From 7b303cbf4e22d11099781ca57781bfefb399aad9 Mon Sep 17 00:00:00 2001 From: Armel Soro Date: Mon, 12 Feb 2024 16:40:35 +0100 Subject: [PATCH 01/13] Make PR checks fail if bundle or manifests are not up-to-date This is so that PR authors do not forget to regenerate those manifests. --- .github/workflows/pr.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 2e8c3330..6a6ad34f 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -54,6 +54,23 @@ jobs: with: go-version-file: 'go.mod' + - name: Check for outdated bundle + run: | + make bundle + git status --porcelain + # Since operator-sdk 1.26.0, `make bundle` changes the `createdAt` field from the bundle every time we run it. + # The `git diff` below checks if only the createdAt field has changed. If is the only change, it is ignored. + # Inspired from https://github.com/operator-framework/operator-sdk/issues/6285#issuecomment-1415350333 + git diff --quiet -I'^ createdAt: ' bundle || ( echo "===================" && \ + echo "Files changed in bundle generation." && \ + echo "Please make sure to regenerate the bundle with 'make bundle' and push the changes." && \ + echo "Make sure you unset any related env vars like VERSION or IMAGE_TAG_BASE or IMG before running this command, as they may affect the resulting manifests." && \ + echo "For your convenience, the diff will be attached as a job artifact, so you can easily download and Git-apply it right away." && \ + echo "You might also need to manually update the CSV in '.rhdh/bundle/manifests/rhdh-operator.csv.yaml' file accordingly." && \ + echo "===================" && \ + git --no-pager diff && \ + exit 1) + # gosec needs a "build" stage so connect it to the lint step which we always do - name: build run: make lint From 302a4a740650b5a0e546f37457c9fd7607e54368 Mon Sep 17 00:00:00 2001 From: Armel Soro Date: Mon, 12 Feb 2024 18:12:40 +0100 Subject: [PATCH 02/13] Update developer guide --- docs/developer.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/developer.md b/docs/developer.md index 9b4da82f..3f922dd6 100644 --- a/docs/developer.md +++ b/docs/developer.md @@ -104,11 +104,11 @@ make deploy-openshift [IMAGE_TAG_BASE=/backstage-operator] ``` ### Modifying the API definitions -If you are editing the API definitions, generate the manifests such as CRs or CRDs using: +If you are editing the API definitions, regenerate the bundle using: ```sh -make manifests +make bundle ``` -**NOTE:** Run `make --help` for more information on all potential `make` targets +**NOTE:** Run `make help` for more information on all potential `make` targets More information can be found via the [Kubebuilder Documentation](https://book.kubebuilder.io/introduction.html) From b9eb0fa64727683bf7d9e2bed4fa3272fb74f429 Mon Sep 17 00:00:00 2001 From: Armel Soro Date: Mon, 12 Feb 2024 22:32:19 +0100 Subject: [PATCH 03/13] Save diff as patch file, so it can be downloaded and applied with Git --- .github/workflows/pr.yaml | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 6a6ad34f..dca350d2 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -55,6 +55,7 @@ jobs: go-version-file: 'go.mod' - name: Check for outdated bundle + id: bundle-diff-checker run: | make bundle git status --porcelain @@ -68,8 +69,16 @@ jobs: echo "For your convenience, the diff will be attached as a job artifact, so you can easily download and Git-apply it right away." && \ echo "You might also need to manually update the CSV in '.rhdh/bundle/manifests/rhdh-operator.csv.yaml' file accordingly." && \ echo "===================" && \ - git --no-pager diff && \ - exit 1) + git --no-pager diff | tee bundle.pr-${{ github.event.number }}.patch && \ + exit 1 ) + + - name: Save bundle diff as patch + uses: actions/upload-artifact@v4 + if: ${{ !cancelled() && steps.bundle-diff-checker.outcome == 'failure' }} + with: + name: bundle-diff-patch + path: bundle.pr-${{ github.event.number }}.patch + retention-days: 5 # gosec needs a "build" stage so connect it to the lint step which we always do - name: build From 1bb17de740e80d228c27092e914cad02324345b4 Mon Sep 17 00:00:00 2001 From: Armel Soro Date: Mon, 12 Feb 2024 23:09:13 +0100 Subject: [PATCH 04/13] Fix step names in PR Validation job --- .github/workflows/pr.