Skip to content

Commit

Permalink
extract steps commenting and merging PR from chart-verifier job
Browse files Browse the repository at this point in the history
  • Loading branch information
@github-actions
github-actions[bot] committed Sep 20, 2024
1 parent 278e868 commit 146845b
Show file tree
Hide file tree
Showing 4 changed files with 108 additions and 52 deletions.
134 changes: 88 additions & 46 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,7 @@ jobs:
- name: Upload PR information
uses: actions/upload-artifact@v4
if: ${{ always() }}
with:
name: submission
path: ${{ env.SUBMISSION_PATH }}
Expand Down Expand Up @@ -190,18 +191,22 @@ jobs:
runs-on: ubuntu-22.04
needs: [setup, validate-submission]

if: ${{ always() }}

outputs:
report_content: ${{ steps.check_report.outputs.report_content }}
redhat_to_community: ${{ steps.check_report.outputs.redhat_to_community }}
message_file: ${{ steps.pr_comment.outputs.message-file }}
message_text_base64: ${{ steps.encode_pr_comment.outputs.message-text-base64 }}
# message_file: ${{ steps.pr_comment.outputs.message-file }}
# message_text_base64: ${{ steps.encode_pr_comment.outputs.message-text-base64 }}
# web_catalog_only: ${{ steps.check_pr_content.outputs.web_catalog_only }}
# chart_entry_name: ${{ steps.check_pr_content.outputs.chart-entry-name }}
# release_tag: ${{ steps.check_pr_content.outputs.release_tag }}
# ocp-version-range: ${{ steps.get-ocp-range.outputs.ocp-version-range }}

community_manual_review_required: ${{ steps.check_report.outputs.community_manual_review_required }}
install-oc-outcome: ${{ steps.install-oc.outcome }}
verifier_error_message: ${{ steps.check-verifier-result.outputs.verifier_error_message }}
run-verifier-outcome: ${{ steps.run-verifier.outcome }}
check_report-outcome: ${{ steps.check_report.outcome }}
ocp-version-range: ${{ steps.get-ocp-range.outputs.ocp-version-range }}

steps:
- name: Checkout
Expand Down Expand Up @@ -231,13 +236,12 @@ jobs:
- name: Download submission information
uses: actions/download-artifact@v4
if: ${{ ! contains(join(needs.*.result, ','), 'failure') }}
with:
name: submission

- name: Remove 'authorized-request' label from PR
uses: actions/github-script@v7
if: ${{ needs.setup.outputs.run_build == 'true' && contains( github.event.pull_request.labels.*.name, 'authorized-request') && ! contains(join(needs.*.result, ','), 'failure') }}
if: ${{ needs.setup.outputs.run_build == 'true' && contains( github.event.pull_request.labels.*.name, 'authorized-request') }}
continue-on-error: true
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -252,15 +256,14 @@ jobs:
- name: install chart verifier for action
uses: redhat-actions/openshift-tools-installer@v1
if: ${{ ! contains(join(needs.*.result, ','), 'failure') }}
with:
source: github
skip_cache: true
chart-verifier: "${{ needs.setup.outputs.verifier-action-image }}"

# TODO: check what needs to stay here vs what could go to validate-submission
- name: determine verify requirements
if: ${{ needs.setup.outputs.run_build == 'true' && ! contains(join(needs.*.result, ','), 'failure') }}
if: ${{ needs.setup.outputs.run_build == 'true' }}
id: verify_requires
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
Expand All @@ -270,30 +273,30 @@ jobs:
- name: Install oc
id: install-oc
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' && ! contains(join(needs.*.result, ','), 'failure') }}
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }}
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: latest

- name: Set cluster login params
id: login-params
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' && ! contains(join(needs.*.result, ','), 'failure') }}
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }}
run: |
#calculate cluster params
API_SERVER=$( echo -n ${{ secrets.API_SERVER }} | base64 -d)
echo "API_SERVER=${API_SERVER}" >> $GITHUB_OUTPUT
- uses: redhat-actions/oc-login@v1
id: oc_login
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' && ! contains(join(needs.*.result, ','), 'failure') }}
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }}
with:
openshift_server_url: ${{ steps.login-params.outputs.API_SERVER }}
openshift_token: ${{ secrets.CLUSTER_TOKEN }}
insecure_skip_tls_verify: ${{ needs.setup.outputs.insecure_skip_tls_verify }}

- name: create service account
id: create_service_account
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' && ! contains(join(needs.*.result, ','), 'failure') }}
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }}
env:
API_SERVER: ${{ steps.login-params.outputs.API_SERVER }}
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
Expand All @@ -304,7 +307,7 @@ jobs:
- uses: redhat-actions/chart-verifier@v1
id: run-verifier
if: ${{ steps.verify_requires.outputs.report_needed == 'true' && ! contains(join(needs.*.result, ','), 'failure') }}
if: ${{ steps.verify_requires.outputs.report_needed == 'true' }}
with:
chart_uri: ${{ steps.verify_requires.outputs.verify_uri }}
verify_args: ${{ steps.verify_requires.outputs.verify_args }}
Expand All @@ -313,43 +316,44 @@ jobs:

