From 8f9be78cfee71c2314f3a0ab41af6f59a95655a8 Mon Sep 17 00:00:00 2001 From: Pranshu Srivastava Date: Wed, 23 Aug 2023 19:40:46 +0530 Subject: [PATCH] Validate PRs * validate all PRs by running all *affected* workflows * exit 0 on uptodate and ahead downstreams * don't run any workflows that involve secrets when in a PR context Signed-off-by: Pranshu Srivastava --- .github/workflows/actions-ci-check.yaml | 2 +- .github/workflows/merge-alertmanager.yaml | 11 ++++++++++- .github/workflows/merge-flow.yaml | 17 ++++++++++------- .github/workflows/merge-kube-state-metrics.yaml | 10 +++++++++- .github/workflows/merge-metrics-server.yaml | 12 ++++++++++-- .github/workflows/merge-node-exporter.yaml | 10 +++++++++- .github/workflows/merge-prom-label-proxy.yaml | 10 +++++++++- .github/workflows/merge-prometheus-adapter.yaml | 10 +++++++++- .../workflows/merge-prometheus-operator.yaml | 10 +++++++++- .github/workflows/merge-prometheus.yaml | 10 +++++++++- .github/workflows/merge-thanos.yaml | 10 +++++++++- .github/workflows/update-cmo-deps-versions.yaml | 2 +- .github/workflows/update-cmo-jsonnet-deps.yaml | 2 +- 13 files changed, 96 insertions(+), 20 deletions(-) diff --git a/.github/workflows/actions-ci-check.yaml b/.github/workflows/actions-ci-check.yaml index 61be504..fa314cc 100644 --- a/.github/workflows/actions-ci-check.yaml +++ b/.github/workflows/actions-ci-check.yaml @@ -1,5 +1,5 @@ name: Actions yaml CI check -on: [pull_request] +on: [push, pull_request] jobs: actionlint: runs-on: ubuntu-latest diff --git a/.github/workflows/merge-alertmanager.yaml b/.github/workflows/merge-alertmanager.yaml index bc4f48d..9d49ff7 100644 --- a/.github/workflows/merge-alertmanager.yaml +++ b/.github/workflows/merge-alertmanager.yaml @@ -4,9 +4,18 @@ on: workflow_dispatch: schedule: - cron: '0 0 * * *' #@daily + pull_request: + paths: + - '.github/workflows/merge-flow.yaml' + - '.github/workflows/merge-alertmanager.yaml' + push: + paths: + - '.github/workflows/merge-flow.yaml' + - '.github/workflows/merge-alertmanager.yaml' + jobs: alertmanager-merge: - uses: rhobs/syncbot/.github/workflows/merge-flow.yaml@main + uses: ./.github/workflows/merge-flow.yaml with: upstream: prometheus/alertmanager downstream: openshift/prometheus-alertmanager diff --git a/.github/workflows/merge-flow.yaml b/.github/workflows/merge-flow.yaml index fb3fc97..b66c756 100644 --- a/.github/workflows/merge-flow.yaml +++ b/.github/workflows/merge-flow.yaml @@ -86,7 +86,7 @@ jobs: echo "downstream=$(dirname ${{ inputs.downstream }})" >> $GITHUB_OUTPUT echo "sandbox=$(dirname ${{ inputs.sandbox }})" >> $GITHUB_OUTPUT DOWNSTREAM_VERSION=$(curl -sL "https://raw.githubusercontent.com/${{ inputs.downstream }}/${{ inputs.downstream-branch }}/VERSION") - if [ "${DOWNSTREAM_VERSION}" == "" ]; then + if [[ "${DOWNSTREAM_VERSION}" =~ ^$|"404: Not Found" ]]; then # Strip the trailing URL from the expression. DOWNSTREAM_VERSION_SED=$(echo "${{ inputs.downstream-version-expression }}" | sed -e 's/\(http[^ ]*\).