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index dca350d2..59801663 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -81,10 +81,10 @@ jobs: retention-days: 5 # gosec needs a "build" stage so connect it to the lint step which we always do - - name: build + - name: Lint run: make lint - - name: test + - name: Test # run this stage only if there are changes that match the includes and not the excludes if: ${{ env.CHANGES != '' }} run: make test From a2b4addad6a604c9da82f64ed25bf7d176a54b64 Mon Sep 17 00:00:00 2001 From: Armel Soro Date: Tue, 13 Feb 2024 15:56:34 +0100 Subject: [PATCH 05/13] Apply suggestions from code review Co-authored-by: Jianrong Zhang --- docs/developer.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/developer.md b/docs/developer.md index 3f922dd6..ecd722f9 100644 --- a/docs/developer.md +++ b/docs/developer.md @@ -104,9 +104,9 @@ make deploy-openshift [IMAGE_TAG_BASE=/backstage-operator] ``` ### Modifying the API definitions -If you are editing the API definitions, regenerate the bundle using: +If you are editing the API definitions, regenerate the manifests and bundle using: ```sh -make bundle +make manifests bundle ``` **NOTE:** Run `make help` for more information on all potential `make` targets From 676e5ae822ef9320e760b8d9d84e6a6167e3e988 Mon Sep 17 00:00:00 2001 From: Armel Soro Date: Mon, 19 Feb 2024 10:36:27 +0100 Subject: [PATCH 06/13] Do not error out if bundle manifests are outdated Display warnings instead. Also comment on the PR so that authors/reviewers are aware of that fact. Co-authored-by: Gennady Azarenkov --- .github/workflows/pr.yaml | 42 ++++++++++++++++++++++++++++++++------- 1 file changed, 35 insertions(+), 7 deletions(-) diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 59801663..882c6664 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -56,23 +56,23 @@ jobs: - name: Check for outdated bundle id: bundle-diff-checker + # Lot of debate (https://github.com/janus-idp/operator/pull/195) whether this should be a warning or an error. + # For now, this is will be warning + a comment on the PR if manifests are outdated. This way, PR authors/maintainers can be aware of that fact. + continue-on-error: true run: | make bundle git status --porcelain # Since operator-sdk 1.26.0, `make bundle` changes the `createdAt` field from the bundle every time we run it. # The `git diff` below checks if only the createdAt field has changed. If is the only change, it is ignored. # Inspired from https://github.com/operator-framework/operator-sdk/issues/6285#issuecomment-1415350333 - git diff --quiet -I'^ createdAt: ' bundle || ( echo "===================" && \ - echo "Files changed in bundle generation." && \ - echo "Please make sure to regenerate the bundle with 'make bundle' and push the changes." && \ - echo "Make sure you unset any related env vars like VERSION or IMAGE_TAG_BASE or IMG before running this command, as they may affect the resulting manifests." && \ - echo "For your convenience, the diff will be attached as a job artifact, so you can easily download and Git-apply it right away." && \ - echo "You might also need to manually update the CSV in '.rhdh/bundle/manifests/rhdh-operator.csv.yaml' file accordingly." && \ - echo "===================" && \ + git diff --quiet -I'^ createdAt: ' bundle || ( echo "::group::WARNINGS" && \ git --no-pager diff | tee bundle.pr-${{ github.event.number }}.patch && \ + echo "::warning:: Files changed in bundle generation. Please regenerate the bundle with 'make bundle' and push the changes. For your convenience, the diff is attached as a job artifact, so you can easily download and Git-apply it right away instead. You might also need to manually update the CSV in '.rhdh/bundle/manifests/rhdh-operator.csv.yaml' file accordingly." && \ + echo "::endgroup::" && \ exit 1 ) - name: Save bundle diff as patch + id: bundle-diff-patch-artifact-upload uses: actions/upload-artifact@v4 if: ${{ !cancelled() && steps.bundle-diff-checker.outcome == 'failure' }} with: @@ -80,6 +80,34 @@ jobs: path: bundle.pr-${{ github.event.number }}.patch retention-days: 5 + - name: Comment on PR if bundle manifests are outdated + uses: actions/github-script@v7 + if: ${{ !cancelled() && steps.bundle-diff-checker.outcome == 'failure' }} + # TODO(rm3l): this won't work for fork PRs due to permission restrictions. Remove this once this is fixed for fork PRs. + continue-on-error: true + with: + script: | + await github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: '⚠️ Files changed in bundle generation!

