Skip to content

Check Software Version #882

Check Software Version

Check Software Version #882

Workflow file for this run

name: Check Software Version
on:
# Daily trigger to check updates
schedule:
- cron: "0 0 * * *"
workflow_dispatch:
inputs:
# XXX: dry-run has side effects:
# 1. Opens issue in openshift-helm-chart/sandbox if failures are detected.
# 2. Runs this workflow whether or not a version change has occurred
# 3. By default dperaza and mmulholla are tagged in any issues raised.
dry-run:
description: "Dry Run? (Unconditionally run tests and create issues in sandbox) {true,false}"
required: true
default: "true"
update-version:
description: "Dry run also checks and updates software-version file if not charts repository"
required: true
default: "false"
vendor-type:
description: "Vendor type {all,partner,redhat,community}"
required: true
default: "all"
notify-id:
description: "(Optional) Issue notification {github id}"
required: false
default: ""
jobs:
check-ocp:
name: Check OpenShift Version
runs-on: ubuntu-22.04
steps:
- name: check schedule and main repository
id: check_repo
run: |
echo "GITHUB_EVENT_NAME : $GITHUB_EVENT_NAME"
echo "GITHUB_REPOSITORY : $GITHUB_REPOSITORY"
echo "dry-run : ${{ github.event.inputs.dry-run }}"
echo "update-version : ${{ github.event.inputs.update-version }}"
if [ $GITHUB_EVENT_NAME == 'workflow_dispatch' ]; then
echo "run-job=true" >> $GITHUB_OUTPUT
if [ "${{ github.event.inputs.dry-run }}" == "true" ]; then
if [[ "${{ github.event.inputs.update-version }}" == "true" && $GITHUB_REPOSITORY != "openshift-helm-charts/charts" ]]; then
echo "check-version=true" >> $GITHUB_OUTPUT
else
echo "check-version=false" >> $GITHUB_OUTPUT
fi
else
echo "check-version=true" >> $GITHUB_OUTPUT
fi
elif [ $GITHUB_REPOSITORY == "openshift-helm-charts/charts" ]; then
echo "run-job=true" >> $GITHUB_OUTPUT
echo "check-version=true" >> $GITHUB_OUTPUT
else
echo "run-job=false" >> $GITHUB_OUTPUT
echo "check-version=false" >> $GITHUB_OUTPUT
fi
- name: Install oc
if: steps.check_repo.outputs.run-job == 'true'
run: |
curl -sLO https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable/openshift-client-linux.tar.gz
tar zxvf openshift-client-linux.tar.gz oc
- name: Log into OpenShift cluster
if: steps.check_repo.outputs.run-job == 'true'
run: |
API_SERVER=$(echo -n ${{ secrets.API_SERVER }} | base64 -d)
./oc login --insecure-skip-tls-verify --token=${{ secrets.CLUSTER_TOKEN }} --server=${API_SERVER}
shell: bash
- name: Get current OpenShift version
if: steps.check_repo.outputs.run-job == 'true'
id: get_curr_ocp_version
run: |
OCP_VERSION=$(./oc version -o json | jq '.openshiftVersion')
OCP_VERSION=$(sed -e 's/^"//' -e 's/"$//' <<< $OCP_VERSION)
printf "[INFO] Current OCP Version: %s\n" ${OCP_VERSION}
echo "curr_ocp_version=${OCP_VERSION}" >> $GITHUB_OUTPUT
shell: bash
- name: Checkout software-version branch
if: steps.check_repo.outputs.check-version == 'true'
uses: actions/checkout@v4
with:
ref: "software-version"
repository: ${{ github.repository }}
- name: Read previous OpenShift version
id: get_prev_ocp_version
if: steps.check_repo.outputs.check-version == 'true'
uses: mikefarah/yq@master
with:
cmd: yq e '.openshift.release-client-version' software-version.yaml
- name: Check if test should run
id: check_test
run: |
set -euo pipefail
if [ "${{ steps.check_repo.outputs.run-job }}" != "true" ]; then
echo "run_tests=false" >> $GITHUB_OUTPUT
echo "update-version=false" >> $GITHUB_OUTPUT
elif [ "${{ steps.check_repo.outputs.check-version }}" == "true" ]; then
if [ "${{ steps.get_curr_ocp_version.outputs.curr_ocp_version }}" == "${{ steps.get_prev_ocp_version.outputs.result }}" ]; then
