diff --git a/.github/workflows/ci-pipeline.yml b/.github/workflows/ci-pipeline.yml index b2018f980a..fb34c8eb7a 100644 --- a/.github/workflows/ci-pipeline.yml +++ b/.github/workflows/ci-pipeline.yml @@ -9,6 +9,9 @@ on: # rebuild any PRs and main branch changes branches: - master - bitnami:master +permissions: + issues: write + pull-requests: write env: CSP_API_URL: https://console.cloud.vmware.com CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }} @@ -28,12 +31,6 @@ jobs: - id: get-chart name: Get modified charts run: | - # Check latest commit to skip pipeline if it contains changes from 'update-readme-metadata' action - # TODO: remove logic and related conditional once the readme generator logic is included in the CI - COMMIT_URL="https://api.github.com/repos/${{ github.repository }}/commits/${{ github.event.pull_request.head.ref }}" - latest_commit_data=$(curl -s --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' -X GET -G "$COMMIT_URL") - latest_commit_message=$(echo $latest_commit_data | jq -r '.commit | .message') - # Using the Github API to detect the files changed as git merge-base stops working when the branch is behind # and jitterbit/get-changed-files does not support pull_request_target PR_URL="https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files" @@ -53,9 +50,6 @@ jobs: # Changes done in charts but version not bumped -> ERROR echo "::set-output name=error::Detected changes in charts without version bump in Chart.yaml.\nCharts changed: ${num_charts_changed}\n${charts_dirs_changed}\nVersion bumps detected: ${num_version_bumps}" echo "::set-output name=result::fail" - elif [[ ${{ github.actor }} == "bitnami-bot" && ${{ github.event.action }} == "synchronize" && "$latest_commit_message" == *"readme-generator-for-helm"* ]]; then - # The CI was launched by the readme generator workflow - echo "::set-output name=result::skip" elif [[ "$num_charts_changed" -eq "1" ]]; then # Changes done in only one chart -> OK chart_name=$(echo "$charts_dirs_changed" | sed "s|bitnami/||g") @@ -73,7 +67,7 @@ jobs: echo "::set-output name=result::skip" else # Changes done in more than chart -> SKIP - echo -e "::set-output name=error::Changes detected in more than one chart directory:\n${charts_dirs_changed}\nIt is strongly advised to change only one chart in a PR. The rest of the tests will be skipped." + echo "::set-output name=error::Changes detected in more than one chart directory:\n${charts_dirs_changed}\nIt is strongly advised to change only one chart in a PR. The rest of the tests will be skipped." echo "::set-output name=result::skip" fi # Using actions/github-scripts because using exit 1 in the script above would not provide any output @@ -91,14 +85,11 @@ jobs: # Given performance issues of the action feature on GH's side, we need to be very restrictive in the job's triggers: # -> The 'Get modified charts' job suceededs AND # ( ---> The pipeline was triggered due to a label addition and said label was the 'verify' one OR - # ---> The pipeline was NOT triggered due to a label addition but the PR already contains the 'verify' one OR - # ---> The pipeline was triggered for a new automated PR ) + # ---> the PR already contains the 'verify' label ) if: | needs.get-chart.outputs.result == 'ok' && ( - (github.event.action == 'labeled' && github.event.label.name == 'verify') || - (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'verify')) || - (contains(github.event.pull_request.title, 'Release') && github.event.action == 'opened' && github.actor == 'bitnami-bot') + contains(github.event.pull_request.labels.*.name, 'verify') || (github.event.action == 'labeled' && github.event.label.name == 'verify') ) name: VIB Verify steps: @@ -123,7 +114,7 @@ jobs: # Job to be run only when the triage for automated PRs did as well, # not taking into account whether 'VIB Verify' succeeded if: | - always() && github.event.action == 'labeled' && + always() && contains(github.event.pull_request.labels.*.name, 'auto-merge') && github.event.pull_request.user.login == 'bitnami-bot' steps: diff --git a/.github/workflows/generate-chart-readme.yml b/.github/workflows/generate-chart-readme.yml index c13be31fa3..8389d76261 100644 --- a/.github/workflows/generate-chart-readme.yml +++ b/.github/workflows/generate-chart-readme.yml @@ -6,7 +6,8 @@ on: - master paths: - 'bitnami/*/values.yaml' - +permissions: + contents: write jobs: update-readme-metadata: runs-on: ubuntu-latest @@ -39,8 +40,7 @@ jobs: ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} path: charts - token: ${{ secrets.BITNAMI_BOT_TOKEN }} - + token: ${{ github.actor == 'bitnami-bot' && secrets.GITHUB_TOKEN || secrets.BITNAMI_BOT_TOKEN }} - name: Execute readme-generator-for-helm run: | # Using the Github API to detect the files changed as git merge-base stops working when the branch is behind diff --git a/.github/workflows/moving-cards.yml b/.github/workflows/moving-cards.yml index 43e974f213..71f03f2995 100644 --- a/.github/workflows/moving-cards.yml +++ b/.github/workflows/moving-cards.yml @@ -17,6 +17,7 @@ jobs: author: ${{ steps.get-issue-step.outputs.author }} type: ${{ steps.get-issue-step.outputs.type }} draft: ${{ steps.get-issue-step.outputs.draft }} + number: ${{ steps.get-issue-step.outputs.number }} steps: - name: Get issue info id: get-issue-step @@ -26,6 +27,7 @@ jobs: author="$(echo $issue_info | jq -r '.user.login')" pull_request="$(echo $issue_info | jq -r '.pull_request')" draft="$(echo $issue_info | jq -r '.draft' | sed -r "s|null|false|g")" + number="$(echo $issue_info | jq -r '.number')" type="pull_request" if [[ "${pull_request}" == "null" ]]; then type="issue" @@ -34,6 +36,7 @@ jobs: echo "::set-output name=author::${author}" echo "::set-output name=type::${type}" echo "::set-output name=draft::${draft}" + echo "::set-output name=number::${number}" label-card: runs-on: ubuntu-latest needs: @@ -63,14 +66,27 @@ jobs: remove-labels: on-hold, in-progress, triage, solved - name: Verify labeling # Only if moved into bitnami column and the PR is ready for review + # This step uses a github-script to add the label intentionally. + # Consecutive calls to andymckay/labeler@1.0.4 can remove previous assigned labels, see https://github.com/andymckay/labeler/issues/40 if: | github.event.project_card.column_id == env.BITNAMI_COLUMN_ID && needs.get-issue.outputs.type == 'pull_request' && needs.get-issue.outputs.draft == 'false' - uses: andymckay/labeler@1.0.4 + uses: actions/github-script@v6 with: - add-labels: verify # Required to trigger CI workflow - repo-token: ${{ secrets.BITNAMI_BOT_TOKEN }} + github-token: ${{ secrets.BITNAMI_BOT_TOKEN }} + script: | + try { + await github.rest.issues.addLabels({ + owner: context.payload.repository.owner.login, + repo: context.payload.repository.name, + issue_number: ${{ needs.get-issue.outputs.number }}, + labels: ['verify'] + }) + core.info(`Updated labels in ${{ needs.get-issue.outputs.number }}. Added: 'verify'`) + } catch (error) { + core.setFailed(error.message) + } - name: Build Maintenance labeling if: ${{ github.event.project_card.column_id == env.BUILD_MAINTENANCE_COLUMN_ID }} uses: andymckay/labeler@1.0.4