1+ # This workflow generates the JSON representation of a chart lock if it differs
2+ # from what's currently at LOCK_FILE_URL and creates a PR to
3+ # PR_DEST_BRANCH_NAME.
4+ name : Generate Chart Locks
5+
6+ on :
7+ push :
8+ branches : ["main"]
9+ workflow_dispatch :
10+
11+ env :
12+ PR_DEST_BRANCH_NAME : ${{ vars.TARGET_GH_PAGES_BRANCH || 'gh-pages' }}
13+ LOCK_FILE_URL : ${{ vars.LOCK_FILE_URL || 'https://charts.openshift.io/chart-locks.json' }}
14+
15+ concurrency :
16+ # Prevent parallel executions of this and related tasks.
17+ group : updating-chart-locks
18+ cancel-in-progress : false
19+
20+ jobs :
21+ generate-chart-locks :
22+ outputs :
23+ package_locks_b64 : ${{ steps.generate-chart-locks.outputs.package_locks_b64 }}
24+ runs-on : ubuntu-latest
25+ steps :
26+ - uses : actions/checkout@v3
27+ - uses : actions/setup-python@v4
28+ with :
29+ python-version : " 3.10"
30+ - run : |
31+ pip install PyYAML
32+ name : Generate lock file JSON from existing charts
33+ id : generate-chart-locks
34+ run : |
35+ set -o pipefail
36+ python scripts/src/packagemapping/generatelocks.py | tee /tmp/packagelocks.json
37+ base64 -w 0 /tmp/packagelocks.json | tee /tmp/packagelocks.json.b64
38+ echo "package_locks_b64=$(cat /tmp/packagelocks.json.b64)" >> $GITHUB_OUTPUT
39+ name : Decode and display lockfile JSON (Sanity Check)
40+ run : |
41+ set -o pipefail
42+ test -n "${{ steps.generate-chart-locks.outputs.package_locks_b64 }}" \
43+ || { echo "::error::output package_locks_b64 did not contain base64 content generated from the previous step"; exit 2 ;}
44+ echo ${{ steps.generate-chart-locks.outputs.package_locks_b64 }} | base64 -d | jq \
45+ || { echo "::error::output package_locks_b64 did not contain valid JSON once decoded" ; exit 3 ;}
46+
47+ compare-package-lock-manifests :
48+ needs : generate-chart-locks
49+ outputs :
50+ needs-updating : ${{ steps.compare-package-locks.outputs.needs-updating }}
51+ runs-on : ubuntu-latest
52+ steps :
53+ - name : Determine if package lock entries need updating
54+ id : compare-package-locks
55+ run : |
56+ needsupdating=false
57+ wget ${{ env.LOCK_FILE_URL }} -O current-locks.json
58+ set -o pipefail
59+ test -n "${{ needs.generate-chart-locks.outputs.package_locks_b64 }}" \
60+ || { echo "::error::output package_locks_b64 did not contain base64 content generated from the previous step"; exit 2 ;}
61+ echo ${{ needs.generate-chart-locks.outputs.package_locks_b64 }} | base64 -d | jq > generated-locks.json \
62+ || { echo "::error::output package_locks_b64 did not contain valid JSON once decoded" ; exit 3 ;}
63+ jq .packages current-locks.json > current-packages.json
64+ jq .packages generated-locks.json > generated-packages.json
65+ diff current-packages.json generated-packages.json || needsupdating=true
66+ echo needs-updating=${needsupdating} | tee -a $GITHUB_OUTPUT
67+
68+ craft-pr-to-project :
69+ # TODO: This needs a token for a user who isn't the CI bot (e.g. GITHUB_TOKEN) but has commit permissions.
70+ needs :
71+ - compare-package-lock-manifests
72+ - generate-chart-locks
73+ if : needs.compare-package-lock-manifests.outputs.needs-updating == 'true'
74+ runs-on : ubuntu-latest
75+ steps :
76+ - name : Clone ${{ env.PR_DEST_BRANCH_NAME }} branch
77+ uses : actions/checkout@v3
78+ with :
79+ ref : ${{ env.PR_DEST_BRANCH_NAME }}
80+ # token: tbd
81+ - name : Set Git Config
82+ # TODO update the user name and email
83+ run : |
84+ git config user.name "CI Bot Name"
85+ git config user.email cibot@example.com
86+
87+ name : Create new branch
88+ id : create-branch
89+ run : |
90+ branchuuid=$(uuidgen)
91+ branchname=update-locks-${branchuuid}
92+ git checkout -b $branchname
93+ echo branchname=$branchname >> $GITHUB_OUTPUT
94+
95+ name : Overwrite existing lockfile, Commit, and Push
96+ id : commit-and-push
97+ run : |
98+ set -o pipefail
99+ test -n "${{ needs.generate-chart-locks.outputs.package_locks_b64 }}" \
100+ || { echo "::error::output package_locks_b64 did not contain base64 content generated from the previous step"; exit 2 ;}
101+ echo ${{ needs.generate-chart-locks.outputs.package_locks_b64 }} | base64 -d | jq > chart-locks.json \
102+ || { echo "::error::output package_locks_b64 did not contain valid JSON once decoded" ; exit 3 ;}
103+ md5sum=$(md5sum chart-locks.json | awk '{ print $1 }' )
104+ echo new_lockfile_md5sum=$md5sum >> $GITHUB_OUTPUT
105+ git add chart-locks.json
106+ git commit -m "updating package lock file"
107+ git push origin ${{ steps.create-branch.outputs.branchname }}
108+
109+ name : Create Pull Request
110+ # If using the GitHub Actions Token, make sure your repository allows
111+ # for write permissions as well as Creating and Merging Pull Requests in
112+ # Settings.
113+ run : |
114+ body=$(echo -e "${{ env.PR_BODY }}\n\nThe generated lockfile's md5sum is: **${{ steps.commit-and-push.outputs.new_lockfile_md5sum }}**\n")
115+ gh pr create -B ${{ env.PR_DEST_BRANCH_NAME }} -H ${{ steps.create-branch.outputs.branchname }} --title "${{ env.PR_TITLE }} - ${{ steps.commit-and-push.outputs.new_lockfile_md5sum }}" --body "${body}"
116+ env :
117+ GITHUB_TOKEN : ${{ secrets.BOT_TOKEN }}
118+ PR_TITLE : Updating Chart Locks
119+ PR_BODY : |
120+ _This PR was generated by GitHub Actions_
121+
122+ This PR is updating the Chart Locks. The content of this PR was
123+ generated based on the current state of the charts directory.
124+
125+ This PR should be automatically merged by GitHub Actions if there are
126+ no merge conflicts.
0 commit comments