diff --git a/.github/workflows/gchat-notification.yml b/.github/workflows/gchat-notification.yml new file mode 100644 index 00000000000000..22b2681832927d --- /dev/null +++ b/.github/workflows/gchat-notification.yml @@ -0,0 +1,42 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +name: 'GChat Notification' +on: + workflow_call: + inputs: + workflow: + type: string + required: true + job-url: + type: string + required: true + repository: + type: string + secrets: + GCHAT_WEBHOOK_URL: + required: true +# Remove all permissions by default +permissions: {} +jobs: + notification: + name: Google Chat Notification + runs-on: ubuntu-latest + steps: + - name: Notify + env: + JOB_URL: ${{ inputs.job-url }} + GH_WORKFLOW: ${{ inputs.workflow }} + GH_REPOSITORY: ${{ inputs.repository != '' && inputs.repository || github.repository }} + GCHAT_WEBHOOK_URL: ${{ secrets.GCHAT_WEBHOOK_URL }} + run: | + tmp_file=$(mktemp) + cat >"${tmp_file}"<. + EOF + + # Use curl to send the JSON to Google. + escapedText=$(sed -e 's/\n/\\n/g' -e 's/"/\\"/g' -e "s/'/\\'/g" "${tmp_file}") + json="{\"text\": \"$escapedText\"}" + curl -X POST -H 'Content-Type: application/json' -d "$json" "${GCHAT_WEBHOOK_URL}" diff --git a/.github/workflows/index-monitor.yml b/.github/workflows/index-monitor.yml new file mode 100644 index 00000000000000..cdf37d0f081011 --- /dev/null +++ b/.github/workflows/index-monitor.yml @@ -0,0 +1,115 @@ +name: '[Index] Monitor remote index.yaml' + +on: + schedule: + # Every 10 minutes + - cron: '*/10 * * * *' + +# Remove all permissions by default +permissions: {} + +jobs: + integrity-check: + name: Compare the index.yaml checksums remote and locally + runs-on: ubuntu-latest + permissions: + contents: read + outputs: + result: ${{ steps.integrity-check.outputs.result }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + with: + ref: 'index' + - name: Check index integrity + id: integrity-check + run: | + status="fail" + attempts=0 + # We want to check for consistent failures + # To do so, we will look for 3 consecutive failures with a 30 seconds wait + # A single success is enough to pass + while [[ "${status}" != "ok" && $attempts -lt 3 ]]; do + # Check the index.yaml integrity + REMOTE_MD5=($(curl -Ls https://charts.bitnami.com/bitnami/index.yaml | md5sum)) + REPOSITORY_MD5=($(md5sum bitnami/index.yaml)) + # Compare the index.yaml checksums remote and locally + if [[ "${REPOSITORY_MD5[0]}" == "${REMOTE_MD5[0]}" ]]; then + status='ok' + else + attempts=$((attempts+1)) + echo "Integrity check failed. Remote checksum '${REMOTE_MD5[0]}' does not match expected '${REPOSITORY_MD5[0]}'"; + # Wait 30 seconds + sleep 30 + fi + done + echo "result=${status}" >> $GITHUB_OUTPUT + - name: Show messages + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea + with: + script: | + if ("${{ steps.integrity-check.outputs.result }}" != "ok" ) { + core.setFailed("Integrity check failed"); + } else { + core.info("Integrity check succeeded") + } + validation-check: + name: Validate the helm repository can be added and updated + runs-on: ubuntu-latest + permissions: + contents: read + outputs: + result: ${{ steps.validation-check.outputs.result }} + steps: + - name: Install helm + run: | + HELM_TARBALL="helm-v3.8.1-linux-amd64.tar.gz" + curl -SsLfO "https://get.helm.sh/${HELM_TARBALL}" && sudo tar xf "$HELM_TARBALL" --strip-components 1 -C /usr/local/bin + - name: Validate helm repository + id: validation-check + run: | + repo="https://charts.bitnami.com/bitnami" + status="fail" + attempts=0 + # We want to check for consistent failures + # To do so, we will look for 3 consecutive failures with a 30 seconds wait + # A single success is enough to pass + while [[ "${status}" != "ok" && $attempts -lt 3 ]]; do + # Validates the helm repository can be added and updated + if helm repo add bitnami "${repo}" && helm repo update bitnami; then + status="ok" + else + attempts=$((attempts+1)) + echo "Failed to pull charts from helm repository '${repo}'" + # If present, remove repository to allow retries + if helm repo list | grep -q bitnami; then + helm repo remove bitnami + fi + # Wait 30 seconds + sleep 30 + fi + done + echo "result=${status}" >> $GITHUB_OUTPUT + - name: Show messages + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea + with: + script: | + if ("${{ steps.validation-check.outputs.result }}" != "ok" ) { + core.setFailed("Validation check failed"); + } else { + core.info("Validation check succeeded") + } + upload: + name: Re-upload index.yaml + needs: [validation-check, integrity-check] + if: ${{ always() && (needs.validation-check.outputs.result != 'ok' || needs.integrity-check.outputs.result != 'ok') }} + uses: bitnami/charts/.github/workflows/sync-chart-cloudflare-index.yml@index + secrets: inherit + notify: + name: Send notification + needs: [validation-check, integrity-check] + if: ${{ always() && (needs.validation-check.outputs.result != 'ok' || needs.integrity-check.outputs.result != 'ok') }} + uses: bitnami/charts/.github/workflows/gchat-notification.yml@main + with: + workflow: ${{ github.workflow }} + job-url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + secrets: inherit