*$/\1/' -e 's/http[^ ]*$//') # Strip the leading sed command from the expression. @@ -96,7 +96,7 @@ jobs: exit 1 fi DOWNSTREAM_VERSION=$(curl --silent "${DOWNSTREAM_VERSION_URL}" | eval "${DOWNSTREAM_VERSION_SED}") - if [ "${DOWNSTREAM_VERSION}" == "" ]; then + if ! [[ "${DOWNSTREAM_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "::error::downstream-version-expression is invalid" exit 1 fi @@ -119,11 +119,11 @@ jobs: elif [ "${SEMVER_RESULT}" == "=" ]; then echo "status=uptodate" >> $GITHUB_OUTPUT echo "::notice::downstream up-to-date" - exit 1 + exit 0 else echo "status=ahead" >> $GITHUB_OUTPUT echo "::notice::downstream ahead" - exit 1 + exit 0 fi - uses: actions/checkout@v2 with: @@ -188,6 +188,7 @@ jobs: git diff --cached --exit-code || git commit -s -m "[bot] update rh-manifest.txt" fi - name: Get auth token to create pull request for ${{ inputs.downstream }} + if: github.event_name != 'pull_request' id: pr uses: getsentry/action-github-app-token@v1 with: @@ -195,6 +196,7 @@ jobs: private_key: ${{ secrets.pr-app-private-key }} scope: ${{ steps.org.outputs.downstream }} - name: Get auth token to push to ${{ inputs.sandbox }} + if: github.event_name != 'pull_request' id: cloner uses: getsentry/action-github-app-token@v1 with: @@ -202,6 +204,7 @@ jobs: private_key: ${{ secrets.cloner-app-private-key }} scope: ${{ steps.org.outputs.sandbox }} - name: Create Pull Request + if: github.event_name != 'pull_request' uses: rhobs/create-pull-request@v3 id: create-pr with: @@ -236,8 +239,8 @@ jobs: push-to-fork: ${{ inputs.sandbox }} push-to-fork-token: ${{ steps.cloner.outputs.token }} - name: Compose slack message body + if: github.event_name != 'pull_request' && (success() || steps.fork-sync.outputs.status == 'uptodate' || steps.fork-sync.outputs.status == 'ahead') continue-on-error: true - if: success() || steps.fork-sync.outputs.status == 'uptodate' || steps.fork-sync.outputs.status == 'ahead' id: slack-message run: | if [ "${{ steps.create-pr.outputs.pull-request-url }}" == "" ] || [ ${{ steps.fork-sync.outputs.status }} == "uptodate" ] || [ ${{ steps.fork-sync.outputs.status }} == "ahead" ] ; then @@ -246,8 +249,8 @@ jobs: echo "message=PR ${{ steps.create-pr.outputs.pull-request-url }} has been ${{ steps.create-pr.outputs.pull-request-operation || 'updated' }}." >> $GITHUB_OUTPUT fi - uses: 8398a7/action-slack@v3 + if: github.event_name != 'pull_request' && (success() || steps.fork-sync.outputs.status == 'uptodate' || steps.fork-sync.outputs.status == 'ahead') continue-on-error: true - if: success() || steps.fork-sync.outputs.status == 'uptodate' || steps.fork-sync.outputs.status == 'ahead' with: status: custom fields: workflow @@ -261,8 +264,8 @@ jobs: env: SLACK_WEBHOOK_URL: ${{ secrets.slack-webhook-url }} - uses: 8398a7/action-slack@v3 + if: github.event_name != 'pull_request' && (failure() && steps.fork-sync.outputs.status != 'uptodate' && steps.fork-sync.outputs.status != 'ahead') continue-on-error: true - if: failure() && steps.fork-sync.outputs.status != 'uptodate' && steps.fork-sync.outputs.status != 'ahead' with: status: custom fields: workflow diff --git a/.github/workflows/merge-kube-state-metrics.yaml b/.github/workflows/merge-kube-state-metrics.yaml index a5f1931..6446df5 100644 --- a/.github/workflows/merge-kube-state-metrics.yaml +++ b/.github/workflows/merge-kube-state-metrics.yaml @@ -4,10 +4,18 @@ on: workflow_dispatch: schedule: - cron: '0 0 * * *' #@daily + pull_request: + paths: + - '.github/workflows/merge-flow.yaml' + - '.github/workflows/merge-kube-state-metrics.yaml' + push: + paths: + - '.github/workflows/merge-flow.yaml' + - '.github/workflows/merge-kube-state-metrics.yaml' jobs: kube-state-metrics-merge: - uses: