extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2025-06-20 18:07:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added workflow to update Red Hat Container Catalog

Browse Source
This commit is contained in:
Alexey Pustovalov 2024-02-20 16:03:49 +09:00
parent 56d6294594
commit 54e2b7ef84
4 changed files with 122 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
.github/scripts/rhel_description.py vendored Normal file
View File

@ -0,0 +1,48 @@
import sys
import requests
import json
import markdown
import os
repository_description = None
if ("DESCRIPTION_FILE" not in os.environ or len(os.environ["DESCRIPTION_FILE"]) == 0):
print("::error::Description file environment variable is not specified")
sys.exit(1)
if ("PYXIS_API_TOKEN" not in os.environ or len(os.environ["PYXIS_API_TOKEN"]) == 0):
print("::error::API token environment variable is not specified")
sys.exit(1)
if ("API_URL" not in os.environ or len(os.environ["API_URL"]) == 0):
print("::error::API URL environment variable is not specified")
sys.exit(1)
if ("PROJECT_ID" not in os.environ or len(os.environ["PROJECT_ID"]) == 0):
print("RedHat project ID environment variable is not specified")
sys.exit(1)
if (os.path.isfile(os.environ["DESCRIPTION_FILE"] + '.md')):
file = open(os.environ["DESCRIPTION_FILE"] + '.md', mode='r')
markdown_data = file.read()
file.close()
repository_description=markdown.markdown(markdown_data)
elif (os.path.isfile(os.environ["DESCRIPTION_FILE"] + '.html')):
file = open(os.environ["DESCRIPTION_FILE"] + '.html', mode='r')
repository_description = file.read()
file.close()
if (repository_description is None or len(repository_description) == 0):
print("::error::No description file found")
sys.exit(1)
data = dict()
data['container'] = dict()
data['container']['repository_description'] = repository_description[:32768]
headers = {'accept' : 'application/json', 'X-API-KEY' : os.environ["PYXIS_API_TOKEN"], 'Content-Type' : 'application/json'}
result = requests.patch(os.environ["API_URL"] + os.environ["PROJECT_ID"],
headers = headers,
data = json.dumps(data))
print("::group::Result")
print("Response code: " + str(result.status_code))
print("Last update date: " + json.loads(result.content)['last_update_date'])
print("::endgroup::")

2
.github/workflows/dependency-review.yml vendored
View File

@ -28,4 +28,4 @@ jobs:
- name: 'Checkout Repository' - name: 'Checkout Repository'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: 'Dependency Review' - name: 'Dependency Review'
uses: actions/dependency-review-action@80f10bf419f34980065523f5efca7ebed17576aa # v4.1.0 uses: actions/dependency-review-action@be8bc500ee15e96754d2a6f2d34be14e945a46f3 # v4.1.2

