Merge pull request #3114 from lucasmlp/update-automation-v2.8

Update automation in release-v2.8 branch
2023-10-11 12:39:51 -07:00 · 2023-10-11 12:39:51 -07:00 · bb82b9824a
parent 3b67e54b38 1b673a6d00
commit bb82b9824a
10 changed files with 213 additions and 23 deletions
--- a/.github/workflows/pull-request.yaml
+++ b/.github/workflows/pull-request.yaml
@ -1,15 +1,15 @@
 name: CI-pullrequest
 on:
-  pull_request:
+  pull_request_target:
    branches:
      - dev-v*
      - release-v*
 jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
@ -19,11 +19,33 @@ jobs:
      - name: Pull scripts
        run: sudo make pull-scripts
-      - name: Pull in all relevant branches
+      - name: Check release.yaml
-        run: git fetch origin release-v2.6
+        run: sudo make check-release-yaml
      - name: Validate 
        run: sudo make validate
      - name: Run Hull tests
        run: cd tests && go test -v ./...
  check-images:
    name: Check Container Images
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Check container images 
        run: make check-images
        env:
          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
  check-rc:
    name: Check RC Images and Charts
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Check RC images and charts
        run: make check-rc
        if: startsWith(github.ref, 'refs/heads/release-v')
--- a/.github/workflows/regsync-config.yaml
+++ b/.github/workflows/regsync-config.yaml
@ -1,38 +1,78 @@
-# Generate-Regsync-Config action will checkout release-v2.7 branch, run make regsync target and
+# Generate-Regsync-Config action will run for every PR into release-v2.7 branch only after an approval is given 
-# creates a pull request from rancherbot/charts or rancher/charts release-v2.7 branch with any image additions
+# It will run make target to generate regsync file and add a commit to the PR updating the regsync file. 
-# to regsync config file. This action is triggered whenever something is pushed into release-v2.7 branch.
+# It will then install and run regsync client and do the prime image mirroring.
 name: Generate-Regsync-Config
 on:
-  pull_request_review:
+  pull_request_target:
-    types: [submitted, edited]
+    types:
      - labeled
 jobs:
  onLabelAndApproval:
    if: github.event.label.name == 'regsync-ready' && startsWith(github.event.pull_request.base.ref, 'release-v')
    runs-on: ubuntu-latest
    outputs:
      is_approved: ${{ steps.check-approval.outputs.approved }}
    steps:
      - name: Check if PR is approved
        id: check-approval
        run: |
          IS_APPROVED=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews --jq '[.[] | select(.state == "APPROVED")] | length')
          if [[ "$IS_APPROVED" -gt 0 ]]; then
            echo "::set-output name=approved::true"
          else
            echo "::set-output name=approved::false"
          fi
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  build:
-    if: github.event.review.state == 'approved' && github.event.pull_request.base.ref == 'release-v2.7'
+    needs: onLabelAndApproval
    if: needs.onLabelAndApproval.outputs.is_approved == 'true'
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
+      - name: Checkout 
        uses: actions/checkout@v3
        with:
          token: ${{ secrets.PUSH_TOKEN }} 
      - name: Set-up Ruby 3.2
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: '3.2' # Not needed with a .ruby-version file
      # Need to remove export version once rancher/charts gets the latest version 
      # of charts-build-script binary.
-      
+      # Test removal of regsync.yaml, commit and push before regenerating it
-      - name: Generate Regsync Config
+      - name: Generate RegSync
        run: |
          echo ${{ secrets.PUSH_TOKEN }} | gh auth login --with-token
          gh pr checkout ${{ github.event.pull_request.number }}
          git config --global user.email "${{ secrets.USER_GITHUB }}"
          git config --global user.name "rancherbot"
          export CHARTS_BUILD_SCRIPT_VERSION=v0.4.2 
          make pull-scripts
          make regsync
      - name: Commit files
        run: |
            git add regsync.yaml
            git commit -m "Updating resync.yaml"
            git branch
            git push
      - name: Install Regsync
        run: |
-          curl --silent --fail --location --output regsync https://github.com/regclient/regclient/releases/download/v0.4.8/regsync-linux-amd64
+          curl --silent --fail --location --output regsync https://github.com/regclient/regclient/releases/download/v0.5.1/regsync-linux-amd64
          chmod +x regsync
      - name: Sync Images to Registry
        run: |
          head regsync.yaml
-          time ./regsync once --config regsync.yaml
+          ruby ./regsync-split.rb
          time find regsync -type f -name split-regsync.yaml -print -exec time regsync once --config '{}' ';'
        env:
          REGISTRY_ENDPOINT: ${{ secrets.REGISTRY_ENDPOINT }}
          REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
--- a/.github/workflows/validation-check.yaml
+++ b/.github/workflows/validation-check.yaml
@ -0,0 +1,50 @@
 name: Validation Check
 on:
  pull_request_review:
    types: [submitted]
 jobs:
  check-reaction:
    name: Check for positive reaction on bot's latest validation comment
    if: startsWith(github.event.pull_request.base.ref, 'dev-v') || startsWith(github.event.pull_request.base.ref, 'release-v')
    runs-on: ubuntu-latest
    steps:
      - name: Check for positive reaction on bot's latest validation comment
        uses: actions/github-script@v4
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          script: |
            // Get comments on the PR
            const comments = await github.issues.listComments({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo
            });
            // Sort comments based on their creation datetime in descending order
            const sortedComments = comments.data.sort((a, b) => new Date(b.created_at) - new Date(a.created_at));
            // Find the latest validation comment by github-actions[bot]
            const latestValidationComment = sortedComments.find(comment => comment.user.login === 'github-actions[bot]' && comment.body.startsWith("## Validation steps"));
            if (latestValidationComment) {
              const reactions = await github.reactions.listForIssueComment({
                comment_id: latestValidationComment.id,
                owner: context.repo.owner,
                repo: context.repo.repo
              });
              // Check if there's a thumbs-up reaction on the bot's validation comment
              const thumbsUpReaction = reactions.data.some(reaction => reaction.content === '+1');
              if (thumbsUpReaction) {
                console.log("The validation comment by github-actions[bot] has the required thumbs-up reaction.");
              } else {
                const createdAt = new Date(latestValidationComment.created_at).toLocaleString('en-US', { timeZoneName: 'short' });
                console.error("Failed Check - Comment Created At:", createdAt);
                core.setFailed("The latest validation comment by github-actions[bot] does not have the required thumbs-up reaction!");
              }
            } else {
              core.setFailed("No validation comments by github-actions[bot] found.");
            }
--- a/.github/workflows/validation-comment.yaml
+++ b/.github/workflows/validation-comment.yaml
@ -0,0 +1,35 @@
 name: Validation Comment
 on:
  pull_request_target:
    branches:
      - dev-v*
      - release-v*
 jobs:
  validation-comment:
    name: Make validation comment on PR
    runs-on: ubuntu-latest
    permissions: write-all
    steps:
      - name: Make validation comment
        uses: actions/github-script@v4
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          script: |
            github.issues.createComment({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body:
              `## Validation steps
              - Ensure all container images have repository and tag on the same level to ensure that all container images are included in rancher-images.txt which are used by airgap customers.
              <pre>
              Ex:- 
                longhorn-controller:
                  repository: rancher/hardened-sriov-cni
                  tag: v2.6.3-build20230913
              </pre>
              - Add a 👍 (thumbs up) reaction to this comment once done. CI won't pass without this reaction to the github-action bot's latest validation comment.
              - Approve the PR to run the CI check.`
            })
--- a/5
+++ b/5
@ -7,7 +7,10 @@ remove:
 forward-port:
 	./scripts/forward-port
-TARGETS := prepare patch clean clean-cache charts list index unzip zip standardize validate template regsync
+check-release-yaml:
 	./scripts/check-release-yaml
 TARGETS := prepare patch clean clean-cache charts list index unzip zip standardize validate template regsync check-images check-rc
 $(TARGETS):
 	@./scripts/pull-scripts
--- a/configuration.yaml
+++ b/configuration.yaml
@ -3,4 +3,4 @@ helmRepo:
 validate:
  url: https://github.com/rancher/charts.git
-  branch: release-v2.7
+  branch: release-v2.8
--- a/regsync-split.rb
+++ b/regsync-split.rb
@ -0,0 +1,24 @@
 #! /usr/bin/env ruby
 require "json"
 require "pathname"
 require "yaml"
 pwd = Pathname(Dir.pwd)
 regsync = YAML.load((pwd + "regsync.yaml").read)
 regsync["sync"].sum do |sync|
  sync["tags"]["allow"].count
 end.then do |sum|
  puts "total tags to consider: #{sum}"
 end
 regsync["sync"].each do |sync|
  regsync.merge("sync" => [sync]).then do |regsync|
    (pwd + "split-regsync" + sync["source"]).then do |dir|
      dir.mkpath
      (dir + "split-regsync.yaml").write(YAML.dump(regsync))
    end
  end
 end
--- a/scripts/check-release-yaml
+++ b/scripts/check-release-yaml
@ -0,0 +1,16 @@
 #!/bin/bash
 # Check if the file is empty
 if [[ ! -s release.yaml ]]; then
  echo "release.yaml is empty!"
  exit 0
 fi
 yq -i release.yaml
 if [[ -n $(git status --porcelain release.yaml) ]]; then
  echo "release.yaml not following yq style"
  exit 1
 else
  exit 0
 fi
--- a/scripts/version
+++ b/scripts/version
@ -2,4 +2,4 @@
 set -e
 CHARTS_BUILD_SCRIPTS_REPO=https://github.com/rancher/charts-build-scripts.git
-CHARTS_BUILD_SCRIPT_VERSION="${CHARTS_BUILD_SCRIPT_VERSION:-v0.3.3}"
+CHARTS_BUILD_SCRIPT_VERSION="${CHARTS_BUILD_SCRIPT_VERSION:-v0.5.1}"