name: Red Hat Catalog Description on: push: branches: - '[0-9]+.[0-9]+' paths: - 'Dockerfiles/*/rhel/README.html' - 'Dockerfiles/*/README.md' - 'Dockerfiles/*/rhel/README.md' - '.github/workflows/rhel_registry_description.yml' workflow_dispatch: env: DOCKERFILES_DIRECTORY: "./Dockerfiles" API_URL: "https://catalog.redhat.com/api/containers/v1/projects/certification/id/" MATRIX_FILE: "build.json" defaults: run: shell: bash permissions: contents: read jobs: init: name: Initialize workflow runs-on: ubuntu-latest permissions: contents: read outputs: components: ${{ steps.components.outputs.list }} zabbix_release: ${{ steps.branch_info.outputs.zabbix_release }} steps: - name: Block egress traffic uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 with: disable-sudo: true egress-policy: block allowed-endpoints: > github.com:443 - name: Checkout repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 1 sparse-checkout: ${{ env.MATRIX_FILE }} - name: Check ${{ env.MATRIX_FILE }} file id: build_exists env: MATRIX_FILE: ${{ env.MATRIX_FILE }} run: | if [[ ! -f "$MATRIX_FILE" ]]; then echo "::error::File $MATRIX_FILE is missing" exit 1 fi - name: Get branch info id: branch_info shell: bash env: github_ref: ${{ github.ref }} run: | result=false github_ref=${github_ref##*/} echo "::group::Branch metadata" echo "zabbix_release=${github_ref//.}" echo "::endgroup::" echo "zabbix_release=${github_ref//.}" >> $GITHUB_OUTPUT - name: Prepare Zabbix component list id: components env: MATRIX_FILE: ${{ env.MATRIX_FILE }} run: | component_list=$(jq -r '.components | map_values(select(.rhel == true)) | keys | @json' "$MATRIX_FILE") echo "::group::Zabbix Component List" echo "$component_list" echo "::endgroup::" echo "list=$component_list" >> $GITHUB_OUTPUT publish: name: Initialize build runs-on: ubuntu-latest needs: init permissions: contents: read strategy: fail-fast: false matrix: component: ${{ fromJson(needs.init.outputs.components) }} steps: - name: Block egress traffic uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 with: disable-sudo: true egress-policy: block allowed-endpoints: > catalog.redhat.com:443 files.pythonhosted.org:443 github.com:443 pypi.org:443 - name: Checkout repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 1 - name: Variables formating id: var_format env: MATRIX_BUILD: ${{ matrix.component }} run: | MATRIX_BUILD=${MATRIX_BUILD^^} MATRIX_BUILD=${MATRIX_BUILD//-/_} echo "::group::Result" echo "matrix_build=${MATRIX_BUILD}" echo "::endgroup::" echo "matrix_build=${MATRIX_BUILD}" >> $GITHUB_OUTPUT - name: Setup Python 3.x uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 with: python-version: '3.x' - name: Install Python packages run: | python -m pip install --upgrade pip pip install markdown requests - name: Update Red Hat project description env: DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README', env.DOCKERFILES_DIRECTORY, matrix.component) }} PROJECT_ID: ${{ secrets[format('RHEL_{0}_{1}_PROJECT', needs.init.outputs.zabbix_release, steps.var_format.outputs.matrix_build)] }} PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }} API_URL: ${{ env.API_URL }} run: | python ./.github/scripts/rhel_description.py - name: Red Hat Gatalog URL env: COMPONENT: ${{ matrix.component }} MATRIX_FILE: ${{ env.MATRIX_FILE }} run: | PROJECT_ID=$(jq -r ".components.\"$COMPONENT\".rhel_project" "$MATRIX_FILE") echo "::group::URL" echo "https://catalog.redhat.com/software/containers/${PROJECT_ID}" echo "::endgroup::"