Skip to content

Add verification report for Perfectscale helm chart #3078

Add verification report for Perfectscale helm chart

Add verification report for Perfectscale helm chart #3078

Workflow file for this run

name: CI
on:
pull_request_target:
types: [opened, synchronize, reopened, edited, ready_for_review, labeled]
jobs:
setup:
name: Setup CI
runs-on: ubuntu-22.04
outputs:
run_build: ${{ steps.check_build_required.outputs.run-build }}
verifier-action-image: ${{ steps.set-env.outputs.verifier-action-image }}
insecure_skip_tls_verify: ${{ steps.set-env.outputs.insecure_skip_tls_verify }}
if: |
github.event.pull_request.draft == false &&
(github.event.action != 'labeled' || github.event.label.name == 'force-publish') &&
github.actor != 'redhat-mercury-bot'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python 3.x Part 1
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Set up Python 3.x Part 2
run: |
# set up python
python3 -m venv ve1
cd scripts
../ve1/bin/pip3 install -r requirements.txt
../ve1/bin/pip3 install .
cd ..
- name: Check for CI changes
id: check_ci_changes
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
run: |
# check if workflow testing should run.
echo "[INFO] check if PR contains only workflow changes and user is authorized"
ve1/bin/check-pr-for-ci --verify-user=${{ github.event.pull_request.user.login }} --api-url=${{ github.event.pull_request._links.self.href }}
- name: Check if PR created as part of release process
id: check_created_release_pr
if: ${{ steps.check_ci_changes.outputs.run-tests != true }}
env:
BOT_NAME: ${{ secrets.BOT_NAME }}
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
run: |
# check if PR was created as part of release processing
./ve1/bin/release-checker --api-url=${{ github.event.pull_request._links.self.href }} \
--sender='${{ github.event.sender.login }}' \
--pr_branch='${{ github.event.pull_request.head.ref }}' \
--pr_body="${{ github.event.pull_request.body }}" \
--pr_base_repo='${{ github.event.pull_request.base.repo.full_name }}' \
--pr_head_repo='${{ github.event.pull_request.head.repo.full_name }}'
- name: Exit if build not required
id: check_build_required
env:
RUN_TESTS: ${{ steps.check_ci_changes.outputs.run-tests }}
NOT_CI_AUTHORIZED: ${{ steps.check_ci_changes.outputs.workflow-only-but-not-authorized }}
NO_CODE_TO_BUILD: ${{ steps.check_ci_changes.outputs.do-not-build }}
DEV_PR_FOR_RELEASE: ${{ steps.check_created_release_pr.outputs.dev_release_branch }}
CHARTS_PR_FOR_RELEASE: ${{ steps.check_created_release_pr.outputs.charts_release_branch }}
run: |
# exit if build not required
if [ "${RUN_TESTS}" == "true" ] || [ "${NOT_CI_AUTHORIZED}" == "true" ]; then
echo "The PR is workflow changes only - do not continue."
exit 0
elif [ "${NO_CODE_TO_BUILD}" == "true" ]; then
echo "The PR does not contain changes which need build or test."
exit 0
elif [ "${DEV_PR_FOR_RELEASE}" == "true" ]; then
echo "The PR is part of release processing for the development repository - do not continue."
elif [ "${CHART_PR_FOR_RELEASE}" == "true" ]; then
echo "The PR is part of release processing for the charts repository - do not continue."
else
echo "run-build=true" >> $GITHUB_OUTPUT
fi
- name: Set Environment
id: set-env
run: |
#set environment based on repository
if [ $GITHUB_REPOSITORY == "openshift-helm-charts/charts" ]; then
echo "Use latest verifier image"
echo "verifier-action-image=latest" >> $GITHUB_OUTPUT
else
echo "Use dev verifier image"
echo "verifier-action-image=0.1.0" >> $GITHUB_OUTPUT
fi
echo "insecure_skip_tls_verify=true" >> $GITHUB_OUTPUT
chart-verifier:
name: Run chart-verifier
runs-on: ubuntu-22.04
needs: [setup]
outputs:
report_content: ${{ steps.check_report.outputs.report_content }}
redhat_to_community: ${{ steps.check_report.outputs.redhat_to_community }}
message_file: ${{ steps.pr_comment.outputs.message-file }}
message_text_base64: ${{ steps.encode_pr_comment.outputs.message-text-base64 }}
web_catalog_only: ${{ steps.check_pr_content.outputs.web_catalog_only }}
chart_entry_name: ${{ steps.check_pr_content.outputs.chart-entry-name }}
release_tag: ${{ steps.check_pr_content.outputs.release_tag }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Checkout PR Branch
if: ${{ needs.setup.outputs.run_build == 'true' }}
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
path: "pr-branch"
- name: Set up Python 3.x Part 1
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Set up Python 3.x Part 2
run: |
# set up python
python3 -m venv ve1
cd scripts
../ve1/bin/pip3 install -r requirements.txt
../ve1/bin/pip3 install .
cd ..
