From 3e51344f9606e684f93cc36fad276543bff8ab50 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Thu, 13 Mar 2025 15:30:00 +0100 Subject: [PATCH 1/4] .github/workflows: update codeql job --- .github/workflows/codeql-analysis.yml | 45 ++++++++++++++++----------- 1 file changed, 27 insertions(+), 18 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c6a09b284c..3bcf1a717e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -11,12 +11,23 @@ # name: "CodeQL" +permissions: + contents: read + on: push: - branches: [main] + branches: [ main ] + paths-ignore: + - '**/*.md' + - '**/*.txt' + - '**/*.yaml' pull_request: # The branches below must be a subset of the branches above - branches: [main] + branches: [ main ] + paths-ignore: + - '**/*.md' + - '**/*.txt' + - '**/*.yaml' schedule: - cron: '30 20 * * 2' @@ -32,17 +43,26 @@ jobs: strategy: fail-fast: false matrix: - language: ['go'] + language: [ 'go' ] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://git.io/codeql-language-support steps: + - name: Harden Runner + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 + with: + egress-policy: audit + - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Setup go + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + with: + go-version-file: "go.mod" # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -50,21 +70,10 @@ jobs: # Prefix the list here with "+" to use these queries and those in the config file. # queries: ./path/to/local/query, your-org/your-repo/queries@main - # setup cache to speed up the action - - uses: actions/cache@v4 - with: - path: | - ~/.cache/go-build - ~/.cache/pip - ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) # - name: Autobuild - # uses: github/codeql-action/autobuild@v3 + # uses: github/codeql-action/autobuild@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -81,4 +90,4 @@ jobs: make bin/tkn - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11 From 6d654a818802dfdba7f58be521922d4ef0d9af7a Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Thu, 13 Mar 2025 15:30:32 +0100 Subject: [PATCH 2/4] .github/workflows: add slack and retest workflows Importing this from the tektoncd/pipeline repsitory. Signed-off-by: Vincent Demeester --- .github/workflows/chatops_retest.yaml | 81 +++++++++++++++++++++++++++ .github/workflows/slash.yml | 41 ++++++++++++++ 2 files changed, 122 insertions(+) create mode 100644 .github/workflows/chatops_retest.yaml create mode 100644 .github/workflows/slash.yml diff --git a/.github/workflows/chatops_retest.yaml b/.github/workflows/chatops_retest.yaml new file mode 100644 index 0000000000..8a2462b7b1 --- /dev/null +++ b/.github/workflows/chatops_retest.yaml @@ -0,0 +1,81 @@ +# The _chatops_retest workflow reruns failed GHA for a PR +# +# This workflow is triggered by leaving a "/retest" comment on +# a pull request. If the required preconditions are met, it will +# rerun failed GitHub actions checks on that PR +# +# Condition for the "/retest" command are: +# - either the issuer is a maintainer +# - or the issuer is the owner the PR + +name: Rerun Failed Actions +on: + repository_dispatch: + types: [retest-command] + +jobs: + retest: + name: Rerun Failed Actions + runs-on: ubuntu-latest + steps: + - name: Show Environment Variables + run: env + - name: Show Github Object + run: | + cat <<'EOF' + ${{ toJson(github) }} + EOF + - name: Show Github Event Path Json + run: 'cat $GITHUB_EVENT_PATH || true' + - name: Rerun Failed Actions + run: | + echo '::group:: Get the PR commit sha' + # Get the sha of the HEAD commit in the PR + GITHUB_COMMIT_SHA=$(gh api $(echo ${GITHUB_PULL_URL#https://api.github.com/}) | \ + jq -r .head.sha) + echo GITHUB_COMMIT_SHA=${GITHUB_COMMIT_SHA} + echo '::endgroup::' + + echo '::group:: Get the list of run IDs' + # Get a list of run IDs + RUN_IDS=$(gh api repos/${GITHUB_REPO}/commits/${GITHUB_COMMIT_SHA}/check-runs | \ + jq -r '.check_runs[] | select(.name != "Rerun Failed Actions") | .html_url | capture("/runs/(?