Update OWNERS for redhat-arkady-test-alex-chart #2169

Workflow file for this run

	name: CI

	on:
	pull_request_target:
	types: [opened, synchronize, reopened, edited, ready_for_review, labeled]

	jobs:
	chart-certification:
	name: Chart Certification
	runs-on: ubuntu-22.04
	if: \|
	github.event.pull_request.draft == false &&
	(github.event.action != 'labeled' \|\| github.event.label.name == 'force-publish') &&
	github.actor != 'redhat-mercury-bot'
	steps:
	- name: Checkout
	uses: actions/checkout@v2

	- name: Set up Python 3.x Part 1
	uses: actions/setup-python@v2
	with:
	python-version: "3.9"

	- name: Set up Python 3.x Part 2
	run: \|
	# set up python
	python3 -m venv ve1
	cd scripts && ../ve1/bin/pip3 install -r requirements.txt && cd ..
	cd scripts && ../ve1/bin/python3 setup.py install && cd ..

	- name: Check for CI changes
	id: check_ci_changes
	env:
	BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
	run: \|
	# check if workflow testing should run.
	echo "[INFO] check if PR contains only workflow changes and user is authorized"
	ve1/bin/check-pr-for-ci --verify-user=${{ github.event.pull_request.user.login }} --api-url=${{ github.event.pull_request._links.self.href }}

	- name: Check if PR created as part of release process
	id: check_created_release_pr
	if: ${{ steps.check_ci_changes.outputs.run-tests != true }}
	env:
	BOT_NAME: ${{ secrets.BOT_NAME }}
	BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
	run: \|
	# check if PR was created as part of release processing
	./ve1/bin/release-checker --api-url=${{ github.event.pull_request._links.self.href }} \
	--sender='${{ github.event.sender.login }}' \
	--pr_branch='${{ github.event.pull_request.head.ref }}' \
	--pr_body="${{ github.event.pull_request.body }}" \
	--pr_base_repo='${{ github.event.pull_request.base.repo.full_name }}' \
	--pr_head_repo='${{ github.event.pull_request.head.repo.full_name }}'

	- name: Exit if build not required
	id: check_build_required
	env:
	RUN_TESTS: ${{ steps.check_ci_changes.outputs.run-tests }}
	NOT_CI_AUTHORIZED: ${{ steps.check_ci_changes.outputs.workflow-only-but-not-authorized }}
	NO_CODE_TO_BUILD: ${{ steps.check_ci_changes.outputs.do-not-build }}
	DEV_PR_FOR_RELEASE: ${{ steps.check_created_release_pr.outputs.dev_release_branch }}
	CHARTS_PR_FOR_RELEASE: ${{ steps.check_created_release_pr.outputs.charts_release_branch }}
	run: \|
	# exit if build not required
	if [ "${RUN_TESTS}" == "true" ] \|\| [ "${NOT_CI_AUTHORIZED}" == "true" ]; then
	echo "The PR is workflow changes only - do not continue."
	exit 0
	elif [ "${NO_CODE_TO_BUILD}" == "true" ]; then
	echo "The PR does not contain changes which need build or test."
	exit 0
	elif [ "${DEV_PR_FOR_RELEASE}" == "true" ]; then
	echo "The PR is part of release processing for the development repository - do not continue."
	elif [ "${CHART_PR_FOR_RELEASE}" == "true" ]; then
	echo "The PR is part of release processing for the charts repository - do not continue."
	else
	echo "run-build=true" >> $GITHUB_OUTPUT
	fi

	- name: Set Environment
	id: set-env
	run: \|
	#set environment based on repository
	if [ $GITHUB_REPOSITORY == "openshift-helm-charts/charts" ]; then
	echo "Use latest verifier image"
	echo "verifier-action-image=latest" >> $GITHUB_OUTPUT
	else
	echo "Use dev verifier image"
	echo "verifier-action-image=0.1.0" >> $GITHUB_OUTPUT
	fi
	echo "insecure_skip_tls_verify=true" >> $GITHUB_OUTPUT

	- name: Checkout
	if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
	uses: actions/checkout@v2
	with:
	ref: ${{ github.event.pull_request.head.ref }}
	repository: ${{ github.event.pull_request.head.repo.full_name }}
	path: "pr-branch"

