Check Software Version #876
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Check Software Version | |
on: | |
# Daily trigger to check updates | |
schedule: | |
- cron: "0 0 * * *" | |
workflow_dispatch: | |
inputs: | |
# XXX: dry-run has side effects: | |
# 1. Opens issue in openshift-helm-chart/sandbox if failures are detected. | |
# 2. Runs this workflow whether or not a version change has occurred | |
# 3. By default dperaza and mmulholla are tagged in any issues raised. | |
dry-run: | |
description: "Dry Run? (Unconditionally run tests and create issues in sandbox) {true,false}" | |
required: true | |
default: "true" | |
update-version: | |
description: "Dry run also checks and updates software-version file if not charts repository" | |
required: true | |
default: "false" | |
vendor-type: | |
description: "Vendor type {all,partner,redhat,community}" | |
required: true | |
default: "all" | |
notify-id: | |
description: "(Optional) Issue notification {github id}" | |
required: false | |
default: "" | |
jobs: | |
check-ocp: | |
name: Check OpenShift Version | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: check schedule and main repository | |
id: check_repo | |
run: | | |
echo "GITHUB_EVENT_NAME : $GITHUB_EVENT_NAME" | |
echo "GITHUB_REPOSITORY : $GITHUB_REPOSITORY" | |
echo "dry-run : ${{ github.event.inputs.dry-run }}" | |
echo "update-version : ${{ github.event.inputs.update-version }}" | |
if [ $GITHUB_EVENT_NAME == 'workflow_dispatch' ]; then | |
echo "run-job=true" >> $GITHUB_OUTPUT | |
if [ "${{ github.event.inputs.dry-run }}" == "true" ]; then | |
if [[ "${{ github.event.inputs.update-version }}" == "true" && $GITHUB_REPOSITORY != "openshift-helm-charts/charts" ]]; then | |
echo "check-version=true" >> $GITHUB_OUTPUT | |
else | |
echo "check-version=false" >> $GITHUB_OUTPUT | |
fi | |
else | |
echo "check-version=true" >> $GITHUB_OUTPUT | |
fi | |
elif [ $GITHUB_REPOSITORY == "openshift-helm-charts/charts" ]; then | |
echo "run-job=true" >> $GITHUB_OUTPUT | |
echo "check-version=true" >> $GITHUB_OUTPUT | |
else | |
echo "run-job=false" >> $GITHUB_OUTPUT | |
echo "check-version=false" >> $GITHUB_OUTPUT | |
fi | |
- name: Install oc | |
if: steps.check_repo.outputs.run-job == 'true' | |
run: | | |
curl -sLO https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable/openshift-client-linux.tar.gz | |
tar zxvf openshift-client-linux.tar.gz oc | |
- name: Log into OpenShift cluster | |
if: steps.check_repo.outputs.run-job == 'true' | |
run: | | |
API_SERVER=$(echo -n ${{ secrets.API_SERVER }} | base64 -d) | |
./oc login --insecure-skip-tls-verify --token=${{ secrets.CLUSTER_TOKEN }} --server=${API_SERVER} | |
shell: bash | |
- name: Get current OpenShift version | |
if: steps.check_repo.outputs.run-job == 'true' | |
id: get_curr_ocp_version | |
run: | | |
OCP_VERSION=$(./oc version -o json | jq '.openshiftVersion') | |
OCP_VERSION=$(sed -e 's/^"//' -e 's/"$//' <<< $OCP_VERSION) | |
printf "[INFO] Current OCP Version: %s\n" ${OCP_VERSION} | |
echo "curr_ocp_version=${OCP_VERSION}" >> $GITHUB_OUTPUT | |
shell: bash | |
- name: Checkout software-version branch | |
if: steps.check_repo.outputs.check-version == 'true' | |
uses: actions/checkout@v4 | |
with: | |
ref: "software-version" | |
repository: ${{ github.repository }} | |
- name: Read previous OpenShift version | |
id: get_prev_ocp_version | |
if: steps.check_repo.outputs.check-version == 'true' | |
uses: mikefarah/yq@master | |
with: | |
cmd: yq e '.openshift.release-client-version' software-version.yaml | |
- name: Check if test should run | |
id: check_test | |
run: | | |
set -euo pipefail | |
if [ "${{ steps.check_repo.outputs.run-job }}" != "true" ]; then | |
echo "run_tests=false" >> $GITHUB_OUTPUT | |
echo "update-version=false" >> $GITHUB_OUTPUT | |
elif [ "${{ steps.check_repo.outputs.check-version }}" == "true" ]; then | |
