mirror of
https://github.com/bitnami/charts.git
synced 2026-03-03 06:58:45 +08:00
202 lines
10 KiB
YAML
202 lines
10 KiB
YAML
name: '[CI/CD] CI Pipeline'
|
|
on: # rebuild any PRs and main branch changes
|
|
pull_request_target:
|
|
types:
|
|
- opened
|
|
- reopened
|
|
- synchronize
|
|
- labeled
|
|
branches:
|
|
- master
|
|
- bitnami:master
|
|
env:
|
|
CSP_API_URL: https://console.cloud.vmware.com
|
|
CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }}
|
|
VIB_PUBLIC_URL: https://cp.bromelia.vmware.com
|
|
jobs:
|
|
auto-pr-triage:
|
|
runs-on: ubuntu-latest
|
|
name: Triage for automated PRs
|
|
if: |
|
|
contains(github.event.pull_request.title, 'Release') &&
|
|
github.event.action == 'opened' &&
|
|
github.actor == 'bitnami-bot'
|
|
steps:
|
|
# Enables auto-merge and adds necessary labels for automated releases' PRs
|
|
- id: labeling
|
|
name: Label PR
|
|
uses: andymckay/labeler@1.0.4
|
|
with:
|
|
# We can't use GITHUB_TOKEN because the labeling needs to trigger a new CI pipeline
|
|
repo-token: "${{ secrets.BITNAMI_BOT_TOKEN }}"
|
|
add-labels: "verify, auto-merge"
|
|
- id: auto-merge
|
|
name: Enable auto-merge
|
|
run: |
|
|
curl --request POST \
|
|
--url https://api.github.com/graphql \
|
|
--header 'authorization: Bearer ${{ secrets.BITNAMI_BOT_TOKEN }}' \
|
|
--data '{
|
|
"query": "mutation { enablePullRequestAutoMerge(input: {pullRequestId: \"${{ github.event.pull_request.node_id }}\", mergeMethod: SQUASH}) { clientMutationId }}"
|
|
}' \
|
|
--fail
|
|
get-chart:
|
|
runs-on: ubuntu-latest
|
|
name: 'Get modified charts'
|
|
if: ${{ github.event.pull_request.state != 'closed' }}
|
|
outputs:
|
|
chart: ${{ steps.get-chart.outputs.chart }}
|
|
result: ${{ steps.get-chart.outputs.result }}
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
name: 'Checkout Repository'
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.ref }}
|
|
repository: ${{ github.event.pull_request.head.repo.full_name }}
|
|
fetch-depth: 0
|
|
- id: get-chart
|
|
name: 'Get modified charts'
|
|
run: |
|
|
# Check latest commit to skip pipeline if it contains changes from 'update-readme-metadata' action
|
|
COMMIT_URL="https://api.github.com/repos/${{ github.repository }}/commits/${{ github.event.pull_request.head.ref }}"
|
|
latest_commit_data=$(curl -s --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' -X GET -G "$COMMIT_URL")
|
|
latest_commit_message=$(echo $latest_commit_data | jq -r '.commit | .message')
|
|
# Using the Github API to detect the files changed as git merge-base stops working when the branch is behind
|
|
# and jitterbit/get-changed-files does not support pull_request_target
|
|
PR_URL="https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files"
|
|
files_changed_data=$(curl -s --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' -X GET -G "$PR_URL")
|
|
files_changed="$(echo $files_changed_data | jq -r '.[] | .filename')"
|
|
# Adding || true to avoid "Process exited with code 1" errors
|
|
charts_dirs_changed="$(echo "$files_changed" | xargs dirname | grep -o "bitnami/[^/]*" | sort | uniq || true)"
|
|
# Using grep -c as a better alternative to wc -l when dealing with empty strings."
|
|
num_charts_changed="$(echo "$charts_dirs_changed" | grep -c "bitnami" || true)"
|
|
num_version_bumps="$(echo "$files_changed_data" | jq -r '[.[] | select(.filename|endswith("Chart.yaml")) | select(.patch|contains("+version")) ] | length' )"
|
|
non_readme_files=$(echo "$files_changed" | grep -vc "\.md" || true)
|
|
|
|
if [[ ${{ github.event.action }} == "synchronize" && ${{ github.actor }} == "bitnami-bot" && "$latest_commit_message" == *"readme-generator-for-helm"* ]]; then
|
|
echo "::set-output name=result::skip"
|
|
elif [[ "$non_readme_files" -le "0" ]]; then
|
|
# The only changes are .md files -> SKIP
|
|
echo "::set-output name=result::skip"
|
|
elif [[ "$num_charts_changed" -ne "$num_version_bumps" ]]; then
|
|
# Changes done in charts but version not bumped -> ERROR
|
|
echo "::set-output name=error::Detected changes in charts without version bump in Chart.yaml.\nCharts changed: ${num_charts_changed}\n${charts_dirs_changed}\nVersion bumps detected: ${num_version_bumps}"
|
|
echo "::set-output name=result::fail"
|
|
elif [[ "$num_charts_changed" -eq "1" ]]; then
|
|
# Changes done in only one chart -> OK
|
|
chart_name=$(echo "$charts_dirs_changed" | sed "s|bitnami/||g")
|
|
echo "::set-output name=chart::${chart_name}"
|
|
if [[ "$chart_name" == "common" ]]; then
|
|
# Changes done in bitnami/common -> SKIP
|
|
echo "::set-output name=result::skip"
|
|
else
|
|
# Changes done in a chart different from common -> OK
|
|
echo "::set-output name=result::ok"
|
|
fi
|
|
elif [[ "$num_charts_changed" -le "0" ]]; then
|
|
# Changes done in the bitnami/ folder but not inside a chart subfolder -> SKIP
|
|
echo "::set-output name=error::No changes detected in charts. The rest of the tests will be skipped."
