wip

ukff · Oct 3, 2024 · 08c6080 · 08c6080
2 parents 6690b61 + cb59789
commit 08c6080
Show file tree

Hide file tree

Showing 67 changed files with 1,055 additions and 722 deletions.
diff --git a/.github/workflows/auto-merge.yaml b/.github/workflows/auto-merge.yaml
@@ -0,0 +1,20 @@
+name: Enable auto merge
+on:
+  pull_request_target:
+    branches: [main]
+    types:
+    - opened
+    - reopened
+    - ready_for_review
+    - synchronize
+
+jobs:
+  enable-auto-merge:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Enable auto-merge for PRs
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.BOT_TOKEN}}
+          GIT_EMAIL: team-gopher+1@sap.com
+        run: gh pr merge -A ${{ env.GIT_EMAIL }} --auto --squash "$PR_URL"
diff --git a/.github/workflows/build-e2e-provisioning-test-image.yaml b/.github/workflows/build-e2e-provisioning-test-image.yaml
@@ -8,7 +8,7 @@ on:
       - ".github/workflows/build-e2e-provisioning-test-image.yaml"
       - "testing/e2e/provisioning/**"
   pull_request_target:
-    types: [ opened, edited, synchronize, reopened, ready_for_review ]
+    types: [ opened, synchronize, reopened, ready_for_review ]
     paths:
       - ".github/workflows/build-e2e-provisioning-test-image.yaml"
       - "testing/e2e/provisioning/**"

diff --git a/.github/workflows/create-release.yaml b/.github/workflows/create-release.yaml
@@ -59,8 +59,6 @@ jobs:
   run-unit-tests:
     name: Unit tests, go mod tidy
     uses: "./.github/workflows/run-unit-tests-reusable.yaml"
-    with:
-      release: "true"
 
   build-keb-image:
     needs: [validate-release]

diff --git a/.github/workflows/label-validator.yml b/.github/workflows/label-validator.yml
@@ -1,7 +1,7 @@
 name: Label validator
 on:
   pull_request_target:
-    types: ["opened", "labeled", "unlabeled"]
+    types: ["opened", "labeled", "unlabeled", "synchronize", "reopened", "ready_for_review", "edited"]
     branches: [ "main" ]
 jobs:
   validate-labels: 

diff --git a/.github/workflows/markdown-link-check.yaml b/.github/workflows/markdown-link-check.yaml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@master
-    - uses: gaurav-nelson/github-action-markdown-link-check@v1
+    - uses: gaurav-nelson/github-action-markdown-link-check@d53a906aa6b22b8979d33bc86170567e619495ec
       with:
         use-quiet-mode: 'yes'
         config-file: '.mlc.config.json'
diff --git a/.github/workflows/pr-checks.yaml b/.github/workflows/pr-checks.yaml
@@ -0,0 +1,37 @@
+name: All checks passed
+on:
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+    - edited
+    - labeled
+    - unlabeled
+
+jobs:
+  checks-passed:
+    runs-on: ubuntu-latest
+    permissions:
+      checks: read
+      contents: read
+    steps:
+      - name: Check if draft
+        if: ${{ github.event.pull_request.draft }}
+        run: | 
+          echo "Draft PRs are not checked"
+          exit 1
+      - name: Check if author is kyma-gopher-bot
+        if: ${{ github.event.pull_request.user.login == 'kyma-gopher-bot' }}
+        run: | 
+          echo "PRs from kyma-gopher-bot are automatically green"
+          exit 0
+      - uses: wechuli/allcheckspassed@2e5e8bbc775f5680ed5d02e3a22e2fc7219792ac
+        if: ${{ github.event.pull_request.user.login != 'kyma-gopher-bot' }}
+        with:
+          delay: '1'
+          retries: '15'
+          polling_interval: '1'
+          checks_exclude: 'markdown-link-check,enable-auto-merge,run-govulncheck,scan'
+          verbose: true
diff --git a/.github/workflows/pull-build-images.yaml b/.github/workflows/pull-build-images.yaml
@@ -2,7 +2,10 @@ name: pull-build-images
 
 on:
    pull_request_target:
-      types: [ opened, edited, synchronize, reopened, ready_for_review ]
+      types: [ opened, synchronize, reopened, ready_for_review ]
+      paths-ignore:
+         - "**.md"
+         - "sec-scanners-config.yaml"
 
 permissions:
    id-token: write

diff --git a/.github/workflows/run-eslint.yaml b/.github/workflows/run-eslint.yaml
@@ -3,7 +3,10 @@ name: Run JS linter
 on:
   pull_request:
     branches: [ main ]
-
+    paths:
+      - ".github/workflows/run-eslint.yaml"
+      - "testing/e2e/skr/**"
+
 jobs:
   run-eslint:
     runs-on: ubuntu-latest
@@ -12,15 +15,5 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@v4
 