if [ "${{ steps.get_curr_ocp_version.outputs.curr_ocp_version }}" == "${{ steps.get_prev_ocp_version.outputs.result }}" ]; then | |
# No change in the OpenShift versions. | |
printf "OpenShift version has not changed since last run: '%s' -> '%s'\n" "${{ steps.get_prev_ocp_version.outputs.result }}" "${{ steps.get_curr_ocp_version.outputs.curr_ocp_version }}" | |
echo "update-version=false" >> $GITHUB_OUTPUT | |
if [ "${{ github.event.inputs.dry-run }}" == "true" ]; then | |
echo "Openshift version has not changed but run anyaway as dry-run is set" | |
echo "run_tests=true" >> $GITHUB_OUTPUT | |
else | |
echo "Openshift version has not changed do not run tests" | |
echo "run_tests=false" >> $GITHUB_OUTPUT | |
fi | |
else | |
printf "OpenShift version has changed since last run: '%s' -> '%s'\n" "${{ steps.get_prev_ocp_version.outputs.result }}" "${{ steps.get_curr_ocp_version.outputs.curr_ocp_version }}" | |
echo "run_tests=true" >> $GITHUB_OUTPUT | |
echo "update-version=true" >> $GITHUB_OUTPUT | |
fi | |
else | |
# Run whether open shift version has changed or not | |
echo "Run tests - version check skipped" | |
echo "update-version=false" >> $GITHUB_OUTPUT | |
echo "run_tests=true" >> $GITHUB_OUTPUT | |
fi | |
shell: bash | |
- name: Update software-version.yaml | |
if: | | |
steps.check_test.outputs.update-version == 'true' | |
uses: mikefarah/yq@master | |
with: | |
cmd: yq eval -i '.openshift.release-client-version = "${{ steps.get_curr_ocp_version.outputs.curr_ocp_version }}"' 'software-version.yaml' | |
- name: Push software-version.yaml | |
if: | | |
steps.check_test.outputs.update-version == 'true' | |
run: | | |
COMMIT_MESSAGE=$(printf "software-version.yaml: Update OpenShift version from '%s' to '%s'" "${{ steps.get_prev_ocp_version.outputs.result }}" "${{ steps.get_curr_ocp_version.outputs.curr_ocp_version }}") | |
git remote -v | |
git branch -vv | |
git config --global user.name "github-actions[bot]" | |
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
git commit -am "${COMMIT_MESSAGE}" | |
git push | |
- name: Checkout main branch | |
if: | | |
steps.check_test.outputs.run_tests == 'true' | |
uses: actions/checkout@v4 | |
with: | |
ref: "main" | |
token: ${{ secrets.BOT_TOKEN }} | |
fetch-depth: 0 | |
- name: Set up Python 3.x Part 1 | |
if: | | |
steps.check_test.outputs.run_tests == 'true' | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.10" | |
- name: Set up Python 3.x Part 2 | |
if: | | |
steps.check_test.outputs.run_tests == 'true' | |
run: | | |
# set up python | |
python3 -m venv ve1 | |
cd scripts | |
../ve1/bin/pip3 install -r requirements.txt | |
../ve1/bin/pip3 install . | |
cd .. | |
- name: (Manual) Run tests on existing charts | |
if: | | |
github.event_name == 'workflow_dispatch' && steps.check_test.outputs.run_tests == 'true' | |
env: | |
CLUSTER_TOKEN: ${{ secrets.CLUSTER_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
DRY_RUN: ${{ github.event.inputs.dry-run }} | |
VENDOR_TYPE: ${{ github.event.inputs.vendor-type }} | |
NOTIFY_ID: ${{ github.event.inputs.notify-id }} | |
BOT_NAME: ${{ secrets.BOT_NAME }} | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
SOFTWARE_NAME: "OpenShift" | |
SOFTWARE_VERSION: ${{ steps.get_curr_ocp_version.outputs.curr_ocp_version }} | |
run: | | |
printf "[INFO] Dry run: '%s'\n" "${{ env.DRY_RUN }}" | |
printf "[INFO] Vendor type: '%s'\n" "${{ env.VENDOR_TYPE }}" | |
printf "[INFO] Notify ID: '%s'\n" "${{ env.NOTIFY_ID }}" | |
printf "[INFO] Software Name: '%s'\n" "${{ env.SOFTWARE_NAME }}" | |
printf "[INFO] Software Version: '%s'\n" "${{ env.SOFTWARE_VERSION }}" | |
ve1/bin/behave tests/functional/behave_features/ --tags=version-change --logging-level=INFO --no-capture --no-color | |
- name: (Schedule) Run tests on existing charts | |
id: run-schedule-tests | |
if: | | |
github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true' | |
