From 9c21fd1e3548dc9251139a961948f71f61ee400a Mon Sep 17 00:00:00 2001 From: Matthew Watkins Date: Wed, 5 Nov 2025 17:04:59 +0000 Subject: [PATCH] CI: Update workflows/actions to latest tagged releases Several actions have been migrated between Github ORGs: lfit -> lfreleng-actions Also: - Tagged a new release of http-api-tool-docker that uses uvx - Tagged a new release of chartmuseum-action with the above This should resolve the earlier docker build problems. Change-Id: I821628f212a7e21d886e87490ad86ca6694e712f Signed-off-by: Matthew Watkins --- .github/workflows/gerrit-merge-itdep.yaml | 20 ++++---- .github/workflows/gerrit-verify-itdep.yaml | 20 ++++---- .github/workflows/github2gerrit.yaml | 76 +++++++++++++++++++++--------- 3 files changed, 74 insertions(+), 42 deletions(-) diff --git a/.github/workflows/gerrit-merge-itdep.yaml b/.github/workflows/gerrit-merge-itdep.yaml index a84c390b..fafbd912 100644 --- a/.github/workflows/gerrit-merge-itdep.yaml +++ b/.github/workflows/gerrit-merge-itdep.yaml @@ -75,13 +75,13 @@ jobs: timeout-minutes: 20 steps: # yamllint disable-line rule:line-length - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit - name: 'Checkout Gerrit change' # yamllint disable-line rule:line-length - uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9 + uses: lfreleng-actions/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9 with: gerrit-project: ${{ inputs.GERRIT_PROJECT }} gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} @@ -95,7 +95,7 @@ jobs: - name: 'Setup Helm' # yamllint disable-line rule:line-length - uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 + uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 # Not explicitly used while testing updated Helm # with: # version: ${{ env.HELM_VERSION }} @@ -125,7 +125,7 @@ jobs: - name: 'Start ChartMuseum' id: chartmuseum # yamllint disable-line rule:line-length - uses: lfreleng-actions/chartmuseum-action@4fb530a2cc2b2b46c0ea48ba11445c01247aba2a # v0.1.2 + uses: lfreleng-actions/chartmuseum-action@6d80e2f00eed1d6de21991f45af1423c731a624b # v0.1.4 with: username: 'chartmuseum' password: "${{ secrets.GITHUB_TOKEN }}" @@ -136,28 +136,28 @@ jobs: # Makefiles publish to Chartmeusem service locally - name: 'Build onap_oom' # yamllint disable-line rule:line-length - uses: lfreleng-actions/make-action@361e48884a6b7d7b5fcfcb38f399aa14e45127dc # v0.1.1 + uses: lfreleng-actions/make-action@d2b447abd5db8425f4fbbb27b953133861137a66 # v0.1.2 with: make_args: "-C smo-install/onap_oom/kubernetes -e SKIP_LINT=TRUE" # Makefiles publish to Chartmeusem service locally - name: 'Build oran_oom' # yamllint disable-line rule:line-length - uses: lfreleng-actions/make-action@361e48884a6b7d7b5fcfcb38f399aa14e45127dc # v0.1.1 + uses: lfreleng-actions/make-action@d2b447abd5db8425f4fbbb27b953133861137a66 # v0.1.2 with: make_args: "-C smo-install/oran_oom" # Makefiles publish to Chartmeusem service locally - name: 'Build oran_oom/smo' # yamllint disable-line rule:line-length - uses: lfreleng-actions/make-action@361e48884a6b7d7b5fcfcb38f399aa14e45127dc # v0.1.1 + uses: lfreleng-actions/make-action@d2b447abd5db8425f4fbbb27b953133861137a66 # v0.1.2 with: make_args: "-C smo-install/oran_oom/smo" # Makefiles publish to Chartmeusem service locally - name: 'Build tests_oom' # yamllint disable-line rule:line-length - uses: lfreleng-actions/make-action@361e48884a6b7d7b5fcfcb38f399aa14e45127dc # v0.1.1 + uses: lfreleng-actions/make-action@d2b447abd5db8425f4fbbb27b953133861137a66 # v0.1.2 with: make_args: "-C smo-install/tests_oom" @@ -170,7 +170,7 @@ jobs: tags: "" - name: 'Publish to Nexus3 (Helm Snapshot)' - uses: lfreleng-actions/nexus-publish-action@6f901b8c256fd2df2c77011ffdbcbc4d2730b53a # v0.1.1 + uses: lfreleng-actions/nexus-publish-action@db339c9129fb3897d9311e1bceec213010739c97 # v0.1.2 with: nexus_server: "${{ vars.NEXUS3_SERVER }}" nexus_username: "${{ github.event.repository.name }}" @@ -191,7 +191,7 @@ jobs: - name: Report workflow conclusion # yamllint disable-line rule:line-length - uses: lfit/gerrit-review-action@9627b9a144f2a2cad70707ddfae87c87dce60729 # v0.8 + uses: lfreleng-actions/gerrit-review-action@537251ec667665b386f70b330b05446e3fc29087 # v0.9 with: host: ${{ vars.GERRIT_SERVER }} username: ${{ vars.GERRIT_SSH_USER }} diff --git a/.github/workflows/gerrit-verify-itdep.yaml b/.github/workflows/gerrit-verify-itdep.yaml index bd85a64c..6716c03e 100644 --- a/.github/workflows/gerrit-verify-itdep.yaml +++ b/.github/workflows/gerrit-verify-itdep.yaml @@ -80,7 +80,7 @@ jobs: - name: Notify job start # yamllint disable-line rule:line-length - uses: lfit/gerrit-review-action@9627b9a144f2a2cad70707ddfae87c87dce60729 # v0.8 + uses: lfreleng-actions/gerrit-review-action@537251ec667665b386f70b330b05446e3fc29087 # v0.9 with: host: ${{ vars.GERRIT_SERVER }} username: ${{ vars.GERRIT_SSH_USER }} @@ -103,13 +103,13 @@ jobs: timeout-minutes: 15 steps: # yamllint disable-line rule:line-length - - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit - name: 'Checkout Gerrit change' # yamllint disable-line rule:line-length - uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9 + uses: lfreleng-actions/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9 with: gerrit-project: ${{ inputs.GERRIT_PROJECT }} gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} @@ -123,7 +123,7 @@ jobs: - name: 'Setup Helm' # yamllint disable-line rule:line-length - uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 + uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 # Not explicitly used while testing updated Helm # with: # version: ${{ env.HELM_VERSION }} @@ -153,7 +153,7 @@ jobs: - name: 'Start ChartMuseum' id: chartmuseum # yamllint disable-line rule:line-length - uses: lfreleng-actions/chartmuseum-action@4fb530a2cc2b2b46c0ea48ba11445c01247aba2a # v0.1.2 + uses: lfreleng-actions/chartmuseum-action@6d80e2f00eed1d6de21991f45af1423c731a624b # v0.1.4 with: username: 'chartmuseum' password: "${{ secrets.GITHUB_TOKEN }}" @@ -164,28 +164,28 @@ jobs: # Makefiles publish to Chartmeusem service locally - name: 'Build onap_oom' # yamllint disable-line rule:line-length - uses: lfreleng-actions/make-action@361e48884a6b7d7b5fcfcb38f399aa14e45127dc # v0.1.1 + uses: lfreleng-actions/make-action@d2b447abd5db8425f4fbbb27b953133861137a66 # v0.1.2 with: make_args: "-C smo-install/onap_oom/kubernetes -e SKIP_LINT=TRUE" # Makefiles publish to Chartmeusem service locally - name: 'Build oran_oom' # yamllint disable-line rule:line-length - uses: lfreleng-actions/make-action@361e48884a6b7d7b5fcfcb38f399aa14e45127dc # v0.1.1 + uses: lfreleng-actions/make-action@d2b447abd5db8425f4fbbb27b953133861137a66 # v0.1.2 with: make_args: "-C smo-install/oran_oom" # Makefiles publish to Chartmeusem service locally - name: 'Build oran_oom/smo' # yamllint disable-line rule:line-length - uses: lfreleng-actions/make-action@361e48884a6b7d7b5fcfcb38f399aa14e45127dc # v0.1.1 + uses: lfreleng-actions/make-action@d2b447abd5db8425f4fbbb27b953133861137a66 # v0.1.2 with: make_args: "-C