Skip to content

Update OWNERS for redhat-arkady-test-demochart9 #2192

Update OWNERS for redhat-arkady-test-demochart9

Update OWNERS for redhat-arkady-test-demochart9 #2192

Workflow file for this run

name: CI
on:
pull_request_target:
types: [opened, synchronize, reopened, edited, ready_for_review, labeled]
jobs:
chart-certification:
name: Chart Certification
runs-on: ubuntu-22.04
if: |
github.event.pull_request.draft == false &&
(github.event.action != 'labeled' || github.event.label.name == 'force-publish') &&
github.actor != 'redhat-mercury-bot'
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Set up Python 3.x Part 1
uses: actions/setup-python@v2
with:
python-version: "3.9"
- name: Set up Python 3.x Part 2
run: |
# set up python
python3 -m venv ve1
cd scripts && ../ve1/bin/pip3 install -r requirements.txt && cd ..
cd scripts && ../ve1/bin/python3 setup.py install && cd ..
- name: Check for CI changes
id: check_ci_changes
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
run: |
# check if workflow testing should run.
echo "[INFO] check if PR contains only workflow changes and user is authorized"
ve1/bin/check-pr-for-ci --verify-user=${{ github.event.pull_request.user.login }} --api-url=${{ github.event.pull_request._links.self.href }}
- name: Check if PR created as part of release process
id: check_created_release_pr
if: ${{ steps.check_ci_changes.outputs.run-tests != true }}
env:
BOT_NAME: ${{ secrets.BOT_NAME }}
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
run: |
# check if PR was created as part of release processing
./ve1/bin/release-checker --api-url=${{ github.event.pull_request._links.self.href }} \
--sender='${{ github.event.sender.login }}' \
--pr_branch='${{ github.event.pull_request.head.ref }}' \
--pr_body="${{ github.event.pull_request.body }}" \
--pr_base_repo='${{ github.event.pull_request.base.repo.full_name }}' \
--pr_head_repo='${{ github.event.pull_request.head.repo.full_name }}'
- name: Exit if build not required
id: check_build_required
env:
RUN_TESTS: ${{ steps.check_ci_changes.outputs.run-tests }}
NOT_CI_AUTHORIZED: ${{ steps.check_ci_changes.outputs.workflow-only-but-not-authorized }}
NO_CODE_TO_BUILD: ${{ steps.check_ci_changes.outputs.do-not-build }}
DEV_PR_FOR_RELEASE: ${{ steps.check_created_release_pr.outputs.dev_release_branch }}
CHARTS_PR_FOR_RELEASE: ${{ steps.check_created_release_pr.outputs.charts_release_branch }}
run: |
# exit if build not required
if [ "${RUN_TESTS}" == "true" ] || [ "${NOT_CI_AUTHORIZED}" == "true" ]; then
echo "The PR is workflow changes only - do not continue."
exit 0
elif [ "${NO_CODE_TO_BUILD}" == "true" ]; then
echo "The PR does not contain changes which need build or test."
exit 0
elif [ "${DEV_PR_FOR_RELEASE}" == "true" ]; then
echo "The PR is part of release processing for the development repository - do not continue."
elif [ "${CHART_PR_FOR_RELEASE}" == "true" ]; then
echo "The PR is part of release processing for the charts repository - do not continue."
else
echo "run-build=true" >> $GITHUB_OUTPUT
fi
- name: Set Environment
id: set-env
run: |
#set environment based on repository
if [ $GITHUB_REPOSITORY == "openshift-helm-charts/charts" ]; then
echo "Use latest verifier image"
echo "verifier-action-image=latest" >> $GITHUB_OUTPUT
else
echo "Use dev verifier image"
echo "verifier-action-image=0.1.0" >> $GITHUB_OUTPUT
fi
echo "insecure_skip_tls_verify=true" >> $GITHUB_OUTPUT
- name: Checkout
if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
path: "pr-branch"
- name: Check PR Content
id: check_pr_content
if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
continue-on-error: true
env:
GITHUB_REF: ${{ github.ref }}
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
run: |
INDEX_BRANCH=$(if [ "${GITHUB_REF}" = "refs/heads/main" ]; then echo "refs/heads/gh-pages"; else echo "${GITHUB_REF}-gh-pages"; fi)
./ve1/bin/check-pr-content --index-branch=${INDEX_BRANCH} --repository=${{ github.repository }} --api-url=${{ github.event.pull_request._links.self.href }}
- name: Add 'content-ok' label
uses: actions/github-script@v3
if: ${{ steps.check_pr_content.outcome == 'success'}}
continue-on-error: true
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: ['content-ok']
})
- name: Remove 'content-ok' label
uses: actions/github-script@v3
if: ${{ steps.check_pr_content.outcome == 'failure' && contains( github.event.pull_request.labels.*.name, 'content-ok') }}
continue-on-error: true
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.issues.removeLabel({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
name: 'content-ok'
})
- name: Reflect on PR Content check
