Added workflow to update Red Hat Container Catalog

This commit is contained in:
Alexey Pustovalov 2024-02-20 16:03:49 +09:00
parent 56d6294594
commit 54e2b7ef84
4 changed files with 122 additions and 40 deletions

48
.github/scripts/rhel_description.py vendored Normal file
View File

@ -0,0 +1,48 @@
import sys
import requests
import json
import markdown
import os
repository_description = None
if ("DESCRIPTION_FILE" not in os.environ or len(os.environ["DESCRIPTION_FILE"]) == 0):
print("::error::Description file environment variable is not specified")
sys.exit(1)
if ("PYXIS_API_TOKEN" not in os.environ or len(os.environ["PYXIS_API_TOKEN"]) == 0):
print("::error::API token environment variable is not specified")
sys.exit(1)
if ("API_URL" not in os.environ or len(os.environ["API_URL"]) == 0):
print("::error::API URL environment variable is not specified")
sys.exit(1)
if ("PROJECT_ID" not in os.environ or len(os.environ["PROJECT_ID"]) == 0):
print("RedHat project ID environment variable is not specified")
sys.exit(1)
if (os.path.isfile(os.environ["DESCRIPTION_FILE"] + '.md')):
file = open(os.environ["DESCRIPTION_FILE"] + '.md', mode='r')
markdown_data = file.read()
file.close()
repository_description=markdown.markdown(markdown_data)
elif (os.path.isfile(os.environ["DESCRIPTION_FILE"] + '.html')):
file = open(os.environ["DESCRIPTION_FILE"] + '.html', mode='r')
repository_description = file.read()
file.close()
if (repository_description is None or len(repository_description) == 0):
print("::error::No description file found")
sys.exit(1)
data = dict()
data['container'] = dict()
data['container']['repository_description'] = repository_description[:32768]
headers = {'accept' : 'application/json', 'X-API-KEY' : os.environ["PYXIS_API_TOKEN"], 'Content-Type' : 'application/json'}
result = requests.patch(os.environ["API_URL"] + os.environ["PROJECT_ID"],
headers = headers,
data = json.dumps(data))
print("::group::Result")
print("Response code: " + str(result.status_code))
print("Last update date: " + json.loads(result.content)['last_update_date'])
print("::endgroup::")

View File

@ -28,4 +28,4 @@ jobs:
- name: 'Checkout Repository'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: 'Dependency Review'
uses: actions/dependency-review-action@80f10bf419f34980065523f5efca7ebed17576aa # v4.1.0
uses: actions/dependency-review-action@be8bc500ee15e96754d2a6f2d34be14e945a46f3 # v4.1.2

