From 63711df788823f038519dfe8468f8b8d3259d087 Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Mon, 16 Sep 2024 15:21:38 +0200 Subject: [PATCH 1/5] chore(generate-prs): split author out of the reason text, assign PR to the author. - Stops the author being notified for both the PR and the commit. - Assign the PR to the author instead of the stackabletech/Developers group to reduce notification noise. --- .github/workflows/generate_prs.yml | 6 ++++-- playbook/group_vars/all/vars | 2 +- playbook/update_repo.yaml | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/generate_prs.yml b/.github/workflows/generate_prs.yml index 8f7cc1a5..bc74fba4 100644 --- a/.github/workflows/generate_prs.yml +++ b/.github/workflows/generate_prs.yml @@ -128,10 +128,12 @@ jobs: - name: Set commit message for manual dispatch if: ${{ github.event_name == 'workflow_dispatch' }} run: | - echo "REASON=@${{ github.event.sender.login }}: ${{ github.event.inputs.message }}" >> "$GITHUB_ENV" + echo "AUTHOR=@${{ github.event.sender.login }}" >> "$GITHUB_ENV" + echo "REASON=${{ github.event.inputs.message }}" >> "$GITHUB_ENV" - name: Set commit message for schedule if: ${{ github.event_name == 'schedule' }} run: | + echo "AUTHOR=Github Actions" echo "REASON=Daily run triggered" >> "$GITHUB_ENV" - name: Overwrite repositories.yaml for ${{ matrix.repository.name }} @@ -150,7 +152,7 @@ jobs: if: ${{ !inputs.dry-run }} run: | # Funnel via JSON to ensure that values are escaped properly - echo '{}' | jq '{commit_hash: $ENV.GITHUB_SHA, reason: $ENV.REASON, base_dir: $pwd, gh_access_token: $ENV.GH_ACCESS_TOKEN}' --arg pwd "$(pwd)" > vars.json + echo '{}' | jq '{commit_hash: $ENV.GITHUB_SHA, author: $ENV.AUTHOR, reason: $ENV.REASON, base_dir: $pwd, gh_access_token: $ENV.GH_ACCESS_TOKEN}' --arg pwd "$(pwd)" > vars.json ansible-playbook playbook/playbook.yaml --extra-vars "@vars.json" env: GH_ACCESS_TOKEN: ${{ secrets.gh_access_token }} diff --git a/playbook/group_vars/all/vars b/playbook/group_vars/all/vars index 3d8fb445..f0f82cea 100644 --- a/playbook/group_vars/all/vars +++ b/playbook/group_vars/all/vars @@ -26,7 +26,7 @@ pr_body: | > > | **Trigger-message** | > | - | - > | {{ reason }} | + > | {{ author }}: {{ reason }} | > [!TIP] > Please update the change type as appropriate. diff --git a/playbook/update_repo.yaml b/playbook/update_repo.yaml index 99fdb30a..6fe8d4eb 100644 --- a/playbook/update_repo.yaml +++ b/playbook/update_repo.yaml @@ -139,7 +139,7 @@ - name: "Operator [{{ operator.name }}] create PR" command: - argv: [gh, pr, create, --base, main, --title, "{{ pr_title }}", --body, "{{ pr_body }}", --reviewer, "@stackabletech/developers"] + argv: [gh, pr, create, --base, main, --title, "{{ pr_title }}", --body, "{{ pr_body }}", --reviewer, "{{ author }}"] chdir: "{{ work_dir }}/{{ operator.name }}" - name: "Operator [{{ operator.name }}] clean" From 4342e05625371557f5b151800850c6ee79a53e25 Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Mon, 16 Sep 2024 15:26:42 +0200 Subject: [PATCH 2/5] fix: actionlint should check template files too Also renamed and move the config to the correct location, per --- template/.actionlint.yaml => .github/actionlint.yaml | 0 .pre-commit-config.yaml | 2 ++ template/.github/actionlint.yaml | 5 +++++ 3 files changed, 7 insertions(+) rename template/.actionlint.yaml => .github/actionlint.yaml (100%) create mode 100644 template/.github/actionlint.yaml diff --git a/template/.actionlint.yaml b/.github/actionlint.yaml similarity index 100% rename from template/.actionlint.yaml rename to .github/actionlint.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 39a40f3e..df6c17ea 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -49,6 +49,8 @@ repos: rev: 62dc61a45fc95efe8c800af7a557ab0b9165d63b # 1.7.1 hooks: - id: actionlint + types: [text] + files: ^(template/)?