- name: Check PR Content
id: check_pr_content
if: ${{ needs.setup.outputs.run_build == 'true' }}
continue-on-error: true
env:
GITHUB_REF: ${{ github.ref }}
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
run: |
INDEX_BRANCH=$(if [ "${GITHUB_REF}" = "refs/heads/main" ]; then echo "refs/heads/gh-pages"; else echo "${GITHUB_REF}-gh-pages"; fi)
./ve1/bin/check-pr-content --index-branch=${INDEX_BRANCH} --repository=${{ github.repository }} --api-url=${{ github.event.pull_request._links.self.href }}
- name: Add 'content-ok' label
uses: actions/github-script@v7
if: ${{ steps.check_pr_content.outcome == 'success'}}
continue-on-error: true
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: ['content-ok']
})
- name: Remove 'content-ok' label
uses: actions/github-script@v7
if: ${{ steps.check_pr_content.outcome == 'failure' && contains( github.event.pull_request.labels.*.name, 'content-ok') }}
continue-on-error: true
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.removeLabel({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
name: 'content-ok'
})
- name: Reflect on PR Content check
if: ${{ steps.check_pr_content.outcome == 'failure'}}
run: |
echo "The 'PR Content check' step has failed."
exit 1
- name: Remove 'authorized-request' label from PR
uses: actions/github-script@v7
if: ${{ needs.setup.outputs.run_build == 'true' && contains( github.event.pull_request.labels.*.name, 'authorized-request') }}
continue-on-error: true
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
var issue_number = ${{ github.event.number }};
github.rest.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: Number(issue_number),
name: 'authorized-request'
})
- name: install chart verifier for action
uses: redhat-actions/openshift-tools-installer@v1
with:
source: github
skip_cache: true
chart-verifier: "${{ needs.setup.outputs.verifier-action-image }}"
- name: determine verify requirements
if: ${{ needs.setup.outputs.run_build == 'true' }}
id: verify_requires
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
working-directory: ./pr-branch
run: |
../ve1/bin/get-verify-params --directory=pr --api-url=${{ github.event.pull_request._links.self.href }}
- name: Install oc
id: install-oc
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }}
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: latest
- name: Set cluster login params
id: login-params
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }}
run: |
#calculate cluster params
API_SERVER=$( echo -n ${{ secrets.API_SERVER }} | base64 -d)
echo "API_SERVER=${API_SERVER}" >> $GITHUB_OUTPUT
- uses: redhat-actions/oc-login@v1
id: oc_login
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }}
with:
openshift_server_url: ${{ steps.login-params.outputs.API_SERVER }}
openshift_token: ${{ secrets.CLUSTER_TOKEN }}
insecure_skip_tls_verify: ${{ needs.setup.outputs.insecure_skip_tls_verify }}
- name: create service account
id: create_service_account
if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }}
env:
API_SERVER: ${{ steps.login-params.outputs.API_SERVER }}
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
run: |
ve1/bin/sa-for-chart-testing --create charts-${{ github.event.number }} --token token.txt --server ${API_SERVER}
echo "delete_namespace=true" >> $GITHUB_OUTPUT
echo $KUBECONFIG
- uses: redhat-actions/chart-verifier@v1
id: run-verifier
if: ${{ steps.verify_requires.outputs.report_needed == 'true' }}
with:
chart_uri: ${{ steps.verify_requires.outputs.verify_uri }}
verify_args: ${{ steps.verify_requires.outputs.verify_args }}
report_type: all
fail: false
- name: check-verifier-result
id: check-verifier-result
if: ${{ always() && steps.run-verifier.outcome == 'failure' }}
run: |
error_message="The chart verifier returned an error when trying to obtain a verification report for the chart."
