.github/workflows/gerrit-verify.yaml

   1 ---
   2 name: Gerrit Verify
   3
   4 # yamllint disable-line rule:truthy
   5 on:
   6   workflow_dispatch:
   7     inputs:
   8       GERRIT_BRANCH:
   9         description: "Branch that change is against"
  10         required: true
  11         type: string
  12       GERRIT_CHANGE_ID:
  13         description: "The ID for the change"
  14         required: true
  15         type: string
  16       GERRIT_CHANGE_NUMBER:
  17         description: "The Gerrit number"
  18         required: true
  19         type: string
  20       GERRIT_CHANGE_URL:
  21         description: "URL to the change"
  22         required: true
  23         type: string
  24       GERRIT_EVENT_TYPE:
  25         description: "Type of Gerrit event"
  26         required: true
  27         type: string
  28       GERRIT_PATCHSET_NUMBER:
  29         description: "The patch number for the change"
  30         required: true
  31         type: string
  32       GERRIT_PATCHSET_REVISION:
  33         description: "The revision sha"
  34         required: true
  35         type: string
  36       GERRIT_PROJECT:
  37         description: "Project in Gerrit"
  38         required: true
  39         type: string
  40       GERRIT_REFSPEC:
  41         description: "Gerrit refspec of change"
  42         required: true
  43         type: string
  44
  45 env:
  46   OS_CLOUD: "vex"
  47   PACKER_VERSION: "1.9.1"
  48
  49 concurrency:
  50   group: ${{ github.event.inputs.GERRIT_CHANGE_ID || github.run_id }}
  51   cancel-in-progress: true
  52
  53 jobs:
  54   prepare:
  55     runs-on: ubuntu-latest
  56     steps:
  57       - name: Clear votes
  58         uses: lfit/gerrit-review-action@9627b9a144f2a2cad70707ddfae87c87dce60729 # v0.8
  59         with:
  60           host: ${{ vars.GERRIT_SERVER }}
  61           username: ${{ vars.GERRIT_SSH_USER }}
  62           key: ${{ secrets.GERRIT_SSH_PRIVKEY }}
  63           known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }}
  64           gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }}
  65           gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }}
  66           vote-type: clear
  67       - name: Allow replication
  68         run: sleep 10s
  69
  70   actionlint:
  71     needs: prepare
  72     runs-on: ubuntu-latest
  73     steps:
  74       - uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9
  75         with:
  76           gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
  77           gerrit-project: ${{ inputs.GERRIT_PROJECT }}
  78           gerrit-url: ${{ vars.GERRIT_URL }}
  79           delay: "0s"
  80       - name: Download actionlint
  81         id: get_actionlint
  82         run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
  83         shell: bash
  84       - name: Check workflow files
  85         run: ${{ steps.get_actionlint.outputs.executable }} -color
  86         shell: bash
  87
  88   # run pre-commit tox env separately to get use of more parallel processing
  89   pre-commit:
  90     needs: prepare
  91     runs-on: ubuntu-latest
  92     steps:
  93       - uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9
  94         with:
  95           gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
  96           gerrit-project: ${{ inputs.GERRIT_PROJECT }}
  97           gerrit-url: ${{ vars.GERRIT_URL }}
  98           delay: "0s"
  99       - uses: actions/setup-python@v5
 100         with:
 101           python-version: "3.11"
 102       - name: Run static analysis and format checkers
 103         run: pipx run pre-commit run --all-files --show-diff-on-failure
 104
 105   jjb-validation:
 106     needs: prepare
 107     runs-on: ubuntu-latest
 108     steps:
 109       - uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9
 110         with:
 111           gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
 112           gerrit-project: ${{ inputs.GERRIT_PROJECT }}
 113           gerrit-url: ${{ vars.GERRIT_URL }}
 114           delay: "0s"
 115           submodules: "true"
 116       - uses: actions/setup-python@v5
 117         id: setup-python
 118         with:
 119           python-version: "3.11"
 120       - name: Clone git submodules
 121         run: git submodule update --init
 122       - name: Run JJB Verify
 123         run: |
 124           python -m pip install --upgrade pip
 125           pip install jenkins-job-builder==6.3.0
 126           mkdir -p "${HOME}/.config/jenkins_jobs"
 127           cat << EOF > "${HOME}/.config/jenkins_jobs/jenkins_jobs.ini"
 128           [job_builder]
 129           ignore_cache=True
 130           keep_descriptions=False
 131           include_path=.