# No change in the OpenShift versions.
printf "OpenShift version has not changed since last run: '%s' -> '%s'\n" "${{ steps.get_prev_ocp_version.outputs.result }}" "${{ steps.get_curr_ocp_version.outputs.curr_ocp_version }}"
echo "update-version=false" >> $GITHUB_OUTPUT
if [ "${{ github.event.inputs.dry-run }}" == "true" ]; then
echo "Openshift version has not changed but run anyaway as dry-run is set"
echo "run_tests=true" >> $GITHUB_OUTPUT
else
echo "Openshift version has not changed do not run tests"
echo "run_tests=false" >> $GITHUB_OUTPUT
fi
else
printf "OpenShift version has changed since last run: '%s' -> '%s'\n" "${{ steps.get_prev_ocp_version.outputs.result }}" "${{ steps.get_curr_ocp_version.outputs.curr_ocp_version }}"
echo "run_tests=true" >> $GITHUB_OUTPUT
echo "update-version=true" >> $GITHUB_OUTPUT
fi
else
# Run whether open shift version has changed or not
echo "Run tests - version check skipped"
echo "update-version=false" >> $GITHUB_OUTPUT
echo "run_tests=true" >> $GITHUB_OUTPUT
fi
shell: bash
- name: Update software-version.yaml
if: |
steps.check_test.outputs.update-version == 'true'
uses: mikefarah/yq@master
with:
cmd: yq eval -i '.openshift.release-client-version = "${{ steps.get_curr_ocp_version.outputs.curr_ocp_version }}"' 'software-version.yaml'
- name: Push software-version.yaml
if: |
steps.check_test.outputs.update-version == 'true'
run: |
COMMIT_MESSAGE=$(printf "software-version.yaml: Update OpenShift version from '%s' to '%s'" "${{ steps.get_prev_ocp_version.outputs.result }}" "${{ steps.get_curr_ocp_version.outputs.curr_ocp_version }}")
git remote -v
git branch -vv
git config --global user.name "github-actions[bot]"
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
git commit -am "${COMMIT_MESSAGE}"
git push
- name: Checkout main branch
if: |
steps.check_test.outputs.run_tests == 'true'
uses: actions/checkout@v4
with:
ref: "main"
token: ${{ secrets.BOT_TOKEN }}
fetch-depth: 0
- name: Set up Python 3.x Part 1
if: |
steps.check_test.outputs.run_tests == 'true'
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Set up Python 3.x Part 2
if: |
steps.check_test.outputs.run_tests == 'true'
run: |
# set up python
python3 -m venv ve1
cd scripts
../ve1/bin/pip3 install -r requirements.txt
../ve1/bin/pip3 install .
cd ..
