Skip to content

Commit

Permalink
testing
Browse files Browse the repository at this point in the history 
Signed-off-by: Jose R. Gonzalez <[email protected]>
  • Loading branch information
@komish
komish committed Dec 19, 2023
1 parent 4fb71b8 commit b052847
Show file tree
Hide file tree
Showing 72 changed files with 6,684 additions and 211 deletions.
100 changes: 50 additions & 50 deletions .github/workflows/base.yml
View file
Original file line number Diff line number Diff line change
@@ -1,51 +1,51 @@
# This is a basic workflow to help you get started with Actions

name: CI

# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the "main" branch
push:
branches: [ "main" ]
pull_request:
branches: [ "main", "gh-pages" ]
release:
types: [published]

# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest

# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v3

# Runs a single command using the runners shell
- name: Run a one-line script
run: echo Hello, world!

# Runs a set of commands using the runners shell
- name: Run a multi-line script
run: |
echo Add other actions to build,
echo test, and deploy your project.
- name: Display the dispatching event
env:
e: ${{ toJson(github.event) }}
run: echo "Event Date - $e"
ensure-valid-submitter:
uses: ./.github/workflows/check-chart-locks.yml
with:
# Real-world use case would introspect this data and then pass it to this workflow.
category: community
organization: examplecom
chartname: wildfly
# # This is a basic workflow to help you get started with Actions

# name: CI

# # Controls when the workflow will run
# on:
# # Triggers the workflow on push or pull request events but only for the "main" branch
# push:
# branches: [ "main" ]
# pull_request:
# branches: [ "main", "gh-pages" ]
# release:
# types: [published]

# # Allows you to run this workflow manually from the Actions tab
# workflow_dispatch:

# # A workflow run is made up of one or more jobs that can run sequentially or in parallel
# jobs:
# # This workflow contains a single job called "build"
# build:
# # The type of runner that the job will run on
# runs-on: ubuntu-latest

# # Steps represent a sequence of tasks that will be executed as part of the job
# steps:
# # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
# - uses: actions/checkout@v3

# # Runs a single command using the runners shell
# - name: Run a one-line script
# run: echo Hello, world!

# # Runs a set of commands using the runners shell
# - name: Run a multi-line script
# run: |
# echo Add other actions to build,
# echo test, and deploy your project.

# - name: Display the dispatching event
# env:
# e: ${{ toJson(github.event) }}
# run: echo "Event Date - $e"
# ensure-valid-submitter:
# uses: ./.github/workflows/check-chart-locks.yml
# with:
# # Real-world use case would introspect this data and then pass it to this workflow.
# category: community
# organization: examplecom
# chartname: wildfly

84 changes: 42 additions & 42 deletions .github/workflows/check-chart-locks.yml
View file
Original file line number Diff line number Diff line change
@@ -1,47 +1,47 @@
# Check Chart Locks review the existing chart locks and fails if
# the submission does not existing in the right directory structure.
name: Ensure Submitter is Valid
# # Check Chart Locks review the existing chart locks and fails if
# # the submission does not existing in the right directory structure.
# name: Ensure Submitter is Valid

on:
workflow_call:
inputs:
category:
required: true
type: string
description: The category of the submission. (e.g. "partner", choose from [redhat, partner, community])
organization:
required: true
type: string
description: The submitting organization (e.g. "hashicorp")
chartname:
required: true
type: string
description: The name of the chart (e.g. "vault")
# on:
# workflow_call:
# inputs:
# category:
# required: true
# type: string
# description: The category of the submission. (e.g. "partners", choose from [redhat, partners, community])
# organization:
# required: true
# type: string
# description: The submitting organization (e.g. "hashicorp")
# chartname:
# required: true
# type: string
# description: The name of the chart (e.g. "vault")

env:
LOCKFILE_URL: https://komish.github.io/actions-workflow-call-test/lock.json
# env:
# LOCKFILE_URL: https://komish.github.io/actions-workflow-call-test/lock.json