rhobs/syncbot/.github/workflows/merge-flow.yaml@main + uses: ./.github/workflows/merge-flow.yaml with: upstream: kubernetes/kube-state-metrics downstream: openshift/kube-state-metrics diff --git a/.github/workflows/merge-metrics-server.yaml b/.github/workflows/merge-metrics-server.yaml index 1af2f2e..4910a49 100644 --- a/.github/workflows/merge-metrics-server.yaml +++ b/.github/workflows/merge-metrics-server.yaml @@ -4,15 +4,23 @@ on: workflow_dispatch: schedule: - cron: '0 0 * * *' #@daily + pull_request: + paths: + - '.github/workflows/merge-flow.yaml' + - '.github/workflows/merge-metrics-server.yaml' + push: + paths: + - '.github/workflows/merge-flow.yaml' + - '.github/workflows/merge-metrics-server.yaml' jobs: metrics-server-merge: - uses: rhobs/syncbot/.github/workflows/merge-flow.yaml@main + uses: ./.github/workflows/merge-flow.yaml with: upstream: kubernetes-sigs/metrics-server downstream: openshift/kubernetes-metrics-server sandbox: rhobs/kubernetes-metrics-server - go-version: 1.20 + go-version: "1.20" restore-downstream: OWNERS charts/OWNERS downstream-version-expression: | sed -n -E 's/^.*newTag: *(v[0-9]+\.[0-9]+\.[0-9]+).*$/\1/p' https://raw.githubusercontent.com/openshift/kubernetes-metrics-server/master/manifests/release/kustomization.yaml diff --git a/.github/workflows/merge-node-exporter.yaml b/.github/workflows/merge-node-exporter.yaml index e0f7dd4..ffc9546 100644 --- a/.github/workflows/merge-node-exporter.yaml +++ b/.github/workflows/merge-node-exporter.yaml @@ -4,9 +4,17 @@ on: workflow_dispatch: schedule: - cron: '0 0 * * *' #@daily + pull_request: + paths: + - '.github/workflows/merge-flow.yaml' + - '.github/workflows/merge-node-exporter.yaml' + push: + paths: + - '.github/workflows/merge-flow.yaml' + - '.github/workflows/merge-node-exporter.yaml' jobs: node-exporter-merge: - uses: rhobs/syncbot/.github/workflows/merge-flow.yaml@main + uses: ./.github/workflows/merge-flow.yaml with: upstream: prometheus/node_exporter downstream: openshift/node_exporter diff --git a/.github/workflows/merge-prom-label-proxy.yaml b/.github/workflows/merge-prom-label-proxy.yaml index b1f5174..b38e954 100644 --- a/.github/workflows/merge-prom-label-proxy.yaml +++ b/.github/workflows/merge-prom-label-proxy.yaml @@ -4,9 +4,17 @@ on: workflow_dispatch: schedule: - cron: '0 0 * * *' #@daily + pull_request: + paths: + - '.github/workflows/merge-flow.yaml' + - '.github/workflows/merge-prom-label-proxy.yaml' + push: + paths: + - '.github/workflows/merge-flow.yaml' + - '.github/workflows/merge-prom-label-proxy.yaml' jobs: prom-label-proxy-merge: - uses: rhobs/syncbot/.github/workflows/merge-flow.yaml@main + uses: ./.github/workflows/merge-flow.yaml with: upstream: prometheus-community/prom-label-proxy downstream: openshift/prom-label-proxy diff --git a/.github/workflows/merge-prometheus-adapter.yaml b/.github/workflows/merge-prometheus-adapter.yaml index 57b940a..f664585 100644 --- a/.github/workflows/merge-prometheus-adapter.yaml +++ b/.github/workflows/merge-prometheus-adapter.yaml @@ -4,9 +4,17 @@ on: workflow_dispatch: schedule: - cron: '0 0 * * *' #@daily + pull_request: + paths: + - '.github/workflows/merge-flow.yaml' + - '.github/workflows/merge-prometheus-adapter.yaml' + push: + paths: + - '.github/workflows/merge-flow.yaml' + - '.github/workflows/merge-prometheus-adapter.yaml' jobs: prometheus-adapter-merge: - uses: rhobs/syncbot/.github/workflows/merge-flow.yaml@main + uses: ./.github/workflows/merge-flow.yaml with: upstream: kubernetes-sigs/prometheus-adapter downstream: openshift/k8s-prometheus-adapter diff --git a/.github/workflows/merge-prometheus-operator.yaml b/.github/workflows/merge-prometheus-operator.yaml index fa3ea79..9fbd7a6 100644 --- a/.github/workflows/merge-prometheus-operator.yaml +++ b/.github/workflows/merge-prometheus-operator.yaml @@ -4,9 +4,17 @@ on: workflow_dispatch: schedule: - cron: '0 0 * * *' #@daily + pull_request: + paths: + - '.github/workflows/merge-flow.yaml' + - '.github/workflows/merge-prometheus-operator.yaml' + push: + paths: + - '.github/workflows/merge-flow.yaml' + - '.github/workflows/merge-prometheus-operator.yaml' jobs: prometheus-operator-merge: - uses: rhobs/syncbot/.github/workflows/merge-flow.yaml@main + uses: ./.github/workflows/merge-flow.yaml with: upstream: prometheus-operator/prometheus-operator downstream: openshift/prometheus-operator diff --git a/.github/workflows/merge-prometheus.yaml b/.github/workflows/merge-prometheus.yaml index 1f04bb9..568c285 100644 --- a/.github/workflows/merge-prometheus.yaml +++ b/.github/workflows/merge-prometheus.yaml @@ -4,9 +4,17 @@ on: workflow_dispatch: schedule: - cron: '0 0 * * *' #@daily + pull_request: + paths: + - '.github/workflows/merge-flow.yaml' + - '.github/workflows/merge-prometheus.yaml' + push: + paths: + - '.github/workflows/merge-flow.yaml' + - '.github/workflows/merge-prometheus.yaml' jobs: prometheus-merge: - uses: rhobs/syncbot/.github/workflows/merge-flow.yaml@main + uses: ./.github/workflows/merge-flow.yaml with: upstream: prometheus/prometheus downstream: openshift/prometheus diff --git a/.github/workflows/merge-thanos.yaml b/.github/workflows/merge-thanos.yaml index 37351d7..b05dd3a 100644 --- a/.github/workflows/merge-thanos.yaml +++ b/.github/workflows/merge-thanos.yaml @@ -4,9 +4,17 @@ on: workflow_dispatch: schedule: - cron: '0 0 * * *' #@daily + pull_request: + paths: + - '.github/workflows/merge-flow.yaml' + - '.github/workflows/merge-thanos.yaml' + push: + paths: + - '.github/workflows/merge-flow.yaml' + - '.github/workflows/merge-thanos.yaml' jobs: thanos-merge: - uses: rhobs/syncbot/.github/workflows/merge-flow.yaml@main + uses: ./.github/workflows/merge-flow.yaml with: upstream: thanos-io/thanos downstream: openshift/thanos diff --git a/.github/workflows/update-cmo-deps-versions.yaml b/.github/workflows/update-cmo-deps-versions.yaml index fc2e0bb..1205c75 100644 --- a/.github/workflows/update-cmo-deps-versions.yaml +++ b/.github/workflows/update-cmo-deps-versions.yaml @@ -8,7 +8,7 @@ on: - cron: '0 0 * * *' #@daily jobs: versions-update: - uses: rhobs/syncbot/.github/workflows/cmo-make-targets.yaml@main + uses: ./.github/workflows/cmo-make-targets.yaml with: go-version: "1.20" make-targets: versions generate diff --git a/.github/workflows/update-cmo-jsonnet-deps.yaml b/.github/workflows/update-cmo-jsonnet-deps.yaml index 7a2ceed..808fee2 100644 --- a/.github/workflows/update-cmo-jsonnet-deps.yaml +++ b/.github/workflows/update-cmo-jsonnet-deps.yaml @@ -6,7 +6,7 @@ on: - cron: '0 0 * * 1' #@weekly jobs: jsonnet-update: - uses: rhobs/syncbot/.github/workflows/cmo-make-targets.yaml@main + uses: ./.github/workflows/cmo-make-targets.yaml with: go-version: "1.20" make-targets: update generate