|
|
echo "::set-output name=result::skip"
|
|
else
|
|
# Changes done in more than chart -> SKIP
|
|
echo -e "::set-output name=error::Changes detected in more than one chart directory:\n${charts_dirs_changed}\nIt is strongly advised to change only one chart in a PR. The rest of the tests will be skipped."
|
|
echo "::set-output name=result::skip"
|
|
fi
|
|
# Using actions/github-scripts because using exit 1 in the script above would not provide any output
|
|
# Source: https://github.community/t/no-output-on-process-completed-with-exit-code-1/123821/3
|
|
- id: show-error
|
|
name: 'Show error'
|
|
if: ${{ steps.get-chart.outputs.result == 'fail' }}
|
|
uses: actions/github-script@v3
|
|
with:
|
|
script: |
|
|
core.setFailed('${{ steps.get-chart.outputs.error }}')
|
|
vib-verify:
|
|
runs-on: ubuntu-latest
|
|
needs: get-chart
|
|
# Given performance issues of the action feature on GH's side, we need to be very restrictive in the job's triggers:
|
|
# -> The 'Get modified charts' job suceededs AND
|
|
# -> The event is not opened (avoids running twice on consecutive opened and labeled events) AND
|
|
# ( ---> The pipeline was triggered due to a label addition and said label was the 'verify' one OR
|
|
# ---> The pipeline was NOT triggered due to a label addition but the PR already contains the 'verify' one )
|
|
if: |
|
|
needs.get-chart.outputs.result == 'ok' &&
|
|
github.event.action != 'opened' &&
|
|
(
|
|
(github.event.action == 'labeled' && github.event.label.name == 'verify') ||
|
|
(github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'verify'))
|
|
)
|
|
name: VIB Verify
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
name: 'Checkout Repository'
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.ref }}
|
|
repository: ${{ github.event.pull_request.head.repo.full_name }}
|
|
- uses: vmware-labs/vmware-image-builder-action@main
|
|
name: Verify ${{ needs.get-chart.outputs.chart }}
|
|
with:
|
|
pipeline: ${{ needs.get-chart.outputs.chart }}/vib-verify.json
|
|
env:
|
|
# Target-Platform used by default
|
|
VIB_ENV_TARGET_PLATFORM: ${{ secrets.VIB_ENV_TARGET_PLATFORM }}
|
|
# Alternative Target-Platform to be used in case of incompatibilities
|
|
VIB_ENV_ALTERNATIVE_TARGET_PLATFORM: ${{ secrets.VIB_ENV_ALTERNATIVE_TARGET_PLATFORM }}
|
|
auto-pr-review:
|
|
runs-on: ubuntu-latest
|
|
needs: vib-verify
|
|
name: Reviewal for automated PRs
|
|
if: |
|
|
always() &&
|
|
github.actor == 'bitnami-bot' &&
|
|
contains(github.event.pull_request.labels.*.name, 'auto-merge')
|
|
steps:
|
|
# Approves the CI's PR if the 'VIB Verify' job succeeded
|
|
# Approved by the 'github-actions' user. A PR can't be approved by its author
|
|
- name: Approval
|
|
if: ${{ needs.vib-verify.result == 'success' }}
|
|
run: |
|
|
curl --request POST \
|
|
--url https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews \
|
|
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
|
|
--header 'content-type: application/json' \
|
|
--data '{
|
|
"event": "APPROVE"
|
|
}' \
|
|
--fail
|
|
- name: Remove auto-merge label
|
|
if: ${{ needs.vib-verify.result == 'failure' }}
|
|
uses: andymckay/labeler@1.0.4
|
|
with:
|
|
repo-token: "${{ secrets.GITHUB_TOKEN }}"
|
|
remove-labels: "auto-merge"
|
|
- name: Disable auto-merge
|
|
if: ${{ needs.vib-verify.result == 'failure' }}
|
|
run: |
|
|
curl --request POST \
|
|
--url https://api.github.com/graphql \
|
|
--header 'authorization: Bearer ${{ secrets.BITNAMI_BOT_TOKEN }}' \
|
|
--data '{
|
|
"query": "mutation { disablePullRequestAutoMerge(input: {pullRequestId: \"${{ github.event.pull_request.node_id }}\"}) { clientMutationId }}"
|
|
}' \
|
|
--fail
|
|
- name: Manual review required
|
|
if: ${{ needs.vib-verify.result == 'failure' }}
|
|
run: |
|
|
curl --request POST \
|
|
--url https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments \
|
|
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
|
|
--header 'content-type: application/json' \
|
|
--data '{
|
|
"body": "There has been an error during the automated release process. Manual revision is now required."
|
|
}' \
|
|
--fail
|
|
curl --request POST \
|
|
--url https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/requested_reviewers \
|
|
--header 'authorization: Bearer ${{ secrets.BITNAMI_BOT_TOKEN }}' \
|
|
--header 'content-type: application/json' \
|
|
--data '{
|
|
"team_reviewers": ["build-maintainers"]
|
|
}' \
|
|
--fail
|