	- name: Check PR Content
	id: check_pr_content
	if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
	continue-on-error: true
	env:
	GITHUB_REF: ${{ github.ref }}
	BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
	run: \|
	INDEX_BRANCH=$(if [ "${GITHUB_REF}" = "refs/heads/main" ]; then echo "refs/heads/gh-pages"; else echo "${GITHUB_REF}-gh-pages"; fi)
	./ve1/bin/check-pr-content --index-branch=${INDEX_BRANCH} --repository=${{ github.repository }} --api-url=${{ github.event.pull_request._links.self.href }}

	- name: Add 'content-ok' label
	uses: actions/github-script@v3
	if: ${{ steps.check_pr_content.outcome == 'success'}}
	continue-on-error: true
	with:
	github-token: ${{secrets.GITHUB_TOKEN}}
	script: \|
	github.issues.addLabels({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	labels: ['content-ok']
	})

	- name: Remove 'content-ok' label
	uses: actions/github-script@v3
	if: ${{ steps.check_pr_content.outcome == 'failure' && contains( github.event.pull_request.labels.*.name, 'content-ok') }}
	continue-on-error: true
	with:
	github-token: ${{secrets.GITHUB_TOKEN}}
	script: \|
	github.issues.removeLabel({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	name: 'content-ok'
	})

	- name: Reflect on PR Content check
	if: ${{ steps.check_pr_content.outcome == 'failure'}}
	run: \|
	echo "The 'PR Content check' step has failed."
	exit 1

	- name: Remove 'authorized-request' label from PR
	uses: actions/github-script@v3
	if: ${{ steps.check_build_required.outputs.run-build == 'true' && contains( github.event.pull_request.labels.*.name, 'authorized-request') }}
	continue-on-error: true
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	script: \|
	var issue_number = ${{ github.event.number }};
	github.issues.removeLabel({
	owner: context.repo.owner,
	repo: context.repo.repo,
	issue_number: Number(issue_number),
	name: 'authorized-request'
	})

	- name: install chart verifier for action
	uses: redhat-actions/openshift-tools-installer@v1
	with:
	source: github
	skip_cache: true
	chart-verifier: ${{ steps.set-env.outputs.verifier-action-image }}

	- name: determine verify requirements
	if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
	id: verify_requires
	env:
	BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
	working-directory: ./pr-branch
	run: \|
	../ve1/bin/get-verify-params --directory=pr --api-url=${{ github.event.pull_request._links.self.href }}

	- name: Install oc
	if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }}
	uses: redhat-actions/openshift-tools-installer@v1
	with:
	oc: latest

	- name: Set cluster login params
	id: login-params
	if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }}
	run: \|
	#calculate cluster params
	API_SERVER=$( echo -n ${{ secrets.API_SERVER }} \| base64 -d)
	echo "API_SERVER=${API_SERVER}" >> $GITHUB_OUTPUT

	- uses: redhat-actions/oc-login@v1
	id: oc_login
	if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }}
	with:
	openshift_server_url: ${{ steps.login-params.outputs.API_SERVER }}
	openshift_token: ${{ secrets.CLUSTER_TOKEN }}
	insecure_skip_tls_verify: ${{ steps.set-env.outputs.insecure_skip_tls_verify }}

	- name: create service account
	id: create_service_account
	if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }}
	env:
	API_SERVER: ${{ steps.login-params.outputs.API_SERVER }}
	BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
	run: \|
	ve1/bin/sa-for-chart-testing --create charts-${{ github.event.number }} --token token.txt --server ${API_SERVER}
	echo "delete_namespace=true" >> $GITHUB_OUTPUT
	echo $KUBECONFIG

	- uses: redhat-actions/chart-verifier@v1.1
	id: run-verifier
	if: ${{ steps.verify_requires.outputs.report_needed == 'true' }}
	with:
	chart_uri: ${{ steps.verify_requires.outputs.verify_uri }}
	verify_args: ${{ steps.verify_requires.outputs.verify_args }}
	report_type: all
	fail: false