\.github/workflows/.*\.ya?ml(\.j2)? - repo: https://github.com/hadolint/hadolint rev: b3555ba9c2bfd9401e79f2f0da68dd1ae38e10c7 # 2.12.0 diff --git a/template/.github/actionlint.yaml b/template/.github/actionlint.yaml new file mode 100644 index 00000000..8337548a --- /dev/null +++ b/template/.github/actionlint.yaml @@ -0,0 +1,5 @@ +--- +self-hosted-runner: + # Ubicloud machines we are using + labels: + - ubicloud-standard-8-arm From a22880be953e652a596f8a806e0fb9f28e01fd49 Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Mon, 16 Sep 2024 15:38:30 +0200 Subject: [PATCH 3/5] fix(template): lint issues --- template/.github/workflows/build.yml.j2 | 18 +++++++++--------- template/docker/Dockerfile.j2 | 16 +++++++++++----- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/template/.github/workflows/build.yml.j2 b/template/.github/workflows/build.yml.j2 index 46dc7f61..9d35d84c 100644 --- a/template/.github/workflows/build.yml.j2 +++ b/template/.github/workflows/build.yml.j2 @@ -88,18 +88,18 @@ jobs: TRIGGER: ${{ github.event_name }} GITHUB_REF: ${{ github.ref }} run: | - if [[ $TRIGGER == "pull_request" ]]; then + if [[ "$TRIGGER" == "pull_request" ]]; then echo "exporting test as target helm repo: ${{ env.TEST_REPO_HELM_URL }}" - echo "helm_repo=${{ env.TEST_REPO_HELM_URL }}" >> $GITHUB_OUTPUT - elif [[ ( $TRIGGER == "push" || $TRIGGER == "schedule" || $TRIGGER == "workflow_dispatch" ) && $GITHUB_REF == "refs/heads/main" ]]; then + echo "helm_repo=${{ env.TEST_REPO_HELM_URL }}" >> "$GITHUB_OUTPUT" + elif [[ ( "$TRIGGER" == "push" || "$TRIGGER" == "schedule" || "$TRIGGER" == "workflow_dispatch" ) && "$GITHUB_REF" == "refs/heads/main" ]]; then echo "exporting dev as target helm repo: ${{ env.DEV_REPO_HELM_URL }}" - echo "helm_repo=${{ env.DEV_REPO_HELM_URL }}" >> $GITHUB_OUTPUT - elif [[ $TRIGGER == "push" && $GITHUB_REF == refs/tags/* ]]; then + echo "helm_repo=${{ env.DEV_REPO_HELM_URL }}" >> "$GITHUB_OUTPUT" + elif [[ "$TRIGGER" == "push" && $GITHUB_REF == refs/tags/* ]]; then echo "exporting stable as target helm repo: ${{ env.STABLE_REPO_HELM_URL }}" - echo "helm_repo=${{ env.STABLE_REPO_HELM_URL }}" >> $GITHUB_OUTPUT + echo "helm_repo=${{ env.STABLE_REPO_HELM_URL }}" >> "$GITHUB_OUTPUT" else echo "Unknown trigger and ref combination encountered, skipping publish step: $TRIGGER $GITHUB_REF" - echo "helm_repo=skip" >> $GITHUB_OUTPUT + echo "helm_repo=skip" >> "$GITHUB_OUTPUT" fi run_cargodeny: @@ -379,7 +379,7 @@ jobs: - id: printtag name: Output image name and tag if: ${{ !github.event.pull_request.head.repo.fork }} - run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> $GITHUB_OUTPUT + run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> "$GITHUB_OUTPUT" create_manifest_list: name: Build and publish manifest list @@ -437,4 +437,4 @@ jobs: ARCH_FOR_PREFLIGHT="$(arch | sed -e 's#x86_64#amd64#' | sed -e 's#aarch64#arm64#')" ./preflight-linux-amd64 check container "$IMAGE_TAG" --platform "${ARCH_FOR_PREFLIGHT}" > preflight.out - name: "Passed?" - run: '[ "$(cat preflight.out | jq -r .passed)" == true ]' + run: '[ "$(jq -r .passed < preflight.out)" == true ]' diff --git a/template/docker/Dockerfile.j2 b/template/docker/Dockerfile.j2 index db106cce..fd50a47d 100644 --- a/template/docker/Dockerfile.j2 +++ b/template/docker/Dockerfile.j2 @@ -2,9 +2,13 @@ # This file is automatically generated from the templates in stackabletech/operator-templating # DON'T MANUALLY EDIT THIS FILE # ============= -FROM oci.stackable.tech/sdp/ubi9-rust-builder AS builder +# We want to automatically use the latest. We also don't tag our images with a version. +# hadolint ignore=DL3007 +FROM oci.stackable.tech/sdp/ubi9-rust-builder:latest AS builder -FROM