mirror of
https://github.com/zabbix/zabbix-docker.git
synced 2024-12-23 06:49:34 +01:00
Added workflow to update Red Hat Container Catalog
This commit is contained in:
parent
56d6294594
commit
54e2b7ef84
48
.github/scripts/rhel_description.py
vendored
Normal file
48
.github/scripts/rhel_description.py
vendored
Normal file
@ -0,0 +1,48 @@
|
||||
import sys
|
||||
import requests
|
||||
import json
|
||||
import markdown
|
||||
import os
|
||||
|
||||
repository_description = None
|
||||
|
||||
if ("DESCRIPTION_FILE" not in os.environ or len(os.environ["DESCRIPTION_FILE"]) == 0):
|
||||
print("::error::Description file environment variable is not specified")
|
||||
sys.exit(1)
|
||||
if ("PYXIS_API_TOKEN" not in os.environ or len(os.environ["PYXIS_API_TOKEN"]) == 0):
|
||||
print("::error::API token environment variable is not specified")
|
||||
sys.exit(1)
|
||||
if ("API_URL" not in os.environ or len(os.environ["API_URL"]) == 0):
|
||||
print("::error::API URL environment variable is not specified")
|
||||
sys.exit(1)
|
||||
if ("PROJECT_ID" not in os.environ or len(os.environ["PROJECT_ID"]) == 0):
|
||||
print("RedHat project ID environment variable is not specified")
|
||||
sys.exit(1)
|
||||
|
||||
if (os.path.isfile(os.environ["DESCRIPTION_FILE"] + '.md')):
|
||||
file = open(os.environ["DESCRIPTION_FILE"] + '.md', mode='r')
|
||||
markdown_data = file.read()
|
||||
file.close()
|
||||
repository_description=markdown.markdown(markdown_data)
|
||||
elif (os.path.isfile(os.environ["DESCRIPTION_FILE"] + '.html')):
|
||||
file = open(os.environ["DESCRIPTION_FILE"] + '.html', mode='r')
|
||||
repository_description = file.read()
|
||||
file.close()
|
||||
|
||||
if (repository_description is None or len(repository_description) == 0):
|
||||
print("::error::No description file found")
|
||||
sys.exit(1)
|
||||
|
||||
data = dict()
|
||||
data['container'] = dict()
|
||||
data['container']['repository_description'] = repository_description[:32768]
|
||||
|
||||
headers = {'accept' : 'application/json', 'X-API-KEY' : os.environ["PYXIS_API_TOKEN"], 'Content-Type' : 'application/json'}
|
||||
result = requests.patch(os.environ["API_URL"] + os.environ["PROJECT_ID"],
|
||||
headers = headers,
|
||||
data = json.dumps(data))
|
||||
|
||||
print("::group::Result")
|
||||
print("Response code: " + str(result.status_code))
|
||||
print("Last update date: " + json.loads(result.content)['last_update_date'])
|
||||
print("::endgroup::")
|
2
.github/workflows/dependency-review.yml
vendored
2
.github/workflows/dependency-review.yml
vendored
@ -28,4 +28,4 @@ jobs:
|
||||
- name: 'Checkout Repository'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: 'Dependency Review'
|
||||
uses: actions/dependency-review-action@80f10bf419f34980065523f5efca7ebed17576aa # v4.1.0
|
||||
uses: actions/dependency-review-action@be8bc500ee15e96754d2a6f2d34be14e945a46f3 # v4.1.2
|
||||
|
110
.github/workflows/rhel_registry_description.yml
vendored
110
.github/workflows/rhel_registry_description.yml
vendored
@ -3,15 +3,17 @@ name: Red Hat Catalog Description
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- 'trunk'
|
||||
- '[0-9]+.[0-9]+'
|
||||
paths:
|
||||
- 'Dockerfiles/*/*/README.html'
|
||||
- 'Dockerfiles/*/*/README.md'
|
||||
- '.github/workflows/rhel_registry_description.yml'
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
DOCKERFILES_DIRECTORY: "./Dockerfiles"
|
||||
API_URL: "https://catalog.redhat.com/api/containers/v1/projects/certification/id/"
|
||||
MATRIX_FILE: "build.json"
|
||||
|
||||
defaults:
|
||||
run:
|
||||
@ -22,37 +24,37 @@ permissions:
|
||||
|
||||
jobs:
|
||||
init:
|
||||
name: Initialize build
|
||||
name: Initialize workflow
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
component:
|
||||
- agent
|
||||
- agent2
|
||||
- java-gateway
|
||||
- proxy-mysql
|
||||
- proxy-sqlite3
|
||||
- server-mysql
|
||||
- snmptraps
|
||||
- web-nginx-mysql
|
||||
- web-service
|
||||
outputs:
|
||||
components: ${{ steps.components.outputs.list }}
|
||||
zabbix_release: ${{ steps.branch_info.outputs.zabbix_release }}
|
||||
steps:
|
||||
- name: Block egress traffic
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
disable-sudo: true
|
||||
egress-policy: audit
|
||||
egress-policy: block
|
||||
allowed-endpoints: >
|
||||
github.com:443
|
||||
hub.docker.com:443
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
fetch-depth: 1
|
||||
sparse-checkout: ${{ env.MATRIX_FILE }}
|
||||
|
||||
- name: Check ${{ env.MATRIX_FILE }} file
|
||||