[0-9]+)/job") | .number' | \ + sort -u) + echo RUN_IDS=${RUN_IDS} + echo '::endgroup::' + + echo '::group:: Rerun failed runs' + # For each run, retrigger faild jobs + for runid in ${RUN_IDS}; do + echo Restarting run ${runid} for commit ${GITHUB_COMMIT_SHA} + gh run \ + --repo ${GITHUB_REPO} \ + rerun ${runid} \ + --failed || true + done + echo '::endgroup::' + env: + GITHUB_TOKEN: ${{ secrets.CHATOPS_TOKEN }} + GITHUB_REPO: ${{ github.event.client_payload.github.payload.repository.full_name }} + GITHUB_PULL_URL: ${{ github.event.client_payload.github.payload.issue.pull_request.url }} + + - name: Create comment + if: ${{ failure() && steps.landStack.outcome == 'failure' }} + uses: peter-evans/create-or-update-comment@v4 + with: + token: ${{ secrets.CHATOPS_TOKEN }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + issue-number: ${{ github.event.client_payload.github.payload.issue.number }} + body: | + Something went wrong with your `/${{ github.event.client_payload.slash_command.command }}` command: [please check the logs][1]. + + [1]: ${{ steps.vars.outputs.run-url }} + + - name: Add reaction + if: ${{ success() }} + uses: peter-evans/create-or-update-comment@v4 + with: + token: ${{ secrets.CHATOPS_TOKEN }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + comment-id: ${{ github.event.client_payload.github.payload.comment.id }} + reactions: hooray \ No newline at end of file diff --git a/.github/workflows/slash.yml b/.github/workflows/slash.yml new file mode 100644 index 0000000000..d8b7ae2657 --- /dev/null +++ b/.github/workflows/slash.yml @@ -0,0 +1,41 @@ +# The slash workflow handles slash commands +# +# Slash commands are given through comments on pull requests +# and may be used only by individuals with "write" access to +# the repository (i.e. maintainers). +# +# Slash commands must be placed at the very beginning of the +# first line of a comment. More details are available in the +# action docs: https://github.com/peter-evans/slash-command-dispatch/tree/main?tab=readme-ov-file#how-comments-are-parsed-for-slash-commands +# +# The workflow looks for and dispatches to another workflow +# named -command which must exist in the repository. +# +# Supported commands: +# - /land: invokes the land-command workflow, to land (merge) PRs +# stacked through ghstack +# +# When a command is recognised, the rocket and eyes emojis are added + +name: Slash Command Routing +on: + issue_comment: + types: [created] + +jobs: + check_comments: + runs-on: ubuntu-latest + steps: + - name: route-land + uses: peter-evans/slash-command-dispatch@v4 + with: + token: ${{ secrets.CHATOPS_TOKEN }} + config: > + [ + { + "command": "retest", + "permission": "write", + "issue_type": "pull-request", + "repository": "tektoncd/pipeline" + } + ] \ No newline at end of file From 8be123c3a75e9e90663c3a3b9f4d835c2d9d3ecb Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Thu, 13 Mar 2025 15:34:52 +0100 Subject: [PATCH 3/4] =?UTF-8?q?.github/workflows:=20add=20a=20ci=20workflo?= =?UTF-8?q?w=E2=80=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit … The goal is to remove the prow jobs. This is imported from tektoncd/pipeline. Signed-off-by: Vincent Demeester --- .github/workflows/ci.yaml | 98 ++++++++ .github/workflows/codeql-analysis.yml | 6 +- .github/workflows/e2e-matrix.yml | 85 +++++++ Makefile | 3 +- hack/setup-kind.sh | 328 ++++++++++++++++++++++++++ hack/verify-codegen.sh | 1 - 6 files changed, 516 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/ci.yaml create mode 100644 .github/workflows/e2e-matrix.yml create mode 100755 hack/setup-kind.sh diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000000..3b6c054510 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,98 @@ +name: ci + +on: [pull_request] # yamllint disable-line rule:truthy + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull-request.number || github.ref }} + cancel-in-progress: true + +defaults: + run: + shell: bash + +permissions: + contents: read + checks: write # Used to annotate