From e6dcd7dc0b8cdaf2703b180748120cf5409be296 Mon Sep 17 00:00:00 2001 From: Jose Antonio Carmona Date: Wed, 11 Oct 2023 13:39:01 +0200 Subject: [PATCH] [bitnami/*] Fix race condition in CI automated pipelines (#51504) Signed-off-by: Jose Antonio Carmona --- .github/workflows/auto-pr-review.yml | 56 ------------------ .github/workflows/ci-pipeline.yml | 84 +++++++++++++++++++++++++++ .github/workflows/license-headers.yml | 55 ------------------ 3 files changed, 84 insertions(+), 111 deletions(-) delete mode 100644 .github/workflows/auto-pr-review.yml delete mode 100644 .github/workflows/license-headers.yml diff --git a/.github/workflows/auto-pr-review.yml b/.github/workflows/auto-pr-review.yml deleted file mode 100644 index dc48fbf0e129..000000000000 --- a/.github/workflows/auto-pr-review.yml +++ /dev/null @@ -1,56 +0,0 @@ -name: '[CI/CD] Automatic PR Review' -on: # rebuild any PRs and main branch changes - pull_request_target: - types: - - synchronize - - labeled - branches: - - main - - bitnami:main -permissions: {} -# Avoid concurrency over the same PR -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number }} -jobs: - auto-pr-review: - runs-on: ubuntu-latest - name: Reviewal for automated PRs - permissions: - pull-requests: write - # This job will be executed when the PR was created by bitnami-bot and it has the 'auto-merge' label - if: | - contains(github.event.pull_request.labels.*.name, 'auto-merge') && - github.event.pull_request.user.login == 'bitnami-bot' - steps: - # Approve the CI's PR automatically, as it has been tested in our internal pipeline already - # Approved by the 'github-actions' user; a PR can't be approved by its author - - name: PR Approval - uses: hmarr/auto-approve-action@v3.0.0 - with: - pull-request-number: ${{ github.event.number }} - - name: Merge - id: merge - uses: actions/github-script@v6 - with: - result-encoding: string - retries: 3 - # Necessary to trigger CD workflows - github-token: ${{ secrets.BITNAMI_BOT_TOKEN }} - script: | - github.rest.pulls.merge({ - pull_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - merge_method: 'squash' - }) - # If the merge process did not succeed, - # post a comment on the PR and assign a maintainer agent to review it - - name: Manual review required - if: ${{ always() && steps.merge.outcome != 'success' }} - uses: peter-evans/create-or-update-comment@v3.0.0 - with: - issue-number: ${{ github.event.number }} - # Necessary to trigger support workflows - token: ${{ secrets.BITNAMI_BOT_TOKEN }} - body: | - There has been an error during the automated release process. Manual revision is now required. diff --git a/.github/workflows/ci-pipeline.yml b/.github/workflows/ci-pipeline.yml index 44822b003e90..4b19332d7115 100644 --- a/.github/workflows/ci-pipeline.yml +++ b/.github/workflows/ci-pipeline.yml @@ -16,6 +16,46 @@ env: concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number }} jobs: + license-headers-linter: + runs-on: ubuntu-latest + name: License Headers Linter + permissions: + contents: read + pull-requests: write + steps: + - uses: actions/checkout@v3 + name: Checkout Repository + with: + ref: ${{ github.event.pull_request.head.ref }} + repository: ${{ github.event.pull_request.head.repo.full_name }} + - id: get-modified-files + name: 'Get modified files' + env: + DIFF_URL: "${{github.event.pull_request.diff_url}}" + TEMP_FILE: "${{runner.temp}}/pr-${{github.event.number}}.diff" + run: | + # This request doesn't consume API calls. + curl -Lkso $TEMP_FILE $DIFF_URL + files_changed="$(sed -nr 's/[\-\+]{3} [ab]\/(.*)/\1/p' $TEMP_FILE | sort | uniq)" + dockerfiles=() + while read -r file_changed; do + # Avoid removed files + if [[ -f "${file_changed}" ]]; then + dockerfiles+=("${file_changed}") + fi + done <<< "$(echo "$files_changed" | grep -oE ".