smo-install/oran_oom/smo" # Makefiles publish to Chartmeusem service locally - name: 'Build tests_oom' # yamllint disable-line rule:line-length - uses: lfreleng-actions/make-action@361e48884a6b7d7b5fcfcb38f399aa14e45127dc # v0.1.1 + uses: lfreleng-actions/make-action@d2b447abd5db8425f4fbbb27b953133861137a66 # v0.1.2 with: make_args: "-C smo-install/tests_oom" @@ -208,7 +208,7 @@ jobs: - name: Report workflow conclusion # yamllint disable-line rule:line-length - uses: lfit/gerrit-review-action@9627b9a144f2a2cad70707ddfae87c87dce60729 # v0.8 + uses: lfreleng-actions/gerrit-review-action@537251ec667665b386f70b330b05446e3fc29087 # v0.9 with: host: ${{ vars.GERRIT_SERVER }} username: ${{ vars.GERRIT_SSH_USER }} diff --git a/.github/workflows/github2gerrit.yaml b/.github/workflows/github2gerrit.yaml index 75a527f2..d297589e 100644 --- a/.github/workflows/github2gerrit.yaml +++ b/.github/workflows/github2gerrit.yaml @@ -1,34 +1,66 @@ --- # SPDX-License-Identifier: Apache-2.0 -# Copyright 2025 The Linux Foundation +# SPDX-FileCopyrightText: 2025 The Linux Foundation -name: call-github2gerrit-reusable-workflow +name: 'GitHub2Gerrit Python' # yamllint disable-line rule:truthy on: - workflow_dispatch: - pull_request_target: - types: [opened, reopened, edited, synchronize] - branches: - - master - - main + workflow_dispatch: + inputs: + preserve_github_prs: + description: "Do NOT close GitHub PRs after pushing to Gerrit" + required: false + default: false + type: boolean + allow_duplicates: + description: "Allow duplicate changes to be raised in Gerrit" + required: false + default: false + type: boolean + + pull_request_target: + types: [opened, reopened, edited, synchronize] + branches: + - master + - main concurrency: - # yamllint disable-line rule:line-length - group: ${{ github.workflow }}-${{ github.run_id }} - cancel-in-progress: true + group: "${{ github.workflow }}-${{ github.run_id }}" + cancel-in-progress: true jobs: - call-in-g2g-workflow: - permissions: - contents: read - pull-requests: write + github2gerrit: + name: 'GitHub2Gerrit Python' + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + issues: write + timeout-minutes: 12 + steps: + # Harden the runner used by this workflow + # yamllint disable-line rule:line-length + - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 + name: 'Harden runner' + with: + egress-policy: audit + + - name: 'Checkout repository' + # yamllint disable-line rule:line-length + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + fetch-depth: 10 + ref: ${{ github.event.pull_request.head.sha || github.sha }} + + - name: 'Run GitHub2Gerrit Action' # yamllint disable-line rule:line-length - uses: lfit/github2gerrit/.github/workflows/github2gerrit.yaml@1daf48c1a86add1aaac7695f44f8c1b6b142f49f # v0.2 + uses: lfreleng-actions/github2gerrit-action@260cddcd3f96af3e46a84e46fd6c10d6574b45d7 # v0.1.22 with: - GERRIT_KNOWN_HOSTS: ${{ vars.GERRIT_KNOWN_HOSTS }} - GERRIT_SSH_USER_G2G: ${{ vars.GERRIT_SSH_USER_G2G }} - GERRIT_SSH_USER_G2G_EMAIL: ${{ vars.GERRIT_SSH_USER_G2G_EMAIL }} - ORGANIZATION: ${{ github.repository_owner }} - secrets: - GERRIT_SSH_PRIVKEY_G2G: ${{ secrets.GERRIT_SSH_PRIVKEY_G2G }} + USE_PR_AS_COMMIT: true + ALLOW_DUPLICATES: ${{ inputs.allow_duplicates }} + PRESERVE_GITHUB_PRS: ${{ inputs.preserve_github_prs }} + ISSUE_ID_LOOKUP_JSON: ${{ vars.ISSUE_ID_LOOKUP_JSON }} + GERRIT_SSH_PRIVKEY_G2G: ${{ secrets.GERRIT_SSH_PRIVKEY_G2G }} + GERRIT_KNOWN_HOSTS: ${{ vars.GERRIT_KNOWN_HOSTS }} + VERBOSE: true -- 2.16.6