registry.access.redhat.com/ubi9/ubi-minimal AS operator +# We want to automatically use the latest. +# hadolint ignore=DL3007 +FROM registry.access.redhat.com/ubi9/ubi-minimal:latest AS operator ARG VERSION ARG RELEASE="1" @@ -20,6 +24,8 @@ LABEL name="Stackable Operator for {[ operator.pretty_string }]" \ # Update image and install kerberos client libraries # install_weak_deps in microdnf does not support the literal "False" as dnf does # https://github.com/rpm-software-management/microdnf/blob/a600c62f29262d71a6259b70dc220df65a2ab9b5/dnf/dnf-main.c#L176-L189 +# NOTE (@NickLarsenNZ): Maybe we should consider pinning package versions? +# hadolint ignore=DL3041 RUN microdnf update -y --setopt=install_weak_deps=0 \ && microdnf install -y --setopt=install_weak_deps=0 \ krb5-libs \ @@ -30,9 +36,9 @@ RUN microdnf update -y --setopt=install_weak_deps=0 \ COPY LICENSE /licenses/LICENSE COPY --from=builder /app/* /usr/local/bin/ -{[% if operator.include_productconfig is undefined or operator.include_productconfig == true %}] -COPY deploy/config-spec/properties.yaml /etc/stackable/{[ operator.name }]/config-spec/properties.yaml -{[% endif %}] +# {[% if operator.include_productconfig is undefined or operator.include_productconfig == true %}] +COPY deploy/config-spec/properties.yaml /etc/stackable/{[operator.name}]/config-spec/properties.yaml +# {[% endif %}] RUN groupadd -g 1000 stackable && adduser -u 1000 -g stackable -c 'Stackable Operator' stackable From 02e66ca32c2a20be4b55c3754bbb8de8a3974da6 Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Mon, 16 Sep 2024 15:40:57 +0200 Subject: [PATCH 4/5] fix(template): Checkout git submodules. Needed by secret and listener operators. --- template/.github/workflows/pr_pre-commit.yaml.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/template/.github/workflows/pr_pre-commit.yaml.j2 b/template/.github/workflows/pr_pre-commit.yaml.j2 index 307d8298..63914844 100644 --- a/template/.github/workflows/pr_pre-commit.yaml.j2 +++ b/template/.github/workflows/pr_pre-commit.yaml.j2 @@ -16,6 +16,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 + submodules: recursive - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: '3.12' From 56f72e07fe1e17a64c514c4d4b97e66e957b0f00 Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Mon, 16 Sep 2024 15:42:06 +0200 Subject: [PATCH 5/5] fix(template): Run commands in a nix-shell to automatically pull the necessary dependencies --- template/.github/workflows/pr_pre-commit.yaml.j2 | 1 + template/.pre-commit-config.yaml.j2 | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/template/.github/workflows/pr_pre-commit.yaml.j2 b/template/.github/workflows/pr_pre-commit.yaml.j2 index 63914844..55cf98ed 100644 --- a/template/.github/workflows/pr_pre-commit.yaml.j2 +++ b/template/.github/workflows/pr_pre-commit.yaml.j2 @@ -40,6 +40,7 @@ jobs: chmod 700 "${LOCATION_BIN}" echo "$LOCATION_DIR" >> "$GITHUB_PATH" + - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26 - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 with: extra_args: "--from-ref ${{ github.event.pull_request.base.sha }} --to-ref ${{ github.event.pull_request.head.sha }}" diff --git a/template/.pre-commit-config.yaml.j2 b/template/.pre-commit-config.yaml.j2 index 4b1c512f..f30ef3ab 100644 --- a/template/.pre-commit-config.yaml.j2 +++ b/template/.pre-commit-config.yaml.j2 @@ -66,13 +66,13 @@ repos: - id: regenerate-charts name: regenerate-charts language: system - entry: make regenerate-charts + entry: nix-shell --run 'make regenerate-charts' stages: [commit, merge-commit, manual] pass_filenames: false - id: cargo-test name: cargo-test language: system - entry: cargo test + entry: nix-shell --run 'cargo test' stages: [commit, merge-commit, manual] pass_filenames: false