env: | |
CLUSTER_TOKEN: ${{ secrets.CLUSTER_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
BOT_NAME: ${{ secrets.BOT_NAME }} | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
DRY_RUN: "false" | |
VENDOR_TYPE: "all" | |
NOTIFY_ID: "" | |
SOFTWARE_NAME: "OpenShift" | |
SOFTWARE_VERSION: ${{ steps.get_curr_ocp_version.outputs.curr_ocp_version }} | |
run: | | |
printf "[INFO] Dry run: '%s'\n" "${{ env.DRY_RUN }}" | |
printf "[INFO] Vendor type: '%s'\n" "${{ env.VENDOR_TYPE }}" | |
printf "[INFO] Notify ID: '%s'\n" "${{ env.NOTIFY_ID }}" | |
printf "[INFO] Software Name: '%s'\n" "${{ env.SOFTWARE_NAME }}" | |
printf "[INFO] Software Version: '%s'\n" "${{ env.SOFTWARE_VERSION }}" | |
ve1/bin/behave tests/functional/behave_features/ --tags=version-change --logging-level=INFO --no-capture --no-color | |
- name: Send message to helm_dev slack channel | |
id: notify_dev | |
if: ${{ always() && github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true' && steps.run-schedule-tests.conclusion != 'success' }} | |
uses: archive/github-actions-slack@v2.8.0 | |
with: | |
slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN }} | |
slack-channel: C02979BDUPL | |
slack-text: Failure! Nightly run after an OpenShift version update to ${{ steps.get_curr_ocp_version.outputs.curr_ocp_version }} was detected. See '${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}' | |
- name: Result from "Send Message to helm_dev slack channel" | |
if: ${{ always() && github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true' && steps.run-schedule-tests.conclusion != 'success' }} | |
run: echo "The result was ${{ steps.notify_dev.outputs.slack-result }}" | |
- name: Send message to helm_notify slack channel | |
id: notify | |
if: ${{ always() && github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true' && steps.run-schedule-tests.conclusion == 'success' }} | |
uses: archive/github-actions-slack@v2.8.0 | |
with: | |
slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN }} | |
slack-channel: C04K1ARMH8A | |
slack-text: Success! Nightly run after an OpenShift version update to ${{ steps.get_curr_ocp_version.outputs.curr_ocp_version }} was detected. See '${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}' | |
- name: Result from "Send Message to helm_notify slack channel" | |
if: ${{ always() && github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true' && steps.run-schedule-tests.conclusion == 'success' }} | |
run: echo "The result was ${{ steps.notify.outputs.slack-result }}" | |
check-chart-verifier: | |
if: ${{ always() }} | |
needs: check-ocp | |
name: Check Chart Verifier Version | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: check schedule and main repository | |
id: check_repo | |
run: | | |
echo "GITHUB_EVENT_NAME : $GITHUB_EVENT_NAME" | |
echo "GITHUB_REPOSITORY : $GITHUB_REPOSITORY" | |
echo "dry-run : ${{ github.event.inputs.dry-run }}" | |
echo "update-version : ${{ github.event.inputs.update-version }}" | |
if [ $GITHUB_EVENT_NAME == 'workflow_dispatch' ]; then | |
echo "run-job=true" >> $GITHUB_OUTPUT | |
if [ "${{ github.event.inputs.dry-run }}" == "true" ]; then | |
if [[ "${{ github.event.inputs.update-version }}" == "true" && $GITHUB_REPOSITORY != "openshift-helm-charts/charts" ]]; then | |
echo "check-version=true" >> $GITHUB_OUTPUT | |
else | |
echo "check-version=false" >> $GITHUB_OUTPUT | |
fi | |
else | |
echo "check-version=true" >> $GITHUB_OUTPUT | |
fi | |
elif [ $GITHUB_REPOSITORY == "openshift-helm-charts/charts" ]; then | |
echo "run-job=true" >> $GITHUB_OUTPUT | |
echo "check-version=true" >> $GITHUB_OUTPUT | |
else | |
echo "run-job=false" >> $GITHUB_OUTPUT | |
echo "check-version=false" >> $GITHUB_OUTPUT | |
fi | |
- name: Get current Chart Verifier version | |
id: get_curr_cv_version | |
if: steps.check_repo.outputs.run-job == 'true' | |
run: | | |
