-
Notifications
You must be signed in to change notification settings - Fork 706
140 lines (124 loc) · 6.28 KB
/
ocp-test-profiles.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: Trigger OCP Tests When Relevant
on:
pull_request:
branches: [ master, 'stabilization*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.event.number || github.run_id }}
cancel-in-progress: true
jobs:
check-and-trigger-ocp-prow-tests:
name: Identify rules changed in PR and test them in OCP Prow
runs-on: ubuntu-latest
container:
image: fedora:latest
permissions:
pull-requests: write
steps:
- name: Install Deps
run: dnf install -y cmake make openscap-utils python3-pyyaml python3-jinja2 git python3-deepdiff python3-requests jq python3-pip nodejs
- name: Install deps python
run: pip install gitpython xmldiff
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
fetch-depth: 0
- name: Checkout (CTF)
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
repository: ComplianceAsCode/content-test-filtering
path: ctf
# https://github.com/actions/checkout/issues/766
- name: Set git safe directory
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Find forking point
env:
BASE_BRANCH: ${{ github.base_ref }}
run: echo "FORK_POINT=$(git merge-base origin/$BASE_BRANCH ${{ github.event.pull_request.head.sha }})" >> $GITHUB_OUTPUT
id: fork_point
- name: Detect content changes in the PR
run: python3 ./ctf/content_test_filtering.py pr --base ${{ steps.fork_point.outputs.FORK_POINT }} --remote_repo ${{ github.server_url }}/${{ github.repository }} --verbose --rule --output json ${{ github.event.pull_request.number }} > ctf-output.json
- name: Test if there are no content changes
run: echo "CTF_OUTPUT_SIZE=$(stat --printf="%s" ctf-output.json)" >> $GITHUB_OUTPUT
id: ctf
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
with:
name: ctf-output
path: ctf-output.json
- name: Print changes to content detected if any
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
run: cat ctf-output.json
- name: Get product attribute
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
id: product
uses: notiz-dev/github-action-json-property@a5a9c668b16513c737c3e1f8956772c99c73f6e8 # v0.2.0
with:
path: 'ctf-output.json'
prop_path: 'product'
- name: Build product OCP and RHCOS content
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' && (contains(steps.product.outputs.prop, 'ocp4') || contains(steps.product.outputs.prop, 'rhcos4')) }}
run: ./build_product -d ocp4 rhcos4
- name: Process list of rules into a list of product-profiles to test
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' && (contains(steps.product.outputs.prop, 'ocp4') || contains(steps.product.outputs.prop, 'rhcos4')) }}
id: profiles_to_test
run: |
# Let's grab the profiles for which we have a CI job configured
PROW_CONFIG=https://raw.githubusercontent.com/openshift/release/refs/heads/master/ci-operator/config/ComplianceAsCode/content/ComplianceAsCode-content-master.yaml
curl -o prow_config.yaml ${PROW_CONFIG}
readarray -t TESTED_PROFILES <<< $(grep -r PROFILE= ./prow_config.yaml | sort -u | sed 's/.*export PROFILE=\(.*\)/\1/')
RULES=$(cat ctf-output.json | jq -r '.rules[]')
# Let's grab one profile for each changed rule
PROFILES=()
ALL_PROFILES=()
# Let's consistently grab a random profile for each rule, in order to do that we use the
# PR number as the seed
RANDOM=${{ github.event.pull_request.number }}
for rule in $RULES; do
readarray -t TEMP <<< $(grep -lr -e "- ${rule}\$" build/*/profiles | sort)
ELIGIBLE_PROFILES=()
for index in "${!TEMP[@]}"; do
for tp in ${TESTED_PROFILES[@]}; do
if [[ ${TEMP[$index]} =~ build\/.*\/profiles\/${tp}\.profile ]]; then
ELIGIBLE_PROFILES+=(${TEMP[$index]});
fi
done
done
ALL_PROFILES+=(${ELIGIBLE_PROFILES[@]})
PROFILES+=(${ELIGIBLE_PROFILES[$(($RANDOM%(${#ELIGIBLE_PROFILES[@]})))]})
done
# Sort and ensure that the profiles are unique
readarray -t UNIQUE_PROFILES <<< $(echo ${PROFILES[@]} | tr ' ' '\n' | sort -u | tr '\n' ' ')
readarray -t ALL_UNIQUE_PROFILES <<< $(echo ${ALL_PROFILES[@]} | tr ' ' '\n' | sort -u | tr '\n' ' ')
# Craft a command to trigger tests
COMMAND=$(for profile in ${UNIQUE_PROFILES[@]}; do
echo ${profile} | sed 's/build\/\(.*\)\/profiles\/\(.*\)\.profile/\/test e2e-aws-\1-\2/'
done)
# COMMAND is a multiline string, so we need to set it this way
{
echo 'TEST_PROFILES_COMMAND<<EOF'
echo "${COMMAND}"
echo EOF
} >> $GITHUB_OUTPUT
# Format all identified profiles for display
ALL_PROFILES_FORMATTED=$(for profile in ${ALL_UNIQUE_PROFILES[@]}; do
echo ${profile} | sed 's/build\/\(.*\)\/profiles\/\(.*\)\.profile/- `<OCP_VERSION>-e2e-aws-\1-\2`/'
done)
{
echo 'ALL_PROFILES_COMMENT<<EOF'
echo "${ALL_PROFILES_FORMATTED}"
echo EOF
} >> $GITHUB_OUTPUT
- uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v2
if: ${{ steps.profiles_to_test.outputs.TEST_PROFILES_COMMAND != '' }}
with:
message: |
:robot: Trigger prow tests based on changed rules
${{ steps.profiles_to_test.outputs.TEST_PROFILES_COMMAND }}
Note: if a test is not started it could be that a CI Job is not configure for that particular profile or product.
<details>
<summary>Click here to see all the relevant profiles</summary>
${{ steps.profiles_to_test.outputs.ALL_PROFILES_COMMENT}}
</details>
comment-tag: kubernetes_start_prow_tests
pr-number: ${{ github.event.pull_request.number }}
mode: recreate