Skip to content

operator keycloak-operator (25.0.0) #7791

operator keycloak-operator (25.0.0)

operator keycloak-operator (25.0.0) #7791

Workflow file for this run

name: Operator CI
on:
pull_request_target:
types: [opened, synchronize, reopened, ready_for_review, unlabeled]
env:
AUTOMERGE_ENABLED: "1"
OPP_PRODUCTION_TYPE: "k8s"
OPP_SCRIPT_URL: "https://raw.githubusercontent.com/redhat-openshift-ecosystem/community-operators-pipeline/ci/latest/ci/scripts/opp.sh"
OPP_SCRIPT_ENV_OPRT_URL: "https://raw.githubusercontent.com/redhat-openshift-ecosystem/community-operators-pipeline/ci/latest/ci/scripts/opp-oprt.sh"
OPP_SCRIPT_ENV_URL: "https://raw.githubusercontent.com/redhat-openshift-ecosystem/community-operators-pipeline/ci/latest/ci/scripts/opp-env.sh"
OPP_SCRIPT_COSMETICS_URL: "https://raw.githubusercontent.com/redhat-openshift-ecosystem/community-operators-pipeline/ci/latest/ci/scripts/opp-oprt-cosmetics.sh"
OPP_THIS_REPO_BASE: "https://github.com"
OPP_THIS_REPO: "k8s-operatorhub/community-operators"
OPP_THIS_BRANCH: "main"
OPP_ANSIBLE_PULL_REPO: "https://github.com/redhat-openshift-ecosystem/operator-test-playbooks"
OPP_ANSIBLE_PULL_BRANCH: "upstream-community"
OPP_REVIEWERS_ENABLED: 1
OPP_THIS_REPO_NAME: "community-operators"
OPP_THIS_REPO_ORG: "k8s-operatorhub"
jobs:
operator-automerge-enabled:
runs-on: ubuntu-latest
if: github.event.pull_request.state == 'open'
steps:
- name: Remove automerge-disabled when needed
if: ${{ env.AUTOMERGE_ENABLED == '1' }}
uses: actions/github-script@v6
continue-on-error: true
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.removeLabel({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
name: 'automerge-disabled'
})
- name: Add automerge-disabled when needed
uses: actions/github-script@v6
if: ${{ env.AUTOMERGE_ENABLED == '0' }}
continue-on-error: true
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: [ 'automerge-disabled' ]
})
operator-ci:
if: github.event.pull_request.draft == false || contains(github.event.pull_request.labels.*.name, 'allow/test-in-draft-mode')
needs: operator-automerge-enabled
runs-on: ubuntu-latest
steps:
# - name: Setting labels from changes in directory changes
# uses: actions/labeler@v2
# with:
# repo-token: "${{ secrets.GITHUB_TOKEN }}"
- name: "Remove package-validated"
uses: actions/github-script@v6
if: (!contains(github.event.pull_request.labels.*.name, 'do-not-merge/hold'))
continue-on-error: true
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.removeLabel({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
name: 'package-validated'
})
- name: "Add Assignees"
uses: actions/github-script@v6
if: github.event.action == 'opened' || github.event.action == 'reopened'
continue-on-error: true
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.addAssignees({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
assignees: ['mporrato', 'Allda']
});
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.x'
- name: Install dependencies
run: python -m pip install --upgrade pip yq
- name: Operator traffic light
id: op-traffic-light
env:
OPP_LABELS: "${{ join(github.event.pull_request.labels.*.name, ' ') }}"
OPP_PR_AUTHOR: "${{ github.event.pull_request.user.login }}"
OPP_OPRT_REPO: "${{ github.event.pull_request.head.repo.full_name }}"
OPP_OPRT_SHA: "${{ github.event.pull_request.head.sha }}"
OPP_OPRT_SRC_REPO: "${{ github.event.pull_request.base.repo.full_name }}"
OPP_OPRT_SRC_BRANCH: "${{ github.event.pull_request.base.ref }}"
OPP_THIS_PR: ${{ github.event.pull_request.number }}
run: |
bash <(curl -sL $OPP_SCRIPT_ENV_OPRT_URL)
- name: "Remove installation-validated"
uses: actions/github-script@v6
if: (github.event.action != 'unlabeled')
continue-on-error: true
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const arr = ['installation-validated', 'installation-validated-atest', ];
for (let label of arr) {
github.rest.issues.removeLabel({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
name: label
})
}
- name: "Mention reviewers if exist"
if: (steps.op-traffic-light.outputs.opp_pr_revievers != '') && (!contains(github.event.pull_request.labels.*.name, 'allow/ci-changes'))
uses: mshick/add-pr-comment@v1
with:
message: |
${{ steps.op-traffic-light.outputs.opp_pr_revievers }}, please approve as you are original reviewer(s).