Please make sure to regenerate the bundle with `make bundle` and push the changes. Make sure you unset any related env vars like `VERSION` or `IMAGE_TAG_BASE` or `IMG` before running this command, as they may affect the resulting manifests.
For your convenience, the diff is attached as a job artifact [here](${{ steps.bundle-diff-patch-artifact-upload.outputs.artifact-url }}), so you can easily download and Git-apply it right away instead of running `make bundle`.
You might also need to manually update the CSV in [`.rhdh/bundle/manifests/rhdh-operator.csv.yaml`](.rhdh/bundle/manifests/rhdh-operator.csv.yaml) file accordingly.' + }) + + - name: Comment on PR if bundle manifests are up-to-date + uses: actions/github-script@v7 + if: ${{ !cancelled() && steps.bundle-diff-checker.outcome == 'success' }} + # TODO(rm3l): this won't work for fork PRs due to permission restrictions. Remove this once this is fixed for fork PRs. + continue-on-error: true + with: + script: | + await github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: '🎉 Bundle manifests are up-to-date!

Please also review the bundle manifests to make sure manual updates to the CSV in [`.rhdh/bundle/manifests/rhdh-operator.csv.yaml`](.rhdh/bundle/manifests/rhdh-operator.csv.yaml) file are not required.' + }) + # gosec needs a "build" stage so connect it to the lint step which we always do - name: Lint run: make lint From 7675f0397af8566e9572ec758d8688c889588cd0 Mon Sep 17 00:00:00 2001 From: Armel Soro Date: Tue, 20 Feb 2024 18:08:59 +0100 Subject: [PATCH 07/13] Update .github/workflows/pr.yaml Co-authored-by: Nick Boldt --- .github/workflows/pr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 882c6664..80aca60a 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -109,7 +109,7 @@ jobs: }) # gosec needs a "build" stage so connect it to the lint step which we always do - - name: Lint + - name: build run: make lint - name: Test From 32f5b30fa6ba4891aecf956b5dc27f4160569f7e Mon Sep 17 00:00:00 2001 From: Armel Soro Date: Tue, 20 Feb 2024 22:48:01 +0100 Subject: [PATCH 08/13] Revert "Do not error out if bundle manifests are outdated" This reverts commit ab2c12a64975ec258d95198b3431cfbf8df80a8d. --- .github/workflows/pr.yaml | 42 +++++++-------------------------------- 1 file changed, 7 insertions(+), 35 deletions(-) diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 80aca60a..940762a0 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -56,23 +56,23 @@ jobs: - name: Check for outdated bundle id: bundle-diff-checker - # Lot of debate (https://github.com/janus-idp/operator/pull/195) whether this should be a warning or an error. - # For now, this is will be warning + a comment on the PR if manifests are outdated. This way, PR authors/maintainers can be aware of that fact. - continue-on-error: true run: | make bundle git status --porcelain # Since operator-sdk 1.26.0, `make bundle` changes the `createdAt` field from the bundle every time we run it. # The `git diff` below checks if only the createdAt field has changed. If is the only change, it is ignored. # Inspired from https://github.com/operator-framework/operator-sdk/issues/6285#issuecomment-1415350333 - git diff --quiet -I'^ createdAt: ' bundle || ( echo "::group::WARNINGS" && \ + git diff --quiet -I'^ createdAt: ' bundle || ( echo "===================" && \ + echo "Files changed in bundle generation." && \ + echo "Please make sure to regenerate the bundle with 'make bundle' and push the changes." && \ + echo "Make sure you unset any related env vars like VERSION or IMAGE_TAG_BASE or IMG before running this command, as they may affect the resulting manifests." && \ + echo "For your convenience, the diff will be attached as a job artifact, so you can easily download and Git-apply it right away." && \ + echo "You might also need to manually update the CSV in '.rhdh/bundle/manifests/rhdh-operator.csv.yaml' file accordingly." && \ + echo "===================" && \ git --no-pager diff | tee bundle.pr-${{ github.event.number }}.patch && \ - echo "::warning:: Files changed in bundle generation. Please regenerate the bundle with 'make bundle' and push the changes. For your convenience, the diff is attached as a job artifact, so you can easily download and Git-apply it right away instead. You might also need to manually update the CSV in '.rhdh/bundle/manifests/rhdh-operator.csv.yaml' file accordingly." && \ - echo "::endgroup::" && \ exit 1 ) - name: Save bundle diff as patch - id: bundle-diff-patch-artifact-upload uses: actions/upload-artifact@v4 if: ${{ !cancelled() && steps.bundle-diff-checker.outcome == 'failure' }} with: @@ -80,34 +80,6 @@ jobs: path: bundle.pr-${{ github.event.number }}.patch retention-days: 5 - - name: Comment on PR if bundle manifests are outdated - uses: actions/github-script@v7 - if: ${{ !cancelled() && steps.bundle-diff-checker.outcome == 'failure' }} - # TODO(rm3l): this won't work for fork PRs due to permission restrictions. Remove this once this is fixed for fork PRs. - continue-on-error: true - with: - script: | - await github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: '⚠️ Files changed in bundle generation!