*/Dockerfile$" | sort | uniq || true)" + if [[ ${#dockerfiles[@]} -gt 0 ]]; then + # There are modifications on dockerfiles + export dockerfiles_json=$(printf "%s\n" "${dockerfiles[@]}" | jq -R . | jq -cs .) + # Overwrite configuration file to analyze only changed dockerfiles + yq -i '. | .header.paths=env(dockerfiles_json)' .licenserc.yaml + echo "result=success" >> $GITHUB_OUTPUT + else + echo "result=skip" >> $GITHUB_OUTPUT + fi + - name: Check license Headers + uses: apache/skywalking-eyes/header@v0.4.0 + if: ${{ steps.get-modified-files.outputs.result == 'success' }} get-containers: runs-on: ubuntu-latest name: Get modified containers @@ -169,3 +209,47 @@ jobs: core.setFailed(error.message) } return state + auto-pr-review: + runs-on: ubuntu-latest + name: Reviewal for automated PRs + permissions: + pull-requests: write + needs: + - license-headers-linter + # This job will be executed when the PR was created by bitnami-bot and it has the 'auto-merge' label + if: | + contains(github.event.pull_request.labels.*.name, 'auto-merge') && + github.event.pull_request.user.login == 'bitnami-bot' + steps: + # Approve the CI's PR automatically, as it has been tested in our internal pipeline already + # Approved by the 'github-actions' user; a PR can't be approved by its author + - name: PR Approval + uses: hmarr/auto-approve-action@v3.0.0 + with: + pull-request-number: ${{ github.event.number }} + - name: Merge + id: merge + uses: actions/github-script@v6 + with: + result-encoding: string + retries: 3 + # Necessary to trigger CD workflows + github-token: ${{ secrets.BITNAMI_BOT_TOKEN }} + script: | + github.rest.pulls.merge({ + pull_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + merge_method: 'squash' + }) + # If the merge process did not succeed, + # post a comment on the PR and assign a maintainer agent to review it + - name: Manual review required + if: ${{ always() && steps.merge.outcome != 'success' }} + uses: peter-evans/create-or-update-comment@v3.0.0 + with: + issue-number: ${{ github.event.number }} + # Necessary to trigger support workflows + token: ${{ secrets.BITNAMI_BOT_TOKEN }} + body: | + There has been an error during the automated release process. Manual revision is now required. diff --git a/.github/workflows/license-headers.yml b/.github/workflows/license-headers.yml deleted file mode 100644 index a131c74d1db0..000000000000 --- a/.github/workflows/license-headers.yml +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright VMware, Inc. -# SPDX-License-Identifier: APACHE-2.0 - ---- -name: '[License] Check license headers' -on: - pull_request_target: - types: - - opened - - synchronize - branches: - - main - - bitnami:main -# Remove all permissions by default -permissions: {} -jobs: - license-headers-linter: - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - steps: - - uses: actions/checkout@v3 - name: Checkout Repository - with: - ref: ${{ github.event.pull_request.head.ref }} - repository: ${{ github.event.pull_request.head.repo.full_name }} - - id: get-modified-files - name: 'Get modified files' - env: - DIFF_URL: "${{github.event.pull_request.diff_url}}" - TEMP_FILE: "${{runner.temp}}/pr-${{github.event.number}}.diff" - run: | - # This request doesn't consume API calls. - curl -Lkso $TEMP_FILE $DIFF_URL - files_changed="$(sed -nr 's/[\-\+]{3} [ab]\/(.*)/\1/p' $TEMP_FILE | sort | uniq)" - dockerfiles=() - while read -r file_changed; do - # Avoid removed files - if [[ -f "${file_changed}" ]]; then - dockerfiles+=("${file_changed}") - fi - done <<< "$(echo "$files_changed" | grep -oE ".*/Dockerfile$" | sort | uniq || true)" - if [[ ${#dockerfiles[@]} -gt 0 ]]; then - # There are modifications on dockerfiles - export dockerfiles_json=$(printf "%s\n" "${dockerfiles[@]}" | jq -R . | jq -cs .) - # Overwrite configuration file to analyze only changed dockerfiles - yq -i '. | .header.paths=env(dockerfiles_json)' .licenserc.yaml - echo "result=success" >> $GITHUB_OUTPUT - else - echo "result=skip" >> $GITHUB_OUTPUT - fi - - name: Check license Headers - uses: apache/skywalking-eyes/header@v0.4.0 - if: ${{ steps.get-modified-files.outputs.result == 'success' }} \ No newline at end of file