andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3114 from lucasmlp/update-automation-v2.8 

Update automation in release-v2.8 branch
pull/3120/head
Sakala Venkata Krishna Rohit 2023-10-11 12:39:51 -07:00 committed by GitHub
parent 3b67e54b38 1b673a6d00
commit bb82b9824a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 213 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/pull_request_template.md vendored
View File

@ -23,4 +23,4 @@
<!-- Dedicated section to specifically call out any areas that with higher chance of regressions caused by this change, include estimation of probability of regressions -->
## Backporting considerations
<!-- Does this change need to be backported to other versions? If so, which versions should it be backported to? -->
<!-- Does this change need to be backported to other versions? If so, which versions should it be backported to? -->

34
.github/workflows/pull-request.yaml vendored
View File

@ -1,15 +1,15 @@
name: CI-pullrequest
on:
pull_request:
pull_request_target:
branches:
- dev-v*
- release-v*
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
@ -19,11 +19,33 @@ jobs:
- name: Pull scripts
run: sudo make pull-scripts
- name: Pull in all relevant branches
run: git fetch origin release-v2.6
- name: Check release.yaml
run: sudo make check-release-yaml
- name: Validate
run: sudo make validate
- name: Run Hull tests
run: cd tests && go test -v ./...
run: cd tests && go test -v ./...
check-images:
name: Check Container Images
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Check container images
run: make check-images
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
check-rc:
name: Check RC Images and Charts
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Check RC images and charts
run: make check-rc
if: startsWith(github.ref, 'refs/heads/release-v')

66
.github/workflows/regsync-config.yaml vendored
View File

@ -1,39 +1,79 @@
# Generate-Regsync-Config action will checkout release-v2.7 branch, run make regsync target and
# creates a pull request from rancherbot/charts or rancher/charts release-v2.7 branch with any image additions
# to regsync config file. This action is triggered whenever something is pushed into release-v2.7 branch.
# Generate-Regsync-Config action will run for every PR into release-v2.7 branch only after an approval is given
# It will run make target to generate regsync file and add a commit to the PR updating the regsync file.
# It will then install and run regsync client and do the prime image mirroring.
name: Generate-Regsync-Config
on:
pull_request_review:
types: [submitted, edited]
pull_request_target:
types:
- labeled
jobs:
onLabelAndApproval:
if: github.event.label.name == 'regsync-ready' && startsWith(github.event.pull_request.base.ref, 'release-v')
runs-on: ubuntu-latest
outputs:
is_approved: ${{ steps.check-approval.outputs.approved }}
steps:
- name: Check if PR is approved
id: check-approval
run: |
IS_APPROVED=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews --jq '[.[] | select(.state == "APPROVED")] | length')
if [[ "$IS_APPROVED" -gt 0 ]]; then
echo "::set-output name=approved::true"
else
echo "::set-output name=approved::false"
fi
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build:
if: github.event.review.state == 'approved' && github.event.pull_request.base.ref == 'release-v2.7'
needs: onLabelAndApproval
if: needs.onLabelAndApproval.outputs.is_approved == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Checkout
uses: actions/checkout@v3
with:
token: ${{ secrets.PUSH_TOKEN }}
- name: Set-up Ruby 3.2
uses: ruby/setup-ruby@v1
with:
ruby-version: '3.2' # Not needed with a .ruby-version file
# Need to remove export version once rancher/charts gets the latest version
# of charts-build-script binary.
- name: Generate Regsync Config
# Test removal of regsync.yaml, commit and push before regenerating it
- name: Generate RegSync
run: |
echo ${{ secrets.PUSH_TOKEN }} | gh auth login --with-token
gh pr checkout ${{ github.event.pull_request.number }}
git config --global user.email "${{ secrets.USER_GITHUB }}"
git config --global user.name "rancherbot"
export CHARTS_BUILD_SCRIPT_VERSION=v0.4.2
make pull-scripts
make regsync
- name: Commit files
run: |
git add regsync.yaml
git commit -m "Updating resync.yaml"
git branch
git push
- name: Install Regsync
run: |
curl --silent --fail --location --output regsync https://github.com/regclient/regclient/releases/download/v0.4.8/regsync-linux-amd64
curl --silent --fail --location --output regsync https://github.com/regclient/regclient/releases/download/v0.5.1/regsync-linux-amd64
chmod +x regsync
- name: Sync Images to Registry
run: |
head regsync.yaml
time ./regsync once --config regsync.yaml
ruby ./regsync-split.rb
time find regsync -type f -name split-regsync.yaml -print -exec time regsync once --config '{}' ';'
env:
REGISTRY_ENDPOINT: ${{ secrets.REGISTRY_ENDPOINT }}
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}

