practice-room · komish-impersonator · Nov 22, 2024
diff --git a/.github/actions/setup-python/action.yml b/.github/actions/setup-python/action.yml
@@ -0,0 +1,10 @@
+name: Setup Python
+description: |
+  Consistently installs python across this project.
+  Should be used as a replacement for direct calls to actions/setup-python.
+runs:
+  using: composite
+  steps:
+    - uses: actions/setup-python@v5
+      with:
+        python-version: '3.10'
diff --git a/.github/workflows/behave.yml b/.github/workflows/behave.yml
@@ -0,0 +1,140 @@
+name: Behave Testing
+
+# Behave Testing will run the repository's Behave testing with each feature file
+# getting its own runner. All feature files found within the specific path are
+# included.
+
+on:
+  workflow_call:
+    inputs:
+      tags:
+        type: string
+        required: true
+        description: |
+          The behave tags to use. E.g "full". Multiple tags should be specified
+          separated by a comma, e.g. "owners,redhat".
+      pr-body:
+        type: string
+        required: true
+        description: |
+          Every pull request created by this automation will have this pr-body.
+      behave-logging-level:
+        type: string
+        required: false
+        default: WARNING
+        description: |
+          Value passed to behave's --logging-level flag.
+      # actions/checkout related inputs used for testing. In some cases behave
+      # calls will use the PR branch instead of the main branch. E.g. went doing
+      # release testing
+      checkout-fetch-depth:
+        type: number
+        required: false
+        default: 1 # aligns with actions/checkout default.
+        description: |
+          fetch-depth flag to actions/checkout.
+
+          If setting to a pull request, caller is responsible 
+          for verifying the user is a trusted user.
+      checkout-repository:
+        type: string
+        required: false
+        default: ""
+        description: |
+          repository flag to actions/checkout
+
+          If setting to a pull request, caller is responsible 
+          for verifying the user is a trusted user.
+      checkout-ref:
+        type: string
+        required: false
+        default: ""
+        description: |
+          ref flag to actions/checkout
+
+          If setting to a pull request, caller is responsible 
+          for verifying the user is a trusted user.
+    secrets:
+      # NOTE(komish): Not technically secret, but must be listed as a secret
+      # because you can't pass the ${{ secrets }} context as an input in the
+      # calling workflow, and our repos have this configured as a secret.
+      bot-name:
+        required: true
+        description: |
+          The name of the GitHub user that will send pull requests.
+      bot-token:
+        description: |
+          A GitHub token for the bot user that will initiate pull 
+          requests for testing. Should NOT be set to GITHUB_TOKEN.
+        required: true
+jobs:
+  get-features:
+    runs-on: ubuntu-latest
+    outputs:
+      features: ${{ steps.find-features.outputs.features }}
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.checkout-ref }}
+          repository: ${{ inputs.checkout-repository }}
+          fetch-depth: ${{ inputs.checkout-fetch-depth }}
+      - name: find features
+        id: find-features
+        # TODO(JOSE) Sanity check - make sure this is more than one feature in length.
+        run: |
+          cd tests/functional/behave_features
+          # echo features=$(find . -name '*.feature' | sed -e 's%\./%%g' | jq -R -s -c 'split("\n") | del(.[] | select(length == 0))') | tee -a $GITHUB_OUTPUT
+          # NOTE(JOSE): temporarily restrict this to a small number of tests for debugging other things.
+          # To Revert: remove the next line, and uncomment the line previous this comment.
+          echo features=$(find . -name '*.feature' | sed -e 's%\./%%g' | jq -R -s -c 'split("\n") | del(.[] | select(length == 0))[:2]') | tee -a $GITHUB_OUTPUT
+  run-tests:
+    runs-on: ubuntu-latest
+    needs: [get-features]
+    strategy:
+      fail-fast: false
+      max-parallel: 4
+      matrix: 
+        feature-file: ${{ fromJson(needs.get-features.outputs.features) }}
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.bot-token }}
+          ref: ${{ inputs.checkout-ref }}
+          repository: ${{ inputs.checkout-repository }}
+          fetch-depth: ${{ inputs.checkout-fetch-depth }}
+
+      - name: Set up Python 3
+        uses: ./.github/actions/setup-python
+
+      - name: Set up CI scripts
+        run: |
+          # set up python scripts
+          echo "set up python script in $PWD"
+          python3 -m venv ve1
+          cd scripts
+          ../ve1/bin/pip3 install -r requirements.txt
+          ../ve1/bin/pip3 install .
+          cd ..
+
+        # Pull request numbers are included in generated chart names in E2E, so it's included
+        # as an environment variable which E2E consumes.
+      - name: Populate PR_NUMBER environment variable
+        if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request'
+        run: |
+          echo "PR_NUMBER=${{ github.event.pull_request.number }}" | tee $GITHUB_ENV
+
+      - name: Run Tests
+        env:
+          GITHUB_TOKEN: ${{ secrets.github-token }}
+          BOT_NAME: ${{ secrets.bot-name }}
+          BOT_TOKEN: ${{ secrets.bot-token }}
+          PR_BODY: ${{ inputs.pr-body }}
+        run: |
+          ve1/bin/behave tests/functional/behave_features/ \
+            --include ${{ matrix.feature-file }} \
+            --tags=${{ inputs.tags }} \
+            --logging-level=${{ inputs.behave-logging-level }} \
+            --no-capture \
+            --no-color
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -392,7 +392,7 @@ jobs:
           # The token we use for this changes for the Sandbox repository because the sandbox repository
           # receives PRs from the openshift-helm-charts-bot, and that same bot cannot approve its own
           # PRs which breaks workflows. Instead, for the Sandbox repo, we approve with the GHA bot.
-          github-token: ${{ github.repository == 'openshift-helm-charts/sandbox' && secrets.GITHUB_TOKEN || secrets.BOT_TOKEN }}
+          github-token: ${{ github.repository == 'practice-room/sandbox' && secrets.GITHUB_TOKEN || secrets.BOT_TOKEN }}
 