if: ${{ steps.check_pr_content.outcome == 'failure'}}
run: |
echo "The 'PR Content check' step has failed."
exit 1
- name: Remove 'authorized-request' label from PR
uses: actions/github-script@v3
if: ${{ steps.check_build_required.outputs.run-build == 'true' && contains( github.event.pull_request.labels.*.name, 'authorized-request') }}
continue-on-error: true
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
var issue_number = ${{ github.event.number }};
github.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: Number(issue_number),
name: 'authorized-request'
})
- name: install chart verifier for action
uses: redhat-actions/openshift-tools-installer@v1
with:
source: github
skip_cache: true
chart-verifier: ${{ steps.set-env.outputs.verifier-action-image }}
- name: determine verify requirements
if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
id: verify_requires
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
working-directory: ./pr-branch
run: |
../ve1/bin/get-verify-params --directory=pr --api-url=${{ github.event.pull_request._links.self.href }}
- name: Install oc
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }}
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: latest
- name: Set cluster login params
id: login-params
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }}
run: |
#calculate cluster params
API_SERVER=$( echo -n ${{ secrets.API_SERVER }} | base64 -d)
echo "API_SERVER=${API_SERVER}" >> $GITHUB_OUTPUT
- uses: redhat-actions/oc-login@v1
id: oc_login
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }}
with:
openshift_server_url: ${{ steps.login-params.outputs.API_SERVER }}
openshift_token: ${{ secrets.CLUSTER_TOKEN }}
insecure_skip_tls_verify: ${{ steps.set-env.outputs.insecure_skip_tls_verify }}
- name: create service account
id: create_service_account
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }}
env:
API_SERVER: ${{ steps.login-params.outputs.API_SERVER }}
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
run: |
ve1/bin/sa-for-chart-testing --create charts-${{ github.event.number }} --token token.txt --server ${API_SERVER}
echo "delete_namespace=true" >> $GITHUB_OUTPUT
echo $KUBECONFIG
- uses: redhat-actions/[email protected]
id: run-verifier
if: ${{ steps.verify_requires.outputs.report_needed == 'true' }}
with:
chart_uri: ${{ steps.verify_requires.outputs.verify_uri }}
verify_args: ${{ steps.verify_requires.outputs.verify_args }}
report_type: all
fail: false
- name: check-verifier-result
id: check-verifier-result
if: ${{ always() && steps.run-verifier.outcome == 'failure' }}
run: |
error_message="The chart verifier returned an error when trying to obtain a verification report for the chart."
echo "verifier_error_message=$error_message" >> $GITHUB_OUTPUT
- name: Check Report
id: check_report
if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
VENDOR_TYPE: ${{ steps.check_pr_content.outputs.category }}
WEB_CATALOG_ONLY: ${{ steps.check_pr_content.outputs.webCatalogOnly }}
REPORT_GENERATED: ${{ steps.verify_requires.outputs.report_needed }}
GENERATED_REPORT_PATH: ${{ steps.run-verifier.outputs.report_file }}
REPORT_SUMMARY_PATH: ${{ steps.run-verifier.outputs.report_info_file }}
WORKFLOW_WORKING_DIRECTORY: "../pr"
run: |
cd pr-branch
../ve1/bin/chart-pr-review --directory=../pr --verify-user=${{ github.event.pull_request.user.login }} --api-url=${{ github.event.pull_request._links.self.href }}
cd ..
- name: Delete Namespace
if: ${{ always() && steps.oc_login.conclusion == 'success' }}
env:
KUBECONFIG: /tmp/ci-kubeconfig
run: |
API_SERVER=$( echo -n ${{ secrets.API_SERVER }} | base64 -d)
oc login --token=${{ secrets.CLUSTER_TOKEN }} --server=${API_SERVER} --insecure-skip-tls-verify=${{ steps.set-env.outputs.insecure_skip_tls_verify }}
ve1/bin/sa-for-chart-testing --delete charts-${{ github.event.number }}
- name: Save PR artifact
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
if: ${{ always() && steps.check_build_required.outputs.run-build == 'true' }}
run: |
ve1/bin/pr-artifact --directory=./pr --pr-number=${{ github.event.number }} --api-url=${{ github.event.pull_request._links.self.href }}
- name: Prepare PR comment
id: pr_comment
if: ${{ always() && steps.check_build_required.outputs.run-build == 'true' }}
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
PR_CONTENT_ERROR_MESSAGE: ${{ steps.check_pr_content.outputs.pr-content-error-message }}
OWNERS_ERROR_MESSAGE: ${{ steps.check_pr_content.outputs.owners-error-message }}
COMMUNITY_MANUAL_REVIEW: ${{ steps.check_report.outputs.community_manual_review_required }}
OC_INSTALL_RESULT: ${{ steps.install-oc.conclusion }}