code in the PR + +jobs: + build: + name: build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + with: + go-version-file: "go.mod" + - name: build + run: | + go build -v ./... + linting: + needs: [build] + name: lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + with: + go-version-file: "go.mod" + - name: gofmt + run: | + gofmt_out=$(gofmt -d $(find * -name '*.go' ! -path 'vendor/*' ! -path 'third_party/*')) + if [[ -n "$gofmt_out" ]]; then + failed=1 + fi + echo "$gofmt_out" + - name: golangci-lint + uses: golangci/golangci-lint-action@2226d7cb06a077cd73e56eedd38eecad18e5d837 # v6.5.0 + with: + version: v1.64.6 + only-new-issues: true + args: --timeout=10m + - name: yamllint + run: | + apt update && apt install -y yamllint + yamllint -c .yamllint $(find . -path ./vendor -prune -o -type f -regex ".*y[a]ml" -print | tr '\n' ' ') + - name: check-license + run: | + go install github.com/google/go-licenses@v1.0.0 + go-licenses check ./... + tests: + needs: [build] + name: test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + with: + go-version-file: "go.mod" + - name: build + run: | + make test-unit-verbose-and-race + generated: + needs: [build] + name: Check generated code + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + with: + go-version-file: "go.mod" + - name: generated + run: | + go install github.com/google/go-licenses@v1.0.0 # Not sure why it is needed here + ./hack/verify-codegen.sh + multi-arch-build: + needs: [build] + name: Multi-arch build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + with: + go-version-file: "go.mod" + - name: make cross + run: | + make cross + e2e-tests: + needs: [build] + uses: ./.github/workflows/e2e-matrix.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 3bcf1a717e..64e1d34af5 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -16,14 +16,14 @@ permissions: on: push: - branches: [ main ] + branches: [main] paths-ignore: - '**/*.md' - '**/*.txt' - '**/*.yaml' pull_request: # The branches below must be a subset of the branches above - branches: [ main ] + branches: [main] paths-ignore: - '**/*.md' - '**/*.txt' @@ -43,7 +43,7 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'go' ] + language: ['go'] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://git.io/codeql-language-support diff --git a/.github/workflows/e2e-matrix.yml b/.github/workflows/e2e-matrix.yml new file mode 100644 index 0000000000..76f71db6b5 --- /dev/null +++ b/.github/workflows/e2e-matrix.yml @@ -0,0 +1,85 @@ +name: Tekton Integration +# Adapted from https://github.com/mattmoor/mink/blob/master/.github/workflows/minkind.yaml + +on: [workflow_call] + +defaults: + run: + shell: bash + +jobs: + e2e-tests: + concurrency: + group: ${{ github.workflow }}-${{ matrix.k8s-name }}-${{ matrix.feature-flags }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + name: e2e tests + runs-on: ubuntu-latest + strategy: + fail-fast: false # Keep running if one leg fails. + matrix: + k8s-name: + - k8s-oldest + - k8s-plus-one + + include: + - k8s-name: k8s-oldest + k8s-version: v1.28.x + - k8s-name: k8s-plus-one + k8s-version: v1.29.x + env: + KO_DOCKER_REPO: registry.local:5000/tekton + CLUSTER_DOMAIN: c${{ github.run_id }}.local + ARTIFACTS: ${{ github.workspace }}/artifacts + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + with: + go-version-file: "go.mod" + - uses: ko-build/setup-ko@v0.8 + + - name: Install Dependencies + working-directory: ./ + run: | + echo '::group:: install go-junit-report' + go install github.com/jstemmer/go-junit-report@v0.9.1 + echo '::endgroup::' + + echo '::group:: created required folders' + mkdir -p "${ARTIFACTS}" + echo '::endgroup::' + + echo "${GOPATH}/bin" >> "$GITHUB_PATH" + + - name: Run tests + run: | + ./hack/setup-kind.sh \ + --registry-url $(echo ${KO_DOCKER_REPO} | cut -d'/' -f 1) \ + --cluster-suffix c${{ github.run_id }}.local \ + --nodes 3 \ + --k8s-version ${{ matrix.k8s-version }} \ + --e2e-script ./test/e2e-tests.sh \ + --e2e-env ./test/e2e-tests-kind-prow.env + + - name: Upload test results + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.k8s-version }}-${{ matrix.feature-flags }} + path: ${{ env.ARTIFACTS }} + + - uses: chainguard-dev/actions/kind-diag@main + if: ${{ failure() }} + with: + artifact-name: ${{ matrix.k8s-version }}-${{ matrix.feature-flags }}-logs + + - name: Dump Artifacts + if: ${{ failure() }} + run: | + if [[ -d ${{ env.ARTIFACTS }} ]]; then + cd ${{ env.ARTIFACTS }} + for x in $(find . -type f); do + echo "::group:: artifact $x" + cat $x + echo '::endgroup::' + done + fi diff --git a/Makefile b/Makefile index d5a09cf37c..513469a0f5 100644 --- a/Makefile +++ b/Makefile @@ -118,9 +118,10 @@ lint-yaml: ${YAML_FILES} ; $(info $(M) running yamllint…) ## runs yamllint on @yamllint -c .yamllint $(YAML_FILES) ## Tests -TEST_UNIT_TARGETS := test-unit-verbose test-unit-race +TEST_UNIT_TARGETS := test-unit-verbose test-unit-race test-unit-verbose-and-race test-unit-verbose: ARGS=-v test-unit-race: ARGS=-race +test-unit-verbose-and-race: ARGS=-v -race $(TEST_UNIT_TARGETS): test-unit .PHONY: $(TEST_UNIT_TARGETS) test-unit test-unit: ; $(info $(M) running unit tests…) ## Run unit tests diff --git a/hack/setup-kind.sh b/hack/setup-kind.sh new file mode 100755 index 0000000000..e694814088 --- /dev/null +++ b/hack/setup-kind.sh @@ -0,0 +1,328 @@ +#!/usr/bin/env bash + +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Attribution: +# Adapted for Tekton from https://github.com/mattmoor/mink/blob/master/hack/setup-kind.sh + +set -o errexit +set -o nounset +set -o pipefail +set -x + +# Print error message and exit 1 +# Parameters: $1..$n - error message to be displayed +function abort() { + echo "error: $*" + exit 1 +} + +# Defaults +K8S_VERSION="v1.28.x" +REGISTRY_NAME="registry.local" +REGISTRY_PORT="5000" +CLUSTER_SUFFIX="cluster.local" +NODE_COUNT="1" +REGISTRY_AUTH="0" +ESTARGZ_SUPPORT="0" +E2E_SCRIPT="test/e2e-tests.sh" +E2E_ENV="" + +while [[ $# -ne 0 ]]; do + parameter="$1" + case "${parameter}" in + --k8s-version) + shift + K8S_VERSION="$1" + ;; + --registry-url) + shift + REGISTRY_NAME="$(echo "$1" | cut -d':' -f 1)" + REGISTRY_PORT="$(echo "$1" | cut -d':' -f 2)" + ;; + --cluster-suffix) + shift + CLUSTER_SUFFIX="$1" + ;; + --nodes) + shift + NODE_COUNT="$1" + ;; + --authenticated-registry) + REGISTRY_AUTH="1" + ;; + --e2e-script) + shift + E2E_SCRIPT="$1" + ;; + --e2e-env) + shift + E2E_ENV="$1" + ;; + *) abort "unknown option ${parameter}" ;; + esac + shift +done + +# If E2E_ENV is set but the file doesn't exist, fall back on the old approach of invoking presubmit-tests.sh directly. +if [[ "${E2E_ENV}" != "" && ! -f "${E2E_ENV}" ]]; then + ./test/presubmit-tests.sh --integration-tests + exit $? +fi + +# The version map correlated with this version of KinD +case ${K8S_VERSION} in + v1.25.x) + K8S_VERSION="1.25.16" + KIND_IMAGE_SHA="sha256:5da57dfc290ac3599e775e63b8b6c49c0c85d3fec771cd7d55b45fae14b38d3b" + KIND_IMAGE="kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA}" + ;; + v1.26.x) + K8S_VERSION="1.26.15" + KIND_IMAGE_SHA="sha256:84333e26cae1d70361bb7339efb568df1871419f2019c80f9a12b7e2d485fe19" + KIND_IMAGE="kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA}" + ;; + v1.27.x) + K8S_VERSION="1.27.13" + KIND_IMAGE_SHA="sha256:17439fa5b32290e3ead39ead1250dca1d822d94a10d26f1981756cd51b24b9d8" + KIND_IMAGE="kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA}" + ;; + v1.28.x) + K8S_VERSION="1.28.9" + KIND_IMAGE_SHA="sha256:dca54bc6a6079dd34699d53d7d4ffa2e853e46a20cd12d619a09207e35300bd0" + KIND_IMAGE="kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA}" + ;; + v1.29.x) + K8S_VERSION="1.29.4" + KIND_IMAGE_SHA="sha256:3abb816a5b1061fb15c6e9e60856ec40d56b7b52bcea5f5f1350bc6e2320b6f8" + KIND_IMAGE="kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA}" + ;; + v1.30.x) + K8S_VERSION="1.30.0" + KIND_IMAGE_SHA="sha256:047357ac0cfea04663786a612ba1eaba9702bef25227a794b52890dd8bcd692e" + KIND_IMAGE="kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA}" + ;; + *) abort "Unsupported version: ${K8S_VERSION}" ;; +esac + +############################################################# +# +# Setup KinD cluster. +# +############################################################# +echo '--- Setup KinD Cluster' + +cat > kind.yaml <> kind.yaml <> kind.yaml < "${AUTH_DIR}/htpasswd" + + # Run a registry protected with htpasswd + EXTRA_ARGS=( + -v "${AUTH_DIR}:/auth" + -e "REGISTRY_AUTH=htpasswd" + -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" + -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" + ) + +fi + +docker run -d --restart=always \ + "${EXTRA_ARGS[@]}" \ + -p "$REGISTRY_PORT:$REGISTRY_PORT" --name "$REGISTRY_NAME" registry:2 + +# Connect the registry to the KinD network. +docker network connect "kind" "$REGISTRY_NAME" + +# Make the $REGISTRY_NAME -> 127.0.0.1, to tell `ko` to publish to +# local reigstry, even when pushing $REGISTRY_NAME:$REGISTRY_PORT/some/image +echo "127.0.0.1 $REGISTRY_NAME" | sudo tee -a /etc/hosts + +# Create a registry-credentials secret and attach it to the list of service accounts in the namespace. +function sa_ips() { + local ns="${1}" + shift + + # Create a secret resource with the contents of the docker auth configured above. + kubectl -n "${ns}" create secret generic registry-credentials \ + --from-file=.dockerconfigjson=${HOME}/.docker/config.json \ + --type=kubernetes.io/dockerconfigjson + + for sa in "${@}" ; do + # Ensure the service account exists. + kubectl -n "${ns}" create serviceaccount "${sa}" || true + + # Attach the secret resource to the service account in the namespace. + kubectl -n "${ns}" patch serviceaccount "${sa}" -p '{"imagePullSecrets": [{"name": "registry-credentials"}]}' + done +} + +if [[ "${REGISTRY_AUTH}" == "1" ]]; then + + # This will create ~/.docker/config.json + docker login "http://$REGISTRY_NAME:$REGISTRY_PORT/v2/" -u "${USERNAME}" -p "${PASSWORD}" + + sa_ips "default" "default" +fi + +export KO_DOCKER_REPO=kind.local + +echo '--- Debug file system' +pwd +ls -al + + +if [[ "${E2E_SCRIPT}" == "" ]]; then + echo "Nothing else to do" + exit 0 +else + if [[ "${E2E_ENV}" != "" ]]; then + set -o allexport + source "${E2E_ENV}" + set +o allexport + fi + "${E2E_SCRIPT}" +fi diff --git a/hack/verify-codegen.sh b/hack/verify-codegen.sh index 8d1dc0c2d9..ee0cd18c1e 100755 --- a/hack/verify-codegen.sh +++ b/hack/verify-codegen.sh @@ -20,7 +20,6 @@ set -o pipefail source $(git rev-parse --show-toplevel)/vendor/github.com/tektoncd/plumbing/scripts/library.sh -export GO111MODULE=on readonly TMP_DIFFROOT="$(mktemp -d ${REPO_ROOT_DIR}/tmpdiffroot.XXXXXX)" cleanup() { From 01e9e341b3396f139ef31f3cdfb1a077be62f093 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Mon, 17 Mar 2025 11:21:18 +0100 Subject: [PATCH 4/4] .github/workflows: use plumbing workflow definitions. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's share code 🙃. Signed-off-by: Vincent Demeester --- .github/workflows/chatops_retest.yaml | 79 ++------------------------- .github/workflows/slash.yml | 44 ++++----------- 2 files changed, 16 insertions(+), 107 deletions(-) diff --git a/.github/workflows/chatops_retest.yaml b/.github/workflows/chatops_retest.yaml index 8a2462b7b1..f428dd76a1 100644 --- a/.github/workflows/chatops_retest.yaml +++ b/.github/workflows/chatops_retest.yaml @@ -1,14 +1,8 @@ -# The _chatops_retest workflow reruns failed GHA for a PR -# -# This workflow is triggered by leaving a "/retest" comment on -# a pull request. If the required preconditions are met, it will -# rerun failed GitHub actions checks on that PR -# -# Condition for the "/retest" command are: -# - either the issuer is a maintainer -# - or the issuer is the owner the PR - name: Rerun Failed Actions + +permissions: + contents: read + on: repository_dispatch: types: [retest-command] @@ -16,66 +10,5 @@ on: jobs: retest: name: Rerun Failed Actions - runs-on: ubuntu-latest - steps: - - name: Show Environment Variables - run: env - - name: Show Github