- name: check-verifier-result
id: check-verifier-result
if: ${{ always() && steps.run-verifier.outcome == 'failure' && ! contains(join(needs.*.result, ','), 'failure') }}
if: ${{ always() && steps.run-verifier.outcome == 'failure' }}
run: |
error_message="The chart verifier returned an error when trying to obtain a verification report for the chart."
echo "verifier_error_message=$error_message" >> $GITHUB_OUTPUT
- name: Get profile version set in report provided by the user
id: get-profile-version
if: ${{ needs.setup.outputs.run_build == 'true' && steps.verify_requires.outputs.report_provided == 'true' && ! contains(join(needs.*.result, ','), 'failure') }}
if: ${{ needs.setup.outputs.run_build == 'true' && steps.verify_requires.outputs.report_provided == 'true' }}
uses: mikefarah/yq@master
with:
cmd: yq '.metadata.tool.profile.version' ${{ format('./pr-branch/{0}', steps.verify_requires.outputs.provided_report_relative_path) }}

- name: Get the range of Kubernetes versions set in the report provided by the user
id: get-kube-range
if: ${{ needs.setup.outputs.run_build == 'true' && steps.verify_requires.outputs.report_provided == 'true' && ! contains(join(needs.*.result, ','), 'failure') }}
if: ${{ needs.setup.outputs.run_build == 'true' && steps.verify_requires.outputs.report_provided == 'true' }}
continue-on-error: true
uses: mikefarah/yq@master
with:
cmd: yq '.metadata.chart.kubeversion' ${{ format('./pr-branch/{0}', steps.verify_requires.outputs.provided_report_relative_path) }}

- name: Get the corresponding range of OCP versions
id: get-ocp-range
if: ${{ needs.setup.outputs.run_build == 'true' && steps.verify_requires.outputs.report_provided == 'true' && ! contains(join(needs.*.result, ','), 'failure') }}
if: ${{ needs.setup.outputs.run_build == 'true' && steps.verify_requires.outputs.report_provided == 'true' }}
continue-on-error: true
uses: ./.github/actions/get-ocp-range
with:
kube-version-range: ${{ steps.get-kube-range.outputs.result }}

- name: Only ignore errors in get-ocp-range for profile in version v1.0
if: ${{ (steps.get-kube-range.outcome == 'failure' || steps.get-ocp-range.outcome == 'failure') && steps.get-profile-version.outputs.result != 'v1.0' && ! contains(join(needs.*.result, ','), 'failure') }}
if: ${{ (steps.get-kube-range.outcome == 'failure' || steps.get-ocp-range.outcome == 'failure') && steps.get-profile-version.outputs.result != 'v1.0' }}
run: |
echo "::error file=.github/workflows/build.yaml::Failure in get-ocp-range, mandatory for profile version ${{ steps.get-profile-version.outputs.result }}"
exit 1
# check the report that was generated when running chart-verifier / or provided by PR ??
- name: Check Report
id: check_report
if: ${{ needs.setup.outputs.run_build == 'true' && ! contains(join(needs.*.result, ','), 'failure') }}
if: ${{ needs.setup.outputs.run_build == 'true' }}
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
VENDOR_TYPE: ${{ needs.validate-submission.outputs.category }}
Expand All @@ -370,55 +374,91 @@ jobs:
cd ..
- name: Delete Namespace
if: ${{ always() && steps.oc_login.conclusion == 'success' && ! contains(join(needs.*.result, ','), 'failure') }}
if: ${{ always() && steps.oc_login.conclusion == 'success' }}
env:
KUBECONFIG: /tmp/ci-kubeconfig
run: |
API_SERVER=$( echo -n ${{ secrets.API_SERVER }} | base64 -d)
oc login --token=${{ secrets.CLUSTER_TOKEN }} --server=${API_SERVER} --insecure-skip-tls-verify=${{ needs.setup.outputs.insecure_skip_tls_verify }}
ve1/bin/sa-for-chart-testing --delete charts-${{ github.event.number }}
# TODO
# TODO: test remove altogether: rght now only ensure report.yaml file exists
- name: Save PR artifact
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
if: ${{ always() && needs.setup.outputs.run_build == 'true' }}
run: |
ve1/bin/pr-artifact --directory=./pr --pr-number=${{ github.event.number }} --api-url=${{ github.event.pull_request._links.self.href }}
# manage-gh-pr:
# name: Comment and merge PR
# runs-on: ubuntu-22.04
# needs: [setup, validate-submission, chart-verifier]
manage-gh-pr:
name: Comment and merge PR
runs-on: ubuntu-22.04
needs: [setup, validate-submission, chart-verifier]

outputs:
message_file: ${{ steps.pr_comment.outputs.message-file }}
message_text_base64: ${{ steps.encode_pr_comment.outputs.message-text-base64 }}