-    - name: Get changed files
-      id: changed-files-specific
-      uses: tj-actions/changed-files@90a06d6ba9543371ab4df8eeca0be07ca6054959
-      with:
-        files: |
-          .github/**
-          testing/e2e/skr/**
-          Makefile
-
     - name: Run JS linter
-      if: ${{ steps.changed-files-specific.outputs.any_modified == 'true' }}
       run: make lint -C testing/e2e/skr
diff --git a/.github/workflows/run-govulncheck.yaml b/.github/workflows/run-govulncheck.yaml
@@ -3,6 +3,9 @@ name: Run govulncheck
 on:
   pull_request:
     branches: [ main ]
+    paths-ignore:
+      - "**.md"
+      - "sec-scanners-config.yaml"
 
 jobs:
   run-govulncheck:
@@ -11,27 +14,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Get changed files
-        id: changed-files-specific
-        uses: tj-actions/changed-files@90a06d6ba9543371ab4df8eeca0be07ca6054959
-        with:
-          files: |
-            .github/**
-            cmd/**
-            common/**
-            files/**
-            internal/**
-            scripts/**
-            utils/edp-registrator/**
-            .golangci.yml
-            Dockerfile.*
-            go.mod
-            go.sum
-            Makefile
-            **/*.go
-            **/*.sh
       - name: Run govulncheck
-        if: steps.changed-files-specific.outputs.any_modified == 'true'
         uses: golang/govulncheck-action@v1
         with:
           go-version-file: 'go.mod'
diff --git a/.github/workflows/run-keb-chart-install-tests-reusable.yaml b/.github/workflows/run-keb-chart-install-tests-reusable.yaml
@@ -24,30 +24,7 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@v4
 
-    - name: Get changed files
-      id: changed-files-specific
-      uses: tj-actions/changed-files@90a06d6ba9543371ab4df8eeca0be07ca6054959
-      with:
-        files: |
-          .github/**
-          resources/**
-          scripts/**
-          Makefile
-          **/*.sh
-          .github/**
-          cmd/**
-          common/**
-          files/**
-          internal/**
-          utils/edp-registrator/**
-          .golangci.yml
-          Dockerfile.*
-          go.mod
-          go.sum
-          **/*.go
-
     - name: Prepare chart for next KEB version
-      if: ${{ steps.changed-files-specific.outputs.any_modified == 'true' || inputs.release == 'true' }}
       run: |
         if [ "${{ inputs.release }}" == "true" ]; then
           scripts/bump_keb_chart.sh ${{ inputs.version }} "release"
@@ -56,7 +33,6 @@ jobs:
         fi
 
     - name: Validate KEB helm chart
-      if: ${{ steps.changed-files-specific.outputs.any_modified == 'true' || inputs.release == 'true' }}
       run: |
         cd resources/keb
         helm template .
@@ -70,30 +46,8 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Get changed files
-        id: changed-files-specific
-        uses: tj-actions/changed-files@90a06d6ba9543371ab4df8eeca0be07ca6054959
-        with:
-          files: |
-            .github/**
-            resources/**
-            scripts/**
-            Makefile
-            **/*.sh
-            .github/**
-            cmd/**
-            common/**
-            files/**
-            internal/**
-            utils/edp-registrator/**
-            .golangci.yml
-            Dockerfile.*
-            go.mod
-            go.sum
-
       - id: get-versions
         name: Get K3s versions
-        if: ${{ steps.changed-files-specific.outputs.any_modified == 'true' || inputs.release == 'true' }}
         # prepare json representing GitHub matrix:
         # {"include": [
         #    {"version":"v1.26.10+k3s1"},
@@ -106,7 +60,7 @@ jobs:
           MATRIX_AS_JSON=$(echo ${VERSIONS[*]} | awk 'END {printf "{\"include\":[";for (i = 1; i < NF; i++) printf "{\"version\":%s},",$i;printf "{\"version\":%s}]}",$i }'|jq -c)
           echo "k3s_versions=${MATRIX_AS_JSON}" >> "${GITHUB_OUTPUT}"
       - name: Wait for images to be ready
-        if: ${{ steps.changed-files-specific.outputs.any_modified == 'true' && inputs.release == 'false' }}
+        if: ${{ inputs.release == 'false' }}
         timeout-minutes: 7
         env:
           GH_TOKEN: ${{ github.token }}
@@ -123,56 +77,29 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Get changed files
-        id: changed-files-specific
-        uses: tj-actions/changed-files@90a06d6ba9543371ab4df8eeca0be07ca6054959
-        with:
-          files: |
-            .github/**
-            resources/**
-            scripts/**
-            Makefile
-            **/*.sh
-            .github/**
-            cmd/**
-            common/**
-            files/**
-            internal/**
-            utils/edp-registrator/**
-            .golangci.yml
-            Dockerfile.*
-            go.mod
-            go.sum
-
       - name: Prepare K3s cluster and docker registry
-        if: ${{ steps.changed-files-specific.outputs.any_modified == 'true' || inputs.release == 'true' }}
         run: "./scripts/testing/k3s-setup.sh ${{ matrix.version }} --wait"
 