Object - run: | - cat <<'EOF' - ${{ toJson(github) }} - EOF - - name: Show Github Event Path Json - run: 'cat $GITHUB_EVENT_PATH || true' - - name: Rerun Failed Actions - run: | - echo '::group:: Get the PR commit sha' - # Get the sha of the HEAD commit in the PR - GITHUB_COMMIT_SHA=$(gh api $(echo ${GITHUB_PULL_URL#https://api.github.com/}) | \ - jq -r .head.sha) - echo GITHUB_COMMIT_SHA=${GITHUB_COMMIT_SHA} - echo '::endgroup::' - - echo '::group:: Get the list of run IDs' - # Get a list of run IDs - RUN_IDS=$(gh api repos/${GITHUB_REPO}/commits/${GITHUB_COMMIT_SHA}/check-runs | \ - jq -r '.check_runs[] | select(.name != "Rerun Failed Actions") | .html_url | capture("/runs/(?[0-9]+)/job") | .number' | \ - sort -u) - echo RUN_IDS=${RUN_IDS} - echo '::endgroup::' - - echo '::group:: Rerun failed runs' - # For each run, retrigger faild jobs - for runid in ${RUN_IDS}; do - echo Restarting run ${runid} for commit ${GITHUB_COMMIT_SHA} - gh run \ - --repo ${GITHUB_REPO} \ - rerun ${runid} \ - --failed || true - done - echo '::endgroup::' - env: - GITHUB_TOKEN: ${{ secrets.CHATOPS_TOKEN }} - GITHUB_REPO: ${{ github.event.client_payload.github.payload.repository.full_name }} - GITHUB_PULL_URL: ${{ github.event.client_payload.github.payload.issue.pull_request.url }} - - - name: Create comment - if: ${{ failure() && steps.landStack.outcome == 'failure' }} - uses: peter-evans/create-or-update-comment@v4 - with: - token: ${{ secrets.CHATOPS_TOKEN }} - repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - issue-number: ${{ github.event.client_payload.github.payload.issue.number }} - body: | - Something went wrong with your `/${{ github.event.client_payload.slash_command.command }}` command: [please check the logs][1]. - - [1]: ${{ steps.vars.outputs.run-url }} - - - name: Add reaction - if: ${{ success() }} - uses: peter-evans/create-or-update-comment@v4 - with: - token: ${{ secrets.CHATOPS_TOKEN }} - repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - comment-id: ${{ github.event.client_payload.github.payload.comment.id }} - reactions: hooray \ No newline at end of file + uses: tektoncd/plumbing/.github/workflows/_chatops_retest.yml@8441d6ffad5bf64f631ed0e67e46192fdedaca47 + secrets: inherit diff --git a/.github/workflows/slash.yml b/.github/workflows/slash.yml index d8b7ae2657..ddaf9abc5e 100644 --- a/.github/workflows/slash.yml +++ b/.github/workflows/slash.yml @@ -1,41 +1,17 @@ -# The slash workflow handles slash commands -# -# Slash commands are given through comments on pull requests -# and may be used only by individuals with "write" access to -# the repository (i.e. maintainers). -# -# Slash commands must be placed at the very beginning of the -# first line of a comment. More details are available in the -# action docs: https://github.com/peter-evans/slash-command-dispatch/tree/main?tab=readme-ov-file#how-comments-are-parsed-for-slash-commands -# -# The workflow looks for and dispatches to another workflow -# named -command which must exist in the repository. -# -# Supported commands: -# - /land: invokes the land-command workflow, to land (merge) PRs -# stacked through ghstack -# -# When a command is recognised, the rocket and eyes emojis are added - name: Slash Command Routing + +permissions: + contents: read + on: issue_comment: types: [created] jobs: check_comments: - runs-on: ubuntu-latest - steps: - - name: route-land - uses: peter-evans/slash-command-dispatch@v4 - with: - token: ${{ secrets.CHATOPS_TOKEN }} - config: > - [ - { - "command": "retest", - "permission": "write", - "issue_type": "pull-request", - "repository": "tektoncd/pipeline" - } - ] \ No newline at end of file + if: ${{ github.event.issue.pull_request }} + permissions: + issues: write # for peter-evans/slash-command-dispatch to create issue reaction + pull-requests: write # for peter-evans/slash-command-dispatch to create PR reaction + uses: tektoncd/plumbing/.github/workflows/_slash.yml@8441d6ffad5bf64f631ed0e67e46192fdedaca47 + secrets: inherit