echo "verifier_error_message=$error_message" >> $GITHUB_OUTPUT
- name: Get profile version set in report provided by the user
id: get-profile-version
if: ${{ needs.setup.outputs.run_build == 'true' && steps.verify_requires.outputs.report_provided == 'true' }}
uses: mikefarah/yq@master
with:
cmd: yq '.metadata.tool.profile.version' ${{ format('./pr-branch/{0}', steps.verify_requires.outputs.provided_report_relative_path) }}
- name: Get the range of Kubernetes versions set in the report provided by the user
id: get-kube-range
if: ${{ needs.setup.outputs.run_build == 'true' && steps.verify_requires.outputs.report_provided == 'true' }}
continue-on-error: true
uses: mikefarah/yq@master
with:
cmd: yq '.metadata.chart.kubeversion' ${{ format('./pr-branch/{0}', steps.verify_requires.outputs.provided_report_relative_path) }}
- name: Get the corresponding range of OCP versions
id: get-ocp-range
if: ${{ needs.setup.outputs.run_build == 'true' && steps.verify_requires.outputs.report_provided == 'true' }}
continue-on-error: true
uses: ./.github/actions/get-ocp-range
with:
kube-version-range: ${{ steps.get-kube-range.outputs.result }}
- name: Only ignore errors in get-ocp-range for profile in version v1.0
if: ${{ (steps.get-kube-range.outcome == 'failure' || steps.get-ocp-range.outcome == 'failure') && steps.get-profile-version.outputs.result != 'v1.0' }}
run: |
echo "::error file=.github/workflows/build.yaml::Failure in get-ocp-range, mandatory for profile version ${{ steps.get-profile-version.outputs.result }}"
exit 1
- name: Check Report
id: check_report
if: ${{ needs.setup.outputs.run_build == 'true' }}
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
VENDOR_TYPE: ${{ steps.check_pr_content.outputs.category }}
WEB_CATALOG_ONLY: ${{ steps.check_pr_content.outputs.web_catalog_only }}
REPORT_GENERATED: ${{ steps.verify_requires.outputs.report_needed }}
GENERATED_REPORT_PATH: ${{ steps.run-verifier.outputs.report_file }}
REPORT_SUMMARY_PATH: ${{ steps.run-verifier.outputs.report_info_file }}
WORKFLOW_WORKING_DIRECTORY: "../pr"
OCP_VERSION_RANGE: ${{ steps.get-ocp-range.outputs.ocp-version-range }}
run: |
cd pr-branch
../ve1/bin/chart-pr-review \
--directory=../pr \
--verify-user=${{ github.event.pull_request.user.login }} \
--api-url=${{ github.event.pull_request._links.self.href }}
cd ..
- name: Delete Namespace
if: ${{ always() && steps.oc_login.conclusion == 'success' }}
env:
KUBECONFIG: /tmp/ci-kubeconfig
run: |
API_SERVER=$( echo -n ${{ secrets.API_SERVER }} | base64 -d)
oc login --token=${{ secrets.CLUSTER_TOKEN }} --server=${API_SERVER} --insecure-skip-tls-verify=${{ needs.setup.outputs.insecure_skip_tls_verify }}
ve1/bin/sa-for-chart-testing --delete charts-${{ github.event.number }}
- name: Save PR artifact
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
if: ${{ always() && needs.setup.outputs.run_build == 'true' }}
run: |
ve1/bin/pr-artifact --directory=./pr --pr-number=${{ github.event.number }} --api-url=${{ github.event.pull_request._links.self.href }}
- name: Prepare PR comment
id: pr_comment
if: ${{ always() && needs.setup.outputs.run_build == 'true' }}
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
PR_CONTENT_ERROR_MESSAGE: ${{ steps.check_pr_content.outputs.pr-content-error-message }}
OWNERS_ERROR_MESSAGE: ${{ steps.check_pr_content.outputs.owners-error-message }}
COMMUNITY_MANUAL_REVIEW: ${{ steps.check_report.outputs.community_manual_review_required }}
OC_INSTALL_RESULT: ${{ steps.install-oc.outcome }}
VERIFIER_ERROR_MESSAGE: ${{ steps.check-verifier-result.outputs.verifier_error_message }}
run: |
ve1/bin/pr-comment ${{ steps.check_pr_content.outcome }} ${{ steps.run-verifier.outcome }} ${{ steps.check_report.conclusion }}
