.github/workflows/gerrit-verify.yaml

   1 ---
   2 name: Gerrit Verify
   3
   4 # yamllint disable-line rule:truthy
   5 on:
   6   workflow_dispatch:
   7     inputs:
   8       GERRIT_BRANCH:
   9         description: "Branch that change is against"
  10         required: true
  11         type: string
  12       GERRIT_CHANGE_ID:
  13         description: "The ID for the change"
  14         required: true
  15         type: string
  16       GERRIT_CHANGE_NUMBER:
  17         description: "The Gerrit number"
  18         required: true
  19         type: string
  20       GERRIT_CHANGE_URL:
  21         description: "URL to the change"
  22         required: true
  23         type: string
  24       GERRIT_EVENT_TYPE:
  25         description: "Type of Gerrit event"
  26         required: true
  27         type: string
  28       GERRIT_PATCHSET_NUMBER:
  29         description: "The patch number for the change"
  30         required: true
  31         type: string
  32       GERRIT_PATCHSET_REVISION:
  33         description: "The revision sha"
  34         required: true
  35         type: string
  36       GERRIT_PROJECT:
  37         description: "Project in Gerrit"
  38         required: true
  39         type: string
  40       GERRIT_REFSPEC:
  41         description: "Gerrit refspec of change"
  42         required: true
  43         type: string
  44
  45 env:
  46   PACKER_VERSION: "1.8.6"
  47
  48 concurrency:
  49   group: ${{ github.event.inputs.GERRIT_CHANGE_ID || github.run_id }}
  50   cancel-in-progress: true
  51
  52 jobs:
  53   prepare:
  54     runs-on: ubuntu-latest
  55     steps:
  56       - name: Clear votes
  57         uses: lfit/gerrit-review-action@v0.3
  58         with:
  59           host: ${{ vars.GERRIT_SERVER }}
  60           username: ${{ vars.GERRIT_SSH_USER }}
  61           key: ${{ secrets.GERRIT_SSH_PRIVKEY }}
  62           known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }}
  63           gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }}
  64           gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }}
  65           vote-type: clear
  66       - name: Allow replication
  67         run: sleep 10s
  68
  69   actionlint:
  70     needs: prepare
  71     runs-on: ubuntu-latest
  72     steps:
  73       - uses: lfit/checkout-gerrit-change-action@v0.3
  74         with:
  75           gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
  76           delay: "0s"
  77       - name: Download actionlint
  78         id: get_actionlint
  79         run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
  80         shell: bash
  81       - name: Check workflow files
  82         run: ${{ steps.get_actionlint.outputs.executable }} -color
  83         shell: bash
  84
  85   # run pre-commit tox env separately to get use of more parallel processing
  86   pre-commit:
  87     needs: prepare
  88     runs-on: ubuntu-latest
  89     steps:
  90       - uses: lfit/checkout-gerrit-change-action@v0.3
  91         with:
  92           gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
  93           delay: "0s"
  94       - uses: actions/setup-python@v4
  95         with:
  96           python-version: "3.11"
  97       - name: Run static analysis and format checkers
  98         run: pipx run pre-commit run --all-files --show-diff-on-failure
  99
 100   jjb-validation:
 101     needs: prepare
 102     runs-on: ubuntu-latest
 103     steps:
 104       - uses: lfit/checkout-gerrit-change-action@v0.3
 105         with:
 106           gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
 107           delay: "0s"
 108       - uses: actions/setup-python@v4
 109         id: setup-python
 110         with:
 111           python-version: "3.11"
 112       - name: Clone git submodules
 113         run: git submodule update --init
 114       - name: Run JJB Verify
 115         run: |
 116           python -m pip install --upgrade pip
 117           pip install jenkins-job-builder
 118           mkdir -p "${HOME}/.config/jenkins_jobs"
 119           cat << EOF > "${HOME}/.config/jenkins_jobs/jenkins_jobs.ini"
 120           [job_builder]
 121           ignore_cache=True
 122           keep_descriptions=False
 123           include_path=.