- name: (Manual) Run tests on existing charts
if: |
github.event_name == 'workflow_dispatch' && steps.check_test.outputs.run_tests == 'true'
env:
CLUSTER_TOKEN: ${{ secrets.CLUSTER_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DRY_RUN: ${{ github.event.inputs.dry-run }}
VENDOR_TYPE: ${{ github.event.inputs.vendor-type }}
NOTIFY_ID: ${{ github.event.inputs.notify-id }}
BOT_NAME: ${{ secrets.BOT_NAME }}
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
SOFTWARE_NAME: "OpenShift"
SOFTWARE_VERSION: ${{ steps.get_curr_ocp_version.outputs.curr_ocp_version }}
run: |
printf "[INFO] Dry run: '%s'\n" "${{ env.DRY_RUN }}"
printf "[INFO] Vendor type: '%s'\n" "${{ env.VENDOR_TYPE }}"
printf "[INFO] Notify ID: '%s'\n" "${{ env.NOTIFY_ID }}"
printf "[INFO] Software Name: '%s'\n" "${{ env.SOFTWARE_NAME }}"
printf "[INFO] Software Version: '%s'\n" "${{ env.SOFTWARE_VERSION }}"
ve1/bin/behave tests/functional/behave_features/ --tags=version-change --logging-level=INFO --no-capture --no-color
- name: (Schedule) Run tests on existing charts
id: run-schedule-tests
if: |
github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true'
env:
CLUSTER_TOKEN: ${{ secrets.CLUSTER_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BOT_NAME: ${{ secrets.BOT_NAME }}
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
DRY_RUN: "false"
VENDOR_TYPE: "all"
NOTIFY_ID: ""
SOFTWARE_NAME: "OpenShift"
SOFTWARE_VERSION: ${{ steps.get_curr_ocp_version.outputs.curr_ocp_version }}
run: |
printf "[INFO] Dry run: '%s'\n" "${{ env.DRY_RUN }}"
printf "[INFO] Vendor type: '%s'\n" "${{ env.VENDOR_TYPE }}"
printf "[INFO] Notify ID: '%s'\n" "${{ env.NOTIFY_ID }}"
printf "[INFO] Software Name: '%s'\n" "${{ env.SOFTWARE_NAME }}"
printf "[INFO] Software Version: '%s'\n" "${{ env.SOFTWARE_VERSION }}"
ve1/bin/behave tests/functional/behave_features/ --tags=version-change --logging-level=INFO --no-capture --no-color
- name: Send message to helm_dev slack channel
id: notify_dev
if: ${{ always() && github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true' && steps.run-schedule-tests.conclusion != 'success' }}
uses: archive/[email protected]
with:
slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN }}
slack-channel: C02979BDUPL
slack-text: Failure! Nightly run after an OpenShift version update to ${{ steps.get_curr_ocp_version.outputs.curr_ocp_version }} was detected. See '${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}'
- name: Result from "Send Message to helm_dev slack channel"
if: ${{ always() && github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true' && steps.run-schedule-tests.conclusion != 'success' }}
run: echo "The result was ${{ steps.notify_dev.outputs.slack-result }}"
- name: Send message to helm_notify slack channel
id: notify
if: ${{ always() && github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true' && steps.run-schedule-tests.conclusion == 'success' }}
uses: archive/[email protected]
with:
slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN }}
slack-channel: C04K1ARMH8A
slack-text: Success! Nightly run after an OpenShift version update to ${{ steps.get_curr_ocp_version.outputs.curr_ocp_version }} was detected. See '${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}'
- name: Result from "Send Message to helm_notify slack channel"
if: ${{ always() && github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true' && steps.run-schedule-tests.conclusion == 'success' }}
run: echo "The result was ${{ steps.notify.outputs.slack-result }}"
check-chart-verifier:
if: ${{ always() }}
needs: check-ocp
name: Check Chart Verifier Version
runs-on: ubuntu-22.04
steps:
- name: check schedule and main repository
id: check_repo
run: |
echo "GITHUB_EVENT_NAME : $GITHUB_EVENT_NAME"
echo "GITHUB_REPOSITORY : $GITHUB_REPOSITORY"
echo "dry-run : ${{ github.event.inputs.dry-run }}"
echo "update-version : ${{ github.event.inputs.update-version }}"
if [ $GITHUB_EVENT_NAME == 'workflow_dispatch' ]; then
echo "run-job=true" >> $GITHUB_OUTPUT
if [ "${{ github.event.inputs.dry-run }}" == "true" ]; then
if [[ "${{ github.event.inputs.update-version }}" == "true" && $GITHUB_REPOSITORY != "openshift-helm-charts/charts" ]]; then
