ci: automate pinning charms in regression tests

[dimaqq]

Switch to using pinned versions of the charm (latest main) for our charm tests in the GitHub Actions.

• charmcraft-pack.yaml
• db-charm-tests.yaml
• framework-tests.yaml no change needed
• hello-charm-tests.yaml
• observability-charm-tests.yaml
• publish.yml aggregates other workflows
• test-publish.yml aggregates other workflows
• automation to update pins
  • detect changes
  • create PR to update pins
  • setup, token

Also I've re-enabled mysql-k8s charm test, as that apparently got fixed upstream.

Here's the configuration for the personal access token I'm using to develop the external charm "dependabot":

• read/write access to the repo
• workflow scope to push branches with changes to workflows

[benhoyt]

Yeah, something like that -- or should we pin the latest commit hashes on their main/master? @tonyandrewmeyer @IronCore864

[dimaqq]

They seem to tag latest on main with these tags, here's git log main for the prometheus charm:

git log snippet

```Git Revision List commit 091c41a49182826539eb4771f0463cd805554453 (tag: rev186, origin/main, origin/HEAD, main) Author: Noctua Date: Sat May 4 02:03:24 2024 +0200

chore: update charm libraries (#603)

commit 69b500c3d331bc1c35ac1c0e650c775e922410c4 (tag: rev185)
Author: Noctua webops+observability-noctua-bot@canonical.com
Date: Fri May 3 22:01:14 2024 +0200

chore: update charm libraries (#602)

commit d35f2ea680a6164d31ff3935a8f4bc9bda9ad7d3 (tag: rev184)
Author: Noctua webops+observability-noctua-bot@canonical.com
Date: Fri May 3 02:03:16 2024 +0200

chore: update charm libraries (#601)

commit fcfc555317058f0dae1f5fc73861c79c5415e9f9 (tag: rev183)
Author: Noctua webops+observability-noctua-bot@canonical.com
Date: Thu May 2 22:01:10 2024 +0200

chore: update charm libraries (#598)

commit 9077888faf9d8a8fc337d34c042ec1aa5e09a70c (tag: rev182, origin/external-url-in-datasource)
Author: Leon 82407168+sed-i@users.noreply.github.com
Date: Tue Apr 30 09:09:49 2024 -0400

Fix sanitation (#599)

</details>

[benhoyt]

Okay, per team discussion, for observability charms we'll use the always-updated "revNNN" tags. For other teams' charms that don't always update the tag we'll use the latest commit hash.

[tonyandrewmeyer]

Thanks! Looks good, just a couple of small comments.

[dimaqq]

After Madrid conversations, I'm going to change pins to git commit hashes, each with a comment (tag?, date).

[dimaqq]

Example PRs that automation generates:

• test dummy, closed by automation: ci: upgrade external charm pins dimaqq/operator#17
• opened by automation, manually merged: Update Charm Pins dimaqq/operator#19

[benhoyt]

Looks reasonable to me -- thanks!

[tonyandrewmeyer]

Looks good - a couple of questions and couple of nits.

I do think it would be worthwhile documenting how to run this manually in HACKING.md (unless that's going to be done in #1213). Just a short section that explains that this workflow/action exists, and how to run it (potentially triggering the action with GitHub's UI/CLI, or with act, but also just the basic GITHUB_TOKEN=github_xxxx python3 main.py ../../workflows/hello-charm-tests.yaml approach (which is the extent of local testing that I did for the review, fwiw).

[dimaqq]

I've added a block to hacking and wrote a readme for the action.

[benhoyt]

@dimaqq Is #1213 still relevant given the weekly automation in this PR?

[tonyandrewmeyer]

Nice!

[dimaqq]

I'll update #1213