id: build_exists
|
||||
env:
|
||||
MATRIX_FILE: ${{ env.MATRIX_FILE }}
|
||||
run: |
|
||||
if [[ ! -f "$MATRIX_FILE" ]]; then
|
||||
echo "::error::File $MATRIX_FILE is missing"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
- name: Get branch info
|
||||
id: branch_info
|
||||
@ -61,15 +63,14 @@ jobs:
|
||||
github_ref: ${{ github.ref }}
|
||||
run: |
|
||||
result=false
|
||||
sha_short=$(git rev-parse --short HEAD)
|
||||
|
||||
github_ref=${github_ref##*/}
|
||||
|
||||
echo "::group::Branch metadata"
|
||||
echo "secret_prefix=RHEL_${github_ref//.}"
|
||||
echo "zabbix_release=${github_ref//.}"
|
||||
echo "::endgroup::"
|
||||
|
||||
echo "secret_prefix=RHEL_${github_ref//.}" >> $GITHUB_OUTPUT
|
||||
echo "zabbix_release=${github_ref//.}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Prepare Zabbix component list
|
||||
id: components
|
||||
@ -84,10 +85,37 @@ jobs:
|
||||
|
||||
echo "list=$component_list" >> $GITHUB_OUTPUT
|
||||
|
||||
publish:
|
||||
name: Initialize build
|
||||
runs-on: ubuntu-latest
|
||||
needs: init
|
||||
permissions:
|
||||
contents: read
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
component: ${{ fromJson(needs.init.outputs.components) }}
|
||||
steps:
|
||||
- name: Block egress traffic
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
disable-sudo: true
|
||||
egress-policy: block
|
||||
allowed-endpoints: >
|
||||
catalog.redhat.com:443
|
||||
files.pythonhosted.org:443
|
||||
github.com:443
|
||||
pypi.org:443
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
fetch-depth: 1
|
||||
|
||||
- name: Variables formating
|
||||
id: var_format
|
||||
env:
|
||||
MATRIX_BUILD: ${{ matrix.build }}
|
||||
MATRIX_BUILD: ${{ matrix.component }}
|
||||
run: |
|
||||
MATRIX_BUILD=${MATRIX_BUILD^^}
|
||||
MATRIX_BUILD=${MATRIX_BUILD//-/_}
|
||||
@ -97,26 +125,32 @@ jobs:
|
||||
echo "::endgroup::"
|
||||
echo "matrix_build=${MATRIX_BUILD}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Update Red Hat project description (zabbix-${{ matrix.component }})
|
||||
- name: Setup Python 3.x
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: '3.x'
|
||||
|
||||
- name: Install Python packages
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
pip install markdown requests
|
||||
|
||||
- name: Update Red Hat project description
|
||||
env:
|
||||
DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README.html', env.DOCKERFILES_DIRECTORY, matrix.build) }}
|
||||
PROJECT_ID: ${{ secrets[format('{0}_{1}_PROJECT', steps.branch_info.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] }}
|
||||
DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README', env.DOCKERFILES_DIRECTORY, matrix.component) }}
|
||||
PROJECT_ID: ${{ secrets[format('RHEL_{0}_{1}_PROJECT', needs.init.outputs.zabbix_release, steps.var_format.outputs.matrix_build)] }}
|
||||
PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }}
|
||||
API_URL: ${{ env.API_URL }}
|
||||
run: |
|
||||
import requests
|
||||
import json
|
||||
import os
|
||||
python ./.github/scripts/rhel_description.py
|
||||
|
||||
file = open(os.environ["DESCRIPTION_FILE"],mode='r')
|
||||
repository_description = file.read()
|
||||
file.close()
|
||||
- name: Red Hat Gatalog URL
|
||||
env:
|
||||
COMPONENT: ${{ matrix.component }}
|
||||
MATRIX_FILE: ${{ env.MATRIX_FILE }}
|
||||
run: |
|
||||
PROJECT_ID=$(jq -r ".components.\"$COMPONENT\".rhel_project" "$MATRIX_FILE")
|
||||
|
||||
data = dict()
|
||||
data['container'] = dict()
|
||||
data['container']['repository_description'] = repository_description[:32768]
|
||||
|
||||
headers = {'accept' : 'application/json', 'X-API-KEY' : os.environ["PYXIS_API_TOKEN"], 'Content-Type' : 'application/json'}
|
||||
result = requests.patch(os.environ["API_URL"] + os.environ["PROJECT_ID"], headers = headers, data = json.dumps(data))
|
||||
print(result)
|
||||
print(json.loads(r.content)['last_update_date'])
|
||||
echo "::group::URL"
|
||||
echo "https://catalog.redhat.com/software/containers/${PROJECT_ID}"
|
||||
echo "::endgroup::"
|
||||
|
2
.github/workflows/scorecard.yml
vendored
2
.github/workflows/scorecard.yml
vendored
@ -73,6 +73,6 @@ jobs:
|
||||
|
||||
# Upload the results to GitHub's code scanning dashboard.
|
||||
- name: "Upload to code-scanning"
|
||||
uses: github/codeql-action/upload-sarif@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1
|
||||
uses: github/codeql-action/upload-sarif@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
|
Loading…
Reference in New Issue
Block a user