- To add more contributors to `ci.yaml` follow instruction [here](https://${OPP_THIS_REPO_ORG}.github.io/${OPP_THIS_REPO_NAME}/operator-ci-yaml).
- To approve follow instruction [here](https://${OPP_THIS_REPO_ORG}.github.io/${OPP_THIS_REPO_NAME}/self-merge-updates/#how-can-i-approve-a-pr-against-my-operator)
repo-token: ${{ secrets.GITHUB_TOKEN }}
repo-token-user-login: 'github-actions[bot]' # The user.login for temporary GitHub tokens
allow-repeats: false
- name: "Mention reviewers if ci.yaml was changed"
if: steps.op-traffic-light.outputs.opp_pr_revievers != '' && steps.op-traffic-light.outputs.opp_ci_yaml_changed == '1' && steps.op-traffic-light.outputs.opp_authorized_changes == '0'
uses: mshick/add-pr-comment@v1
with:
message: |
/hold
${{ steps.op-traffic-light.outputs.opp_pr_revievers }}, Please note that ci.yml was changed.
- To approve follow instruction [here](https://${OPP_THIS_REPO_ORG}.github.io/${OPP_THIS_REPO_NAME}/self-merge-updates/#how-can-i-approve-a-pr-against-my-operator)
repo-token: ${{ secrets.GITHUB_TOKEN }}
repo-token-user-login: 'github-actions[bot]' # The user.login for temporary GitHub tokens
allow-repeats: false
- name: "Comment operator test error code [1]"
if: failure() && steps.op-traffic-light.outputs.opp_error_code == '1'
uses: mshick/add-pr-comment@v1
with:
message: |
Overwrite and recreate labels cannot be set at the same time.
repo-token: ${{ secrets.GITHUB_TOKEN }}
repo-token-user-login: 'github-actions[bot]' # The user.login for temporary GitHub tokens
allow-repeats: true
- name: "Comment operator test error code [2]"
if: failure() && steps.op-traffic-light.outputs.opp_error_code == '2'
uses: mshick/add-pr-comment@v1
with:
message: |
/hold
There are changes in both `community-operators` and `upstream-community-operators` directories at the same time. Only one of these directories can be changed in one PR. You need to open another PR for other directory (e.g. `upstream-community-operators`)
Please add comment with `/hold cancel` when ready.
repo-token: ${{ secrets.GITHUB_TOKEN }}
repo-token-user-login: 'github-actions[bot]' # The user.login for temporary GitHub tokens
allow-repeats: true
- name: "Comment operator test error code [3]"
if: failure() && steps.op-traffic-light.outputs.opp_error_code == '3'
uses: mshick/add-pr-comment@v1
with:
message: |
This PR has changes outside of `operators` directory. Maintainers have to approve it.
repo-token: ${{ secrets.GITHUB_TOKEN }}
repo-token-user-login: 'github-actions[bot]' # The user.login for temporary GitHub tokens
allow-repeats: true
- name: "Comment operator test error code [4]"
if: failure() && steps.op-traffic-light.outputs.opp_error_code == '4'
uses: mshick/add-pr-comment@v1
with:
message: |
/hold
File `${{ steps.op-traffic-light.outputs.opp_production_type }}/${{ steps.op-traffic-light.outputs.opp_name }}/ci.yaml` is missing or not valid. More details in failed test `Operator CI / operator-ci` logs. Documentation how to setup valid `ci.yaml` file can be found at https://${OPP_THIS_REPO_ORG}.github.io/${OPP_THIS_REPO_NAME}/operator-ci-yaml."
Note: Only single file modification on `ci.yaml` is allowed. Please make separate PR to apply `ci.yaml` file updates and get it merged before current PR.
Please add comment with `/hold cancel` when ready.
repo-token: ${{ secrets.GITHUB_TOKEN }}
repo-token-user-login: 'github-actions[bot]' # The user.login for temporary GitHub tokens
allow-repeats: true
- name: "Comment operator test error code [5]"
if: failure() && steps.op-traffic-light.outputs.opp_error_code == '5'
uses: mshick/add-pr-comment@v1
with:
message: |
/hold
Multiple opratros changes are not supported in single PR. Please open another PRs for other operators.