View File

@ -3,15 +3,17 @@ name: Red Hat Catalog Description
on:
push:
branches:
- 'trunk'
- '[0-9]+.[0-9]+'
paths:
- 'Dockerfiles/*/*/README.html'
- 'Dockerfiles/*/*/README.md'
- '.github/workflows/rhel_registry_description.yml'
workflow_dispatch:
env:
DOCKERFILES_DIRECTORY: "./Dockerfiles"
API_URL: "https://catalog.redhat.com/api/containers/v1/projects/certification/id/"
MATRIX_FILE: "build.json"
defaults:
run:
@ -22,37 +24,37 @@ permissions:
jobs:
init:
name: Initialize build
name: Initialize workflow
runs-on: ubuntu-latest
permissions:
contents: read
strategy:
fail-fast: false
matrix:
component:
- agent
- agent2
- java-gateway
- proxy-mysql
- proxy-sqlite3
- server-mysql
- snmptraps
- web-nginx-mysql
- web-service
outputs:
components: ${{ steps.components.outputs.list }}
zabbix_release: ${{ steps.branch_info.outputs.zabbix_release }}
steps:
- name: Block egress traffic
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
disable-sudo: true
egress-policy: audit
egress-policy: block
allowed-endpoints: >
github.com:443
hub.docker.com:443
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 1
sparse-checkout: ${{ env.MATRIX_FILE }}
- name: Check ${{ env.MATRIX_FILE }} file
id: build_exists
env:
MATRIX_FILE: ${{ env.MATRIX_FILE }}
run: |
if [[ ! -f "$MATRIX_FILE" ]]; then
echo "::error::File $MATRIX_FILE is missing"
exit 1
fi
- name: Get branch info
id: branch_info
@ -61,15 +63,14 @@ jobs:
github_ref: ${{ github.ref }}
run: |
result=false
sha_short=$(git rev-parse --short HEAD)
github_ref=${github_ref##*/}
echo "::group::Branch metadata"
echo "secret_prefix=RHEL_${github_ref//.}"
echo "zabbix_release=${github_ref//.}"
echo "::endgroup::"
echo "secret_prefix=RHEL_${github_ref//.}" >> $GITHUB_OUTPUT
echo "zabbix_release=${github_ref//.}" >> $GITHUB_OUTPUT
- name: Prepare Zabbix component list
id: components
@ -84,10 +85,37 @@ jobs:
echo "list=$component_list" >> $GITHUB_OUTPUT
publish:
name: Initialize build
runs-on: ubuntu-latest
needs: init
permissions:
contents: read
strategy:
fail-fast: false
matrix:
component: ${{ fromJson(needs.init.outputs.components) }}
steps:
- name: Block egress traffic
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
catalog.redhat.com:443
files.pythonhosted.org:443
github.com:443
pypi.org:443
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 1
- name: Variables formating
id: var_format
env:
MATRIX_BUILD: ${{ matrix.build }}
MATRIX_BUILD: ${{ matrix.component }}
run: |
MATRIX_BUILD=${MATRIX_BUILD^^}
MATRIX_BUILD=${MATRIX_BUILD//-/_}
@ -97,26 +125,32 @@ jobs:
echo "::endgroup::"
echo "matrix_build=${MATRIX_BUILD}" >> $GITHUB_OUTPUT
- name: Update Red Hat project description (zabbix-${{ matrix.component }})
- name: Setup Python 3.x
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install Python packages
run: |
python -m pip install --upgrade pip
pip install markdown requests
- name: Update Red Hat project description
env:
DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README.html', env.DOCKERFILES_DIRECTORY, matrix.build) }}
PROJECT_ID: ${{ secrets[format('{0}_{1}_PROJECT', steps.branch_info.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] }}
DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README', env.DOCKERFILES_DIRECTORY, matrix.component) }}
PROJECT_ID: ${{ secrets[format('RHEL_{0}_{1}_PROJECT', needs.init.outputs.zabbix_release, steps.var_format.outputs.matrix_build)] }}
PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }}
API_URL: ${{ env.API_URL }}
run: |
import requests
import json
import os
python ./.github/scripts/rhel_description.py
file = open(os.environ["DESCRIPTION_FILE"],mode='r')
repository_description = file.read()
file.close()
- name: Red Hat Gatalog URL
env:
COMPONENT: ${{ matrix.component }}
MATRIX_FILE: ${{ env.MATRIX_FILE }}
run: |
PROJECT_ID=$(jq -r ".components.\"$COMPONENT\".rhel_project" "$MATRIX_FILE")
data = dict()
data['container'] = dict()
data['container']['repository_description'] = repository_description[:32768]
headers = {'accept' : 'application/json', 'X-API-KEY' : os.environ["PYXIS_API_TOKEN"], 'Content-Type' : 'application/json'}
result = requests.patch(os.environ["API_URL"] + os.environ["PROJECT_ID"], headers = headers, data = json.dumps(data))
print(result)
print(json.loads(r.content)['last_update_date'])
echo "::group::URL"
echo "https://catalog.redhat.com/software/containers/${PROJECT_ID}"
echo "::endgroup::"

View File

@ -73,6 +73,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1
uses: github/codeql-action/upload-sarif@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3
with:
sarif_file: results.sarif