Skip to content

Commit

Permalink
[github-actions] Add index-monitor action
Browse files Browse the repository at this point in the history 
Signed-off-by: Miguel Ruiz <[email protected]>
  • Loading branch information
@migruiz4
migruiz4 committed Jan 16, 2025
1 parent 7432a31 commit 9f4619d
Show file tree
Hide file tree
Showing 2 changed files with 157 additions and 0 deletions.
42 changes: 42 additions & 0 deletions .github/workflows/gchat-notification.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0

name: 'GChat Notification'
on:
workflow_call:
inputs:
workflow:
type: string
required: true
job-url:
type: string
required: true
repository:
type: string
secrets:
GCHAT_WEBHOOK_URL:
required: true
# Remove all permissions by default
permissions: {}
jobs:
notification:
name: Google Chat Notification
runs-on: ubuntu-latest
steps:
- name: Notify
env:
JOB_URL: ${{ inputs.job-url }}
GH_WORKFLOW: ${{ inputs.workflow }}
GH_REPOSITORY: ${{ inputs.repository != '' && inputs.repository || github.repository }}
GCHAT_WEBHOOK_URL: ${{ secrets.GCHAT_WEBHOOK_URL }}
run: |
tmp_file=$(mktemp)
cat >"${tmp_file}"<<EOF
⚠️ [${GH_REPOSITORY}] Failure detected on '${GH_WORKFLOW}' workflow ⚠️
📑 See details <${JOB_URL}|here>.
EOF
# Use curl to send the JSON to Google.
escapedText=$(sed -e 's/\n/\\n/g' -e 's/"/\\"/g' -e "s/'/\\'/g" "${tmp_file}")
json="{\"text\": \"$escapedText\"}"
curl -X POST -H 'Content-Type: application/json' -d "$json" "${GCHAT_WEBHOOK_URL}"
115 changes: 115 additions & 0 deletions .github/workflows/index-monitor.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
name: '[Index] Monitor remote index.yaml'

on:
schedule:
# Every 10 minutes
- cron: '*/10 * * * *'

# Remove all permissions by default
permissions: {}

jobs:
integrity-check:
name: Compare the index.yaml checksums remote and locally
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
result: ${{ steps.integrity-check.outputs.result }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
ref: 'index'
- name: Check index integrity
id: integrity-check
run: |
status="fail"
attempts=0
# We want to check for consistent failures
# To do so, we will look for 3 consecutive failures with a 30 seconds wait
# A single success is enough to pass
while [[ "${status}" != "ok" && $attempts -lt 3 ]]; do
# Check the index.yaml integrity
REMOTE_MD5=($(curl -Ls https://charts.bitnami.com/bitnami/index.yaml | md5sum))
REPOSITORY_MD5=($(md5sum bitnami/index.yaml))
# Compare the index.yaml checksums remote and locally
if [[ "${REPOSITORY_MD5[0]}" == "${REMOTE_MD5[0]}" ]]; then
status='ok'
else
attempts=$((attempts+1))
echo "Integrity check failed. Remote checksum '${REMOTE_MD5[0]}' does not match expected '${REPOSITORY_MD5[0]}'";
# Wait 30 seconds
sleep 30
fi
done
echo "result=${status}" >> $GITHUB_OUTPUT
- name: Show messages
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with:
script: |
if ("${{ steps.integrity-check.outputs.result }}" != "ok" ) {
core.setFailed("Integrity check failed");
} else {
core.info("Integrity check succeeded")
}
validation-check:
name: Validate the helm repository can be added and updated
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
result: ${{ steps.validation-check.outputs.result }}
steps:
- name: Install helm
run: |
HELM_TARBALL="helm-v3.8.1-linux-amd64.tar.gz"
curl -SsLfO "https://get.helm.sh/${HELM_TARBALL}" && sudo tar xf "$HELM_TARBALL" --strip-components 1 -C /usr/local/bin
- name: Validate helm repository
id: validation-check
run: |
repo="https://charts.bitnami.com/bitnami"
status="fail"
attempts=0
# We want to check for consistent failures
# To do so, we will look for 3 consecutive failures with a 30 seconds wait
# A single success is enough to pass
while [[ "${status}" != "ok" && $attempts -lt 3 ]]; do
# Validates the helm repository can be added and updated
if helm repo add bitnami "${repo}" && helm repo update bitnami; then
status="ok"
else
attempts=$((attempts+1))
echo "Failed to pull charts from helm repository '${repo}'"
# If present, remove repository to allow retries
if helm repo list | grep -q bitnami; then
helm repo remove bitnami
fi
# Wait 30 seconds
sleep 30
fi
done
echo "result=${status}" >> $GITHUB_OUTPUT
- name: Show messages
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with:
script: |
if ("${{ steps.validation-check.outputs.result }}" != "ok" ) {
core.setFailed("Validation check failed");
} else {
core.info("Validation check succeeded")
}
upload:
name: Re-upload index.yaml
needs: [validation-check, integrity-check]
if: ${{ always() && (needs.validation-check.outputs.result != 'ok' || needs.integrity-check.outputs.result != 'ok') }}
uses: bitnami/charts/.github/workflows/sync-chart-cloudflare-index.yml@index
secrets: inherit
notify:
name: Send notification
needs: [validation-check, integrity-check]
if: ${{ always() && (needs.validation-check.outputs.result != 'ok' || needs.integrity-check.outputs.result != 'ok') }}
uses: bitnami/charts/.github/workflows/gchat-notification.yml@main
with:
workflow: ${{ github.workflow }}
job-url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
secrets: inherit

0 comments on commit 9f4619d

Please sign in to comment.