 132           recursive=True
 133           query_plugins_info=False
 134           config-xml=True
 135           EOF
 136           jenkins-jobs test -o archives/job-configs jjb/
 137
 138   tox-verify:
 139     needs: prepare
 140     runs-on: ubuntu-latest
 141     steps:
 142       - uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9
 143         with:
 144           gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
 145           gerrit-project: ${{ inputs.GERRIT_PROJECT }}
 146           gerrit-url: ${{ vars.GERRIT_URL }}
 147           delay: "0s"
 148           submodules: "true"
 149       - uses: actions/setup-python@v5
 150         id: setup-python
 151         with:
 152           python-version: "3.11"
 153       - name: Run tox
 154         run: >-
 155           pipx run tox
 156
 157   packer-validator:
 158     needs: prepare
 159     runs-on: ubuntu-latest
 160     steps:
 161       - name: Gerrit Checkout
 162         # yamllint disable-line rule:line-length
 163         uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9
 164         with:
 165           gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
 166           gerrit-project: ${{ inputs.GERRIT_PROJECT }}
 167           gerrit-url: ${{ vars.GERRIT_URL }}
 168           delay: "0s"
 169           submodules: "true"
 170       - name: Clone git submodules
 171         shell: bash
 172         run: git submodule update --init
 173       - name: Check for changes
 174         # yamllint disable-line rule:line-length
 175         uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
 176         id: changes
 177         with:
 178           base: ${{ inputs.GERRIT_BRANCH }}
 179           ref: ${{ inputs.GERRIT_PATCHSET_REVISION }}
 180           filters: |
 181             src:
 182               - 'packer/**'
 183       - name: Setup packer
 184         if: steps.changes.outputs.src == 'true'
 185         uses: hashicorp/setup-packer@main
 186         id: setup
 187         with:
 188           version: ${{ env.PACKER_VERSION }}
 189       - name: Create cloud-env file required for packer
 190         id: create-cloud-env-file
 191         if: steps.changes.outputs.src == 'true'
 192         shell: bash
 193         run: |
 194           echo "${{ secrets.CLOUDS_ENV_B64 }}" | base64 --decode \
 195                   > "${GITHUB_WORKSPACE}/cloud-env.pkrvars.hcl"
 196       - name: Create cloud.yaml file for openstack client
 197         id: create-cloud-yaml-file
 198         if: steps.changes.outputs.src == 'true'
 199         shell: bash
 200         run: |
 201           mkdir -p "$HOME/.config/openstack"
 202           echo "${{ secrets.CLOUDS_YAML_B64 }}" | base64 --decode \
 203                   > "$HOME/.config/openstack/clouds.yaml"
 204       - name: Setup Python
 205         if: steps.changes.outputs.src == 'true'
 206         # yamllint disable-line rule:line-length
 207         uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
 208         with:
 209           python-version: "3.11"
 210       - name: Install openstack deps
 211         id: install-openstack-deps
 212         if: steps.changes.outputs.src == 'true'
 213         shell: bash
 214         run: |
 215           python -m pip install --upgrade pip
 216           pip install python-openstackclient
 217           pip freeze
 218       - name: Verify packer files
 219         if: steps.changes.outputs.src == 'true'
 220         shell: bash
 221         run: |
 222           set -x
 223           cd packer
 224
 225           varfiles=(common-packer/vars/*.pkrvars.hcl)
 226           templates=(templates/*.pkr.hcl)
 227
 228           mkdir -p "${GITHUB_WORKSPACE}/logs"
 229           PACKER_LOGS_DIR="${GITHUB_WORKSPACE}/logs"
 230
 231           for varfile in "${varfiles[@]}"; do
 232               if [[ "$varfile" == *"cloud-env.json"* ]] || \
 233                  [[ "$varfile" == "vars/*.json" ]] || \
 234                  [[ "$varfile" == *"cloud-env.pkrvars.hcl"* ]] || \
 235                  [[ "$varfile" == *"cloud-env-aws.pkrvars.hcl"* ]] || \
 236                  [[ "$varfile" == "vars/*.pkrvars.hcl" ]]; then
 237                   continue
 238               fi
 239
 240               echo "::group::$varfile"
 241               echo "-----> Test var: $varfile"
 242               for template in "${templates[@]}"; do
 243                   if [[ "$template" == *"variables.pkr.hcl"* ]] || \
 244                      [[ "$template" == *"variables.auto.pkr.hcl"* ]]; then
 245                       continue
 246                   fi
 247
 248                   if [[ "${template#*.}" == "pkr.hcl" ]]; then
 249                       echo "packer init $template ..."
 250                       packer init "$template"
 251                   fi
 252
 253                   LOG_FILE="packer-validate-${varfile##*/}-${template##*/}.log"
 254                   export PACKER_LOG="yes"
 255                   export PACKER_LOG_PATH="$PACKER_LOGS_DIR/$LOG_FILE"
 256                   if output=$(OS_CLOUD=${{ env.OS_CLOUD }} packer validate \
 257                         -var-file="${GITHUB_WORKSPACE}/cloud-env.pkrvars.hcl" \
 258                         -var-file="$varfile" "$template"); then
 259                       echo "$template: $output"
 260                   else
 261                       echo "$template: $output"
 262                       exit 1
 263                   fi
 264               done
 265               echo "::endgroup::"
 266           done
 267
 268   vote:
 269     if: ${{ always() }}
 270     needs:
 271       [
 272         prepare,
 273         actionlint,
 274         pre-commit,
 275         jjb-validation,
 276         tox-verify,
 277         packer-validator,
 278       ]
 279     runs-on: ubuntu-latest
 280     steps:
 281       - uses: technote-space/workflow-conclusion-action@v3
 282       - name: Set vote
 283         uses: lfit/gerrit-review-action@9627b9a144f2a2cad70707ddfae87c87dce60729 # v0.8
 284         with:
 285           host: ${{ vars.GERRIT_SERVER }}
 286           username: ${{ vars.GERRIT_SSH_USER }}
 287           key: ${{ secrets.GERRIT_SSH_PRIVKEY }}
 288           known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }}
 289           gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }}
 290           gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }}
 291           vote-type: ${{ env.WORKFLOW_CONCLUSION }}