Skip to content

Commit

Permalink
PR command build_test
Browse files Browse the repository at this point in the history
  • Loading branch information
mwangggg committed Aug 31, 2023
1 parent 5c3769f commit 1d88a7f
Showing 1 changed file with 85 additions and 40 deletions.
125 changes: 85 additions & 40 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,25 +5,9 @@ concurrency:
cancel-in-progress: true

on:
push:
branches:
- main
- v[0-9]+
- v[0-9]+.[0-9]+
- cryostat-v[0-9]+.[0-9]+

pull_request_target:
issue_comment:
types:
- opened
- reopened
- synchronize
- labeled
- unlabeled
branches:
- main
- v[0-9]+
- v[0-9]+.[0-9]+
- cryostat-v[0-9]+.[0-9]+
- created

env:
CI_USER: cryostat+bot
Expand All @@ -32,8 +16,6 @@ env:
CI_BUNDLE_IMG: quay.io/cryostat/cryostat-operator-bundle
CI_SCORECARD_IMG: quay.io/cryostat/cryostat-operator-scorecard
CI_PLATFORMS: linux/amd64,linux/arm64
REPOSITORY: ${{ github.event.pull_request.head.repo.full_name }}
REF: ${{ github.event.pull_request.head.ref }}
OPENSUSE_UNOFFICIAL_LIBCONTAINERS_KEY_URL: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04/Release.key"
OPENSUSE_UNOFFICIAL_LIBCONTAINERS_SOURCE_URL: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04"

Expand Down Expand Up @@ -68,17 +50,73 @@ jobs:
ignore-missing-package: true
tag-regex: ${{ needs.get-test-image-tag.outputs.tag }}
tagged-keep-latest: 0
controller-test:
check-before-build:
runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'cryostatio' }}
if: ${{ github.repository_owner == 'cryostatio' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/build_test' }}
steps:
- name: Fail if safe-to-test label NOT applied
if: ${{ github.event_name == 'pull_request_target' && !contains(github.event.pull_request.labels.*.name, 'safe-to-test') }}
- name: Fail if needs-triage label applied
if: ${{ contains(github.event.issue.labels.*.name, 'needs-triage') }}
run: exit 1
- name: Show warning if permission is denied
if: |
!(github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'OWNER')
&& (!contains(github.event.issue.labels.*.name, 'safe-to-test') || github.event.issue.user.name != github.event.comment.user.name)
uses: thollander/actions-comment-pull-request@v2
with:
message: |-
You do not have permission to run the /build_test command. Please ask @cryostatio/reviewers
to resolve the issue.
- name: Fail if command permission is denied
if: |
!(github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'OWNER')
&& (!contains(github.event.issue.labels.*.name, 'safe-to-test') || github.event.issue.user.name != github.event.comment.user.name)
run: exit 1
- name: React to comment
uses: actions/github-script@v4
with:
script: |
const {owner, repo} = context.issue
github.reactions.createForIssueComment({
owner,
repo,
comment_id: context.payload.comment.id,
content: "+1",
});
checkout-branch:
runs-on: ubuntu-latest
needs: [check-before-build]
permissions:
contents: read
issues: read
pull-requests: read
outputs:
PR_head_ref: ${{ fromJSON(steps.comment-branch.outputs.result).ref }}
PR_num: ${{ fromJSON(steps.comment-branch.outputs.result).num }}
PR_repo: ${{ fromJSON(steps.comment-branch.outputs.result).repo }}
steps:
- uses: actions/github-script@v4
id: comment-branch
with:
script: |
const result = await github.pulls.get ({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number
})
return { repo: result.data.head.repo.full_name, num: result.data.number, ref: result.data.head.ref }
controller-test:
runs-on: ubuntu-latest
needs: [checkout-branch]
env:
ref: ${{ needs.checkout-branch.outputs.PR_head_ref }}
repo: ${{ needs.checkout-branch.outputs.PR_repo }}
steps:
- uses: actions/checkout@v2
with:
repository: ${{ env.REPOSITORY }}
ref: ${{ env.REF }}
repository: ${{ env.repo }}
ref: ${{ env.ref }}
- uses: actions/setup-go@v2
with:
go-version: '1.20.*'
Expand All @@ -92,20 +130,24 @@ jobs:
${{ runner.os }}-go-
- name: Run controller tests
run: make test-envtest

