public_git
/
bitnami-containers
mirror of https://github.com/bitnami/containers.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
bitnami-containers/.github/workflows/ci-pipeline.yaml

199 lines
9.3 KiB
YAML
Raw Blame History

name: CI Pipeline
on: # rebuild any PRs and main branch changes
pull_request_target:
types:
- opened
- reopened
- synchronize
- labeled
branches:
- main
- bitnami:main
env:
CSP_API_URL: https://console.cloud.vmware.com
CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }}
VIB_PUBLIC_URL: https://cp.bromelia.vmware.com
jobs:
auto-pr-triage:
runs-on: ubuntu-latest
name: Triage for automated PRs
if: |
contains(github.event.pull_request.title, 'Release') &&
github.event.action == 'opened' &&
github.actor == 'bitnami-bot'
steps:
# Enables auto-merge and adds necessary labels for automated releases' PRs
- id: labeling
name: Label PR
uses: andymckay/labeler@1.0.4
with:
# We can't use GITHUB_TOKEN because the labeling needs to trigger a new CI pipeline
repo-token: "${{ secrets.BITNAMI_BOT_TOKEN }}"
add-labels: "verify, auto-merge"
- id: auto-merge
name: Enable auto-merge
run: |
curl --request POST \
--url https://api.github.com/graphql \
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
--data '{
"query": "mutation { enablePullRequestAutoMerge(input: {pullRequestId: \"${{ github.event.pull_request.node_id }}\", mergeMethod: SQUASH}) { clientMutationId }}"
}' \
--fail
get-container:
runs-on: ubuntu-latest
name: Get modified containers
if: |
github.event.pull_request.state != 'closed' &&
(
(github.event.action == 'labeled' && github.event.label.name == 'verify') ||
(github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'verify'))
)
outputs:
container: ${{ steps.get-container.outputs.container }}
result: ${{ steps.get-container.outputs.result }}
path: ${{ steps.get-container.outputs.path }}
steps:
- id: get-container
name: Get modified containers
run: |
# Using the Github API to detect the files changed as git merge-base stops working when the branch is behind
# and jitterbit/get-changed-files does not support pull_request_target
URL="https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files"
files_changed_data=$(curl -s --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' -X GET -G "$URL")
files_changed="$(echo $files_changed_data | jq -r '.[] | .filename')"
# Adding || true to avoid "Process exited with code 1" errors
containers_dirs_changed="$(echo "$files_changed" | xargs dirname | grep -o "^bitnami/[^/]*" | sort | uniq || true)"
flavors=($(echo "$files_changed" | xargs dirname | grep -o "^bitnami/[^/]*/[^/]*/[^/]*" | sort | uniq || true))
container_name=$(echo "$containers_dirs_changed" | sed "s|bitnami/||g")
if [[ "${#flavors[@]}" -eq "1" ]]; then
# Changes done in only one container -> OK
echo "::set-output name=result::ok"
echo "::set-output name=container::${container_name}"
echo "::set-output name=path::${flavors[0]}"
elif [[ "${#flavors[@]}" -le "0" ]]; then
# Changes done in the containers/ folder but not inside a container subfolder -> Look for readme changes
readme_object="$(echo $files_changed_data | jq -r '[ .[] | select(.filename | test("^bitnami/[^/]+/README.md"))] | first')"
if [[ "${readme_object}" == "null" ]]; then
echo "::set-output name=error::No changes detected in containers. The rest of the tests will be skipped."
echo "::set-output name=result::skip"
else
# Look for the modified branch in Readme content
branch="$(echo ${readme_object} | jq -r '.patch' | grep -o "([^/]*/[^/]*/Dockerfile)" | sort -u | head -n 1 | sed -nr "s|\((.+)/Dockerfile\)|\1|p")"
if [[ ! -z "${branch}" ]]; then
echo "::set-output name=result::ok"
echo "::set-output name=container::${container_name}"
echo "::set-output name=path::bitnami/${container_name}/${branch}"
else
echo "::set-output name=error::No changes detected in containers. The rest of the tests will be skipped."