QUAY_API='https://quay.io/api/v1/repository/redhat-certification/chart-verifier/tag/' | |
CV_DIGEST=$(curl ${QUAY_API} | jq '[.tags[] | select(.name == "latest")] | .[0].manifest_digest') | |
printf "[INFO] Current Chart Verifier digest: %s\n" ${CV_DIGEST} | |
echo "current_cv_digest=${CV_DIGEST}" >> $GITHUB_OUTPUT | |
shell: bash | |
- name: Checkout software-version branch | |
if: steps.check_repo.outputs.check-version == 'true' | |
uses: actions/checkout@v4 | |
with: | |
ref: "software-version" | |
repository: ${{ github.repository }} | |
- name: Read previous Chart Verifier digest | |
if: steps.check_repo.outputs.check-version == 'true' | |
id: get_prev_cv_digest | |
uses: mikefarah/yq@master | |
with: | |
cmd: yq e '.chart-verifier.latest-manifest-digest' software-version.yaml | |
- name: Compare Chart Verifier versions | |
id: check_test | |
run: | | |
set -euo pipefail | |
if [ "${{ steps.check_repo.outputs.run-job }}" != "true" ]; then | |
echo "run_tests=false" >> $GITHUB_OUTPUT | |
echo "update-version=false" >> $GITHUB_OUTPUT | |
elif [ "${{ steps.check_repo.outputs.check-version }}" == "true" ]; then | |
if [ "${{ steps.get_curr_cv_version.outputs.current_cv_digest }}" == "${{ steps.get_prev_cv_digest.outputs.result }}" ]; then | |
# No change in the Chart Verifier image - do not run tests if a scheduled run or dry-run is not set | |
printf "Chart Verifier has not changed since last run: '%s' -> '%s'\n" "${{ steps.get_prev_cv_digest.outputs.result }}" "${{ steps.get_curr_cv_version.outputs.current_cv_digest }}" | |
echo "update-version=false" >> $GITHUB_OUTPUT | |
if [ "${{ github.event.inputs.dry-run }}" == "true" ]; then | |
echo "Chart Verifier image has not changed but run anyaway as dry-run is set" | |
echo "run_tests=true" >> $GITHUB_OUTPUT | |
else | |
echo "Chart Verifier image has not changed do not run tests" | |
echo "run_tests=false" >> $GITHUB_OUTPUT | |
fi | |
else | |
# New Chart Verifier image is found | |
printf "Chart Verifier has changed since last run: '%s' -> '%s'\n" "${{ steps.get_prev_cv_digest.outputs.result }}" "${{ steps.get_curr_cv_version.outputs.current_cv_digest }}" | |
echo "run_tests=true" >> $GITHUB_OUTPUT | |
echo "update-version=true" >> $GITHUB_OUTPUT | |
fi | |
else | |
# Run whether Chart Verifier image has changed or not | |
echo "Run tests - version check skipped" | |
echo "update-version=false" >> $GITHUB_OUTPUT | |
echo "run_tests=true" >> $GITHUB_OUTPUT | |
fi | |
shell: bash | |
- name: Update software-version.yaml | |
if: | | |
steps.check_test.outputs.update-version == 'true' | |
uses: mikefarah/yq@master | |
with: | |
cmd: yq eval -i '.chart-verifier.latest-manifest-digest = ${{ steps.get_curr_cv_version.outputs.current_cv_digest }}' 'software-version.yaml' | |
- name: Push software-version.yaml | |
if: | | |
steps.check_test.outputs.update-version == 'true' | |
run: | | |
COMMIT_MESSAGE=$(printf "software-version.yaml: Update chart-verifier version from '%s' to '%s'" "${{ steps.get_prev_ocp_version.outputs.result }}" "${{ steps.get_curr_cv_version.outputs.current_cv_digest }}") | |
git remote -v | |
git branch -vv | |
git config --global user.name "github-actions[bot]" | |
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
git commit -am "${COMMIT_MESSAGE}" | |
git push | |
- name: Checkout charts main branch | |
if: | | |
steps.check_test.outputs.run_tests == 'true' | |
uses: actions/checkout@v4 | |
with: | |
ref: "main" | |
token: ${{ secrets.BOT_TOKEN }} | |
fetch-depth: 0 | |
- name: Set up Python 3.x Part 1 | |
if: | | |
steps.check_test.outputs.run_tests == 'true' | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.10" | |
- name: Set up Python 3.x Part 2 | |
if: | | |
steps.check_test.outputs.run_tests == 'true' | |
run: | | |
# set up python | |
pwd | |
python3 -m venv ve1 | |
cd scripts | |
../ve1/bin/pip3 install -r requirements.txt | |