       - name: Create namespaces
-        if: ${{ steps.changed-files-specific.outputs.any_modified == 'true' || inputs.release == 'true' }}
         run: |
           kubectl create namespace kcp-system
           kubectl create namespace kyma-system
           kubectl create namespace istio-system
 
       - name: Install istio
-        if: ${{ steps.changed-files-specific.outputs.any_modified == 'true' || inputs.release == 'true' }}
         run: |
           helm repo add istio https://istio-release.storage.googleapis.com/charts
           helm install istio-base istio/base -n istio-system --set defaultRevision=default
           
       - name: Install Prometheus Operator for ServiceMonitor
-        if: ${{ steps.changed-files-specific.outputs.any_modified == 'true' || inputs.release == 'true' }}
         run: |
           kubectl create -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/master/bundle.yaml
 
       - name: Install Postgres
-        if: ${{ steps.changed-files-specific.outputs.any_modified == 'true' || inputs.release == 'true' }}
         run: |
           kubectl create -f scripts/testing/yaml/postgres -n kcp-system
       
       - name: Prepare fake gardener credentials
-        if: ${{ steps.changed-files-specific.outputs.any_modified == 'true' || inputs.release == 'true' }}
         run: |
           KCFG=$(kubectl config view --raw)
           kubectl create secret generic gardener-credentials --from-literal=kubeconfig="$KCFG" -n kcp-system
@@ -186,60 +113,10 @@ jobs:
           fi
 
       - name: Deploy KEB helm chart
-        if: ${{ steps.changed-files-specific.outputs.any_modified == 'true' || inputs.release == 'true' }}
         run: |
           cd resources/keb
           if [ "${{ inputs.release }}" == "true" ]; then
             helm install keb ../keb --namespace kcp-system -f values.yaml --set global.database.embedded.enabled=false --set testConfig.kebDeployment.useAnnotations=true --set global.secrets.mechanism=secrets --debug --wait
           else
             helm install keb ../keb --namespace kcp-system -f values.yaml --set global.database.embedded.enabled=false --set testConfig.kebDeployment.useAnnotations=true --set global.images.container_registry.path="europe-docker.pkg.dev/kyma-project/dev" --set global.secrets.mechanism=secrets --debug --wait
           fi
-
-  confirm-keb-chart-tests-result:
-    needs: run-keb-chart-matrix
-    runs-on: ubuntu-latest
-    if: success() 
-    outputs:
-      success: ${{ steps.set-output.outputs.success }}
-    steps:
-      - name: Confirm KEB chart tests result
-        id: set-output
-        run: echo "success=true" >> "${GITHUB_OUTPUT}"
-
-  finish-keb-chart-tests:
-    runs-on: ubuntu-latest
-    if: always()
-    needs: confirm-keb-chart-tests-result
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Get changed files
-        id: changed-files-specific
-        uses: tj-actions/changed-files@90a06d6ba9543371ab4df8eeca0be07ca6054959
-        with:
-          files: |
-            .github/**
-            resources/**
-            scripts/**
-            Makefile
-            **/*.sh
-            .github/**
-            cmd/**
-            common/**
-            files/**
-            internal/**
-            utils/edp-registrator/**
-            .golangci.yml
-            Dockerfile.*
-            go.mod
-            go.sum
-
-      - name: Check KEB chart tests result
-        if: ${{ steps.changed-files-specific.outputs.any_modified == 'true' || inputs.release == 'true' }}
-        run: |
-          if [ "${{ needs.confirm-keb-chart-tests-result.outputs.success }}" != "true" ]; then
-            echo "KEB chart tests failed"
-            exit 1
-          fi
-          echo "KEB chart tests passed"
diff --git a/.github/workflows/run-keb-chart-install-tests.yaml b/.github/workflows/run-keb-chart-install-tests.yaml
@@ -3,11 +3,14 @@ name: Run KEB chart install tests
 on:
   pull_request:
     branches: [ main ]
+    types: [ opened, synchronize, reopened, ready_for_review ]
+    paths-ignore:
+      - "**.md"
+      - "sec-scanners-config.yaml"
 
 jobs:
   run-install-keb-chart-tests:
     uses: "./.github/workflows/run-keb-chart-install-tests-reusable.yaml"
-    if: ${{ !github.event.pull_request.draft }}
     with:
       last-k3s-versions: 3
       release: "false"