scorecard-test:
runs-on: ubuntu-latest
needs: [get-test-image-tag]
env:
TAG: ${{ needs.get-test-image-tag.outputs.tag }}
if: ${{ github.repository_owner == 'cryostatio' }}
permissions:
packages: write
needs: [checkout-branch]
env:
ref: ${{ needs.checkout-branch.outputs.PR_head_ref }}
repo: ${{ needs.checkout-branch.outputs.PR_repo }}
num: ${{ needs.checkout-branch.outputs.PR_num }}
steps:
- name: Fail if safe-to-test label NOT applied
if: ${{ github.event_name == 'pull_request_target' && !contains(github.event.pull_request.labels.*.name, 'safe-to-test') }}
run: exit 1
- uses: actions/checkout@v2
with:
repository: ${{ env.REPOSITORY }}
ref: ${{ env.REF }}
repository: ${{ env.repo }}
ref: ${{ env.ref }}
- uses: jpkrohling/[email protected]
with:
operator-sdk-version: v1.28.0
Expand All @@ -129,7 +171,7 @@ jobs:
tags: ${{ env.TAG }}
registry: ghcr.io/${{ github.repository_owner }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GHCR_PR_TOKEN }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build operator image for test
run: |
OPERATOR_IMG=ghcr.io/${{ github.repository_owner }}/cryostat-operator:${{ env.TAG }} \
Expand All @@ -143,7 +185,7 @@ jobs:
tags: ${{ env.TAG }}
registry: ghcr.io/${{ github.repository_owner }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GHCR_PR_TOKEN }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build bundle image for test
run: |
yq -i '.spec.template.spec.imagePullSecrets = [{"name": "registry-key"}]' config/manager/manager.yaml
Expand All @@ -158,7 +200,7 @@ jobs:
tags: ${{ env.TAG }}
registry: ghcr.io/${{ github.repository_owner }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GHCR_PR_TOKEN }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Kind cluster
run: |
kind create cluster --config=".github/kind-config.yaml" -n ci-${{ github.run_id }}
Expand All @@ -173,20 +215,21 @@ jobs:
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GHCR_PR_TOKEN }}
password: ${{ secrets.GITHUB_TOKEN }}
auth_file_path: $HOME/.docker/config.json
- name: Run scorecard tests
run: |
SCORECARD_REGISTRY_SERVER="ghcr.io" \
SCORECARD_REGISTRY_USERNAME="${{ github.repository_owner }}" \
SCORECARD_REGISTRY_PASSWORD="${{ secrets.GHCR_PR_TOKEN }}" \
SCORECARD_REGISTRY_PASSWORD="${{ secrets.GITHUB_TOKEN }}" \
BUNDLE_IMG="${{ steps.push-bundle-to-ghcr.outputs.registry-path }}" \
make test-scorecard
- name: Clean up Kind cluster
run: kind delete cluster -n ci-${{ github.run_id }}

build-operator:
runs-on: ubuntu-latest
if: ${{ github.event_name == 'push' && github.repository_owner == 'cryostatio' }}
needs: [checkout-branch]
steps:
- uses: actions/checkout@v2
- name: Install podman v4
Expand Down Expand Up @@ -221,9 +264,10 @@ jobs:
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Print image URL
run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"

build-bundle:
runs-on: ubuntu-latest
if: ${{ github.event_name == 'push' && github.repository_owner == 'cryostatio' }}
needs: [checkout-branch]
steps:
- uses: actions/checkout@v2
- name: Build bundle image
Expand Down Expand Up @@ -251,9 +295,10 @@ jobs:
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Print image URL
run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"

build-scorecard:
runs-on: ubuntu-latest
if: ${{ github.event_name == 'push' && github.repository_owner == 'cryostatio' }}
needs: [checkout-branch]
steps:
- uses: actions/checkout@v2
- name: Get scorecard image tag
Expand Down

0 comments on commit 1d88a7f

Please sign in to comment.