 124           recursive=True
 125           query_plugins_info=False
 126           config-xml=True
 127           EOF
 128           jenkins-jobs test -o archives/job-configs jjb/
 129
 130   tox-verify:
 131     needs: prepare
 132     runs-on: ubuntu-latest
 133     steps:
 134       - uses: lfit/checkout-gerrit-change-action@v0.3
 135         with:
 136           gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
 137           delay: "0s"
 138       - uses: actions/setup-python@v4
 139         id: setup-python
 140         with:
 141           python-version: "3.11"
 142       - name: Run tox
 143         run: >-
 144           pipx run tox
 145
 146   packer-validation:
 147     needs: prepare
 148     runs-on: ubuntu-latest
 149     steps:
 150       - uses: lfit/checkout-gerrit-change-action@v0.3
 151         with:
 152           gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
 153           delay: "0s"
 154       - name: Setup packer
 155         uses: hashicorp/setup-packer@main
 156         id: setup
 157         env:
 158           AUTH_URL: ${{ secrets.cloud_auth_url }}
 159           CLOUD_ENV: "packer/cloud-env.json"
 160         with:
 161           cloud_auth_url: "https://auth.vexxhost.net/v3/"
 162           cloud_tenant: ${{ secrets.cloud_tenant }}
 163           cloud_user: ${{ secrets.cloud_user }}
 164           cloud_network: ${{ secrets.cloud_network }}
 165           version: ${{ env.PACKER_VERSION }}
 166           cloud_pass: ${{ secrets.cloud_pass }}
 167           dicrectory: packer
 168           file_name: cloud-env.json
 169           fail_on_empty: true
 170       - name: Clone git submodules
 171         run: git submodule update --init
 172       - uses: dorny/paths-filter@v2
 173         id: changes
 174         with:
 175           filters: |
 176             src:
 177               - 'packer/**'
 178       - if: steps.changes.outputs.src == 'true'
 179         run: |
 180           cd packer
 181           varfiles=(vars/*.json common-packer/vars/*.json)
 182           templates=(templates/*.json)
 183
 184           for varfile in "${varfiles[@]}"; do
 185               # cloud-env.json is a file containing credentials which is pulled in via
 186               # CLOUDENV variable so skip it here. Also handle the case where a project
 187               # has not vars/*.json file.
 188               if [[ "$varfile" == *"cloud-env.json"* ]] || [[ "$varfile" == 'vars/*.json' ]]; then
 189                   continue
 190               fi
 191
 192               echo "-----> Testing varfile: $varfile"
 193               for template in "${templates[@]}"; do
 194                   export PACKER_LOG="yes"
 195                   export PACKER_LOG_PATH="$PACKER_LOGS_DIR/packer-validate-${varfile##*/}-${template##*/}.log"
 196                   if output=$(packer validate -var-file="$CLOUDENV" -var-file="$varfile" "$template"); then
 197                       echo "$template: $output"
 198                   else
 199                       echo "$template: $output"
 200                       exit 1
 201                   fi
 202               done
 203           done
 204
 205   vote:
 206     if: ${{ always() }}
 207     needs:
 208       [
 209         prepare,
 210         actionlint,
 211         pre-commit,
 212         jjb-validation,
 213         tox-verify,
 214         packer-validation,
 215       ]
 216     runs-on: ubuntu-latest
 217     steps:
 218       - uses: technote-space/workflow-conclusion-action@v3
 219       - name: Set vote
 220         uses: lfit/gerrit-review-action@v0.3
 221         with:
 222           host: ${{ vars.GERRIT_SERVER }}
 223           username: ${{ vars.GERRIT_SSH_USER }}
 224           key: ${{ secrets.GERRIT_SSH_PRIVKEY }}
 225           known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }}
 226           gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }}
 227           gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }}
 228           vote-type: ${{ env.WORKFLOW_CONCLUSION }}