Update github.com/docker/docker and related dependencies #499
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build, Test, Automerge and Tag | |
# This workflow runs on all PRs that are targetting the main branch. | |
# | |
# It runs the test suite. If the PR is a release PR, it automerges and tags the main branch with | |
# the corresonding new version. | |
on: | |
pull_request_target: | |
types: [opened, synchronize, reopened] | |
branches: [ main ] | |
jobs: | |
build-test-release: | |
name: Build artifacts | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout main branch | |
uses: actions/checkout@v4 | |
- name: Checkout PR branch | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.ref }} | |
repository: ${{ github.event.pull_request.head.repo.full_name }} | |
path: "chart-verifier" | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: ./chart-verifier/go.mod | |
- name: Ensure Modules | |
working-directory: ./chart-verifier | |
run: make tidy | |
- name: Build Binary | |
working-directory: ./chart-verifier | |
run: make bin | |
- name: Run tests | |
working-directory: ./chart-verifier | |
run: | | |
# Run go tests | |
make test | |
if [[ ! -z $(git status -s) ]] | |
then | |
echo "go test - errors running go tests : $(git status -s)" | |
exit 1 | |
fi | |
- name: Set up Python 3.x | |
uses: ./.github/actions/setup-python | |
- name: Set up Python scripts on PR branch | |
working-directory: ./chart-verifier | |
run: | | |
# set up python requirements and scripts on PR branch | |
python3 -m venv ve1 | |
cd scripts && ../ve1/bin/pip3 install -r requirements.txt && cd .. | |
cd scripts && ../ve1/bin/pip3 install . && cd .. | |
- name: Check if only release file in PR | |
working-directory: ./chart-verifier | |
id: check_version_in_PR | |
run: | | |
# check if release file only is included in PR | |
ve1/bin/release-checker --api-url=${{ github.event.pull_request._links.self.href }} | |
- name: Get Date | |
id: get-date | |
run: | | |
echo "date=$(/bin/date -u "+%Y%m%d")" | tee -a $GITHUB_OUTPUT | |
shell: bash | |
- uses: actions/cache@v4 | |
id: cache | |
with: | |
path: ./chart-verifier/oc | |
key: ${{ steps.get-date.outputs.date }} | |
- name: Install oc | |
working-directory: ./chart-verifier | |
id: install-oc | |
run: | | |
# install oc | |
curl -sLO https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable/openshift-client-linux.tar.gz | |
tar zxvf openshift-client-linux.tar.gz oc | |
- name: Build podman Image | |
working-directory: ./chart-verifier | |
id: build_podman_image | |
run: | | |
# build a podman image | |
image_tag="test" | |
echo "Building container image using podman for the tests, tagging as $image_tag" | |
make build-image IMAGE_TAG=$image_tag | |
podman build -t quay.io/redhat-certification/chart-verifier:$image_tag . | |
echo "podman_image_tag=$image_tag" | tee -a $GITHUB_OUTPUT | |
- name: Create tarfile | |
id: create-tarfile | |
working-directory: ./chart-verifier | |
run: | | |
# create test tarball for the tests | |
ve1/bin/tar-file --release="test" | |
- name: Login to oc | |
working-directory: ./chart-verifier | |
env: | |
KUBECONFIG: /tmp/ci-kubeconfig | |
run: | | |
# oc login | |
API_SERVER=$( echo -n ${{ secrets.API_SERVER }} | base64 -d) | |
gpg --version | |
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash | |
if [ $GITHUB_REPOSITORY == "redhat-certification/chart-verifier" ]; then | |