echo "check-version=true" >> $GITHUB_OUTPUT
else
echo "check-version=false" >> $GITHUB_OUTPUT
fi
else
echo "check-version=true" >> $GITHUB_OUTPUT
fi
elif [ $GITHUB_REPOSITORY == "openshift-helm-charts/charts" ]; then
echo "run-job=true" >> $GITHUB_OUTPUT
echo "check-version=true" >> $GITHUB_OUTPUT
else
echo "run-job=false" >> $GITHUB_OUTPUT
echo "check-version=false" >> $GITHUB_OUTPUT
fi
- name: Get current Chart Verifier version
id: get_curr_cv_version
if: steps.check_repo.outputs.run-job == 'true'
run: |
QUAY_API='https://quay.io/api/v1/repository/redhat-certification/chart-verifier/tag/'
CV_DIGEST=$(curl ${QUAY_API} | jq '[.tags[] | select(.name == "latest")] | .[0].manifest_digest')
printf "[INFO] Current Chart Verifier digest: %s\n" ${CV_DIGEST}
echo "current_cv_digest=${CV_DIGEST}" >> $GITHUB_OUTPUT
shell: bash
- name: Checkout software-version branch
if: steps.check_repo.outputs.check-version == 'true'
uses: actions/checkout@v4
with:
ref: "software-version"
repository: ${{ github.repository }}
- name: Read previous Chart Verifier digest
if: steps.check_repo.outputs.check-version == 'true'
id: get_prev_cv_digest
uses: mikefarah/yq@master
with:
cmd: yq e '.chart-verifier.latest-manifest-digest' software-version.yaml
- name: Compare Chart Verifier versions
id: check_test
run: |
set -euo pipefail
if [ "${{ steps.check_repo.outputs.run-job }}" != "true" ]; then
echo "run_tests=false" >> $GITHUB_OUTPUT
echo "update-version=false" >> $GITHUB_OUTPUT
elif [ "${{ steps.check_repo.outputs.check-version }}" == "true" ]; then
if [ "${{ steps.get_curr_cv_version.outputs.current_cv_digest }}" == "${{ steps.get_prev_cv_digest.outputs.result }}" ]; then
# No change in the Chart Verifier image - do not run tests if a scheduled run or dry-run is not set
printf "Chart Verifier has not changed since last run: '%s' -> '%s'\n" "${{ steps.get_prev_cv_digest.outputs.result }}" "${{ steps.get_curr_cv_version.outputs.current_cv_digest }}"
echo "update-version=false" >> $GITHUB_OUTPUT
if [ "${{ github.event.inputs.dry-run }}" == "true" ]; then
echo "Chart Verifier image has not changed but run anyaway as dry-run is set"
echo "run_tests=true" >> $GITHUB_OUTPUT
else
echo "Chart Verifier image has not changed do not run tests"
echo "run_tests=false" >> $GITHUB_OUTPUT
fi
else
# New Chart Verifier image is found
printf "Chart Verifier has changed since last run: '%s' -> '%s'\n" "${{ steps.get_prev_cv_digest.outputs.result }}" "${{ steps.get_curr_cv_version.outputs.current_cv_digest }}"
echo "run_tests=true" >> $GITHUB_OUTPUT
echo "update-version=true" >> $GITHUB_OUTPUT
fi
else
# Run whether Chart Verifier image has changed or not
echo "Run tests - version check skipped"
echo "update-version=false" >> $GITHUB_OUTPUT
echo "run_tests=true" >> $GITHUB_OUTPUT
fi
shell: bash
- name: Update software-version.yaml
if: |
steps.check_test.outputs.update-version == 'true'
uses: mikefarah/yq@master
with:
cmd: yq eval -i '.chart-verifier.latest-manifest-digest = ${{ steps.get_curr_cv_version.outputs.current_cv_digest }}' 'software-version.yaml'
- name: Push software-version.yaml
if: |
steps.check_test.outputs.update-version == 'true'
run: |
COMMIT_MESSAGE=$(printf "software-version.yaml: Update chart-verifier version from '%s' to '%s'" "${{ steps.get_prev_ocp_version.outputs.result }}" "${{ steps.get_curr_cv_version.outputs.current_cv_digest }}")
git remote -v
git branch -vv
git config --global user.name "github-actions[bot]"
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
git commit -am "${COMMIT_MESSAGE}"
git push
- name: Checkout charts main branch
if: |
steps.check_test.outputs.run_tests == 'true'
uses: actions/checkout@v4
with:
ref: "main"
token: ${{ secrets.BOT_TOKEN }}
fetch-depth: 0
- name: Set up Python 3.x Part 1
if: |
steps.check_test.outputs.run_tests == 'true'
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Set up Python 3.x Part 2
if: |
steps.check_test.outputs.run_tests == 'true'
run: |
# set up python
pwd
python3 -m venv ve1
cd scripts
../ve1/bin/pip3 install -r requirements.txt
../ve1/bin/pip3 install .
cd ..