	- name: check-verifier-result
	id: check-verifier-result
	if: ${{ always() && steps.run-verifier.outcome == 'failure' }}
	run: \|
	error_message="The chart verifier returned an error when trying to obtain a verification report for the chart."
	echo "verifier_error_message=$error_message" >> $GITHUB_OUTPUT

	- name: Check Report
	id: check_report
	if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
	env:
	BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
	VENDOR_TYPE: ${{ steps.check_pr_content.outputs.category }}
	WEB_CATALOG_ONLY: ${{ steps.check_pr_content.outputs.webCatalogOnly }}
	REPORT_GENERATED: ${{ steps.verify_requires.outputs.report_needed }}
	GENERATED_REPORT_PATH: ${{ steps.run-verifier.outputs.report_file }}
	REPORT_SUMMARY_PATH: ${{ steps.run-verifier.outputs.report_info_file }}
	WORKFLOW_WORKING_DIRECTORY: "../pr"
	run: \|
	cd pr-branch
	../ve1/bin/chart-pr-review --directory=../pr --verify-user=${{ github.event.pull_request.user.login }} --api-url=${{ github.event.pull_request._links.self.href }}
	cd ..

	- name: Delete Namespace
	if: ${{ always() && steps.oc_login.conclusion == 'success' }}
	env:
	KUBECONFIG: /tmp/ci-kubeconfig
	run: \|
	API_SERVER=$( echo -n ${{ secrets.API_SERVER }} \| base64 -d)
	oc login --token=${{ secrets.CLUSTER_TOKEN }} --server=${API_SERVER} --insecure-skip-tls-verify=${{ steps.set-env.outputs.insecure_skip_tls_verify }}
	ve1/bin/sa-for-chart-testing --delete charts-${{ github.event.number }}

	- name: Save PR artifact
	env:
	BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
	if: ${{ always() && steps.check_build_required.outputs.run-build == 'true' }}
	run: \|
	ve1/bin/pr-artifact --directory=./pr --pr-number=${{ github.event.number }} --api-url=${{ github.event.pull_request._links.self.href }}

	- name: Prepare PR comment
	id: pr_comment
	if: ${{ always() && steps.check_build_required.outputs.run-build == 'true' }}
	env:
	BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
	PR_CONTENT_ERROR_MESSAGE: ${{ steps.check_pr_content.outputs.pr-content-error-message }}
	OWNERS_ERROR_MESSAGE: ${{ steps.check_pr_content.outputs.owners-error-message }}
	COMMUNITY_MANUAL_REVIEW: ${{ steps.check_report.outputs.community_manual_review_required }}
	OC_INSTALL_RESULT: ${{ steps.install-oc.conclusion }}
	VERIFIER_ERROR_MESSAGE: ${{ steps.check-verifier-result.outputs.verifier_error_message }}
	run: \|
	ve1/bin/pr-comment ${{ steps.check_pr_content.outcome }} ${{ steps.run-verifier.outcome }} ${{ steps.check_report.conclusion }}

	- name: Comment on PR
	if: ${{ always() && steps.check_build_required.outputs.run-build == 'true' }}
	uses: actions/github-script@v3
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	script: \|
	var fs = require('fs');
	var issue_number = ${{ github.event.number }};
	var comment = fs.readFileSync('./pr/comment', {encoding:'utf8', flag:'r'});
	github.issues.createComment({
	owner: context.repo.owner,
	repo: context.repo.repo,
	issue_number: Number(issue_number),
	body: comment
	});

	- name: Add 'authorized-request' label to PR
	if: ${{ always() && steps.check_pr_content.outcome == 'success' && steps.run-verifier.outcome != 'failure' && steps.check_build_required.outputs.run-build == 'true' }}
	uses: actions/github-script@v3
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	script: \|
	var fs = require('fs');
	var issue_number = ${{ github.event.number }};
	var vendor_label = fs.readFileSync('./pr/vendor');
	var chart_name = fs.readFileSync('./pr/chart');
	if (vendor_label.toString() !== "" && chart_name.toString() !== "") {
	github.issues.addLabels({
	issue_number: Number(issue_number),
	owner: context.repo.owner,
	repo: context.repo.repo,
	labels: ['authorized-request']
	})};