110
.github/workflows/rhel_registry_description.yml vendored
View File

@ -3,15 +3,17 @@ name: Red Hat Catalog Description
on: on:
push: push:
branches: branches:
- 'trunk' - '[0-9]+.[0-9]+'
paths: paths:
- 'Dockerfiles/*/*/README.html' - 'Dockerfiles/*/*/README.html'
- 'Dockerfiles/*/*/README.md'
- '.github/workflows/rhel_registry_description.yml' - '.github/workflows/rhel_registry_description.yml'
workflow_dispatch: workflow_dispatch:
env: env:
DOCKERFILES_DIRECTORY: "./Dockerfiles" DOCKERFILES_DIRECTORY: "./Dockerfiles"
API_URL: "https://catalog.redhat.com/api/containers/v1/projects/certification/id/" API_URL: "https://catalog.redhat.com/api/containers/v1/projects/certification/id/"
MATRIX_FILE: "build.json"
defaults: defaults:
run: run:
@ -22,37 +24,37 @@ permissions:
jobs: jobs:
init: init:
name: Initialize build name: Initialize workflow
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read contents: read
strategy: outputs:
fail-fast: false components: ${{ steps.components.outputs.list }}
matrix: zabbix_release: ${{ steps.branch_info.outputs.zabbix_release }}
component:
- agent
- agent2
- java-gateway
- proxy-mysql
- proxy-sqlite3
- server-mysql
- snmptraps
- web-nginx-mysql
- web-service
steps: steps:
- name: Block egress traffic - name: Block egress traffic
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with: with:
disable-sudo: true disable-sudo: true
egress-policy: audit egress-policy: block
allowed-endpoints: > allowed-endpoints: >
github.com:443 github.com:443
hub.docker.com:443
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
fetch-depth: 1 fetch-depth: 1
sparse-checkout: ${{ env.MATRIX_FILE }}
- name: Check ${{ env.MATRIX_FILE }} file
id: build_exists
env:
MATRIX_FILE: ${{ env.MATRIX_FILE }}
run: |
if [[ ! -f "$MATRIX_FILE" ]]; then
echo "::error::File $MATRIX_FILE is missing"
exit 1
fi
- name: Get branch info - name: Get branch info
id: branch_info id: branch_info
@ -61,15 +63,14 @@ jobs:
github_ref: ${{ github.ref }} github_ref: ${{ github.ref }}
run: | run: |
result=false result=false
sha_short=$(git rev-parse --short HEAD)
github_ref=${github_ref##*/} github_ref=${github_ref##*/}
echo "::group::Branch metadata" echo "::group::Branch metadata"
echo "secret_prefix=RHEL_${github_ref//.}" echo "zabbix_release=${github_ref//.}"
echo "::endgroup::" echo "::endgroup::"
echo "secret_prefix=RHEL_${github_ref//.}" >> $GITHUB_OUTPUT echo "zabbix_release=${github_ref//.}" >> $GITHUB_OUTPUT
- name: Prepare Zabbix component list - name: Prepare Zabbix component list
id: components id: components
@ -84,10 +85,37 @@ jobs:
echo "list=$component_list" >> $GITHUB_OUTPUT echo "list=$component_list" >> $GITHUB_OUTPUT
publish:
name: Initialize build
runs-on: ubuntu-latest
needs: init
permissions:
contents: read
strategy:
fail-fast: false
matrix:
component: ${{ fromJson(needs.init.outputs.components) }}
steps:
- name: Block egress traffic
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
catalog.redhat.com:443
files.pythonhosted.org:443
github.com:443
pypi.org:443
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 1
- name: Variables formating - name: Variables formating
id: var_format id: var_format
env: env:
MATRIX_BUILD: ${{ matrix.build }} MATRIX_BUILD: ${{ matrix.component }}
run: | run: |
MATRIX_BUILD=${MATRIX_BUILD^^} MATRIX_BUILD=${MATRIX_BUILD^^}
MATRIX_BUILD=${MATRIX_BUILD//-/_} MATRIX_BUILD=${MATRIX_BUILD//-/_}
@ -97,26 +125,32 @@ jobs:
echo "::endgroup::" echo "::endgroup::"
echo "matrix_build=${MATRIX_BUILD}" >> $GITHUB_OUTPUT echo "matrix_build=${MATRIX_BUILD}" >> $GITHUB_OUTPUT
- name: Update Red Hat project description (zabbix-${{ matrix.component }}) - name: Setup Python 3.x
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install Python packages
run: |
python -m pip install --upgrade pip
pip install markdown requests
- name: Update Red Hat project description
env: env:
DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README.html', env.DOCKERFILES_DIRECTORY, matrix.build) }} DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README', env.DOCKERFILES_DIRECTORY, matrix.component) }}
PROJECT_ID: ${{ secrets[format('{0}_{1}_PROJECT', steps.branch_info.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] }} PROJECT_ID: ${{ secrets[format('RHEL_{0}_{1}_PROJECT', needs.init.outputs.zabbix_release, steps.var_format.outputs.matrix_build)] }}
PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }} PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }}
API_URL: ${{ env.API_URL }} API_URL: ${{ env.API_URL }}
run: | run: |
import requests python ./.github/scripts/rhel_description.py
import json
import os
file = open(os.environ["DESCRIPTION_FILE"],mode='r') - name: Red Hat Gatalog URL
repository_description = file.read() env:
file.close() COMPONENT: ${{ matrix.component }}
MATRIX_FILE: ${{ env.MATRIX_FILE }}
run: |
PROJECT_ID=$(jq -r ".components.\"$COMPONENT\".rhel_project" "$MATRIX_FILE")
data = dict() echo "::group::URL"
data['container'] = dict() echo "https://catalog.redhat.com/software/containers/${PROJECT_ID}"
data['container']['repository_description'] = repository_description[:32768] echo "::endgroup::"
headers = {'accept' : 'application/json', 'X-API-KEY' : os.environ["PYXIS_API_TOKEN"], 'Content-Type' : 'application/json'}
result = requests.patch(os.environ["API_URL"] + os.environ["PROJECT_ID"], headers = headers, data = json.dumps(data))
print(result)
print(json.loads(r.content)['last_update_date'])

2
.github/workflows/scorecard.yml vendored
View File

@ -73,6 +73,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard. # Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning" - name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1 uses: github/codeql-action/upload-sarif@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3
with: with:
sarif_file: results.sarif sarif_file: results.sarif