Skip to content

[bitnami/natscli,pinniped-cli] chore: 👷 Add VIB integration #46670

[bitnami/natscli,pinniped-cli] chore: 👷 Add VIB integration

[bitnami/natscli,pinniped-cli] chore: 👷 Add VIB integration #46670

Workflow file for this run

name: '[CI/CD] CI Pipeline'
on: # rebuild any PRs and main branch changes
pull_request_target:
types:
- synchronize
- labeled
branches:
- main
- bitnami:main
permissions: {}
env:
CSP_API_URL: https://console.cloud.vmware.com
CSP_API_TOKEN: ${{ secrets.CSP_API_TESTING_TOKEN }}
VIB_PUBLIC_URL: https://cp.bromelia.vmware.com
# Avoid concurrency over the same PR
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
jobs:
get-containers:
runs-on: ubuntu-latest
name: Get modified containers
if: |
github.event.pull_request.state != 'closed' &&
(
contains(github.event.pull_request.labels.*.name, 'verify') || (github.event.action == 'labeled' && github.event.label.name == 'verify')
)
outputs:
result: ${{ steps.get-containers.outputs.result }}
containers: ${{ steps.get-containers.outputs.containers }}
steps:
- id: get-containers
name: Get modified containers
env:
DIFF_URL: "${{github.event.pull_request.diff_url}}"
TEMP_FILE: "${{runner.temp}}/pr-${{github.event.number}}.diff"
run: |
# This request doesn't consume API calls.
curl -Lkso $TEMP_FILE $DIFF_URL
files_changed="$(sed -nr 's/[\-\+]{3} [ab]\/(.*)/\1/p' $TEMP_FILE | sort | uniq)"
# Adding || true to avoid "Process exited with code 1" errors
flavors=($(echo "$files_changed" | xargs dirname | grep -o "^bitnami/[^/]*/[^/]*/[^/]*" | sort | uniq || true))
assets=($(echo "$files_changed" | xargs dirname | sed -nr "s|bitnami/([^/]*)/.*|\1|p" | sort | uniq || true))
non_readme_files=$(echo "$files_changed" | grep -vc "\.md" || true)
if [[ "$non_readme_files" -le "0" ]]; then
# The only changes are .md files -> SKIP
echo "result=skip" >> $GITHUB_OUTPUT
elif [[ "${#assets[@]}" -ne "1" ]]; then
echo "Changes should affect to only one asset. You are currently modifying: ${assets[@]}"
echo "result=skip" >> $GITHUB_OUTPUT
else
containers_json=$(printf "%s\n" "${flavors[@]}" | jq -R . | jq -cs .)
echo "result=ok" >> $GITHUB_OUTPUT
echo "containers=${containers_json}" >> $GITHUB_OUTPUT
fi
vib-verify:
runs-on: ubuntu-latest
needs: get-containers
# Automatic PRs do not need to be re-tested in GitHub
if: |
needs.get-containers.outputs.result == 'ok' &&
github.event.pull_request.user.login != 'bitnami-bot'
name: VIB Verify
permissions:
contents: read
continue-on-error: false
strategy:
fail-fast: false
max-parallel: 2
matrix:
container: ${{ fromJSON(needs.get-containers.outputs.containers) }}
steps:
- uses: actions/checkout@v3
name: Checkout Repository
with:
# Full history is not required anymore
fetch-depth: 1
# labeled events trigger the event with the latest commit in main
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- id: get-container-metadata
name: Get image tag and container name
run: |
if [[ -d "${{ matrix.container }}" ]]; then
name="$(echo "${{ matrix.container }}" | awk -F '/' '{print $2}')"
branch="$(echo "${{ matrix.container }}" | awk -F '/' '{print $3}')"
tag=""
if [[ "${{ github.event.pull_request.user.login }}" == "bitnami-bot" ]]; then
tag="$(grep -oE "org.opencontainers.image.ref.name=\".+\"" ${{ matrix.container }}/Dockerfile | sed -nr "s|org.opencontainers.image.ref.name=\"(.+)\"|\1|p")"
else
# Build a tag based on current RUN number
tag="$(echo "${{ matrix.container }}" | awk -F '/' -v run_number="${GITHUB_RUN_NUMBER}" '{printf "%s-rc.%s", $3, run_number}')"
fi
if [[ -z "${tag}" ]]; then
echo "No tag found for: ${{ matrix.container }}"
exit 1
else
dsl_path="${name}"
if [[ -d ".vib/${dsl_path}/${branch}" ]]; then
dsl_path="${dsl_path}/${branch}"
fi
echo "tag=${tag}" >> $GITHUB_OUTPUT
echo "name=${name}" >> $GITHUB_OUTPUT
echo "dsl_path=${dsl_path}" >> $GITHUB_OUTPUT
echo "result=ok" >> $GITHUB_OUTPUT
fi
else
# Container folder doesn't exists we are assuming a deprecation
echo "result=skip" >> $GITHUB_OUTPUT
fi
- uses: vmware-labs/vmware-image-builder-action@v0
name: Verify
if: ${{ steps.get-container-metadata.outputs.result == 'ok' }}
with:
pipeline: ${{ steps.get-container-metadata.outputs.dsl_path }}/vib-verify.json
env:
# Path with docker resources
VIB_ENV_PATH: ${{ matrix.container }}
# Container name
VIB_ENV_CONTAINER: ${{ steps.get-container-metadata.outputs.name }}
VIB_ENV_TAG: ${{ steps.get-container-metadata.outputs.tag }}
verification-summary:
# Ensure all containers passed the verification
runs-on: ubuntu-latest
name: Check Matrix Outcome
permissions:
statuses: write
needs:
- get-containers
- vib-verify
outputs:
result: ${{ steps.get-status.outputs.result }}
if: ${{ always() && github.event.pull_request.user.login != 'bitnami-bot' }}
steps:
- id: get-status
name: Check Status
uses: actions/github-script@v6
with:
result-encoding: string
script: |
state = 'success'
description = 'Well done! Everything looks good. Please wait for the Bitnami Team review.'
if ("${{ needs.get-containers.result }}" != "success" ) {
description = "If you've just created this PR, don't worry about this message. The Bitnami Team has to review it and make the verification possible."
core.warning(description)
state = 'pending'
} else if ("${{ needs.get-containers.outputs.result }}" == "skip" ) {
description = "It seems these changes don't involve any container"
core.warning(description)
} else if ("${{ needs.vib-verify.result }}" != "success" ) {
description = "Please review previous jobs to get more information"
core.error(description)
state = 'error'
} else {
core.notice(description)
}
try {
await github.rest.repos.createCommitStatus({
context: `${context.workflow} / Verification Summary (${context.eventName})`,
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
sha: context.payload.pull_request.head.sha,
target_url: `${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}`,
description: description,
state: state
})
core.info(`Updated build status: ${state}`)
} catch (error) {
core.setFailed(error.message)
}
return state