs.run_build == 'true' }} | |
run: | | |
commentBase64=$(base64 --wrap=0 ${{ steps.pr_comment.outputs.message-file }}) | |
echo "message-text-base64=${commentBase64}" | tee -a $GITHUB_OUTPUT | |
- name: Comment on PR | |
if: ${{ always() && needs.setup.outputs.run_build == 'true' }} | |
uses: actions/github-script@v7 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
var fs = require('fs'); | |
var issue_number = ${{ github.event.number }}; | |
var comment = fs.readFileSync('./pr/comment', {encoding:'utf8', flag:'r'}); | |
github.rest.issues.createComment({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
issue_number: Number(issue_number), | |
body: comment | |
}); | |
- name: Add 'authorized-request' label to PR | |
if: ${{ always() && steps.check_pr_content.outcome == 'success' && steps.run-verifier.outcome != 'failure' && needs.setup.outputs.run_build == 'true' }} | |
uses: actions/github-script@v7 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
var fs = require('fs'); | |
var issue_number = ${{ github.event.number }}; | |
var vendor_label = fs.readFileSync('./pr/vendor'); | |
var chart_name = fs.readFileSync('./pr/chart'); | |
if (vendor_label.toString() !== "" && chart_name.toString() !== "") { | |
github.rest.issues.addLabels({ | |
issue_number: Number(issue_number), | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
labels: ['authorized-request'] | |
})}; | |
- name: Approve PR | |
id: approve_pr | |
if: ${{ steps.check_report.conclusion == 'success' }} | |
uses: hmarr/auto-approve-action@v3 | |
with: | |
# The token we use for this changes for the Sandbox repository because the sandbox repository | |
# receives PRs from the openshift-helm-charts-bot, and that same bot cannot approve its own | |
# PRs which breaks workflows. Instead, for the Sandbox repo, we approve with the GHA bot. | |
github-token: ${{ github.repository == 'openshift-helm-charts/sandbox' && secrets.GITHUB_TOKEN || secrets.BOT_TOKEN }} | |
- name: Merge PR | |
id: merge_pr | |
if: ${{ steps.approve_pr.conclusion == 'success' }} | |
uses: pascalgn/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }} | |
MERGE_METHOD: squash | |
MERGE_LABELS: "" | |
- name: Check for PR merge | |
if: ${{ needs.setup.outputs.run_build == 'true' }} | |
env: | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
run: | | |
./ve1/bin/check-auto-merge --api-url=${{ github.event.pull_request._links.self.href }} | |
release: | |
name: Release Chart | |
runs-on: ubuntu-22.04 | |
needs: [setup, chart-verifier] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Checkout PR Branch | |
if: ${{ needs.setup.outputs.run_build == 'true' }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.ref }} | |
repository: ${{ github.event.pull_request.head.repo.full_name }} | |
path: "pr-branch" | |
- name: Set up Python 3.x Part 1 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.10" | |
- name: Set up Python 3.x Part 2 | |
run: | | |
# set up python | |
python3 -m venv ve1 | |
cd scripts | |
../ve1/bin/pip3 install -r requirements.txt | |
../ve1/bin/pip3 install . | |
cd .. | |
- name: install chart verifier for action | |
uses: redhat-actions/openshift-tools-installer@v1 | |
with: | |
source: github | |
skip_cache: true | |
chart-verifier: ${{ needs.setup.outputs.verifier-action-image }} | |
- name: Block until there is no running workflow | |
if: ${{ needs.setup.outputs.run_build == 'true' }} | |
uses: softprops/turnstyle@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Configure Git | |
if: ${{ needs.setup.outputs.run_build == 'true' }} | |
run: | | |
git config --global user.name "github-actions[bot]" | |
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
- name: Prepare Chart Release and index entry | |
if: ${{ needs.setup.outputs.run_build == 'true' }} | |
env: | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
REPORT_CONTENT: ${{ needs.chart-verifier.outputs.report_content }} | |
REDHAT_TO_COMMUNITY: ${{ needs.chart-verifier.outputs.redhat_to_community }} | |
WEB_CATALOG_ONLY: ${{ needs.chart-verifier.outputs.web_catalog_only }} | |
OCP_VERSION_RANGE: ${{ steps.get-ocp-range.outputs.ocp-version-range }} | |
id: prepare-chart-release | |
run: | | |
cd pr-branch | |
../ve1/bin/chart-repo-manager \ | |
--repository=${{ github.repository }} \ | |
--api-url=${{ github.event.pull_request._links.self.href }} \ | |