# Run manage-pr as long as setup was successfull, independently from potential errors in validate-submission or chart-verifier
if: ${{ always() && needs.setup.result == 'success' }}

steps:
- name: Checkout
uses: actions/checkout@v4

- name: Checkout PR Branch
if: ${{ needs.setup.outputs.run_build == 'true' }}
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
path: "pr-branch"

- name: Set up Python 3.x Part 1
uses: actions/setup-python@v5
with:
python-version: "3.10"

# # outputs:
# # if: ${{ always() && contains(join(needs.*.result, ','), 'success') }}
- name: Set up Python 3.x Part 2
run: |
# set up python
python3 -m venv ve1
cd scripts
../ve1/bin/pip3 install -r requirements.txt
../ve1/bin/pip3 install .
cd ..
- name: Download submission information
uses: actions/download-artifact@v4
with:
name: submission

# steps:
- name: Prepare PR comment
id: pr_comment
if: ${{ always() && needs.setup.outputs.run_build == 'true' }}
if: ${{ needs.setup.outputs.run_build == 'true' }}
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
PR_CONTENT_ERROR_MESSAGE: ${{ needs.validate-submission.outputs.pr-content-error-message }}
OWNERS_ERROR_MESSAGE: ${{ needs.validate-submission.outputs.owners-error-message }}
COMMUNITY_MANUAL_REVIEW: ${{ steps.check_report.outputs.community_manual_review_required }}
OC_INSTALL_RESULT: ${{ steps.install-oc.outcome }}
VERIFIER_ERROR_MESSAGE: ${{ steps.check-verifier-result.outputs.verifier_error_message }}
COMMUNITY_MANUAL_REVIEW: ${{ needs.chart-verifier.outputs.community_manual_review_required }}
OC_INSTALL_RESULT: ${{ needs.chart-verifier.outputs.install-oc-outcome || 'skipped' }}
VERIFIER_ERROR_MESSAGE: ${{ needs.chart-verifier.outputs.verifier_error_message }}
run: |
ve1/bin/pr-comment ${{ needs.validate-submission.outputs.validate-submission-outcome }} ${{ steps.run-verifier.outcome }} ${{ steps.check_report.conclusion }}
ve1/bin/pr-comment ${{ needs.validate-submission.outputs.validate-submission-outcome }} \
${{ needs.chart-verifier.outputs.run-verifier-outcome || 'skipped' }} \
${{ needs.chart-verifier.outputs.check_report-outcome || 'skipped'}}
# Note(komish): This step is a temporary fix for the metrics step in the next job
# which expects the PR comment to exist at the specified filesystem location.
- name: Encode PR Comment for Metrics
id: encode_pr_comment
if: ${{ always() && needs.setup.outputs.run_build == 'true' }}
if: ${{ needs.setup.outputs.run_build == 'true' }}
run: |
commentBase64=$(base64 --wrap=0 ${{ steps.pr_comment.outputs.message-file }})
echo "message-text-base64=${commentBase64}" | tee -a $GITHUB_OUTPUT
- name: Comment on PR
if: ${{ always() && needs.setup.outputs.run_build == 'true' }}
if: ${{ needs.setup.outputs.run_build == 'true' }}
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -434,15 +474,16 @@ jobs:
});
- name: Add 'authorized-request' label to PR
if: ${{ always() && needs.validate-submission.outputs.validate-submission-outcome == 'success' && steps.run-verifier.outcome != 'failure' && needs.setup.outputs.run_build == 'true' }}
if: ${{ needs.validate-submission.outputs.validate-submission-outcome == 'success' && needs.chart-verifier.outputs.run-verifier-outcome != 'failure' && needs.setup.outputs.run_build == 'true' }}
# if: ${{ needs.validate-submission.outputs.validate-submission-outcome == 'success' && needs.chart-verifier.outputs.run-verifier-outcome || 'skipped' == 'success' && needs.setup.outputs.run_build == 'true' }}
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
var fs = require('fs');
var issue_number = ${{ github.event.number }};
var vendor_label = fs.readFileSync('./pr/vendor');
var chart_name = fs.readFileSync('./pr/chart');
var vendor_label = ${{ needs.validate-submission.outputs.category }};
var chart_name = ${{ needs.validate-submission.outputs.chart_entry_name }};
if (vendor_label.toString() !== "" && chart_name.toString() !== "") {
github.rest.issues.addLabels({
issue_number: Number(issue_number),
Expand All @@ -453,7 +494,8 @@ jobs:
- name: Approve PR
id: approve_pr
if: ${{ steps.check_report.conclusion == 'success' }}
if: ${{ needs.chart-verifier.outputs.check_report-outcome == 'success' }}
# if: ${{ needs.chart-verifier.outputs.check_report-outcome || 'skipped' == 'success' }}
uses: hmarr/auto-approve-action@v3
with:
# The token we use for this changes for the Sandbox repository because the sandbox repository
Expand All @@ -463,15 +505,15 @@ jobs:

