From 0caf9024ef462433a54601d02ae3712293b1d19b Mon Sep 17 00:00:00 2001 From: panigs7 Date: Thu, 10 Apr 2025 09:09:51 -0400 Subject: [PATCH 1/7] Workflow to update ubi image to latest --- .github/workflows/ubi-version-update.yaml | 103 ++++++++++++++++++++++ README.md | 19 ++++ 2 files changed, 122 insertions(+) create mode 100644 .github/workflows/ubi-version-update.yaml diff --git a/.github/workflows/ubi-version-update.yaml b/.github/workflows/ubi-version-update.yaml new file mode 100644 index 00000000..da5e3aaf --- /dev/null +++ b/.github/workflows/ubi-version-update.yaml @@ -0,0 +1,103 @@ +# Copyright (c) 2025 Dell Inc., or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 + +# Reusable workflow to update UBI9 micro image to latest +name: UBI Image update + +on: + workflow_call: + +jobs: + update-sha: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install dependencies + id: check-skopeo + run: | + if ! command -v skopeo &> /dev/null; then + echo "Skopeo not found, installing..." + sudo apt-get update + sudo apt-get install -y skopeo + else + echo "Skopeo is already installed" + fi + + if ! command -v jq&> /dev/null; then + echo "jq not found, installing..." + sudo apt-get update + sudo apt-get install -y jq + else + echo "jq is already installed" + fi + + + - name: Fetch latest UBI9 micro image SHA + id: fetch-sha + run: | + latest_sha=$(skopeo inspect docker://registry.access.redhat.com/ubi9/ubi-micro:latest | jq -r '.Digest') + echo "latest_sha=$latest_sha" >> $GITHUB_ENV + + # Get the tag and store it in the GitHub environment + tag=$(skopeo inspect docker://registry.access.redhat.com/ubi9/ubi:latest | jq -r '.Labels.version') + echo "tag=$tag" >> $GITHUB_ENV + + # Get the release and store it in the GitHub environment + release=$(skopeo inspect docker://registry.access.redhat.com/ubi9/ubi:latest | jq -r '.Labels.release') + echo "release=$release" >> $GITHUB_ENV + + - name: Checkout target repository + uses: actions/checkout@v4 + with: + repository: dell/csm + token: ${{ secrets.COMMON_GITHUB_ACTIONS_PAT }} + path: csm-repo + + - name: Compare and update SHA in csm-common.mk + id: update-sha + run: | + current_sha=$(grep 'UBI_BASEIMAGE=' csm-repo/config/csm-common.mk | cut -d'@' -f2) + latest_sha=${{ env.latest_sha }} + + if [ "$current_sha" != "$latest_sha" ]; then + echo "SHA mismatch, updating..." + sed -i "s|UBI_BASEIMAGE=.*|UBI_BASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro@$latest_sha|" csm-repo/config/csm-common.mk + echo "sha_mismatch=true" >> $GITHUB_ENV + else + echo "SHA is up-to-date" + echo "sha_mismatch=false" >> $GITHUB_ENV + + fi + + # Needed for signing commits using Github App tokens + # See: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#commit-signing + - uses: actions/create-github-app-token@v2.0.2 + if: env.sha_mismatch == 'true' + id: generate-token + with: + app-id: ${{ vars.CSM_RELEASE_APP_ID }} + private-key: ${{ secrets.CSM_RELEASE_APP_PRIVATE_KEY }} + + - name: Create Pull Request + if: env.sha_mismatch == 'true' + uses: peter-evans/create-pull-request@v7 + with: + token: ${{ steps.generate-token.outputs.token }} + branch: "update-ubi-image-to-latest" + commit-message: "Update UBI Image to latest " + title: "Update UBI Image to latest" + body: | + This PR updates the UBI Image to ${{ env.tag }}-${{ env.release }}. + Auto-generated by [csm](https://github.com/dell/csm) + sign-commits: true + delete-branch: true + + diff --git a/README.md b/README.md index 7847311c..f5d9c1fa 100644 --- a/README.md +++ b/README.md @@ -413,6 +413,25 @@ jobs: secrets: inherit ``` +### ubi-image-update + +This workflow updates UBI9 micro image SHAID to the latest. The workflow is triggered by a cron job that runs on every Monday at mid-day. It also can be triggered manually from https://github.com/dell/csm/actions/workflows/ubi-image-update.yaml. + +The workflow does not accept any parameters and can be used from any repository by creating a workflow that resembles the following + +```yaml +name: UBI Image Update + +on: + workflow_dispatch: + +jobs: + go-version-update: + uses: dell/common-github-actions/.github/workflows/ubi-version-update.yaml@main + name: Go Version Update + secrets: inherit +``` + ## Support Don’t hesitate to ask! Contact the team and community on [our support](./docs/SUPPORT.md). From fdacfb758e5528c88bbe2f3d040a639219cf9596 Mon Sep 17 00:00:00 2001 From: panigs7 Date: Mon, 14 Apr 2025 02:32:20 -0400 Subject: [PATCH 2/7] update docs --- .github/workflows/ubi-version-update.yaml | 2 +- README.md | 39 ++++++++++++----------- 2 files changed, 21 insertions(+), 20 deletions(-) diff --git a/.github/workflows/ubi-version-update.yaml b/.github/workflows/ubi-version-update.yaml index da5e3aaf..40c04a8f 100644 --- a/.github/workflows/ubi-version-update.yaml +++ b/.github/workflows/ubi-version-update.yaml @@ -96,7 +96,7 @@ jobs: title: "Update UBI Image to latest" body: | This PR updates the UBI Image to ${{ env.tag }}-${{ env.release }}. - Auto-generated by [csm](https://github.com/dell/csm) + Auto-generated by [common-github-actions](https://github.com/dell/common-github-actions) sign-commits: true delete-branch: true diff --git a/README.md b/README.md index f5d9c1fa..351806bb 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,7 @@ This repository contains a set of reusable actions and workflows, designed to be - [Update Dell Libraries to Latest Commits](#update-libraries-to-commits) - [Update Dell Libraries](#update-libraries) - [Dockerfile Modifications](#image-version-workflow) + - [UBI Image Update](#ubi-image-update) - [Dell Libraries Specific Workflows](#dell-libraries-specific-workflows) - [Release Dell Libraries](#csm-release-libs) - [CSM Operator Specific Workflows](#csm-operator-specific-workflows) @@ -288,6 +289,25 @@ jobs: secrets: inherit ``` +### ubi-image-update + +This workflow updates UBI9 micro image SHAID to the latest. The workflow is triggered by a cron job that runs on every Monday at mid-day. It also can be triggered manually from https://github.com/dell/csm/actions/workflows/ubi-image-update.yaml. + +The workflow does not accept any parameters and can be used from any repository by creating a workflow that resembles the following + +```yaml +name: UBI Image Update + +on: + workflow_dispatch: + +jobs: + ubi-version-update: + uses: dell/common-github-actions/.github/workflows/ubi-version-update.yaml@main + name: UBI Version Update + secrets: inherit +``` + ## Dell Libraries Specific Workflows ### csm-release-libs @@ -413,25 +433,6 @@ jobs: secrets: inherit ``` -### ubi-image-update - -This workflow updates UBI9 micro image SHAID to the latest. The workflow is triggered by a cron job that runs on every Monday at mid-day. It also can be triggered manually from https://github.com/dell/csm/actions/workflows/ubi-image-update.yaml. - -The workflow does not accept any parameters and can be used from any repository by creating a workflow that resembles the following - -```yaml -name: UBI Image Update - -on: - workflow_dispatch: - -jobs: - go-version-update: - uses: dell/common-github-actions/.github/workflows/ubi-version-update.yaml@main - name: Go Version Update - secrets: inherit -``` - ## Support Don’t hesitate to ask! Contact the team and community on [our support](./docs/SUPPORT.md). From 9dfbdefe0d1392227d2dd26e187339c00adf6213 Mon Sep 17 00:00:00 2001 From: panigs7 Date: Mon, 14 Apr 2025 03:36:12 -0400 Subject: [PATCH 3/7] address review comments --- .github/workflows/ubi-version-update.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ubi-version-update.yaml b/.github/workflows/ubi-version-update.yaml index 40c04a8f..bf258f4d 100644 --- a/.github/workflows/ubi-version-update.yaml +++ b/.github/workflows/ubi-version-update.yaml @@ -58,13 +58,12 @@ jobs: uses: actions/checkout@v4 with: repository: dell/csm - token: ${{ secrets.COMMON_GITHUB_ACTIONS_PAT }} - path: csm-repo + path: csm - name: Compare and update SHA in csm-common.mk id: update-sha run: | - current_sha=$(grep 'UBI_BASEIMAGE=' csm-repo/config/csm-common.mk | cut -d'@' -f2) + current_sha=$(grep 'UBI_BASEIMAGE=' csm/config/csm-common.mk | cut -d'@' -f2) latest_sha=${{ env.latest_sha }} if [ "$current_sha" != "$latest_sha" ]; then From 4f3d6f2e10a94c17d89aa99b20b1a807630d2315 Mon Sep 17 00:00:00 2001 From: panigs7 Date: Mon, 14 Apr 2025 04:17:26 -0400 Subject: [PATCH 4/7] Test raise PR --- .github/workflows/ubi-version-update.