# Note(komish): This step is a temporary fix for the metrics step in the next job
# which expects the PR comment to exist at the specified filesystem location.
- name: Encode PR Comment for Metrics
id: encode_pr_comment
if: ${{ always() && needs.setup.outputs.run_build == 'true' }}
run: |
commentBase64=$(base64 --wrap=0 ${{ steps.pr_comment.outputs.message-file }})
echo "message-text-base64=${commentBase64}" | tee -a $GITHUB_OUTPUT
- name: Comment on PR
if: ${{ always() && needs.setup.outputs.run_build == 'true' }}
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
var fs = require('fs');
var issue_number = ${{ github.event.number }};
var comment = fs.readFileSync('./pr/comment', {encoding:'utf8', flag:'r'});
github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: Number(issue_number),
body: comment
});
- name: Add 'authorized-request' label to PR
if: ${{ always() && steps.check_pr_content.outcome == 'success' && steps.run-verifier.outcome != 'failure' && needs.setup.outputs.run_build == 'true' }}
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
var fs = require('fs');
var issue_number = ${{ github.event.number }};
var vendor_label = fs.readFileSync('./pr/vendor');
var chart_name = fs.readFileSync('./pr/chart');
if (vendor_label.toString() !== "" && chart_name.toString() !== "") {
github.rest.issues.addLabels({
issue_number: Number(issue_number),
owner: context.repo.owner,
repo: context.repo.repo,
labels: ['authorized-request']
})};
- name: Approve PR
id: approve_pr
if: ${{ steps.check_report.conclusion == 'success' }}
uses: hmarr/auto-approve-action@v4
with:
# The token we use for this changes for the Sandbox repository because the sandbox repository
# receives PRs from the openshift-helm-charts-bot, and that same bot cannot approve its own
# PRs which breaks workflows. Instead, for the Sandbox repo, we approve with the GHA bot.
github-token: ${{ github.repository == 'openshift-helm-charts/sandbox' && secrets.GITHUB_TOKEN || secrets.BOT_TOKEN }}
- name: Merge PR
id: merge_pr
if: ${{ steps.approve_pr.conclusion == 'success' }}
uses: pascalgn/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
MERGE_METHOD: squash
MERGE_LABELS: ""
- name: Check for PR merge
if: ${{ needs.setup.outputs.run_build == 'true' }}
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
run: |
./ve1/bin/check-auto-merge --api-url=${{ github.event.pull_request._links.self.href }}
release:
name: Release Chart
runs-on: ubuntu-22.04
needs: [setup, chart-verifier]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Checkout PR Branch
if: ${{ needs.setup.outputs.run_build == 'true' }}
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
path: "pr-branch"
- name: Set up Python 3.x Part 1
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Set up Python 3.x Part 2
run: |
# set up python
python3 -m venv ve1
cd scripts
../ve1/bin/pip3 install -r requirements.txt
../ve1/bin/pip3 install .
cd ..
- name: install chart verifier for action
uses: redhat-actions/openshift-tools-installer@v1
with:
source: github
skip_cache: true
chart-verifier: ${{ needs.setup.outputs.verifier-action-image }}
- name: Block until there is no running workflow
if: ${{ needs.setup.outputs.run_build == 'true' }}
uses: softprops/turnstyle@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Configure Git
if: ${{ needs.setup.outputs.run_build == 'true' }}
run: |
git config --global user.name "github-actions[bot]"
