diff --git a/.github/workflows/ci-build-image.yml b/.github/workflows/ci-build-image.yml index cb83e61665..57758b1c17 100644 --- a/.github/workflows/ci-build-image.yml +++ b/.github/workflows/ci-build-image.yml @@ -18,6 +18,10 @@ on: image-version: description: the Cryostat application version that will be built value: ${{ jobs.get-pom-properties.outputs.image-version }} + secrets: + GH_PKGS_READ_TOKEN: + required: true + description: read-only token for pulling artifacts from GitHub Packages jobs: get-pom-properties: diff --git a/.github/workflows/ci-code-analysis.yml b/.github/workflows/ci-code-analysis.yml index 8817a4dc89..b3ae6d6d3a 100644 --- a/.github/workflows/ci-code-analysis.yml +++ b/.github/workflows/ci-code-analysis.yml @@ -7,6 +7,10 @@ on: checkout-ref: required: false type: string + secrets: + GH_PKGS_READ_TOKEN: + required: true + description: read-only token for pulling artifacts from GitHub Packages jobs: spotless: diff --git a/.github/workflows/pr-command.yml b/.github/workflows/pr-command.yml index 7a8629994c..b2440a3bd7 100644 --- a/.github/workflows/pr-command.yml +++ b/.github/workflows/pr-command.yml @@ -30,7 +30,7 @@ jobs: checkout-repo: ${{ github.event.pull_request.head.repo.full_name }} checkout-ref: ${{ github.event.pull_request.head.ref }} secrets: inherit - if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/build_test') + if: github.repository_owner == 'cryostatio' && contains(github.event.pull_request.labels.*.name, 'safe-to-test') && github.event.issue.pull_request && startsWith(github.event.comment.body, '/build_test') build-and-test: strategy: @@ -43,7 +43,7 @@ jobs: checkout-ref: ${{ github.event.pull_request.head.ref }} skip-itests: ${{ matrix.arch != 'amd64' }} secrets: inherit - if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/build_test') + if: github.repository_owner == 'cryostatio' && contains(github.event.pull_request.labels.*.name, 'safe-to-test') && github.event.issue.pull_request && startsWith(github.event.comment.body, '/build_test') push-to-ghcr: runs-on: ubuntu-latest @@ -51,29 +51,49 @@ jobs: matrix: arch: [amd64, arm64] needs: [code-analysis, build-and-test] - if: always() && github.event.issue.pull_request && startsWith(github.event.comment.body, '/build_test') + if: always() && github.repository_owner == 'cryostatio' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/build_test') steps: - name: Fail if needs-triage label applied if: ${{ contains(github.event.pull_request.labels.*.name, 'needs-triage') }} run: exit 1 - - name: Success Comment - if: ${{ job.status == 'success'}} - uses: thollander/actions-comment-pull-request@v1 + - name: Fail if safe-to-test label NOT applied + if: ${{ !contains(github.event.pull_request.labels.*.name, 'safe-to-test') }} + run: exit 1 + - uses: actions/download-artifact@v3 with: - message: |- - ${{ github.workflow }}: succeeded - url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} - - name: Failed Comment - if: ${{ ! job.status == 'success'}} + name: cryostat-${{ matrix.arch }} + if: github.repository_owner == 'cryostatio' + - name: Load cryostat image + run: podman load -i cryostat-${{ matrix.arch }}.tar + if: github.repository_owner == 'cryostatio' + - name: Tag cryostat image + run: podman tag cryostat ghcr.io/${{ github.repository_owner }}/cryostat:pr-${{ github.event.number }}-${{ github.event.pull_request.head.sha }}-linux-${{ matrix.arch }} + if: github.repository_owner == 'cryostatio' + - name: Push PR test image to ghcr.io + id: push-to-ghcr + uses: redhat-actions/push-to-registry@v2 + with: + image: cryostat + tags: pr-${{ github.event.number }}-${{ github.event.pull_request.head.sha }}-linux-${{ matrix.arch }} + registry: ghcr.io/${{ github.repository_owner }} + username: ${{ github.event.pull_request.user.login }} + password: ${{ secrets.GHCR_PR_TOKEN }} + if: github.repository_owner == 'cryostatio' + - name: Comment test image link uses: thollander/actions-comment-pull-request@v1 with: message: |- - ${{ github.workflow }}: failed - url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} - - name: Set latest commit status as ${{ job.status }} - uses: myrotvorets/set-commit-status-action@master - if: always() - with: - sha: ${{ steps.comment-branch.outputs.head_sha }} - token: ${{ secrets.GITHUB_TOKEN }} - status: ${{ job.status }} \ No newline at end of file + Test image available: + ``` + $ CRYOSTAT_IMAGE=${{ steps.push-to-ghcr.outputs.registry-path }} sh smoketest.sh + ``` + if: github.repository_owner == 'cryostatio' + - name: check-status + uses: martialonline/workflow-status@v3 + id: workflow-status + - run: echo "Workflow succeeded" + if: steps.workflow-status.outputs.status == 'success' + - run: echo "Workflow failed" + if: steps.workflow-status.outputs.status == 'failure' + - run: echo "Workflow cancelled" + if: steps.check.outputs.status == 'cancelled' \ No newline at end of file diff --git a/README.md b/README.md index 6eb4521ff9..0b699c1737 100644 --- a/README.md +++ b/README.md @@ -377,5 +377,3 @@ but is also intended as an automation or extension point for external clients. For details about this API see [HTTP_API.md](./docs/HTTP_API.md), [GRAPHQL.md](./docs/GRAPHQL.md), and [DISCOVERY_PLUGINS.md](./docs/DISCOVERY_PLUGINS.md). - -*delete later* \ No newline at end of file