echo "::set-output name=result::skip"
fi
fi
else
# Changes done in more than container -> SKIP
echo -e "::set-output name=error::Changes detected in more than one container directory:\n${containers_dirs_changed}\nIt is strongly advised to change only one container in a PR. The rest of the tests will be skipped."
echo "::set-output name=result::skip"
fi
# Using actions/github-scripts because using exit 1 in the script above would not provide any output
# Source: https://github.community/t/no-output-on-process-completed-with-exit-code-1/123821/3
- id: show-error
name: Show error
if: ${{ steps.get-container.outputs.result == 'fail' }}
uses: actions/github-script@v3
with:
script: |
core.setFailed('${{ steps.get-container.outputs.error }}')
vib-verify:
runs-on: ubuntu-latest
needs: get-container
if: ${{ needs.get-container.outputs.result == 'ok' && contains(github.event.pull_request.labels.*.name, 'verify') }}
name: Verify
steps:
- uses: actions/checkout@v3
name: Checkout Repository
with:
# Required to search the latest commit with the tag
fetch-depth: 0
# labeled events trigger the event with the latest commit in main
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- id: get-tag
name: Get latest image tag
run: |
# Now EAM commits has the following format "[bitnami/<container>] Release <tag>"
tag="$(git log --pretty=tformat:"%s" -n 1 --grep="[R|r]elease" --author bitnami-bot@vmware.com --author containers@bitnami.com --author containers-bot@bitnami.com -- ${{ needs.get-container.outputs.path }} | sed "s|\[.*\]||" | sed "s|[R|r]elease||" | awk '{print $1}')"
if [[ -z "${tag}" ]]; then
echo "No tag found for: ${{ needs.get-container.outputs.path }}"
exit 1
else
echo "::set-output name=tag::${tag}"
fi
- uses: vmware-labs/vmware-image-builder-action@main
name: Verify
with:
pipeline: vib-verify.json
env:
# Path with docker resources
VIB_ENV_PATH: ${{ needs.get-container.outputs.path }}
# Container name
VIB_ENV_CONTAINER: ${{ needs.get-container.outputs.container }}
VIB_ENV_TAG: ${{ steps.get-tag.outputs.tag }}
auto-pr-review:
runs-on: ubuntu-latest
needs: vib-verify
name: Reviewal for automated PRs
if: |
always() &&
github.actor == 'bitnami-bot' &&
contains(github.event.pull_request.labels.*.name, 'auto-merge')
steps:
# Approves the CI's PR if the 'VIB Verify' job succeeded
# Approved by the 'github-actions' user. A PR can't be approved by its author
- name: Approval
if: ${{ needs.vib-verify.result == 'success' }}
run: |
curl --request POST \
--url https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews \
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
--header 'content-type: application/json' \
--data '{
"event": "APPROVE"
}' \
--fail
- name: Remove auto-merge label
if: ${{ needs.vib-verify.result == 'failure' }}
uses: andymckay/labeler@1.0.4
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
remove-labels: "auto-merge"
- name: Disable auto-merge
if: ${{ needs.vib-verify.result == 'failure' }}
run: |
curl --request POST \
--url https://api.github.com/graphql \
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
--data '{
"query": "mutation { disablePullRequestAutoMerge(input: {pullRequestId: \"${{ github.event.pull_request.node_id }}\"}) { clientMutationId }}"
}' \
--fail
- name: Manual review required
if: ${{ needs.vib-verify.result == 'failure' }}
run: |
curl --request POST \
--url https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments \
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
--header 'content-type: application/json' \
--data '{
"body": "There has been an error during the automated release process. Manual revision is now required."
}' \
--fail
curl --request POST \
--url https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/requested_reviewers \
--header 'authorization: Bearer ${{ secrets.BITNAMI_BOT_TOKEN }}' \
--header 'content-type: application/json' \
--data '{
"reviewers": ["fmulero"]
}' \
--fail
Reference in New Issue View Git Blame Copy Permalink