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
- name: Prepare Chart Release and index entry
if: ${{ needs.setup.outputs.run_build == 'true' }}
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
REPORT_CONTENT: ${{ needs.chart-verifier.outputs.report_content }}
REDHAT_TO_COMMUNITY: ${{ needs.chart-verifier.outputs.redhat_to_community }}
WEB_CATALOG_ONLY: ${{ needs.chart-verifier.outputs.web_catalog_only }}
OCP_VERSION_RANGE: ${{ steps.get-ocp-range.outputs.ocp-version-range }}
id: prepare-chart-release
run: |
cd pr-branch
../ve1/bin/chart-repo-manager \
--repository=${{ github.repository }} \
--api-url=${{ github.event.pull_request._links.self.href }} \
# Upload the report file, potentially paired with a public key and, if provided, the chart's tarball and its prov file.
# Only the report file is always included.
# The release tag format is <organization_name>-<chart_name>-<chart_version>
- name: Create GitHub release
if: ${{ needs.chart-verifier.outputs.web_catalog_only == 'False' }}
uses: softprops/action-gh-release@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
tag_name: ${{ needs.chart-verifier.outputs.release_tag }}
files: |
${{ steps.prepare-chart-release.outputs.report_file }}
${{ steps.prepare-chart-release.outputs.public_key_file }}
${{ steps.prepare-chart-release.outputs.path_to_chart_tarball }}
${{ steps.prepare-chart-release.outputs.prov_file_name }}
fail_on_unmatched_files: true
- name: Update Helm repository index
if: ${{ needs.setup.outputs.run_build == 'true' }}
env:
CHART_ENTRY_NAME: ${{ needs.chart-verifier.outputs.chart_entry_name }}
WEB_CATALOG_ONLY: ${{ needs.chart-verifier.outputs.web_catalog_only }}
RELEASE_TAG: ${{ needs.chart-verifier.outputs.release_tag }}
run: |
INDEX_BRANCH=$(if [ "${GITHUB_REF}" = "refs/heads/main" ]; then echo "gh-pages"; else echo "${GITHUB_REF##*/}-gh-pages"; fi)
echo "[INFO] Creating Git worktree for index branch"
INDEX_DIR=$(mktemp -d)
git remote add upstream "$GITHUB_SERVER_URL"/"$GITHUB_REPOSITORY"
git fetch upstream "$INDEX_BRANCH"
git worktree add --detach "$INDEX_DIR" upstream/"$INDEX_BRANCH"
if [ "$WEB_CATALOG_ONLY" == "True" ]; then
INDEX_FILE="unpublished-certified-charts.yaml"
else
INDEX_FILE="index.yaml"
fi
source ve1/bin/activate
cd $INDEX_DIR
update-index \
--index-branch=${INDEX_BRANCH} \
--index-file=${INDEX_FILE} \
--repository=${{ github.repository }} \
--chart-entry="${{ steps.prepare-chart-release.outputs.chart_entry }}" \
--chart-url="${{ steps.prepare-chart-release.outputs.chart_url }}" \
--version="${{ steps.prepare-chart-release.outputs.version }}"
echo "[INFO] Add and commit changes to git"
git status
git add $INDEX_FILE
git status
git commit -m "$RELEASE_TAG $INDEX_FILE (${{ github.event.number }})"
git status
git push \
https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }} \
HEAD:refs/heads/${INDEX_BRANCH}
- name: Add a GitHub comment if release has failed
uses: actions/github-script@v7
if: ${{ failure() && github.repository != 'openshift-helm-charts/sandbox' }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: `### Release job failed
An error occured while updating the Helm repository index.
cc @komish @mgoerens`
});
# Note(komish): This step is a temporary workaround. Metrics requires the PR comment
# to be available, but it is written to the filesystem in the previous job.
# This can be removed once the metrics execution is restructured to have access to the PR
# comment, or pulled out of the release job entirely.
- name: Retrieve PR comment for metrics
if: ${{ always() && needs.setup.outputs.run_build == 'true' && github.repository != 'openshift-helm-charts/sandbox' }}
run: |
mkdir -p $(dirname ${{ needs.chart-verifier.outputs.message_file }})
echo ${{ needs.chart-verifier.outputs.message_text_base64 }} | base64 -d | tee ${{ needs.chart-verifier.outputs.message_file }}
- name: Add metrics
id: add_metrics
if: ${{ always() && needs.setup.outputs.run_build == 'true' && github.repository != 'openshift-helm-charts/sandbox' }}
continue-on-error: true
env:
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
run: |
if [ $GITHUB_REPOSITORY == "openshift-helm-charts/charts" ]; then
WRITE_KEY=${{ secrets.SEGMENT_WRITE_KEY }}
ID_PREFIX="helm-metric-pr"
echo "Use segment production write key"
else
WRITE_KEY=${{ secrets.SEGMENT_TEST_WRITE_KEY }}
ID_PREFIX="helm-test-metric-pr"
echo "Use segment test write key"
fi
if [ "${WRITE_KEY}" != "" ]; then
echo "add PR run metric"
ve1/bin/metrics --write-key="${WRITE_KEY}" \
--metric-type="pull_request" \
--message-file="${{ needs.chart-verifier.outputs.message_file }}" \
--pr-number="${{ github.event.number }}" \
--pr-action="${{ github.event.action }}" \
--repository="${GITHUB_REPOSITORY}" \
--prefix="${ID_PREFIX}" \
--pr_dir="./pr-branch"
else
echo "Do not collect metrics, required segment write key is not set"
fi
- name: Alert Slack helm_dev on failure to update metrics
continue-on-error: true
if: steps.add_metrics.outcome == 'failure'
uses: archive/[email protected]
with:
slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN }}
slack-channel: C02979BDUPL
slack-text: Failure! Updating metrics during a chart certification. See '${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}'