# TODO: temporarily allow for skipping TLS verification as the new cluster uses local-only certificates | |
# This if logic isn't removed to remind us to come back and swap this out when a valid cert is put in place. | |
./oc login --insecure-skip-tls-verify --token=${{ secrets.CLUSTER_TOKEN }} --server=${API_SERVER} | |
else | |
./oc login --insecure-skip-tls-verify --token=${{ secrets.CLUSTER_TOKEN }} --server=${API_SERVER} | |
fi | |
ve1/bin/sa-for-chart-testing --create charts-${{ github.event.number }} --token token.txt --server ${API_SERVER} | |
- name: Run the tests | |
working-directory: ./chart-verifier | |
env: | |
KUBECONFIG: /tmp/ci-kubeconfig | |
VERIFIER_TARBALL_NAME : ${{ steps.create-tarfile.outputs.tarball_full_name }} | |
PODMAN_IMAGE_TAG : ${{ steps.build_podman_image.outputs.podman_image_tag }} | |
id: run_test | |
run: | | |
# run pytest | |
ve1/bin/pytest -v --log-cli-level=WARNING --tb=short | |
- name: Delete Namespace | |
if: ${{ always() && steps.install-oc.conclusion == 'success' }} | |
working-directory: ./chart-verifier | |
env: | |
KUBECONFIG: /tmp/ci-kubeconfig | |
run: | | |
# delete the namespace | |
API_SERVER=$( echo -n ${{ secrets.API_SERVER }} | base64 -d) | |
./oc login --token=${{ secrets.CLUSTER_TOKEN }} --server=${API_SERVER} | |
ve1/bin/sa-for-chart-testing --delete charts-${{ github.event.number }} | |
- name: Set up Python scripts on main branch | |
run: | | |
# set up python requirements and scripts on main branch | |
echo $(pwd) | |
python3 -m venv ve1 | |
cd scripts && ../ve1/bin/pip3 install -r requirements.txt && cd .. | |
cd scripts && ../ve1/bin/pip3 install . && cd .. | |
- name: Check for restricted files and user permissiom | |
id: check_authorization | |
run: | | |
# check for a restricted file and, if found, check user has permissiom | |
ve1/bin/check-user --api-url=${{ github.event.pull_request._links.self.href }} --user=${{ github.event.pull_request.user.login }} | |
- name: Check if version updated | |
id: check_version_updated | |
if: ${{ steps.check_version_in_PR.outputs.PR_includes_release == 'true' }} | |
run: | | |
# check if version file was changed | |
ve1/bin/release-checker --version=${{ steps.check_version_in_PR.outputs.PR_version }} | |
- name: Approve PR | |
id: approve_pr | |
if: ${{ steps.check_version_updated.outputs.updated == 'true'}} | |
uses: hmarr/auto-approve-action@v4 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Merge PR | |
id: merge_pr | |
if: ${{ steps.check_version_updated.outputs.updated == 'true'}} | |
uses: pascalgn/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
MERGE_METHOD: squash | |
MERGE_LABELS: "" | |
- name: Get main branch sha | |
id: main_sha | |
if: ${{ steps.check_version_updated.outputs.updated == 'true'}} | |
run: | | |
git fetch | |
export ORIGIN_MAIN_SHA=$(git rev-parse origin/main) | |
echo "origin_main_sha=$ORIGIN_MAIN_SHA" | tee -a $GITHUB_OUTPUT | |
- name: Create release tag | |
id: create_release_tag | |
if: ${{ steps.check_version_updated.outputs.updated == 'true'}} | |
uses: mathieudutour/[email protected] | |
with: | |
# It is necessary to use a Personal Access Token here rather than the usual GITHUB_TOKEN, as this | |
# step should trigger the release.yaml workflow, and events (such as tags) triggered by the | |
# GITHUB_TOKEN cannot create a new workflow run. See: | |
# https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow | |
# This Personal Access Token belongs to the openshift-helm-charts-bot account. | |
github_token: ${{ secrets.GH_HELM_BOT_TOKEN }} | |
custom_tag: ${{ steps.check_version_in_PR.outputs.PR_version }} | |
tag_prefix: "" | |
commit_sha: ${{ steps.main_sha.outputs.origin_main_sha }} |