VERIFIER_ERROR_MESSAGE: ${{ steps.check-verifier-result.outputs.verifier_error_message }}
run: |
ve1/bin/pr-comment ${{ steps.check_pr_content.outcome }} ${{ steps.run-verifier.outcome }} ${{ steps.check_report.conclusion }}
- name: Comment on PR
if: ${{ always() && steps.check_build_required.outputs.run-build == 'true' }}
uses: actions/github-script@v3
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
var fs = require('fs');
var issue_number = ${{ github.event.number }};
var comment = fs.readFileSync('./pr/comment', {encoding:'utf8', flag:'r'});
github.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: Number(issue_number),
body: comment
});
- name: Add 'authorized-request' label to PR
if: ${{ always() && steps.check_pr_content.outcome == 'success' && steps.run-verifier.outcome != 'failure' && steps.check_build_required.outputs.run-build == 'true' }}
uses: actions/github-script@v3
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
var fs = require('fs');
var issue_number = ${{ github.event.number }};
var vendor_label = fs.readFileSync('./pr/vendor');
var chart_name = fs.readFileSync('./pr/chart');
if (vendor_label.toString() !== "" && chart_name.toString() !== "") {
github.issues.addLabels({
issue_number: Number(issue_number),
owner: context.repo.owner,
repo: context.repo.repo,
labels: ['authorized-request']
})};
- name: Approve PR
id: approve_pr
if: ${{ steps.check_report.conclusion == 'success' }}
uses: hmarr/auto-approve-action@v2
with:
github-token: ${{ secrets.BOT_TOKEN }}
- name: Merge PR
id: merge_pr
if: ${{ steps.approve_pr.conclusion == 'success' }}
uses: pascalgn/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
MERGE_METHOD: squash
MERGE_LABELS: ""
- name: Check for PR merge
if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
run: |
./ve1/bin/check-auto-merge --api-url=${{ github.event.pull_request._links.self.href }}
- name: Block until there is no running workflow
if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
uses: softprops/turnstyle@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Configure Git
if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
run: |
git config --global user.name "github-actions[bot]"
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
- name: Release Charts
if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
GITHUB_REF: ${{ github.ref }}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
REPORT_CONTENT: ${{steps.check_report.outputs.report_content}}
CHART_ENTRY_NAME: ${{ steps.check_pr_content.outputs.chart-entry-name }}
CHART_NAME_WITH_VERSION: ${{ steps.check_pr_content.outputs.chart-name-with-version }}
REDHAT_TO_COMMUNITY: ${{ steps.check_report.outputs.redhat_to_community }}
WEB_CATALOG_ONLY: ${{ steps.check_pr_content.outputs.webCatalogOnly }}
id: release-charts
run: |
tar zxvf ./scripts/dependencies/helm-chart-releaser/chart-releaser_1.2.0_linux_amd64.tar.gz
sudo cp -f cr /usr/local/bin/cr
INDEX_BRANCH=$(if [ "${GITHUB_REF}" = "refs/heads/main" ]; then echo "refs/heads/gh-pages"; else echo "${GITHUB_REF}-gh-pages"; fi)
CWD=`pwd`
cd pr-branch
../ve1/bin/chart-repo-manager --repository=${{ github.repository }} --index-branch=${INDEX_BRANCH} --api-url=${{ github.event.pull_request._links.self.href }} --pr-number=${{ github.event.number }}
cd ${CWD}
- name: Release
if: ${{ steps.release-charts.outputs.tag != '' }}
uses: softprops/[email protected]
continue-on-error: true
with:
tag_name: ${{ steps.release-charts.outputs.tag }}
files: |
${{ steps.release-charts.outputs.report_file }}
${{ steps.release-charts.outputs.public_key_file }}
fail_on_unmatched_files: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Add metrics
if: ${{ always() && steps.check_build_required.outputs.run-build == 'true' && env.GITHUB_REPOSITORY != 'openshift-helm-charts/sandbox' }}
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
run: |
if [ $GITHUB_REPOSITORY == "openshift-helm-charts/charts" ]; then
WRITE_KEY=${{ secrets.SEGMENT_WRITE_KEY }}
ID_PREFIX="helm-metric-pr"
echo "Use segment production write key"
else
WRITE_KEY=${{ secrets.SEGMENT_TEST_WRITE_KEY }}
ID_PREFIX="helm-test-metric-pr"
echo "Use segment test write key"
fi
if [ "${WRITE_KEY}" != "" ]; then
echo "add PR run metric"
ve1/bin/metrics --write-key="${WRITE_KEY}" \
--metric-type="pull_request" \
--message-file="${{ steps.pr_comment.outputs.message-file }}" \
--pr-number="${{ github.event.number }}" \
--pr-action="${{ github.event.action }}" \
--repository="${GITHUB_REPOSITORY}" \
--prefix="${ID_PREFIX}" \
--pr_dir="./pr-branch"
else
echo "Do not collect metrics, required segment write key is not set"
fi