	- name: Approve PR
	id: approve_pr
	if: ${{ steps.check_report.conclusion == 'success' }}
	uses: hmarr/auto-approve-action@v2
	with:
	github-token: ${{ secrets.BOT_TOKEN }}

	- name: Merge PR
	id: merge_pr
	if: ${{ steps.approve_pr.conclusion == 'success' }}
	uses: pascalgn/automerge-action@v0.13.1
	env:
	GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
	MERGE_METHOD: squash
	MERGE_LABELS: ""

	- name: Check for PR merge
	if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
	env:
	BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
	run: \|
	./ve1/bin/check-auto-merge --api-url=${{ github.event.pull_request._links.self.href }}

	- name: Block until there is no running workflow
	if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
	uses: softprops/turnstyle@v1
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Configure Git
	if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
	run: \|
	git config --global user.name "github-actions[bot]"
	git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"

	- name: Release Charts
	if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
	env:
	BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
	GITHUB_REF: ${{ github.ref }}
	GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
	REPORT_CONTENT: ${{steps.check_report.outputs.report_content}}
	CHART_ENTRY_NAME: ${{ steps.check_pr_content.outputs.chart-entry-name }}
	CHART_NAME_WITH_VERSION: ${{ steps.check_pr_content.outputs.chart-name-with-version }}
	REDHAT_TO_COMMUNITY: ${{ steps.check_report.outputs.redhat_to_community }}
	WEB_CATALOG_ONLY: ${{ steps.check_pr_content.outputs.webCatalogOnly }}
	id: release-charts
	run: \|
	tar zxvf ./scripts/dependencies/helm-chart-releaser/chart-releaser_1.2.0_linux_amd64.tar.gz
	sudo cp -f cr /usr/local/bin/cr
	INDEX_BRANCH=$(if [ "${GITHUB_REF}" = "refs/heads/main" ]; then echo "refs/heads/gh-pages"; else echo "${GITHUB_REF}-gh-pages"; fi)
	CWD=`pwd`
	cd pr-branch
	../ve1/bin/chart-repo-manager --repository=${{ github.repository }} --index-branch=${INDEX_BRANCH} --api-url=${{ github.event.pull_request._links.self.href }} --pr-number=${{ github.event.number }}
	cd ${CWD}

	- name: Release
	if: ${{ steps.release-charts.outputs.tag != '' }}
	uses: softprops/action-gh-release@v0.1.12
	continue-on-error: true
	with:
	tag_name: ${{ steps.release-charts.outputs.tag }}
	files: \|
	${{ steps.release-charts.outputs.report_file }}
	${{ steps.release-charts.outputs.public_key_file }}
	fail_on_unmatched_files: true
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Add metrics
	if: ${{ always() && steps.check_build_required.outputs.run-build == 'true' && env.GITHUB_REPOSITORY != 'openshift-helm-charts/sandbox' }}
	env:
	BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
	run: \|
	if [ $GITHUB_REPOSITORY == "openshift-helm-charts/charts" ]; then
	WRITE_KEY=${{ secrets.SEGMENT_WRITE_KEY }}
	ID_PREFIX="helm-metric-pr"
	echo "Use segment production write key"
	else
	WRITE_KEY=${{ secrets.SEGMENT_TEST_WRITE_KEY }}
	ID_PREFIX="helm-test-metric-pr"
	echo "Use segment test write key"
	fi

	if [ "${WRITE_KEY}" != "" ]; then
	echo "add PR run metric"
	ve1/bin/metrics --write-key="${WRITE_KEY}" \
	--metric-type="pull_request" \
	--message-file="${{ steps.pr_comment.outputs.message-file }}" \
	--pr-number="${{ github.event.number }}" \
	--pr-action="${{ github.event.action }}" \
	--repository="${GITHUB_REPOSITORY}" \
	--prefix="${ID_PREFIX}" \
	--pr_dir="./pr-branch"
	else
	echo "Do not collect metrics, required segment write key is not set"
	fi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update OWNERS for redhat-arkady-test-alex-chart #2169

Workflow file

Update OWNERS for redhat-arkady-test-alex-chart #2169

Jobs

Run details

Workflow file for this run