Please add comment with `/hold cancel` when ready.
repo-token: ${{ secrets.GITHUB_TOKEN }}
repo-token-user-login: 'github-actions[bot]' # The user.login for temporary GitHub tokens
allow-repeats: true
# Please make it automatic (so we set recreate label)
- name: "Comment operator test error code [6]"
if: failure() && steps.op-traffic-light.outputs.opp_error_code == '6'
uses: mshick/add-pr-comment@v1
with:
message: |
/hold
Old version were changed/removed and 'allow/operator-recreate' is not set.
Please add comment with `/hold cancel` when ready.
repo-token: ${{ secrets.GITHUB_TOKEN }}
repo-token-user-login: 'github-actions[bot]' # The user.login for temporary GitHub tokens
allow-repeats: true
- name: "Comment operator test error code [7]"
if: failure() && steps.op-traffic-light.outputs.opp_error_code == '7'
uses: mshick/add-pr-comment@v1
with:
message: |
/hold
Only single file modification on `ci.yaml` is allowed. Please make separate PR to apply `ci.yaml` file updates and get it merged before current PR.
Please add comment with `/hold cancel` when ready.
repo-token: ${{ secrets.GITHUB_TOKEN }}
repo-token-user-login: 'github-actions[bot]' # The user.login for temporary GitHub tokens
allow-repeats: true
- name: "Comment operator test error code [7]"
if: steps.op-traffic-light.outputs.opp_dockerfile_changed == '1'
uses: mshick/add-pr-comment@v1
with:
message: |
`Dockerfile` or `bundle.Dockerfile` is added/changed. Note that for security reasons none of these files are going to be used when building bundle. Docker file will be generated and all label information is taken from `annotations.yaml`.
repo-token: ${{ secrets.GITHUB_TOKEN }}
repo-token-user-login: 'github-actions[bot]' # The user.login for temporary GitHub tokens
allow-repeats: true
- name: Update title
uses: actions/github-script@v6
continue-on-error: true
if: always() && steps.op-traffic-light.outputs.opp_pr_title != ''
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.update({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
title: "${{ steps.op-traffic-light.outputs.opp_pr_title }}"
})
- name: Handle new operator
uses: actions/github-script@v6
if: steps.op-traffic-light.outputs.opp_is_new_operatror == '1'
continue-on-error: true
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: [ 'new-operator' ]
})
- name: Verify operator modifications
id: op-verify-modifications
env:
OPP_RECREATE: "${{ steps.op-traffic-light.outputs.opp_recreate }}"
OPP_ALLOW_SERIOUS_CHANGES: "${{ steps.op-traffic-light.outputs.opp_allow_serious_changes }}"
OPP_MODIFIED_CSVS: "${{ steps.op-traffic-light.outputs.opp_modified_csvs }}"
OPP_MODIFIED_CSVS_OTHERS: "${{ steps.op-traffic-light.outputs.opp_modified_others }}"
run: |
echo "opp_check_cosmetic=0" >> $GITHUB_OUTPUT
[[ $OPP_RECREATE -eq 1 ]] && { echo "Recreating operator. Exiting with '0' ..."; exit 0; } || true
[[ $OPP_ALLOW_SERIOUS_CHANGES -eq 1 ]] && { echo "Allowing serious changes. Exiting with '0' ..."; exit 0; } || true
[ -n "$OPP_MODIFIED_CSVS" ] && echo "opp_check_cosmetic=1" >> $GITHUB_OUTPUT || true
[ -n "$OPP_MODIFIED_CSVS_OTHERS" ] && { echo -e "Error:\n Modifying exiting operator version !!!\n Only cosmetic changes are allowed !!! Please ask maintainers to set 'allow/serious-changes-to-existing' label.\n Files that cannot be changed : '$OPP_MODIFIED_CSVS_OTHERS'"; echo "opp_check_cosmetic=2" >> $GITHUB_OUTPUT; exit 20; } || true
- name: "Comment for cosmetics change error when csv is changed"
if: failure() && steps.op-verify-modifications.outputs.opp_check_cosmetic == '2'
uses: mshick/add-pr-comment@v1
with:
message: |
/hold
Only minor (cosmetic) changes to already published operator version(s) are allowed. Consider bumping your operator version. In exceptional cases, it could be overridden by setting `allow/serious-changes-to-existing` label set by maintainers and then confirmed action by running command `/hold cancel`.
<details>
Reason: Non CSV files were changed in existing operator !!!