# Upload the report file, potentially paired with a public key and, if provided, the chart's tarball and its prov file. | |
# Only the report file is always included. | |
# The release tag format is <organization_name>-<chart_name>-<chart_version> | |
- name: Create GitHub release | |
if: ${{ needs.chart-verifier.outputs.web_catalog_only == 'False' }} | |
uses: softprops/[email protected] | |
with: | |
tag_name: ${{ needs.chart-verifier.outputs.release_tag }} | |
files: | | |
${{ steps.prepare-chart-release.outputs.report_file }} | |
${{ steps.prepare-chart-release.outputs.public_key_file }} | |
${{ steps.prepare-chart-release.outputs.path_to_chart_tarball }} | |
${{ steps.prepare-chart-release.outputs.prov_file_name }} | |
fail_on_unmatched_files: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Update Helm repository index | |
if: ${{ needs.setup.outputs.run_build == 'true' }} | |
env: | |
CHART_ENTRY_NAME: ${{ needs.chart-verifier.outputs.chart_entry_name }} | |
WEB_CATALOG_ONLY: ${{ needs.chart-verifier.outputs.web_catalog_only }} | |
run: | | |
INDEX_BRANCH=$(if [ "${GITHUB_REF}" = "refs/heads/main" ]; then echo "gh-pages"; else echo "${GITHUB_REF##*/}-gh-pages"; fi) | |
echo "[INFO] Creating Git worktree for index branch" | |
INDEX_DIR=$(mktemp -d) | |
git remote add upstream "$GITHUB_SERVER_URL"/"$GITHUB_REPOSITORY" | |
git fetch upstream "$INDEX_BRANCH" | |
git worktree add --detach "$INDEX_DIR" upstream/"$INDEX_BRANCH" | |
if [ "$WEB_CATALOG_ONLY" == "True" ]; then | |
INDEX_FILE="unpublished-certified-charts.yaml" | |
else | |
INDEX_FILE="index.yaml" | |
fi | |
source ve1/bin/activate | |
cd $INDEX_DIR | |
update-index \ | |
--index-branch=${INDEX_BRANCH} \ | |
--index-file=${INDEX_FILE} \ | |
--repository=${{ github.repository }} \ | |
--chart-entry="${{ steps.prepare-chart-release.outputs.chart_entry }}" \ | |
--chart-url="${{ steps.prepare-chart-release.outputs.chart_url }}" \ | |
--version="${{ steps.prepare-chart-release.outputs.version }}" | |
echo "[INFO] Add and commit changes to git" | |
git status | |
git add $INDEX_FILE | |
git status | |
git commit -m "$RELEASE_TAG $INDEX_FILE (${{ github.event.number }})" | |
git status | |
git push \ | |
https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }} \ | |
HEAD:refs/heads/${INDEX_BRANCH} | |
# Note(komish): This step is a temporary workaround. Metrics requires the PR comment | |
# to be available, but it is written to the filesystem in the previous job. | |
# This can be removed once the metrics execution is restructured to have access to the PR | |
# comment, or pulled out of the release job entirely. | |
- name: Retrieve PR comment for metrics | |
if: ${{ always() && needs.setup.outputs.run_build == 'true' && env.GITHUB_REPOSITORY != 'openshift-helm-charts/sandbox' }} | |
run: | | |
mkdir -p $(dirname ${{ needs.chart-verifier.outputs.message_file }}) | |
echo ${{ needs.chart-verifier.outputs.message_text_base64 }} | base64 -d | tee ${{ needs.chart-verifier.outputs.message_file }} | |
- name: Add metrics | |
id: add_metrics | |
if: ${{ always() && needs.setup.outputs.run_build == 'true' && env.GITHUB_REPOSITORY != 'openshift-helm-charts/sandbox' }} | |
continue-on-error: true | |
env: | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
run: | | |
if [ $GITHUB_REPOSITORY == "openshift-helm-charts/charts" ]; then | |
WRITE_KEY=${{ secrets.SEGMENT_WRITE_KEY }} | |
ID_PREFIX="helm-metric-pr" | |
echo "Use segment production write key" | |
else | |
WRITE_KEY=${{ secrets.SEGMENT_TEST_WRITE_KEY }} | |
ID_PREFIX="helm-test-metric-pr" | |
echo "Use segment test write key" | |
fi | |
if [ "${WRITE_KEY}" != "" ]; then | |
echo "add PR run metric" | |
ve1/bin/metrics --write-key="${WRITE_KEY}" \ | |
--metric-type="pull_request" \ | |
--message-file="${{ needs.chart-verifier.outputs.message_file }}" \ | |
--pr-number="${{ github.event.number }}" \ | |
--pr-action="${{ github.event.action }}" \ | |
--repository="${GITHUB_REPOSITORY}" \ | |
--prefix="${ID_PREFIX}" \ | |
--pr_dir="./pr-branch" | |
else | |
echo "Do not collect metrics, required segment write key is not set" | |
fi | |
- name: Alert Slack helm_dev on failure to update metrics | |
continue-on-error: true | |
if: steps.add_metrics.outcome == 'failure' | |
uses: archive/[email protected] | |
with: | |
slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN }} | |
slack-channel: C02979BDUPL | |
slack-text: Failure! Updating metrics during a chart certification. See '${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}' |