Merge pull request #245 from jstourac/ciChecks

Introduces basic JSON and YAML checks into this repository

.github/workflows/auto-add-issue-to-project.yml

@@ -1,5 +1,6 @@
+---
 name: Auto Add Issues to Tracking boards
-on:
+on:  # yamllint disable-line rule:truthy
   issues:
     types:
       - opened
@@ -21,4 +22,4 @@ jobs:
       - uses: actions/[email protected]
         with:
           project-url: https://github.com/orgs/opendatahub-io/projects/45
-          github-token: ${{ steps.app-token.outputs.token }}
+          github-token: ${{ steps.app-token.outputs.token }}

.github/workflows/code-quality.yaml

@@ -0,0 +1,42 @@
+---
+name: Code static analysis
+on: [pull_request]  # yamllint disable-line rule:truthy
+
+permissions:
+  contents: read
+
+jobs:
+  code-static-analysis:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Validate YAML files (best code practices check included)
+        id: validate-yaml-files
+        uses: ibiqlik/[email protected]
+        with:
+          config_file: ./ci/yamllint-config.yaml
+
+      # In some YAML files we use JSON strings, let's check these
+      - name: Validate JSON strings in YAML files (just syntax)
+        id: validate-json-strings-in-yaml-files
+        run: |
+          type json_verify || sudo apt-get install yajl-tools
+          bash ./ci/check-json.sh
+
+      - name: Validate JSON files (just syntax)
+        id: validate-json-files
+        run: |
+          type json_verify || sudo apt-get install yajl-tools
+          shopt -s globstar
+          ret_code=0
+          echo "-- Checking a regular '*.json' files"
+          for f in **/*.json; do echo "Checking: '${f}"; echo -n "  > "; cat $f | json_verify || ret_code=1; done
+          echo "-- Checking a 'Pipfile.lock' files"
+          for f in **/Pipfile.lock; do echo "Checking: '${f}"; echo -n "  > "; cat $f | json_verify || ret_code=1; done
+          echo "-- Checking a '*.ipynb' Jupyter notebook files"
+          for f in **/*.ipynb; do echo "Checking: '${f}"; echo -n "  > "; cat $f | json_verify || ret_code=1; done
+          if test "${ret_code}" -ne 0; then
+              echo "There were errors in some of the checked files. Please run `json_verify` on such files and fix issues there."
+          fi
+          exit "${ret_code}"

.github/workflows/notebooks-digest-updater-upstream.yaml

@@ -1,13 +1,14 @@
+---
 # The aim of this GitHub workflow is to update the params.env file with the latest digest.
-on:
+on:  # yamllint disable-line rule:truthy
   workflow_dispatch:
     inputs:
       branch:
         required: true
         description: "Provide the name of the branch you want to update ex main, vYYYYx etc: "
-  # Put the scheduler on comment until automate the full release procedure
-  # schedule:
-  #   - cron: "0 0 * * 5" #Scheduled every Friday
+        # Put the scheduler on comment until automate the full release procedure
+        # schedule:
+        #   - cron: "0 0 * * 5"  #Scheduled every Friday
 env:
   DIGEST_UPDATER_BRANCH: digest-updater-${{ github.run_id }}
   BRANCH_NAME: ${{ github.event.inputs.branch || 'main' }}
@@ -39,7 +40,7 @@ jobs:
          git push --set-upstream origin ${{ env.DIGEST_UPDATER_BRANCH }}
 
   update-n-version:
-    needs: [ initialize ]
+    needs: [initialize]
     runs-on: ubuntu-latest
     permissions:
       contents: write
@@ -53,8 +54,8 @@ jobs:
       - name: Checkout upstream notebooks repo
         uses: actions/checkout@v3
         with:
-         repository: opendatahub-io/notebooks.git
-         ref: ${{ env.RELEASE_VERSION_N }}
+          repository: opendatahub-io/notebooks.git
+          ref: ${{ env.RELEASE_VERSION_N }}
 
       - name: Retrieve latest weekly commit hash from the release branch
         id: hash-n
@@ -88,7 +89,7 @@ jobs:
               git fetch origin  ${{ env.DIGEST_UPDATER_BRANCH }} && git pull origin  ${{ env.DIGEST_UPDATER_BRANCH }} && git add manifests/base/params.env && git commit -m "Update images for release N via ${{ env.DIGEST_UPDATER_BRANCH }} GitHub action" && git push origin  ${{ env.DIGEST_UPDATER_BRANCH }}
 
   update-n-1-version:
-    needs: [ initialize, update-n-version ]
+    needs: [initialize, update-n-version]
     runs-on: ubuntu-latest
     permissions:
       contents: write
@@ -102,8 +103,8 @@ jobs:
       - name: Checkout upstream notebooks repo
         uses: actions/checkout@v3
         with:
-         repository: opendatahub-io/notebooks.git
-         ref: ${{ env.RELEASE_VERSION_N_1 }}
+          repository: opendatahub-io/notebooks.git
+          ref: ${{ env.RELEASE_VERSION_N_1 }}
 