- name: (Manual) Run tests on existing charts
if: |
github.event_name == 'workflow_dispatch' && steps.check_test.outputs.run_tests == 'true'
env:
CLUSTER_TOKEN: ${{ secrets.CLUSTER_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DRY_RUN: ${{ github.event.inputs.dry-run }}
VENDOR_TYPE: ${{ github.event.inputs.vendor-type }}
NOTIFY_ID: ${{ github.event.inputs.notify-id }}
BOT_NAME: ${{ secrets.BOT_NAME }}
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
SOFTWARE_NAME: "chart-verifier"
SOFTWARE_VERSION: ${{ steps.get_curr_cv_version.outputs.current_cv_digest }}
run: |
printf "[INFO] Dry run: '%s'\n" "${{ env.DRY_RUN }}"
printf "[INFO] Vendor type: '%s'\n" "${{ env.VENDOR_TYPE }}"
printf "[INFO] Notify ID: '%s'\n" "${{ env.NOTIFY_ID }}"
printf "[INFO] Software Name: '%s'\n" "${{ env.SOFTWARE_NAME }}"
printf "[INFO] Software Version: '%s'\n" "${{ env.SOFTWARE_VERSION }}"
ve1/bin/behave tests/functional/behave_features/ --tags=version-change --logging-level=INFO --no-capture --no-color
- name: (Schedule) Run tests on existing charts
id: run-schedule-tests
if: |
github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true'
env:
CLUSTER_TOKEN: ${{ secrets.CLUSTER_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BOT_NAME: ${{ secrets.BOT_NAME }}
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
# XXX: set to false when ready to launch notifications
DRY_RUN: "true"
VENDOR_TYPE: "all"
NOTIFY_ID: ""
SOFTWARE_NAME: "chart-verifier"
SOFTWARE_VERSION: ${{ steps.get_curr_cv_version.outputs.current_cv_digest }}
run: |
printf "[INFO] Dry run: '%s'\n" "${{ env.DRY_RUN }}"
printf "[INFO] Vendor type: '%s'\n" "${{ env.VENDOR_TYPE }}"
printf "[INFO] Notify ID: '%s'\n" "${{ env.NOTIFY_ID }}"
printf "[INFO] Software Name: '%s'\n" "${{ env.SOFTWARE_NAME }}"
printf "[INFO] Software Version: '%s'\n" "${{ env.SOFTWARE_VERSION }}"
ve1/bin/behave tests/functional/behave_features/ --tags=version-change --logging-level=INFO --no-capture --no-color
- name: Send message to helm_dev slack channel
id: notify_dev
if: ${{ always() && github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true' && steps.run-schedule-tests.conclusion != 'success' }}
uses: archive/[email protected]
with:
slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN }}
slack-channel: C02979BDUPL
slack-text: Failure! Nightly run after a chart-verifier version update to ${{ steps.get_curr_cv_version.outputs.current_cv_digest }} was detected. See '${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}'
- name: Result from "Send Message to helm_dev slack channel"
if: ${{ always() && github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true' && steps.run-schedule-tests.conclusion != 'success' }}
run: echo "The result was ${{ steps.notify_dev.outputs.slack-result }}"
- name: Send message to helm_notify slack channel
id: notify
if: ${{ always() && github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true' && steps.run-schedule-tests.conclusion == 'success' }}
uses: archive/[email protected]
with:
slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN }}
slack-channel: C04K1ARMH8A
slack-text: Success! Nightly run after a chart-verifier version update to ${{ steps.get_curr_cv_version.outputs.current_cv_digest }} was detected. See '${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}'
- name: Result from "Send Message to helm_notify slack channel"
if: ${{ always() && github.event_name == 'schedule' && steps.check_test.outputs.run_tests == 'true' && steps.run-schedule-tests.conclusion == 'success' }}
run: echo "The result was ${{ steps.notify.outputs.slack-result }}"