       - name: Merge PR
         id: merge_pr

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -1,28 +1,13 @@
 name: Test Workflow
 
+# Test Workflow is executed when workflow changes are being made. For
+# development repos, this is testing every workflow modification For other
+# repos, this is effectively testing release PRs to development as workflow
+# changes are not made directly to those repos.
+
 on:
   pull_request_target:
     types: [opened, synchronize, reopened]
-  workflow_dispatch:
-    inputs:
-      dry-run:
-        description: "Run tests but do not create issues {true,false}"
-        required: true
-        default: "true"
-      vendor-type:
-        description: "Vendor type {all,partner,redhat,community}"
-        required: true
-        default: "all"
-      software-name:
-        description: "Software Name"
-        required: true
-      software-version:
-        description: "Software Version"
-        required: true
-      notify-id:
-        description: "(Optional) Issue notification {github id}"
-        required: false
-        default: ""
 
 jobs:
   check-contributor:
@@ -31,13 +16,17 @@ jobs:
     with:
       user: ${{ github.event.pull_request.user.login }}
 
-  workflow-test:
+  determine-workflow-conditions:
     name: Workflow Test
     needs: [check-contributor]
     runs-on: ubuntu-22.04
     if: |
       github.event.pull_request.draft == false &&
       needs.check-contributor.outputs.is-repo-owner == 'true'
+    outputs:
+      run-tests: ${{ steps.check_request.outputs.run-tests }}
+      is-charts-release-branch: ${{ steps.check_if_release_pr.outputs.charts_release_branch }}
+      test-tags: ${{ needs.determine-workflow-conditions.outputs.test-tags }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -67,14 +56,8 @@ jobs:
           BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
         run: |
           # check if workflow testing should run.
-          echo "Request type: '$GITHUB_EVENT_NAME'"
-          if [ "$GITHUB_EVENT_NAME" == "pull_request_target" ]; then
-              echo "[INFO] check if PR contains only workflow changes and user is authorized"
-              ve1/bin/check-pr-for-ci --verify-user=${{ github.event.pull_request.user.login }} --api-url=${{ github.event.pull_request._links.self.href }}
-          else
-              echo "[INFO] manual invocation - check if user is authorized"
-              ve1/bin/check-pr-for-ci --verify-user=${{ github.actor }}
-          fi
+          echo "[INFO] check if PR contains only workflow changes and user is authorized"
+          ve1/bin/check-pr-for-ci --verify-user=${{ github.event.pull_request.user.login }} --api-url=${{ github.event.pull_request._links.self.href }}
 
       - name: Check Request Result
         id: check_request_result
@@ -84,6 +67,11 @@ jobs:
           # workflow only change but user not authorized
           exit 1
 
+      # BUG: This task attempts to run the `full` behave tag if the PR under
+      # test is a release from dev to prod, but the matcher condition that would
+      # emit this appears broken. Investigate the setting of the
+      # charts_release_branch output, or just run smoke tests and remove the
+      # condition associated with this output.
       - name: (PR) check for release flow
         id: check_if_release_pr
         if: |
@@ -104,60 +92,61 @@ jobs:
                                 --pr_base_repo='${{ github.event.pull_request.base.repo.full_name }}' \
                                 --pr_head_repo='${{ github.event.pull_request.head.repo.full_name }}'
 