       - name: Retrieve latest weekly commit hash from the release branch
         id: hash-n-1
@@ -138,7 +139,7 @@ jobs:
 
   # Creates the Pull Request
   open-pull-request:
-    needs: [ update-n-version, update-n-1-version ]
+    needs: [update-n-version, update-n-1-version]
     runs-on: ubuntu-latest
     permissions:
       pull-requests: write
@@ -149,7 +150,7 @@ jobs:
       - name: pull-request
         uses: repo-sync/pull-request@v2
         with:
-          source_branch:  ${{ env.DIGEST_UPDATER_BRANCH }}
+          source_branch: ${{ env.DIGEST_UPDATER_BRANCH }}
           destination_branch: ${{ env.BRANCH_NAME}}
           github_token: ${{ secrets.GITHUB_TOKEN }}
           pr_label: "automated pr"

.github/workflows/piplock-renewal-2023a.yml

@@ -1,17 +1,18 @@
-# This GitHub action is meant to be triggered weekly in order to update the pipfile.locks 
+---
+# This GitHub action is meant to be triggered weekly in order to update the pipfile.locks
 
 name: Weekly Pipfile.locks renewal on [2023a] branch
 
-on:
- # Triggers the workflow every Monday at 22pm UTC am 0 22 * * 1
- schedule:
-   - cron: "0 22 * * 1"
- workflow_dispatch:  # for manual trigger workflow from GH Web UI
- 
+on:  # yamllint disable-line rule:truthy
+  # Triggers the workflow every Monday at 22pm UTC am 0 22 * * 1
+  schedule:
+    - cron: "0 22 * * 1"
+  workflow_dispatch:  # for manual trigger workflow from GH Web UI
+
 jobs:
   build:
     runs-on: ubuntu-latest
-     
+
     permissions:
       # Give the default GITHUB_TOKEN write permission to commit and push the
       # added or changed files to the repository.

.github/workflows/piplock-renewal-2023b.yml

@@ -1,17 +1,18 @@
-# This GitHub action is meant to be triggered weekly in order to update the pipfile.locks 
+---
+# This GitHub action is meant to be triggered weekly in order to update the pipfile.locks
 
 name: Weekly Pipfile.locks renewal on [2023b] branch
 
-on:
- # Triggers the workflow every Monday at 22pm UTC am 0 22 * * 1
- schedule:
-   - cron: "0 22 * * 1"
- workflow_dispatch:  # for manual trigger workflow from GH Web UI
- 
+on:  # yamllint disable-line rule:truthy
+  # Triggers the workflow every Monday at 22pm UTC am 0 22 * * 1
+  schedule:
+    - cron: "0 22 * * 1"
+  workflow_dispatch:  # for manual trigger workflow from GH Web UI
+
 jobs:
   build:
     runs-on: ubuntu-latest
-     
+
     permissions:
       # Give the default GITHUB_TOKEN write permission to commit and push the
       # added or changed files to the repository.
@@ -43,4 +44,4 @@ jobs:
           git config --global user.name "GitHub Actions"
           git add .
           git commit -m "Update the pipfile.lock via the weekly workflow action"
-          git push
+          git push

