143 lines
6.1 KiB
YAML
143 lines
6.1 KiB
YAML
name: '[CI/CD] CI Pipeline for automated PRs'
|
|
on: # Triggered only on open PR events done by bitnami-bot on containers folders
|
|
pull_request_target:
|
|
types:
|
|
- opened
|
|
branches:
|
|
- main
|
|
- bitnami:main
|
|
paths:
|
|
- 'bitnami/**'
|
|
env:
|
|
CSP_API_URL: https://console.cloud.vmware.com
|
|
CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }}
|
|
VIB_PUBLIC_URL: https://cp.bromelia.vmware.com
|
|
jobs:
|
|
auto-pr-triage:
|
|
runs-on: ubuntu-latest
|
|
name: Triage for automated PRs
|
|
if: |
|
|
contains(github.event.pull_request.title, 'Release') &&
|
|
github.actor == 'bitnami-bot'
|
|
steps:
|
|
# Enables auto-merge and adds necessary labels for automated releases' PRs
|
|
- id: labeling
|
|
name: Label PR
|
|
uses: andymckay/labeler@1.0.4
|
|
with:
|
|
add-labels: "verify, auto-merge"
|
|
- id: auto-merge
|
|
name: Enable auto-merge
|
|
run: |
|
|
curl --request POST \
|
|
--url https://api.github.com/graphql \
|
|
--header 'authorization: Bearer ${{ secrets.BITNAMI_BOT_TOKEN }}' \
|
|
--data '{
|
|
"query": "mutation { enablePullRequestAutoMerge(input: {pullRequestId: \"${{ github.event.pull_request.node_id }}\", mergeMethod: SQUASH}) { clientMutationId }}"
|
|
}' \
|
|
--fail
|
|
get-container:
|
|
runs-on: ubuntu-latest
|
|
name: Get modified containers
|
|
needs: auto-pr-triage
|
|
outputs:
|
|
container: ${{ steps.get-container.outputs.container }}
|
|
path: ${{ steps.get-container.outputs.path }}
|
|
steps:
|
|
- id: get-container
|
|
name: Get modified containers
|
|
run: |
|
|
# Using the Github API to detect the files changed as git merge-base stops working when the branch is behind
|
|
# and jitterbit/get-changed-files does not support pull_request_target
|
|
URL="https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files"
|
|
files_changed_data=$(curl -s --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' -X GET -G "$URL")
|
|
files_changed="$(echo $files_changed_data | jq -r '.[] | .filename')"
|
|
# Adding || true to avoid "Process exited with code 1" errors
|
|
containers_dirs_changed="$(echo "$files_changed" | xargs dirname | grep -o "^bitnami/[^/]*" | sort | uniq || true)"
|
|
flavors=($(echo "$files_changed" | xargs dirname | grep -o "^bitnami/[^/]*/[^/]*/[^/]*" | sort | uniq || true))
|
|
container_name=$(echo "$containers_dirs_changed" | sed "s|bitnami/||g")
|
|
|
|
if [[ "${#flavors[@]}" -eq "1" ]]; then
|
|
# Changes done in only one container -> OK
|
|
echo "::set-output name=container::${container_name}"
|
|
echo "::set-output name=path::${flavors[0]}"
|
|
else
|
|
# No changes detected or there are changes done in more than one container -> FAIL. It doesn't make sense in automated PRs.
|
|
echo -e "No changes detected or there are changes done in more than one container:\n${containers_dirs_changed}\n. The rest of the tests will be skipped."
|
|
exit 1
|
|
fi
|
|
vib-verify:
|
|
runs-on: ubuntu-latest
|
|
needs: get-container
|
|
name: Verify
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
name: Checkout Repository
|
|
with:
|
|
# Required to search the latest commit with the tag
|
|
fetch-depth: 1
|
|
# labeled events trigger the event with the latest commit in main
|
|
ref: ${{ github.event.pull_request.head.ref }}
|
|
repository: ${{ github.event.pull_request.head.repo.full_name }}
|
|
- id: get-tag
|
|
name: Get latest image tag
|
|
run: |
|
|
# Now EAM commits has the following format "[bitnami/<container>] Release <tag>"
|
|
tag="$(grep -oE "org.opencontainers.image.ref.name=\".+\"" ${{ needs.get-container.outputs.path }}/Dockerfile | sed -nr "s|org.opencontainers.image.ref.name=\"(.+)\"|\1|p")"
|
|
if [[ -z "${tag}" ]]; then
|
|
echo "No tag found for: ${{ needs.get-container.outputs.path }}"
|
|
exit 1
|
|
else
|
|
echo "::set-output name=tag::${tag}"
|
|
fi
|
|
- uses: vmware-labs/vmware-image-builder-action@main
|
|
name: Verify
|
|
with:
|
|
pipeline: vib-verify.json
|
|
env:
|
|
# Path with docker resources
|
|
VIB_ENV_PATH: ${{ needs.get-container.outputs.path }}
|
|
# Container name
|
|
VIB_ENV_CONTAINER: ${{ needs.get-container.outputs.container }}
|
|
VIB_ENV_TAG: ${{ steps.get-tag.outputs.tag }}
|
|
auto-pr-review:
|
|
runs-on: ubuntu-latest
|
|
needs: vib-verify
|
|
name: Reviewal for automated PRs
|
|
if: |
|
|
always() &&
|
|
github.actor == 'bitnami-bot'
|
|
steps:
|
|
# Approves the CI's PR if the 'VIB Verify' job succeeded
|
|
# Approved by the 'github-actions' user. A PR can't be approved by its author
|
|
- name: Approval
|
|
if: ${{ needs.vib-verify.result == 'success' }}
|
|
run: |
|
|
curl --request POST \
|
|
--url https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews \
|
|
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
|
|
--header 'content-type: application/json' \
|
|
--data '{
|
|
"event": "APPROVE"
|
|
}' \
|
|
--fail
|
|
- name: Manual review required
|
|
if: ${{ needs.vib-verify.result != 'success' }}
|
|
run: |
|
|
curl --request POST \
|
|
--url https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments \
|
|
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
|
|
--header 'content-type: application/json' \
|
|
--data '{
|
|
"body": "There has been an error during the automated release process. Manual revision is now required."
|
|
}' \
|
|
--fail
|
|
- name: Assign to a person to work on it
|
|
if: ${{ needs.vib-verify.result != 'success' }}
|
|
uses: pozil/auto-assign-issue@v1.9.0
|
|
with:
|
|
numOfAssignee: 1
|
|
removePreviousAssignees: true
|
|
teams: build-maintainers
|
|
repo-token: "${{ secrets.BITNAMI_BOT_TOKEN }}"
|