50
.github/workflows/validation-check.yaml vendored Normal file
View File

@ -0,0 +1,50 @@
name: Validation Check
on:
pull_request_review:
types: [submitted]
jobs:
check-reaction:
name: Check for positive reaction on bot's latest validation comment
if: startsWith(github.event.pull_request.base.ref, 'dev-v') || startsWith(github.event.pull_request.base.ref, 'release-v')
runs-on: ubuntu-latest
steps:
- name: Check for positive reaction on bot's latest validation comment
uses: actions/github-script@v4
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
// Get comments on the PR
const comments = await github.issues.listComments({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo
});
// Sort comments based on their creation datetime in descending order
const sortedComments = comments.data.sort((a, b) => new Date(b.created_at) - new Date(a.created_at));
// Find the latest validation comment by github-actions[bot]
const latestValidationComment = sortedComments.find(comment => comment.user.login === 'github-actions[bot]' && comment.body.startsWith("## Validation steps"));
if (latestValidationComment) {
const reactions = await github.reactions.listForIssueComment({
comment_id: latestValidationComment.id,
owner: context.repo.owner,
repo: context.repo.repo
});
// Check if there's a thumbs-up reaction on the bot's validation comment
const thumbsUpReaction = reactions.data.some(reaction => reaction.content === '+1');
if (thumbsUpReaction) {
console.log("The validation comment by github-actions[bot] has the required thumbs-up reaction.");
} else {
const createdAt = new Date(latestValidationComment.created_at).toLocaleString('en-US', { timeZoneName: 'short' });
console.error("Failed Check - Comment Created At:", createdAt);
core.setFailed("The latest validation comment by github-actions[bot] does not have the required thumbs-up reaction!");
}
} else {
core.setFailed("No validation comments by github-actions[bot] found.");
}

35
.github/workflows/validation-comment.yaml vendored Normal file
View File

@ -0,0 +1,35 @@
name: Validation Comment
on:
pull_request_target:
branches:
- dev-v*
- release-v*
jobs:
validation-comment:
name: Make validation comment on PR
runs-on: ubuntu-latest
permissions: write-all
steps:
- name: Make validation comment
uses: actions/github-script@v4
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body:
`## Validation steps
- Ensure all container images have repository and tag on the same level to ensure that all container images are included in rancher-images.txt which are used by airgap customers.
<pre>
Ex:-
longhorn-controller:
repository: rancher/hardened-sriov-cni
tag: v2.6.3-build20230913
</pre>
- Add a 👍 (thumbs up) reaction to this comment once done. CI won't pass without this reaction to the github-action bot's latest validation comment.
- Approve the PR to run the CI check.`
})

5
Makefile
View File

@ -7,7 +7,10 @@ remove:
forward-port:
./scripts/forward-port
TARGETS := prepare patch clean clean-cache charts list index unzip zip standardize validate template regsync
check-release-yaml:
./scripts/check-release-yaml
TARGETS := prepare patch clean clean-cache charts list index unzip zip standardize validate template regsync check-images check-rc
$(TARGETS):
@./scripts/pull-scripts

2
configuration.yaml
View File

@ -3,4 +3,4 @@ helmRepo:
validate:
url: https://github.com/rancher/charts.git
branch: release-v2.7
branch: release-v2.8

24
regsync-split.rb Normal file
View File

@ -0,0 +1,24 @@
#! /usr/bin/env ruby
require "json"
require "pathname"
require "yaml"
pwd = Pathname(Dir.pwd)
regsync = YAML.load((pwd + "regsync.yaml").read)
regsync["sync"].sum do |sync|
sync["tags"]["allow"].count
end.then do |sum|
puts "total tags to consider: #{sum}"
end
regsync["sync"].each do |sync|
regsync.merge("sync" => [sync]).then do |regsync|
(pwd + "split-regsync" + sync["source"]).then do |dir|
dir.mkpath
(dir + "split-regsync.yaml").write(YAML.dump(regsync))
end
end
end

16
scripts/check-release-yaml Executable file
View File

@ -0,0 +1,16 @@
#!/bin/bash
# Check if the file is empty
if [[ ! -s release.yaml ]]; then
echo "release.yaml is empty!"
exit 0
fi
yq -i release.yaml
if [[ -n $(git status --porcelain release.yaml) ]]; then
echo "release.yaml not following yq style"
exit 1
else
exit 0
fi

2
scripts/version
View File

@ -2,4 +2,4 @@
set -e
CHARTS_BUILD_SCRIPTS_REPO=https://github.com/rancher/charts-build-scripts.git
CHARTS_BUILD_SCRIPT_VERSION="${CHARTS_BUILD_SCRIPT_VERSION:-v0.3.3}"
CHARTS_BUILD_SCRIPT_VERSION="${CHARTS_BUILD_SCRIPT_VERSION:-v0.5.1}"