../ve1/bin/pip3 install . | |
cd .. | |
- name: (Manual) Run tests on existing charts | |
if: | | |
github.event_name == 'workflow_dispatch' && steps.check_test.outputs.run_tests == 'true' | |
env: | |
CLUSTER_TOKEN: ${{ secrets.CLUSTER_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
DRY_RUN: ${{ github.event.inputs.dry-run }} | |
VENDOR_TYPE: ${{ github.event.inputs.vendor-type }} | |
NOTIFY_ID: ${{ github.event.inputs.notify-id }} | |
BOT_NAME: ${{ secrets.BOT_NAME }} | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
SOFTWARE_NAME: "chart-verifier" | |
SOFTWARE_VERSION: ${{ steps.get_curr_cv_version.outputs.current_cv_digest }} | |
run: | | |
printf "[INFO] Dry run: '%s'\n" "${{ env.DRY_RUN }}" | |
printf "[INFO] Vendor type: '%s'\n" "${{ env.VENDOR_TYPE }}" | |
printf "[INFO] Notify ID: '%s'\n" "${{ env.NOTIFY_ID }}" | |
printf "[INFO] Software Name: '%s'\n" "${{ env.SOFTWARE_NAME }}" | |
printf "[INFO] Software Version: '%s'\n" "${{ env.SOFTWARE_VERSION }}" | |
ve1/bin/behave tests/functional/behave_features/ --tags=version-change --logging-level=INFO --no-capture --no-color | |
- name: (Schedule) Run tests on existing charts | |
id: run-schedule-tests | |
if: | | |
github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true' | |
env: | |
CLUSTER_TOKEN: ${{ secrets.CLUSTER_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
BOT_NAME: ${{ secrets.BOT_NAME }} | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
# XXX: set to false when ready to launch notifications | |
DRY_RUN: "true" | |
VENDOR_TYPE: "all" | |
NOTIFY_ID: "" | |
SOFTWARE_NAME: "chart-verifier" | |
SOFTWARE_VERSION: ${{ steps.get_curr_cv_version.outputs.current_cv_digest }} | |
run: | | |
printf "[INFO] Dry run: '%s'\n" "${{ env.DRY_RUN }}" | |
printf "[INFO] Vendor type: '%s'\n" "${{ env.VENDOR_TYPE }}" | |
printf "[INFO] Notify ID: '%s'\n" "${{ env.NOTIFY_ID }}" | |
printf "[INFO] Software Name: '%s'\n" "${{ env.SOFTWARE_NAME }}" | |
printf "[INFO] Software Version: '%s'\n" "${{ env.SOFTWARE_VERSION }}" | |
ve1/bin/behave tests/functional/behave_features/ --tags=version-change --logging-level=INFO --no-capture --no-color | |
- name: Send message to helm_dev slack channel | |
id: notify_dev | |
if: ${{ always() && github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true' && steps.run-schedule-tests.conclusion != 'success' }} | |
uses: archive/github-actions-slack@v2.8.0 | |
with: | |
slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN }} | |
slack-channel: C02979BDUPL | |
slack-text: Failure! Nightly run after a chart-verifier version update to ${{ steps.get_curr_cv_version.outputs.current_cv_digest }} was detected. See '${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}' | |
- name: Result from "Send Message to helm_dev slack channel" | |
if: ${{ always() && github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true' && steps.run-schedule-tests.conclusion != 'success' }} | |
run: echo "The result was ${{ steps.notify_dev.outputs.slack-result }}" | |
- name: Send message to helm_notify slack channel | |
id: notify | |
if: ${{ always() && github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true' && steps.run-schedule-tests.conclusion == 'success' }} | |
uses: archive/github-actions-slack@v2.8.0 | |
with: | |
slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN }} | |
slack-channel: C04K1ARMH8A | |
slack-text: Success! Nightly run after a chart-verifier version update to ${{ steps.get_curr_cv_version.outputs.current_cv_digest }} was detected. See '${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}' | |
- name: Result from "Send Message to helm_notify slack channel" | |
if: ${{ always() && github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true' && steps.run-schedule-tests.conclusion == 'success' }} | |
run: echo "The result was ${{ steps.notify.outputs.slack-result }}" | |