.github/workflows/pr-merge-image-delete.yml

@@ -1,5 +1,6 @@
+---
 name: Delete quay image of PR once merged
-on:
+on:  # yamllint disable-line rule:truthy
   push:
     branches:
       - 'main'
@@ -69,15 +70,15 @@ jobs:
           skopeo delete docker://${QUAY_IMAGE_REPO}:jupyter-datascience-ubi8-python-3.8-pr-${{ env.PR }}
           skopeo delete docker://${QUAY_IMAGE_REPO}:jupyter-pytorch-ubi8-python-3.8-pr-${{ env.PR }}
           skopeo delete docker://${QUAY_IMAGE_REPO}:jupyter-trustyai-ubi8-python-3.8-pr-${{ env.PR }}
-          skopeo delete docker://${QUAY_IMAGE_REPO}:jupyter-datascience-anaconda-python-3.8-pr-${{ env.PR }}  
+          skopeo delete docker://${QUAY_IMAGE_REPO}:jupyter-datascience-anaconda-python-3.8-pr-${{ env.PR }}
           skopeo delete docker://${QUAY_IMAGE_REPO}:cuda-jupyter-minimal-ubi8-python-3.8-pr-${{ env.PR }}
           skopeo delete docker://${QUAY_IMAGE_REPO}:cuda-jupyter-datascience-ubi8-python-3.8-pr-${{ env.PR }}
           skopeo delete docker://${QUAY_IMAGE_REPO}:cuda-jupyter-tensorflow-ubi8-python-3.8-pr-${{ env.PR }}
           skopeo delete docker://${QUAY_IMAGE_REPO}:runtime-minimal-ubi8-python-3.8-pr-${{ env.PR }}
           skopeo delete docker://${QUAY_IMAGE_REPO}:runtime-datascience-ubi8-python-3.8-pr-${{ env.PR }}
           skopeo delete docker://${QUAY_IMAGE_REPO}:runtime-pytorch-ubi8-python-3.8-pr-${{ env.PR }}
           skopeo delete docker://${QUAY_IMAGE_REPO}:runtime-cuda-tensorflow-ubi8-python-3.8-pr-${{ env.PR }}
-          
+
           skopeo delete docker://${QUAY_IMAGE_REPO}:jupyter-minimal-ubi9-python-3.9-pr-${{ env.PR }}
           skopeo delete docker://${QUAY_IMAGE_REPO}:jupyter-datascience-ubi9-python-3.9-pr-${{ env.PR }}
           skopeo delete docker://${QUAY_IMAGE_REPO}:jupyter-pytorch-ubi9-python-3.9-pr-${{ env.PR }}
@@ -91,4 +92,4 @@ jobs:
           skopeo delete docker://${QUAY_IMAGE_REPO}:runtime-cuda-tensorflow-ubi9-python-3.9-pr-${{ env.PR }}
           skopeo delete docker://${QUAY_IMAGE_REPO}:codeserver-c9s-python-3.9-pr-${{ env.PR }}
           skopeo delete docker://${QUAY_IMAGE_REPO}:rstudio-c9s-python-3.9-pr-${{ env.PR }}
-          skopeo delete docker://${QUAY_IMAGE_REPO}:cuda-rstudio-c9s-python-3.9-pr-${{ env.PR }}
+          skopeo delete docker://${QUAY_IMAGE_REPO}:cuda-rstudio-c9s-python-3.9-pr-${{ env.PR }}

base/anaconda-python-3.8/environment.yml

@@ -1,3 +1,4 @@
+---
 name: /opt/app-root
 channels:
   - defaults

ci/check-json.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+#
+# This script serves to check YAML files in this repository that contain particular
+# key fields where JSON string is expected. Such JSON strings are extracted and
+# validated via `json_verify` tool.
+#
+# Local execution: ./ci/check-json.sh
+#   Note: please execute from the root directory so that whole dir tree is checked
+#
+# In case of the PR on GitHub, this check is tied to GitHub actions automatically,
+# see `.github/workflows` directory.
+
+shopt -s globstar
+
+function check_json() {
+    local f="${1}"
+    local string="${2}"
+
+    local ret_code=0
+
+    echo "" # Let's make some space from eventual previous file check
+    echo "Checking: '${f}' - for '${string}':"
+
+    if grep --quiet --extended-regexp "${string}" "${f}"; then
+    #if $(grep -e "${string}" "${f}"); then
+        jsons=$(yq -r ".spec.tags[].annotations.\"${string}\"" "${f}")
+
+        while IFS= read -r json; do
+            echo "    ${json}"
+            echo -n "  > "; echo "${json}" | json_verify || ret_code="${?}"
+        done <<< "${jsons}"
+    else
+	echo "    Ignoring as this file doesn't contain necessary key field '${string}' for check"
+    fi
+
+    return "${ret_code}"
+}
+
+ret_code=0
+for f in **/*.yml **/*.yaml; do
+    check_json "${f}" "opendatahub.io/notebook-software" || ret_code="${?}"
+    check_json "${f}" "opendatahub.io/notebook-python-dependencies" || ret_code="${?}"
+done
+
+exit "${ret_code}"

ci/yamllint-config.yaml

@@ -0,0 +1,8 @@
+---
+
+extends: default
+
+rules:
+  line-length: disable
+  new-line-at-end-of-file:
+    level: warning

codeserver/c9s-python-3.9/kustomize/base/pod.yaml

@@ -1,21 +1,22 @@
+---
 apiVersion: v1
 kind: Pod
 metadata:
   name: pod
-  labels:                                
+  labels:
     app: codeserver-image
 spec:
-  containers:                            
-  - name: codeserver
-    image: codeserver-workbench
-    command: [ "/bin/sh", "-c", "while true ; do date; sleep 5; done;" ] 
-    imagePullPolicy: Always
-    ports:
-      - containerPort: 8585
-    resources:
-      limits:
-        cpu: 500m
-        memory: 500Mi
-      requests:
-        cpu: 500m
-        memory: 500Mi
+  containers:
+    - name: codeserver
+      image: codeserver-workbench
+      command: ["/bin/sh", "-c", "while true ; do date; sleep 5; done;"]
+      imagePullPolicy: Always
+      ports:
+        - containerPort: 8585
+      resources:
+        limits:
+          cpu: 500m
+          memory: 500Mi
+        requests:
+          cpu: 500m
+          memory: 500Mi

