opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-30 15:49:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

GHA: Fix cirrus-cron scripts

Browse Source 
Lack of proper testing possibility for github actions and lack of
script-testing by me, allowed several flaws through into 'main'.  Fix
the problems and manually test the scripts to make sure they're working.

Note: Also revert the stupid SHA-based action-pinning back to normal,
human-readable version numbers.  The value of using SHAs in the name of
improved "security" is real, but the value of human-readability and
ease of maintenance is greater.

Signed-off-by: Chris Evich <cevich@redhat.com>
This commit is contained in:
Chris Evich
2022-11-04 11:21:18 -04:00
parent 9e04bab722
commit 462ce32e66
3 changed files with 10 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.github/actions/check_cirrus_cron/cron_failures.sh vendored
View File

@ -32,14 +32,11 @@ EOF
# https://cirrus-ci.com/explorer
owner=$(cut -d '/' -f 1 <<<"$GITHUB_REPOSITORY")
repo=$(cut -d '/' -f 2 <<<"$GITHUB_REPOSITORY")
sed -i -r -e "s/@@OWNER@@/$owner/g" -e "s/@@REPO@@/$repo/g" ./artifacts/query_raw.json
# Easier to debug in error-reply when query is compacted
tr -d '\n' < ./artifacts/query_raw.json | tr -s ' ' | tee ./artifacts/query.json | \
jq --indent 4 --color-output .
sed -r -e "s/@@OWNER@@/$owner/g" -e "s/@@REPO@@/$repo/g" \
./artifacts/query_raw.json > ./artifacts/query.json
if grep -q '@@' ./artifacts/query.json; then
err "Found unreplaced substitution token in raw query JSON"
err "Found unreplaced substitution token in query JSON"
fi
# The query should never ever return an empty-list, unless there are no cirrus-cron
@ -47,7 +44,7 @@ fi
# be running anyway.
filt_head='.data.ownerRepository.cronSettings'
gql $(./artifacts/query.json) "$filt_head" > ./artifacts/reply.json
gql "$(<./artifacts/query.json)" "$filt_head" > ./artifacts/reply.json
# e.x. reply.json
# {
# "data": {

8
.github/workflows/check_cirrus_cron.yml vendored
View File

@ -32,7 +32,7 @@ jobs:
cron_failures:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
- uses: actions/checkout@v3
with:
persist-credentials: false
@ -47,7 +47,7 @@ jobs:
- if: steps.cron.outputs.failures > 0
name: Send failure notification e-mail
# Ref: https://github.com/dawidd6/action-send-mail
uses: dawidd6/action-send-mail@a80d851dc950256421f1d1d735a2dc1ef314ac8f # v2.2.2
uses: dawidd6/action-send-mail@v3.7.1
with:
server_address: ${{secrets.ACTION_MAIL_SERVER}}
server_port: 465
@ -59,14 +59,14 @@ jobs:
body: file://./artifacts/email_body.txt
- if: always()
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
uses: actions/upload-artifact@v3
with:
name: ${{ github.job }}_artifacts
path: artifacts/*
- if: failure()
name: Send error notification e-mail
uses: dawidd6/action-send-mail@a80d851dc950256421f1d1d735a2dc1ef314ac8f # v2.2.2
uses: dawidd6/action-send-mail@3.7.1
with:
server_address: ${{secrets.ACTION_MAIL_SERVER}}
server_port: 465

3
.github/workflows/rerun_cirrus_cron.yml vendored
View File

@ -14,6 +14,7 @@ on:
# Debug: Allow triggering job manually in github-actions WebUI
workflow_dispatch: {}
env:
# Debug-mode can reveal secrets, only enable by a secret value.
# Ref: https://help.github.com/en/actions/configuring-and-managing-workflows/managing-a-workflow-run#enabling-step-debug-logging
@ -28,7 +29,7 @@ permissions:
contents: read
jobs:
cron_failures:
cron_rerun:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2