Please make sure to regenerate the bundle with `make bundle` and push the changes. Make sure you unset any related env vars like `VERSION` or `IMAGE_TAG_BASE` or `IMG` before running this command, as they may affect the resulting manifests.
For your convenience, the diff is attached as a job artifact [here](${{ steps.bundle-diff-patch-artifact-upload.outputs.artifact-url }}), so you can easily download and Git-apply it right away instead of running `make bundle`.
You might also need to manually update the CSV in [`.rhdh/bundle/manifests/rhdh-operator.csv.yaml`](.rhdh/bundle/manifests/rhdh-operator.csv.yaml) file accordingly.' - }) - - - name: Comment on PR if bundle manifests are up-to-date - uses: actions/github-script@v7 - if: ${{ !cancelled() && steps.bundle-diff-checker.outcome == 'success' }} - # TODO(rm3l): this won't work for fork PRs due to permission restrictions. Remove this once this is fixed for fork PRs. - continue-on-error: true - with: - script: | - await github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: '🎉 Bundle manifests are up-to-date!

Please also review the bundle manifests to make sure manual updates to the CSV in [`.rhdh/bundle/manifests/rhdh-operator.csv.yaml`](.rhdh/bundle/manifests/rhdh-operator.csv.yaml) file are not required.' - }) - # gosec needs a "build" stage so connect it to the lint step which we always do - name: build run: make lint From 120cb77c23346202568862f311a861e5d6f55f84 Mon Sep 17 00:00:00 2001 From: Armel Soro Date: Thu, 22 Feb 2024 00:30:31 +0100 Subject: [PATCH 09/13] Auto-push any changes to the bundle manifests This will alleviate the burden on contributors and maintainers. --- .github/workflows/pr.yaml | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 940762a0..5b136907 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -21,6 +21,10 @@ on: - rhdh-1.[0-9]+ - 1.[0-9]+.x +concurrency: + group: ${{ github.workflow }}-${{ github.event.number }} + cancel-in-progress: true + jobs: pr-validate: name: PR Validate @@ -30,6 +34,10 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: fetch-depth: 0 + # Check out PR HEAD ref instead of the default merge commit (detached). + # Otherwise, it will be impossible for the bundle-diff-checker step to auto-push any outstanding changes. + ref: ${{ github.event.pull_request.head.ref }} + repository: ${{github.event.pull_request.head.repo.full_name}} # check changes in this commit for regex include and exclude matches; pipe to an env var - name: Check for changes to build @@ -62,23 +70,20 @@ jobs: # Since operator-sdk 1.26.0, `make bundle` changes the `createdAt` field from the bundle every time we run it. # The `git diff` below checks if only the createdAt field has changed. If is the only change, it is ignored. # Inspired from https://github.com/operator-framework/operator-sdk/issues/6285#issuecomment-1415350333 - git diff --quiet -I'^ createdAt: ' bundle || ( echo "===================" && \ - echo "Files changed in bundle generation." && \ - echo "Please make sure to regenerate the bundle with 'make bundle' and push the changes." && \ - echo "Make sure you unset any related env vars like VERSION or IMAGE_TAG_BASE or IMG before running this command, as they may affect the resulting manifests." && \ - echo "For your convenience, the diff will be attached as a job artifact, so you can easily download and Git-apply it right away." && \ - echo "You might also need to manually update the CSV in '.rhdh/bundle/manifests/rhdh-operator.csv.yaml' file accordingly." && \ - echo "===================" && \ - git --no-pager diff | tee bundle.pr-${{ github.event.number }}.patch && \ - exit 1 ) + echo "MANIFESTS_CHANGED=$(if git diff --quiet -I'^ createdAt: ' bundle; then echo "false"; else echo "true"; fi)" >> $GITHUB_OUTPUT - - name: Save bundle diff as patch - uses: actions/upload-artifact@v4 - if: ${{ !cancelled() && steps.bundle-diff-checker.outcome == 'failure' }} - with: - name: bundle-diff-patch - path: bundle.pr-${{ github.event.number }}.patch - retention-days: 5 + - name: Commit any manifest changes + if: ${{ steps.bundle-diff-checker.outputs.MANIFESTS_CHANGED == 'true' }} + run: | + git config user.name 'github-actions[bot]' + git config user.email 'github-actions[bot]@users.noreply.github.com' + git fetch --prune + git pull --rebase --autostash + git add -A . + git commit \ + -m "Regenerate bundle manifests" \ + -m "Co-authored-by: $GITHUB_ACTOR <$GITHUB_ACTOR@users.noreply.github.com>" + git push # gosec needs a "build" stage so connect it to the lint step which we always do - name: build From 8d31c5afb2b2c34c3e33e0c589f28a158bd50ee3 Mon Sep 17 00:00:00 2001 From: Armel Soro Date: Thu, 22 Feb 2024 09:39:33 +0100 Subject: [PATCH 10/13] Run bundle diff checker in separate workflow triggered on 'pull_request_target' events This is required to be able to write to fork PR branches Similar to what we do already with the pull_request_target workflows, we also require manual authorization for unknown external forks, to prevent PWN requests --- .github/workflows/pr-bundle-diff-checks.yaml | 97 ++++++++++++++++++++ .github/workflows/pr.yaml | 33 +------ 2 files changed, 98 insertions(+), 32 deletions(-) create mode 100644 .github/workflows/pr-bundle-diff-checks.yaml diff --git a/.github/workflows/pr-bundle-diff-checks.yaml b/.github/workflows/pr-bundle-diff-checks.yaml new file mode 100644 index 00000000..b1fea7bf --- /dev/null +++ b/.github/workflows/pr-bundle-diff-checks.yaml @@ -0,0 +1,97 @@ +# Copyright 2023 The Janus IDP Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: PR Bundle Manifests Validator + +on: + # pull_request_target needed to be able to commit and push bundle diffs to external fork PRs. + # But we included a manual authorization safeguard to prevent PWN requests. See the 'authorize' job below. + pull_request_target: + branches: + - main + - rhdh-1.[0-9]+ + - 1.[0-9]+.x + +concurrency: + group: ${{ github.workflow }}-${{ github.event.number }} + cancel-in-progress: true + +jobs: + authorize: + # The 'external' environment is configured with the maintainers team as required reviewers. + # All the subsequent jobs in this workflow 'need' this job, which will require manual approval for PRs coming from external forks. + # see list of approvers in OWNERS file + environment: + ${{ (github.event.pull_request.head.repo.full_name == github.repository || + contains(fromJSON('["gazarenkov","jianrongzhang89","kadel","nickboldt","rm3l"]'), github.actor)) && 'internal' || 'external' }} + runs-on: ubuntu-latest + steps: + - name: approved + run: echo "✓" + + pr-bundle-diff-checks: + name: PR Bundle Diff + runs-on: ubuntu-latest + needs: authorize + permissions: + contents: read + pull-requests: write + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + repository: ${{github.event.pull_request.head.repo.full_name}} + ref: ${{ github.event.pull_request.head.ref }} + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + + - name: Check for outdated bundle + id: bundle-diff-checker + run: | + make bundle + git status --porcelain + # Since operator-sdk 1.26.0, `make bundle` changes the `createdAt` field from the bundle every time we run it. + # The `git diff` below checks if only the createdAt field has changed. If is the only change, it is ignored. + # Inspired from https://github.com/operator-framework/operator-sdk/issues/6285#issuecomment-1415350333 + echo "MANIFESTS_CHANGED=$(if git diff --quiet -I'^ createdAt: ' bundle; then echo "false"; else echo "true"; fi)" >> $GITHUB_OUTPUT + + - name: Commit any manifest changes + if: ${{ steps.bundle-diff-checker.outputs.MANIFESTS_CHANGED == 'true' }} + run: | + git config user.name 'github-actions[bot]' + git config user.email 'github-actions[bot]@users.noreply.github.com' + git fetch --prune + git pull --rebase --autostash + git add -A . + git commit \ + -m "Regenerate bundle manifests" \ + -m "Co-authored-by: $GITHUB_ACTOR <$GITHUB_ACTOR@users.noreply.github.com>" + git push + + - name: Comment on PR if bundle manifests were updated + uses: actions/github-script@v7 + if: ${{ !cancelled() && steps.bundle-diff-checker.outputs.MANIFESTS_CHANGED == 'true' }} + continue-on-error: true + with: + script: | + await github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: '⚠️ Files changed in bundle generation!