jupyter/datascience/anaconda-python-3.8/environment.yml

@@ -1,3 +1,4 @@
+---
 name: /opt/app-root
 channels:
   - conda-forge
@@ -363,4 +364,4 @@ dependencies:
   - zipp=3.15.0=pyhd8ed1ab_0
   - zlib=1.2.13=h5eee18b_0
   - zstd=1.5.2=ha4553b6_0
-prefix: /opt/app-root
+prefix: /opt/app-root

manifests/base/jupyter-datascience-notebook-imagestream.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: image.openshift.io/v1
 kind: ImageStream
 metadata:
@@ -13,26 +14,26 @@ spec:
   lookupPolicy:
     local: true
   tags:
-  # N Version of the image
-  - annotations:
-      opendatahub.io/notebook-software: '[{"name":"Python","version":"v3.9"}]'
-      opendatahub.io/notebook-python-dependencies: '[{"name":"Boto3","version":"1.26"},{"name":"Kafka-Python","version":"2.0"},{"name":"Kfp-tekton","version":"1.5"},{"name":"Matplotlib","version":"3.6"},{"name":"Numpy","version":"1.24"},{"name":"Pandas","version":"1.5"},{"name":"Scikit-learn","version":"1.2"},{"name":"Scipy","version":"1.10"},{"name":"Elyra","version":"3.15"}]'
-      openshift.io/imported-from: quay.io/opendatahub/workbench-images
-      opendatahub.io/workbench-image-recommended: 'true'
-    from:
-      kind: DockerImage
-      name: $(odh-generic-data-science-notebook-image-n)
-    name: "2023.1"
-    referencePolicy:
-      type: Source
-  # N-1 Version of the image
-  - annotations:
-      opendatahub.io/notebook-software: '[{"name":"Python","version":"v3.8"}]'
-      opendatahub.io/notebook-python-dependencies: '[{"name":"Boto3","version":"1.17"},{"name":"Kafka-Python","version":"2.0"},{"name":"Matplotlib","version":"3.4"},{"name":"Numpy","version":"1.19"},{"name":"Pandas","version":"1.2"},{"name":"Scikit-learn","version":"0.24"},{"name":"Scipy","version":"1.6"}]'
-      openshift.io/imported-from: quay.io/opendatahub/notebooks
-    from:
-      kind: DockerImage
-      name:  $(odh-generic-data-science-notebook-image-n-1)
-    name: "1.2"
-    referencePolicy:
-      type: Source
+    # N Version of the image
+    - annotations:
+        opendatahub.io/notebook-software: '[{"name":"Python","version":"v3.9"}]'
+        opendatahub.io/notebook-python-dependencies: '[{"name":"Boto3","version":"1.26"},{"name":"Kafka-Python","version":"2.0"},{"name":"Kfp-tekton","version":"1.5"},{"name":"Matplotlib","version":"3.6"},{"name":"Numpy","version":"1.24"},{"name":"Pandas","version":"1.5"},{"name":"Scikit-learn","version":"1.2"},{"name":"Scipy","version":"1.10"},{"name":"Elyra","version":"3.15"}]'
+        openshift.io/imported-from: quay.io/opendatahub/workbench-images
+        opendatahub.io/workbench-image-recommended: 'true'
+      from:
+        kind: DockerImage
+        name: $(odh-generic-data-science-notebook-image-n)
+      name: "2023.1"
+      referencePolicy:
+        type: Source
+    # N-1 Version of the image
+    - annotations:
+        opendatahub.io/notebook-software: '[{"name":"Python","version":"v3.8"}]'
+        opendatahub.io/notebook-python-dependencies: '[{"name":"Boto3","version":"1.17"},{"name":"Kafka-Python","version":"2.0"},{"name":"Matplotlib","version":"3.4"},{"name":"Numpy","version":"1.19"},{"name":"Pandas","version":"1.2"},{"name":"Scikit-learn","version":"0.24"},{"name":"Scipy","version":"1.6"}]'
+        openshift.io/imported-from: quay.io/opendatahub/notebooks
+      from:
+        kind: DockerImage
+        name: $(odh-generic-data-science-notebook-image-n-1)
+      name: "1.2"
+      referencePolicy:
+        type: Source