-      - name: (PR) Test CI Workflow
-        if: |
-          github.event_name == 'pull_request_target' && steps.check_request.outputs.run-tests == 'true'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          BOT_NAME: ${{ secrets.BOT_NAME }}
-          BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-          PR_BODY: "Test triggered by ${{ github.event.pull_request.html_url }}."
+      - name: Determine test tags
+        id: determine-test-tags
+        if: steps.check_request.outputs.run-tests == 'true'
         run: |
           echo "Full test in pr : ${{ steps.check_request.outputs.full_tests_in_pr }}"
-          if ${{steps.check_if_release_pr.outputs.charts_release_branch == 'true' || steps.check_request.outputs.full_tests_in_pr == 'true' }} ; then
-            echo "Release PR from dev to charts, oer PR with new full test, so running full tests"
-            ve1/bin/behave tests/functional/behave_features/ --tags=full --logging-level=WARNING --no-capture --no-color
-          else
-            echo "Not a release PR from dev to charts, so running only smoke tests"
-            ve1/bin/behave tests/functional/behave_features/ --tags=smoke --logging-level=WARNING --no-capture --no-color
+          echo "Is charts release branch : ${{ steps.check_request.outputs.full_tests_in_pr }}"
+          if ${{ steps.check_if_release_pr.outputs.charts_release_branch == 'true' || steps.check_request.outputs.full_tests_in_pr == 'true' }} ; then
+            echo "Release PR from dev to charts, or PR with new full test, so running full tests"
+            echo "test-tags=full" | tee -a $GITHUB_OUTPUT
+            exit 0
           fi
 
-      - name: (Manual) Test CI Workflow
-        if: |
-          github.event_name == 'workflow_dispatch' && steps.check_request.outputs.run-tests == 'true'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          DRY_RUN: ${{ github.event.inputs.dry-run }}
-          VENDOR_TYPE: ${{ github.event.inputs.vendor-type }}
-          NOTIFY_ID: ${{ github.event.inputs.notify-id }}
-          SOFTWARE_NAME: ${{ github.event.inputs.software-name }}
-          SOFTWARE_VERSION: ${{ github.event.inputs.software-version }}
-          BOT_NAME: ${{ secrets.BOT_NAME }}
-          BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
-          PR_BODY: "Triggerd by ${{ github.event.sender.html_url }} from ${{ github.event.repository.html_url }} on `${{ github.event.ref }}`."
-        run: |
-          echo "[INFO] Dry run '${{ env.DRY_RUN }}'"
-          echo "[INFO] Vendor type '${{ env.VENDOR_TYPE }}'"
-          echo "[INFO] Notify ID '${{ env.NOTIFY_ID }}'"
-          echo "[INFO] Software Name '${{ env.SOFTWARE_NAME }}'"
-          echo "[INFO] Software Version '${{ env.SOFTWARE_VERSION }}'"
-          ve1/bin/behave tests/functional/behave_features/ --tags=version-change --logging-level=WARNING --no-capture --no-color
-
-      - name: Approve PR
-        id: approve_pr
-        if: ${{ steps.check_if_release_pr.outputs.charts_release_branch == 'true' }}
-        uses: hmarr/auto-approve-action@v4
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          echo "Not a release PR from dev to charts, so running only smoke tests"
+          echo "test-tags=smoke" | tee -a $GITHUB_OUTPUT
+
+  run-tests:
+    # No further pull request author checking done here because
+    # check-contributor gates the needed jobs.
+    name: Run Tests
+    needs:
+    - determine-workflow-conditions
+    if: |
+      needs.determine-workflow-conditions.outputs.run-tests == 'true'
+    uses: ./.github/workflows/behave.yml
+    with:
+      tags: ${{ needs.determine-workflow-conditions.outputs.test-tags }}
+      behave-logging-level: WARNING
+      pr-body: "Test triggered by release PR ${{ github.event.pull_request.html_url }}."
+      # checkout parameters passed to ensure we're testing the release content
+      checkout-fetch-depth: 0
+      checkout-repository: ${{ github.event.pull_request.head.repo.full_name }}
+      checkout-ref: ${{ github.event.pull_request.head.sha }}
+    secrets:
+      bot-name: ${{ secrets.BOT_NAME }}
+      bot-token: ${{ secrets.BOT_TOKEN }}
 
-      - name: Merge PR
-        id: merge_pr
-        if: ${{ steps.check_if_release_pr.outputs.charts_release_branch == 'true' }}
-        uses: pascalgn/[email protected]
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          MERGE_METHOD: squash
-          MERGE_LABELS: ""
+  approve-and-merge:
+    name: Approve and merge
+    needs:
+    - determine-workflow-conditions
+    - run-tests
+    runs-on: ubuntu-22.04
+    if: needs.determine-workflow-conditions.outputs.is-charts-release-branch == 'true'
+    steps:
+    - name: Approve PR
+      id: approve_pr
+      uses: hmarr/auto-approve-action@v4
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
 
+    - name: Merge PR
+      id: merge_pr
+      uses: pascalgn/[email protected]
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        MERGE_METHOD: squash
+        MERGE_LABELS: ""