[bitnami/*] Fix issues in automated PRs modified by readme generator (#12654)

* Fix issues in automated PRs modifed by readme generator
* Add missing permissions

Signed-off-by: Fran Mulero <fmulero@vmware.com>

.github/workflows/ci-pipeline.yml

@@ -9,6 +9,9 @@ on: # rebuild any PRs and main branch changes
     branches:
       - master
       - bitnami:master
+permissions:
+  issues: write
+  pull-requests: write
 env:
   CSP_API_URL: https://console.cloud.vmware.com
   CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }}
@@ -28,12 +31,6 @@ jobs:
       - id: get-chart
         name: Get modified charts
         run: |
-          # Check latest commit to skip pipeline if it contains changes from 'update-readme-metadata' action
-          # TODO: remove logic and related conditional once the readme generator logic is included in the CI
-          COMMIT_URL="https://api.github.com/repos/${{ github.repository }}/commits/${{ github.event.pull_request.head.ref }}"
-          latest_commit_data=$(curl -s --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' -X GET -G "$COMMIT_URL")
-          latest_commit_message=$(echo $latest_commit_data | jq -r '.commit | .message')
-
           # Using the Github API to detect the files changed as git merge-base stops working when the branch is behind
           # and jitterbit/get-changed-files does not support pull_request_target
           PR_URL="https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files"
@@ -53,9 +50,6 @@ jobs:
             # Changes done in charts but version not bumped -> ERROR
             echo "::set-output name=error::Detected changes in charts without version bump in Chart.yaml.\nCharts changed: ${num_charts_changed}\n${charts_dirs_changed}\nVersion bumps detected: ${num_version_bumps}"
             echo "::set-output name=result::fail"
-          elif [[ ${{ github.actor }} == "bitnami-bot" && ${{ github.event.action }} == "synchronize" && "$latest_commit_message" == *"readme-generator-for-helm"*  ]]; then
-            # The CI was launched by the readme generator workflow
-            echo "::set-output name=result::skip"
           elif [[ "$num_charts_changed" -eq "1" ]]; then
             # Changes done in only one chart -> OK
             chart_name=$(echo "$charts_dirs_changed" | sed "s|bitnami/||g")
@@ -73,7 +67,7 @@ jobs:
             echo "::set-output name=result::skip"
           else
             # Changes done in more than chart -> SKIP
-            echo -e "::set-output name=error::Changes detected in more than one chart directory:\n${charts_dirs_changed}\nIt is strongly advised to change only one chart in a PR. The rest of the tests will be skipped."
+            echo "::set-output name=error::Changes detected in more than one chart directory:\n${charts_dirs_changed}\nIt is strongly advised to change only one chart in a PR. The rest of the tests will be skipped."
             echo "::set-output name=result::skip"
           fi
       # Using actions/github-scripts because using exit 1 in the script above would not provide any output
@@ -91,14 +85,11 @@ jobs:
     # Given performance issues of the action feature on GH's side, we need to be very restrictive in the job's triggers:
     # -> The 'Get modified charts' job suceededs AND
     #  ( ---> The pipeline was triggered due to a label addition and said label was the 'verify' one OR
-    #    ---> The pipeline was NOT triggered due to a label addition but the PR already contains the 'verify' one OR
-    #    ---> The pipeline was triggered for a new automated PR )
+    #    ---> the PR already contains the 'verify' label )
     if: |
       needs.get-chart.outputs.result == 'ok' &&
       (
-        (github.event.action == 'labeled' && github.event.label.name == 'verify') ||
-        (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'verify')) ||
-        (contains(github.event.pull_request.title, 'Release') && github.event.action == 'opened' && github.actor == 'bitnami-bot')
+        contains(github.event.pull_request.labels.*.name, 'verify') || (github.event.action == 'labeled' && github.event.label.name == 'verify')
       )
     name: VIB Verify
     steps:
@@ -123,7 +114,7 @@ jobs:
     # Job to be run only when the triage for automated PRs did as well,
     # not taking into account whether 'VIB Verify' succeeded
     if: |
-      always() && github.event.action == 'labeled' &&
+      always() &&
       contains(github.event.pull_request.labels.*.name, 'auto-merge') &&
       github.event.pull_request.user.login == 'bitnami-bot'
     steps:

.github/workflows/generate-chart-readme.yml

@@ -6,7 +6,8 @@ on:
       - master
     paths:
       - 'bitnami/*/values.yaml'
-
+permissions:
+  contents: write
 jobs:
   update-readme-metadata:
     runs-on: ubuntu-latest
@@ -39,8 +40,7 @@ jobs:
           ref: ${{github.event.pull_request.head.ref}}
           repository: ${{github.event.pull_request.head.repo.full_name}}
           path: charts
-          token: ${{ secrets.BITNAMI_BOT_TOKEN }}
-
+          token: ${{ github.actor == 'bitnami-bot' && secrets.GITHUB_TOKEN || secrets.BITNAMI_BOT_TOKEN }}
       - name: Execute readme-generator-for-helm
         run: |
           # Using the Github API to detect the files changed as git merge-base stops working when the branch is behind

.github/workflows/moving-cards.yml

@@ -17,6 +17,7 @@ jobs:
       author: ${{ steps.get-issue-step.outputs.author }}
       type: ${{ steps.get-issue-step.outputs.type }}
       draft: ${{ steps.get-issue-step.outputs.draft }}
+      number: ${{ steps.get-issue-step.outputs.number }}
     steps:
       - name: Get issue info
         id: get-issue-step
@@ -26,6 +27,7 @@ jobs:
           author="$(echo $issue_info | jq -r '.user.login')"
           pull_request="$(echo $issue_info | jq -r '.pull_request')"
           draft="$(echo $issue_info | jq -r '.draft' | sed -r "s|null|false|g")"
+          number="$(echo $issue_info | jq -r '.number')"
           type="pull_request"
           if [[ "${pull_request}" == "null" ]]; then
             type="issue"
@@ -34,6 +36,7 @@ jobs:
           echo "::set-output name=author::${author}"
           echo "::set-output name=type::${type}"
           echo "::set-output name=draft::${draft}"
+          echo "::set-output name=number::${number}"
   label-card:
     runs-on: ubuntu-latest
     needs:
@@ -63,14 +66,27 @@ jobs:
           remove-labels: on-hold, in-progress, triage, solved
       - name: Verify labeling
         # Only if moved into bitnami column and the PR is ready for review
+        # This step uses a github-script to add the label intentionally.
+        # Consecutive calls to andymckay/labeler@1.0.4 can remove previous assigned labels, see https://github.com/andymckay/labeler/issues/40
         if: |
           github.event.project_card.column_id == env.BITNAMI_COLUMN_ID &&
           needs.get-issue.outputs.type == 'pull_request' && needs.get-issue.outputs.draft == 'false'
-        uses: andymckay/labeler@1.0.4
+        uses: actions/github-script@v6
         with:
-          add-labels: verify
           # Required to trigger CI workflow
-          repo-token: ${{ secrets.BITNAMI_BOT_TOKEN }}
+          github-token: ${{ secrets.BITNAMI_BOT_TOKEN }}
+          script: |
+            try {
+              await github.rest.issues.addLabels({
+                owner: context.payload.repository.owner.login,
+                repo: context.payload.repository.name,
+                issue_number: ${{ needs.get-issue.outputs.number }},
+                labels: ['verify']
+              })
+              core.info(`Updated labels in ${{ needs.get-issue.outputs.number }}. Added: 'verify'`)
+            } catch (error) {
+              core.setFailed(error.message)
+            }
       - name: Build Maintenance labeling
         if: ${{ github.event.project_card.column_id == env.BUILD_MAINTENANCE_COLUMN_ID }}
         uses: andymckay/labeler@1.0.4