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ubi-version-update.yaml b/.github/workflows/ubi-version-update.yaml index bf258f4d..6440b61d 100644 --- a/.github/workflows/ubi-version-update.yaml +++ b/.github/workflows/ubi-version-update.yaml @@ -82,7 +82,7 @@ jobs: if: env.sha_mismatch == 'true' id: generate-token with: - app-id: ${{ vars.CSM_RELEASE_APP_ID }} + # app-id: ${{ vars.CSM_RELEASE_APP_ID }} private-key: ${{ secrets.CSM_RELEASE_APP_PRIVATE_KEY }} - name: Create Pull Request From 4b44485c1450aeb5cc7a214341cebfab771ec46f Mon Sep 17 00:00:00 2001 From: panigs7 Date: Mon, 14 Apr 2025 04:23:10 -0400 Subject: [PATCH 5/7] Test raise PR --- .github/workflows/ubi-version-update.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ubi-version-update.yaml b/.github/workflows/ubi-version-update.yaml index 6440b61d..18ada4b5 100644 --- a/.github/workflows/ubi-version-update.yaml +++ b/.github/workflows/ubi-version-update.yaml @@ -78,12 +78,12 @@ jobs: # Needed for signing commits using Github App tokens # See: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#commit-signing - - uses: actions/create-github-app-token@v2.0.2 - if: env.sha_mismatch == 'true' - id: generate-token - with: - # app-id: ${{ vars.CSM_RELEASE_APP_ID }} - private-key: ${{ secrets.CSM_RELEASE_APP_PRIVATE_KEY }} + # - uses: actions/create-github-app-token@v2.0.2 + # if: env.sha_mismatch == 'true' + # id: generate-token + # with: + # app-id: ${{ vars.CSM_RELEASE_APP_ID }} + # private-key: ${{ secrets.CSM_RELEASE_APP_PRIVATE_KEY }} - name: Create Pull Request if: env.sha_mismatch == 'true' From d6b0cf520c244a39e9236a32115eb4091ea53aaf Mon Sep 17 00:00:00 2001 From: panigs7 Date: Mon, 14 Apr 2025 04:38:35 -0400 Subject: [PATCH 6/7] Address review comments --- .github/workflows/ubi-version-update.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ubi-version-update.yaml b/.github/workflows/ubi-version-update.yaml index 18ada4b5..91d5b5b2 100644 --- a/.github/workflows/ubi-version-update.yaml +++ b/.github/workflows/ubi-version-update.yaml @@ -68,7 +68,7 @@ jobs: if [ "$current_sha" != "$latest_sha" ]; then echo "SHA mismatch, updating..." - sed -i "s|UBI_BASEIMAGE=.*|UBI_BASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro@$latest_sha|" csm-repo/config/csm-common.mk + sed -i "s|UBI_BASEIMAGE=.*|UBI_BASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro@$latest_sha|" csm/config/csm-common.mk echo "sha_mismatch=true" >> $GITHUB_ENV else echo "SHA is up-to-date" @@ -78,12 +78,12 @@ jobs: # Needed for signing commits using Github App tokens # See: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#commit-signing - # - uses: actions/create-github-app-token@v2.0.2 - # if: env.sha_mismatch == 'true' - # id: generate-token - # with: - # app-id: ${{ vars.CSM_RELEASE_APP_ID }} - # private-key: ${{ secrets.CSM_RELEASE_APP_PRIVATE_KEY }} + - uses: actions/create-github-app-token@v2.0.2 + if: env.sha_mismatch == 'true' + id: generate-token + with: + app-id: ${{ vars.CSM_RELEASE_APP_ID }} + private-key: ${{ secrets.CSM_RELEASE_APP_PRIVATE_KEY }} - name: Create Pull Request if: env.sha_mismatch == 'true' From 3f5fca05befc7fe6fe2210384f8f93dd126086af Mon Sep 17 00:00:00 2001 From: panigs7 <92028646+panigs7@users.noreply.github.com> Date: Mon, 14 Apr 2025 19:29:34 +0530 Subject: [PATCH 7/7] Remove duplicate repository checkout --- .github/workflows/ubi-version-update.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/ubi-version-update.yaml b/.github/workflows/ubi-version-update.yaml index 91d5b5b2..f6671fb4 100644 --- a/.github/workflows/ubi-version-update.yaml +++ b/.github/workflows/ubi-version-update.yaml @@ -54,12 +54,6 @@ jobs: release=$(skopeo inspect docker://registry.access.redhat.com/ubi9/ubi:latest | jq -r '.Labels.release') echo "release=$release" >> $GITHUB_ENV - - name: Checkout target repository - uses: actions/checkout@v4 - with: - repository: dell/csm - path: csm - - name: Compare and update SHA in csm-common.mk id: update-sha run: |