Skip to content
This repository has been archived by the owner on Aug 19, 2024. It is now read-only.
PR Test operator

Auto-push bundle manifests changes to PR branch if needed #529

Sign in to view logs

Auto-push bundle manifests changes to PR branch if needed

Auto-push bundle manifests changes to PR branch if needed #529

Workflow file for this run

.github/workflows/pr.yaml at 011654e
# Copyright 2023 The Janus IDP Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: PR Test operator
on:
pull_request:
branches:
- main
- rhdh-1.[0-9]+
- 1.[0-9]+.x
jobs:
pr-validate:
name: PR Validate
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
# check changes in this commit for regex include and exclude matches; pipe to an env var
- name: Check for changes to build
run: |
# don't fail if nothing returned by grep
set +e
CHANGES="$(git diff --name-only ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }} | \
grep -E "workflows/pr.yaml|Makefile|bundle/|config/|go.mod|go.sum|.+\.go" | \
grep -v -E "/.rhdh/")";
echo "Changed files for this commit:"
echo "=============================="
echo "$CHANGES"
echo "=============================="
{
echo 'CHANGES<<EOF'
echo $CHANGES
echo EOF
} >> "$GITHUB_ENV"
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
- name: Check for outdated bundle
id: bundle-diff-checker
# Lot of debate (https://github.com/janus-idp/operator/pull/195) whether this should be a warning or an error.
# For now, this is will be warning + a comment on the PR if manifests are outdated. This way, PR authors/maintainers can be aware of that fact.
continue-on-error: true
run: |
make bundle
git status --porcelain
# Since operator-sdk 1.26.0, `make bundle` changes the `createdAt` field from the bundle every time we run it.
# The `git diff` below checks if only the createdAt field has changed. If is the only change, it is ignored.
# Inspired from https://github.com/operator-framework/operator-sdk/issues/6285#issuecomment-1415350333
git diff --quiet -I'^ createdAt: ' bundle || ( echo "::group::WARNINGS" && \
git --no-pager diff | tee bundle.pr-${{ github.event.number }}.patch && \
echo "::warning:: Files changed in bundle generation. Please regenerate the bundle with 'make bundle' and push the changes. For your convenience, the diff is attached as a job artifact, so you can easily download and Git-apply it right away instead. You might also need to manually update the CSV in '.rhdh/bundle/manifests/rhdh-operator.csv.yaml' file accordingly." && \
echo "::endgroup::" && \
exit 1 )
- name: Save bundle diff as patch
id: bundle-diff-patch-artifact-upload
uses: actions/upload-artifact@v4
if: ${{ !cancelled() && steps.bundle-diff-checker.outcome == 'failure' }}
with:
name: bundle-diff-patch
path: bundle.pr-${{ github.event.number }}.patch
retention-days: 5
- name: Comment on PR if bundle manifests are outdated
uses: actions/github-script@v7
if: ${{ !cancelled() && steps.bundle-diff-checker.outcome == 'failure' }}
# TODO(rm3l): this won't work for fork PRs due to permission restrictions. Remove this once this is fixed for fork PRs.
continue-on-error: true
with:
script: |
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: '⚠️ <b>Files changed in bundle generation<b>!<br/><br/>Please make sure to regenerate the bundle with `make bundle` and push the changes. Make sure you unset any related env vars like `VERSION` or `IMAGE_TAG_BASE` or `IMG` before running this command, as they may affect the resulting manifests.<br/>For your convenience, the diff is attached as a job artifact [here](${{ steps.bundle-diff-patch-artifact-upload.outputs.artifact-url }}), so you can easily download and Git-apply it right away instead of running `make bundle`.<br/>You might also need to manually update the CSV in [`.rhdh/bundle/manifests/rhdh-operator.csv.yaml`](.rhdh/bundle/manifests/rhdh-operator.csv.yaml) file accordingly.'
})
- name: Comment on PR if bundle manifests are up-to-date
uses: actions/github-script@v7
if: ${{ !cancelled() && steps.bundle-diff-checker.outcome == 'success' }}
# TODO(rm3l): this won't work for fork PRs due to permission restrictions. Remove this once this is fixed for fork PRs.
continue-on-error: true
with:
script: |
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: '🎉 <b>Bundle manifests are up-to-date!<br/><br/>Please also review the bundle manifests to make sure manual updates to the CSV in [`.rhdh/bundle/manifests/rhdh-operator.csv.yaml`](.rhdh/bundle/manifests/rhdh-operator.csv.yaml) file are not required.'
})
# gosec needs a "build" stage so connect it to the lint step which we always do
- name: Lint
run: make lint
- name: Test
# run this stage only if there are changes that match the includes and not the excludes
if: ${{ env.CHANGES != '' }}
run: make test
- name: Run Gosec Security Scanner
run: make gosec
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
with:
# Path to SARIF file relative to the root of the repository
sarif_file: gosec.sarif