More info about allowed changes can be found in [documetnation](https://${OPP_THIS_REPO_ORG}.github.io/${OPP_THIS_REPO_NAME}/operator-version-update/#minor-cosmetics-changes).
</details>
repo-token: ${{ secrets.GITHUB_TOKEN }}
repo-token-user-login: 'github-actions[bot]' # The user.login for temporary GitHub tokens
allow-repeats: true
- name: Operator cosmetic change check
id: op-cosmetic-change-check
if: steps.op-verify-modifications.outputs.opp_check_cosmetic == '1'
env:
OPP_MODIFIED_CSVS: "${{ steps.op-traffic-light.outputs.opp_modified_csvs }}"
OPP_MODIFIED_REPO_BRANCH: "${{ steps.op-traffic-light.outputs.opp_repo_branch }}"
run: |
echo "OPP_MODIFIED_CSVS=$OPP_MODIFIED_CSVS"
echo "opp_check_cosmetic: ${{ steps.op-verify-modifications.outputs.opp_check_cosmetic }}"
echo "opp_set_label_operator_version_overwrite: ${{ steps.op-traffic-light.outputs.opp_set_label_operator_version_overwrite }}"
echo "opp_set_label_operator_recreate: ${{ steps.op-traffic-light.outputs.opp_set_label_operator_recreate }}"
bash <(curl -sL $OPP_SCRIPT_COSMETICS_URL)
echo "DONE"
- name: "Comment for cosmetics change error"
if: failure() && steps.op-verify-modifications.outputs.opp_check_cosmetic == '1'
uses: mshick/add-pr-comment@v1
with:
message: |
/hold
Only minor (cosmetic) changes to already published operator version(s) are allowed. Consider bumping your operator version. In exceptional cases, it could be overridden by setting `allow/serious-changes-to-existing` label set by maintainers and then confirmed action by running command `/hold cancel`.
<details>
More info about allowed changes can be found in [documetnation](https://${OPP_THIS_REPO_ORG}.github.io/${OPP_THIS_REPO_NAME}/troubleshooting/#minor-changes).
</details>
repo-token: ${{ secrets.GITHUB_TOKEN }}
repo-token-user-login: 'github-actions[bot]' # The user.login for temporary GitHub tokens
allow-repeats: true
- name: "Removing Operator recreate label when exists"
uses: actions/github-script@v6
if: steps.op-traffic-light.outputs.opp_set_label_operator_version_overwrite == '1' && contains(github.event.pull_request.labels.*.name, 'allow/operator-recreate')
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.removeLabel({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
name: 'allow/operator-recreate'
})
- name: "Setting Operator version overwrite label"
uses: actions/github-script@v6
if: steps.op-traffic-light.outputs.opp_set_label_operator_version_overwrite == '1'
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: [ 'allow/operator-version-overwrite' ]
})
- name: "Removing Operator version overwrite label when exists"
uses: actions/github-script@v6
if: steps.op-traffic-light.outputs.opp_set_label_operator_recreate == '1' && contains(github.event.pull_request.labels.*.name, 'allow/operator-version-overwrite')
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.removeLabel({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
name: 'allow/operator-version-overwrite'
})
- name: "Setting Operator recreate label"
uses: actions/github-script@v6
if: steps.op-traffic-light.outputs.opp_set_label_operator_recreate == '1'
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: [ 'allow/operator-recreate' ]
})
- name: "Inform user that UpdateGraph is not present (semver mode)"
uses: mshick/add-pr-comment@v1
continue-on-error: true
if: steps.op-traffic-light.outputs.opp_update_graph == '0'
with:
message: |
Warning: Operator is going to run in `semver-mode` since 'updateGraph' is not present in 'ci.yaml' file.
repo-token: ${{ secrets.GITHUB_TOKEN }}
repo-token-user-login: 'github-actions[bot]' # The user.login for temporary GitHub tokens
allow-repeats: true
# - name: Setup reviewers
# uses: kentaro-m/auto-assign-action@v1.1.2
# continue-on-error: true
# with:
# configuration-path: "${{steps.op-traffic-light.outputs.opp_production_type }}/${{ steps.op-traffic-light.outputs.opp_name }}/ci.yaml"
- name: "Setting authorized-changes label"
uses: actions/github-script@v6
if: steps.op-traffic-light.outputs.opp_authorized_changes == '1'
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: [ 'authorized-changes' ]
})
# - name: "Setting msg when minor changes are allowed"
# if: steps.op-verify-modifications.outputs.opp_check_cosmetic == '1' && ! contains(github.event.pull_request.labels.*.name, 'allow/operator-version-overwrite') && ! contains(github.event.pull_request.labels.*.name, 'allow/operator-recreate')