Those changes to the operator bundle manifests should have been pushed automatically to your PR branch.
You might also need to manually update the [`.rhdh/bundle/manifests/rhdh-operator.csv.yaml`](.rhdh/bundle/manifests/rhdh-operator.csv.yaml) CSV file accordingly.' + }) diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 5b136907..2e8c3330 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -21,10 +21,6 @@ on: - rhdh-1.[0-9]+ - 1.[0-9]+.x -concurrency: - group: ${{ github.workflow }}-${{ github.event.number }} - cancel-in-progress: true - jobs: pr-validate: name: PR Validate @@ -34,10 +30,6 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: fetch-depth: 0 - # Check out PR HEAD ref instead of the default merge commit (detached). - # Otherwise, it will be impossible for the bundle-diff-checker step to auto-push any outstanding changes. - ref: ${{ github.event.pull_request.head.ref }} - repository: ${{github.event.pull_request.head.repo.full_name}} # check changes in this commit for regex include and exclude matches; pipe to an env var - name: Check for changes to build @@ -62,34 +54,11 @@ jobs: with: go-version-file: 'go.mod' - - name: Check for outdated bundle - id: bundle-diff-checker - run: | - make bundle - git status --porcelain - # Since operator-sdk 1.26.0, `make bundle` changes the `createdAt` field from the bundle every time we run it. - # The `git diff` below checks if only the createdAt field has changed. If is the only change, it is ignored. - # Inspired from https://github.com/operator-framework/operator-sdk/issues/6285#issuecomment-1415350333 - echo "MANIFESTS_CHANGED=$(if git diff --quiet -I'^ createdAt: ' bundle; then echo "false"; else echo "true"; fi)" >> $GITHUB_OUTPUT - - - name: Commit any manifest changes - if: ${{ steps.bundle-diff-checker.outputs.MANIFESTS_CHANGED == 'true' }} - run: | - git config user.name 'github-actions[bot]' - git config user.email 'github-actions[bot]@users.noreply.github.com' - git fetch --prune - git pull --rebase --autostash - git add -A . - git commit \ - -m "Regenerate bundle manifests" \ - -m "Co-authored-by: $GITHUB_ACTOR <$GITHUB_ACTOR@users.noreply.github.com>" - git push - # gosec needs a "build" stage so connect it to the lint step which we always do - name: build run: make lint - - name: Test + - name: test # run this stage only if there are changes that match the includes and not the excludes if: ${{ env.CHANGES != '' }} run: make test From 225382e6970434110f6bb3b04eb945aa4c77c14e Mon Sep 17 00:00:00 2001 From: Armel Soro Date: Thu, 22 Feb 2024 00:31:12 +0100 Subject: [PATCH 11/13] Update PR template to think about eventually updating the rhdh-operator.csv.yaml file --- .github/PULL_REQUEST_TEMPLATE.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 3c52191f..e095693b 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -15,6 +15,7 @@ Please explain the changes you made here. - [ ] Tests - [ ] Documentation +- [ ] If the bundle manifests have been updated, make sure to review the [`rhdh-operator.csv.yaml`](../.rhdh/bundle/manifests/rhdh-operator.csv.yaml) file accordingly ## How to test changes / Special notes to the reviewer