jobs:
assert-chart-not-locked-or-locked-but-valid:
runs-on: ubuntu-latest
steps:
- name: Assemble directory path
id: assemble-path
run: |
set -o pipefail
echo "dirpath=${{ inputs.category }}/${{ inputs.organization }}/${{ inputs.chartname }}" | tee -a $GITHUB_OUTPUT
- name: Read entry from current Lockfile
run: |
wget "${{ env.LOCKFILE_URL }}" -O lock.json
md5sum lock.json
- name: Compare lockpaths
run: |
lockpath=$(jq -r .packages.${{ inputs.chartname }} lock.json)
test "${lockpath}" == "null" \
&& { echo "No lock found for chart ${{ inputs.chartname }}. We're clear to merge this in."; exit 0 ;}
test "${lockpath}" = "${{ steps.assemble-path.outputs.dirpath }}" \
&& { echo "Lock found for chart ${{ inputs.chartname }} and submission is coming from the correct path ${{ steps.assemble-path.outputs.dirpath }}."; exit 0 ;}
# jobs:
# assert-chart-not-locked-or-locked-but-valid:
# runs-on: ubuntu-latest
# steps:
# - name: Assemble directory path
# id: assemble-path
# run: |
# set -o pipefail
# echo "dirpath=${{ inputs.category }}/${{ inputs.organization }}/${{ inputs.chartname }}" | tee -a $GITHUB_OUTPUT
# - name: Read entry from current Lockfile
# run: |
# wget "${{ env.LOCKFILE_URL }}" -O lock.json
# md5sum lock.json
# - name: Compare lockpaths
# run: |
# lockpath=$(jq -r .packages.${{ inputs.chartname }} lock.json)
# test "${lockpath}" == "null" \
# && { echo "No lock found for chart ${{ inputs.chartname }}. We're clear to merge this in."; exit 0 ;}
# test "${lockpath}" = "${{ steps.assemble-path.outputs.dirpath }}" \
# && { echo "Lock found for chart ${{ inputs.chartname }} and submission is coming from the correct path ${{ steps.assemble-path.outputs.dirpath }}."; exit 0 ;}

echo "::error::Submission is invalid. The chart name '${{ inputs.chartname }}' is locked to submissions from path '${lockpath}' and this submission appears to come from '${{ steps.assemble-path.outputs.dirpath }}'"
exit 1
# echo "::error::Submission is invalid. The chart name '${{ inputs.chartname }}' is locked to submissions from path '${lockpath}' and this submission appears to come from '${{ steps.assemble-path.outputs.dirpath }}'"
# exit 1

69 changes: 69 additions & 0 deletions .github/workflows/check-contributor.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
name: Check Contributor

# Checks that the input user exists in the approvers section
# of a given OWNERS file.
#
# Returns true/false at the is-repo-owner output.
#
# Can be configured to fail altogether for contexts where it makes sense,
# but in cases where this needs to return a green check mark, it is the
# the caller's responsibility to evaluate the is-repo-owner output to inform
# whether to proceed with subsequent tasks.
#
# Intended for use with workflows triggered by pull_request_target (or similar)
# events.

on:
workflow_call:
inputs:
user:
type: string
required: true
description:
the user to evaluate
fail-workflow:
type: boolean
required: false
default: false
description: |
fails this workflow if the contributor is not an owner,
or the evaluation fails for any other reason
jobs:
check-contributor:
outputs:
# true / false
is-repo-owner: steps.populate-output.outputs.is-repo-owner
name: Contributor is repo owner
runs-on: ubuntu-20.04
steps:
- name: Checkout repository base
uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Install CI Scripts
run: |
# set up python scripts
echo "set up python script in $PWD"
python3 -m venv ve1
cd scripts
../ve1/bin/pip3 install -r requirements.txt
../ve1/bin/pip3 install .
cd ..
- name: Check contributor
# The return code from this script is what's important in this workflow.
id: check-contributor
continue-on-error: true
run: |
./ve1/bin/user-is-repo-owner ${{ inputs.user }}
- name: Add result to output
id: populate-output
# Outcome is the result of the workflow before continue-on-error is applied.
run: |
echo "is-repo-owner=${{ steps.check-contributor.outcome == 'success' }}" >> $GITHUB_OUTPUT
- name: Fail if requested
if: inputs.fail-workflow && steps.populate-output.is-repo-owner != 'success'
run: |
echo "::error:: Workflow is failing at the caller's request."
exit -1
25 changes: 25 additions & 0 deletions .github/workflows/checks-content.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Test Check Content

on:
pull_request_target:
types: [opened, synchronize, reopened, edited, ready_for_review, labeled]

jobs:
check-content:
name: Check contributor
uses: ./.github/workflows/check-contributor.yml
if: |
github.event.pull_request.draft == false
with:
user: ${{ github.event.pull_request.user.login }}

run-after:
name: Runs After
needs: [check-content]
runs-on: ubuntu-20.04
if: |
github.event.pull_request.draft == false
steps:
- run: |
echo '${{ toJson(needs.check-content) }}'
echo "Woo hoo!"
Loading

0 comments on commit b052847

Please sign in to comment.