public_git
/
bitnami-containers
mirror of https://github.com/bitnami/containers.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
bitnami-containers/.github/workflows/ci-pipeline.yml

146 lines
6.0 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: '[CI/CD] CI Pipeline'
on: # rebuild any PRs and main branch changes
pull_request_target:
types:
- synchronize
- labeled
branches:
- main
- bitnami:main
permissions: {}
# Avoid concurrency over the same PR
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
jobs:
get-containers:
runs-on: ubuntu-latest
name: Get modified containers
permissions:
pull-requests: read
if: |
github.event.pull_request.state != 'closed' &&
(
contains(github.event.pull_request.labels.*.name, 'verify') || (github.event.action == 'labeled' && github.event.label.name == 'verify')
)
outputs:
result: ${{ steps.get-containers.outputs.result }}
containers: ${{ steps.get-containers.outputs.containers }}
dockerfiles: ${{ steps.get-containers.outputs.dockerfiles }}
steps:
- id: get-containers
name: Get modified containers
env:
PULL_REQUEST_NUMBER: "${{ github.event.pull_request.number }}"
GITHUB_TOKEN: "${{ github.token }}"
run: |
files_changed="$(gh api --paginate /repos/${GITHUB_REPOSITORY}/pulls/${PULL_REQUEST_NUMBER}/files | jq -r '.[] | .filename')"
# Adding || true to avoid "Process exited with code 1" errors
flavors=($(echo "$files_changed" | xargs dirname | grep -o "^bitnami/[^/]*/[^/]*/[^/]*" | sort | uniq || true))
assets=($(echo "$files_changed" | xargs dirname | sed -nr "s|bitnami/([^/]*)/.*|\1|p" | sort | uniq || true))
non_readme_files=$(echo "$files_changed" | grep -vc "\.md" || true)
dockerfiles=($(echo "$files_changed" | grep -oE ".*/Dockerfile$" | sort | uniq || true))
if [[ "$non_readme_files" -le "0" ]]; then
# The only changes are .md files -> SKIP
echo "result=skip" >> $GITHUB_OUTPUT
elif [[ "${#assets[@]}" -ge "5" ]]; then
echo "Maximun number of assets reached. You are currently modifying: ${assets[@]}"
echo "result=skip" >> $GITHUB_OUTPUT
else
containers_json=$(printf "%s\n" "${flavors[@]}" | jq -R . | jq -cs .)
dockerfiles_json=$(printf "%s\n" "${dockerfiles[@]}" | jq -R . | jq -cs .)
echo "result=ok" >> $GITHUB_OUTPUT
echo "containers=${containers_json}" >> $GITHUB_OUTPUT
echo "dockerfiles=${dockerfiles_json}" >> $GITHUB_OUTPUT
fi
license-headers-linter:
runs-on: ubuntu-latest
name: License Headers Linter
permissions:
contents: read
pull-requests: write
needs: get-containers
if: |
needs.get-containers.outputs.result == 'ok'
steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
name: Checkout Repository
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- id: get-modified-files
name: 'Get modified files'
env:
DOCKERFILES: "${{ needs.get-containers.outputs.dockerfiles }}"
run: |
if [[ -n "${DOCKERFILES}" ]]; then
# Overwrite configuration file to analyze only changed dockerfiles
yq -i '. | .header.paths=env(DOCKERFILES)' .licenserc.yaml
echo "result=success" >> $GITHUB_OUTPUT
else
echo "result=skip" >> $GITHUB_OUTPUT
fi
- name: Check license Headers
uses: apache/skywalking-eyes/header@61275cc80d0798a405cb070f7d3a8aaf7cf2c2c1
if: ${{ steps.get-modified-files.outputs.result == 'success' }}
auto-pr-review:
runs-on: ubuntu-latest
name: Reviewal for automated PRs
permissions:
pull-requests: write
needs:
- license-headers-linter
# This job will be executed when the PR was created by bitnami-bot and it has the 'auto-merge' label
if: |
contains(github.event.pull_request.labels.*.name, 'auto-merge') &&
github.event.pull_request.user.login == 'bitnami-bot'
steps:
# Approve the CI's PR automatically, as it has been tested in our internal pipeline already
# Approved by the 'github-actions' user; a PR can't be approved by its author
- name: PR Approval
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
with:
result-encoding: string
retries: 3
script: |
github.rest.pulls.createReview({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
event: 'APPROVE',
});
- name: Merge
id: merge
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
with:
result-encoding: string
retries: 3
# Necessary to trigger CD workflows
github-token: ${{ secrets.BITNAMI_BOT_TOKEN }}
script: |
github.rest.pulls.merge({
pull_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
merge_method: 'squash'
})
# If the merge process did not succeed,
# post a comment on the PR and assign a maintainer agent to review it
- name: Manual review required
if: ${{ always() && steps.merge.outcome != 'success' }}
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
env:
BODY: |
There has been an error during the automated release process. Manual revision is now required.
Please check the related [action_run#${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for more information.
with:
retries: 3
script: |
const {BODY} = process.env
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `${BODY}`
})
Reference in New Issue View Git Blame Copy Permalink