- name: Merge PR
id: merge_pr
if: ${{ steps.approve_pr.conclusion == 'success' }}
if: ${{ steps.approve_pr.outcome == 'success' }}
uses: pascalgn/automerge-action@v0.16.2
env:
GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
MERGE_METHOD: squash
MERGE_LABELS: ""

- name: Check for PR merge
if: ${{ steps.merge_pr.conclusion == 'success' }}
if: ${{ steps.merge_pr.outcome == 'success' }}
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
run: |
Expand All @@ -481,7 +523,7 @@ jobs:
release:
name: Release Chart
runs-on: ubuntu-22.04
needs: [setup, validate-submission, chart-verifier]
needs: [setup, validate-submission, chart-verifier, manage-gh-pr]

steps:
- name: Checkout
Expand Down Expand Up @@ -535,7 +577,7 @@ jobs:
REPORT_CONTENT: ${{ needs.chart-verifier.outputs.report_content }}
REDHAT_TO_COMMUNITY: ${{ needs.chart-verifier.outputs.redhat_to_community }}
WEB_CATALOG_ONLY: ${{ needs.validate-submission.outputs.web_catalog_only }}
OCP_VERSION_RANGE: ${{ steps.get-ocp-range.outputs.ocp-version-range }}
OCP_VERSION_RANGE: ${{ needs.chart-verifier.outputs.ocp-version-range }}
id: prepare-chart-release
run: |
# export WEB_CATALOG_ONLY=`jq .is_web_catalog_only ${{ github.env.SUBMISSION_PATH }}`
Expand Down Expand Up @@ -628,8 +670,8 @@ jobs:
- name: Retrieve PR comment for metrics
if: ${{ always() && needs.setup.outputs.run_build == 'true' && github.repository != 'openshift-helm-charts/sandbox' }}
run: |
mkdir -p $(dirname ${{ needs.chart-verifier.outputs.message_file }})
echo ${{ needs.chart-verifier.outputs.message_text_base64 }} | base64 -d | tee ${{ needs.chart-verifier.outputs.message_file }}
mkdir -p $(dirname ${{ needs.manage-gh-pr.outputs.message_file }})
echo ${{ needs.manage-gh-pr.outputs.message_text_base64 }} | base64 -d | tee ${{ needs.manage-gh-pr.outputs.message_file }}
- name: Add metrics
id: add_metrics
Expand All @@ -652,7 +694,7 @@ jobs:
echo "add PR run metric"
ve1/bin/metrics --write-key="${WRITE_KEY}" \
--metric-type="pull_request" \
--message-file="${{ needs.chart-verifier.outputs.message_file }}" \
--message-file="${{ needs.manage-gh-pr.outputs.message_file }}" \
--pr-number="${{ github.event.number }}" \
--pr-action="${{ github.event.action }}" \
--repository="${GITHUB_REPOSITORY}" \
Expand Down
17 changes: 14 additions & 3 deletions scripts/src/pullrequest/prepare_pr_comment.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import os
import sys

from submission import validate
from tools import gitutils


Expand Down Expand Up @@ -207,9 +208,18 @@ def main():
pr_content_result = sys.argv[1]
run_verifier_result = sys.argv[2]
verify_result = sys.argv[3]
issue_number = open("./pr/NR").read().strip()
vendor_label = open("./pr/vendor").read().strip()
chart_name = open("./pr/chart").read().strip()

submission_path = os.environ.get("SUBMISSION_PATH")
s = validate.read_submission_from_file(articact_path=submission_path)
issue_number = s.get_pr_number()
vendor_label = s.chart.organization
chart_name = s.chart.name

# s = validate.read_submission_from_file(articact_path=submission_path)

# issue_number = open("./pr/NR").read().strip()
# vendor_label = open("./pr/vendor").read().strip()
# chart_name = open("./pr/chart").read().strip()

community_manual_review = os.environ.get("COMMUNITY_MANUAL_REVIEW", False)
oc_install_result = os.environ.get("OC_INSTALL_RESULT")
Expand Down Expand Up @@ -286,6 +296,7 @@ def main():
print(msg)
print("*" * 30)

os.makedirs("pr", exist_ok=True)
with open("./pr/comment", "w") as fd:
fd.write(msg)
gitutils.add_output("message-file", fd.name)
Expand Down
Loading

0 comments on commit 146845b

Please sign in to comment.