# uses: mshick/add-pr-comment@v1
# with:
# message: |
# /hold
# Minor (cosmetic) changes to already published operator version(s) were detected.
# Please confirm by posting `/unhold` command or removing `do-not-merge/hold ` label.
# <details>
# One or multiple versions were modified with minor (cosmetic) changes.
# </details>
# repo-token: ${{ secrets.GITHUB_TOKEN }}
# repo-token-user-login: 'github-actions[bot]' # The user.login for temporary GitHub tokens
# allow-repeats: true
- name: Info
run: |
echo "steps.op-traffic-light.outputs.opp_test_ready: ${{ steps.op-traffic-light.outputs.opp_test_ready }}"
echo "steps.op-traffic-light.outputs.opp_release_ready: ${{ steps.op-traffic-light.outputs.opp_release_ready }}"
echo "steps.op-traffic-light.outputs.opp_production_type: ${{ steps.op-traffic-light.outputs.opp_production_type }}"
echo "steps.op-traffic-light.outputs.opp_name: ${{ steps.op-traffic-light.outputs.opp_name }}"
echo "steps.op-traffic-light.outputs.opp_version: ${{ steps.op-traffic-light.outputs.opp_version }}"
echo "steps.op-traffic-light.outputs.opp_ci_yaml_only: ${{ steps.op-traffic-light.outputs.opp_ci_yaml_only }}"
echo "steps.op-traffic-light.outputs.opp_installation_skipped: ${{ steps.op-traffic-light.outputs.opp_installation_skipped }}"
outputs:
opp_test_ready: "${{ steps.op-traffic-light.outputs.opp_test_ready }}"
opp_release_ready: "${{ steps.op-traffic-light.outputs.opp_release_ready }}"
opp_production_type: "${{ steps.op-traffic-light.outputs.opp_production_type }}"
opp_name: "${{ steps.op-traffic-light.outputs.opp_name }}"
opp_version: "${{ steps.op-traffic-light.outputs.opp_version }}"
opp_ci_yaml_only: "${{ steps.op-traffic-light.outputs.opp_ci_yaml_only }}"
opp_installation_skipped: "${{ steps.op-traffic-light.outputs.opp_installation_skipped }}"
operator-ci-ok-to-test:
needs: operator-ci
runs-on: ubuntu-latest
steps:
- name: "Remove needs-ok-to-test"
uses: actions/github-script@v6
if: always()
continue-on-error: true
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.removeLabel({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
name: 'needs-ok-to-test'
})
- name: Info
run: |
echo "needs.operator-ci.outputs.opp_production_type: ${{ needs.operator-ci.outputs.opp_production_type }}"
echo "needs.operator-ci.outputs.opp_ci_yaml_only: ${{ needs.operator-ci.outputs.opp_ci_yaml_only }}"
echo "needs.operator-ci.outputs.opp_installation_skipped: ${{ needs.operator-ci.outputs.opp_installation_skipped }}"
- name: "Setting ok-to-test label"
uses: actions/github-script@v6
if: needs.operator-ci.outputs.opp_production_type != 'k8s' && needs.operator-ci.outputs.opp_ci_yaml_only != '1' && (!contains(github.event.pull_request.labels.*.name, 'allow/ci-changes')) && needs.operator-ci.outputs.opp_installation_skipped == '0'
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: [ 'ok-to-test' ]
})
- name: "Setting installation-validated label (opensift+ci_yaml_only)"
uses: actions/github-script@v6
if: needs.operator-ci.outputs.opp_production_type != 'k8s' && needs.operator-ci.outputs.opp_ci_yaml_only == '1'
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: [ 'installation-validated' ]
})
- name: "Setting installation-validated label (when installation_skipped)"
uses: actions/github-script@v6
if: needs.operator-ci.outputs.opp_installation_skipped == '1'
continue-on-error: true
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: [ 'installation-validated', 'installation-skipped' ]
})
- name: Try to automerge
uses: actions/github-script@v6
if: needs.operator-ci.outputs.opp_production_type != 'k8s' && needs.operator-ci.outputs.opp_ci_yaml_only == '1'
continue-on-error: true
with:
github-token: ${{ secrets.FRAMEWORK_MERGE }}
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: '/merge possible'
})