mirror of
https://mirror.skon.top/github.com/zabbix/zabbix-docker
synced 2026-04-20 21:00:35 +08:00
207 lines
6.2 KiB
YAML
207 lines
6.2 KiB
YAML
name: Red Hat Catalog Description
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- '[0-9]+.[0-9]+'
|
|
paths:
|
|
- 'Dockerfiles/*/rhel/README.html'
|
|
- 'Dockerfiles/*/README.md'
|
|
- 'Dockerfiles/*/rhel/README.md'
|
|
- '.github/workflows/rhel_registry_description.yml'
|
|
- '.github/scripts/rhel_description.py'
|
|
- '.github/scripts/requirements-rhel-description.txt'
|
|
workflow_dispatch:
|
|
|
|
concurrency:
|
|
group: rhel-description-${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
env:
|
|
DOCKERFILES_DIRECTORY: "./Dockerfiles"
|
|
API_URL: "https://catalog.redhat.com/api/containers/v1/projects/certification/id/"
|
|
MATRIX_FILE: "build.json"
|
|
PYTHON_REQUIREMENTS_FILE: ".github/scripts/requirements-rhel-description.txt"
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
init:
|
|
name: Initialize workflow
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
outputs:
|
|
components: ${{ steps.components.outputs.list }}
|
|
zabbix_release: ${{ steps.branch_info.outputs.zabbix_release }}
|
|
|
|
steps:
|
|
- name: Block egress traffic
|
|
uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
|
|
with:
|
|
disable-sudo: true
|
|
egress-policy: block
|
|
allowed-endpoints: >
|
|
github.com:443
|
|
api.github.com:443
|
|
|
|
- name: Checkout repository metadata
|
|
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
|
with:
|
|
fetch-depth: 1
|
|
sparse-checkout: ${{ env.MATRIX_FILE }}
|
|
|
|
- name: Check ${{ env.MATRIX_FILE }} file
|
|
env:
|
|
MATRIX_FILE: ${{ env.MATRIX_FILE }}
|
|
run: |
|
|
set -Eeuo pipefail
|
|
|
|
if [[ ! -f "$MATRIX_FILE" ]]; then
|
|
echo "::error::File $MATRIX_FILE is missing"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Get branch info
|
|
id: branch_info
|
|
env:
|
|
GITHUB_REF_NAME: ${{ github.ref_name }}
|
|
run: |
|
|
set -Eeuo pipefail
|
|
|
|
echo "::group::Branch metadata"
|
|
echo "zabbix_release=${GITHUB_REF_NAME//.}"
|
|
echo "::endgroup::"
|
|
|
|
echo "zabbix_release=${GITHUB_REF_NAME//.}" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Prepare Zabbix component list
|
|
id: components
|
|
env:
|
|
MATRIX_FILE: ${{ env.MATRIX_FILE }}
|
|
run: |
|
|
set -Eeuo pipefail
|
|
|
|
component_list="$(jq -rc '.components | map_values(select(.rhel == true)) | keys' "$MATRIX_FILE")"
|
|
|
|
if [[ -z "$component_list" || "$component_list" == "[]" ]]; then
|
|
echo "::warning::No RHEL-enabled components found in $MATRIX_FILE"
|
|
fi
|
|
|
|
echo "::group::Zabbix Component List"
|
|
echo "$component_list"
|
|
echo "::endgroup::"
|
|
|
|
echo "list=$component_list" >> "$GITHUB_OUTPUT"
|
|
|
|
update-description:
|
|
name: Update description (${{ matrix.component }})
|
|
runs-on: ubuntu-latest
|
|
needs: init
|
|
permissions:
|
|
contents: read
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
component: ${{ fromJson(needs.init.outputs.components) }}
|
|
|
|
steps:
|
|
- name: Block egress traffic
|
|
uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
|
|
with:
|
|
disable-sudo: true
|
|
egress-policy: block
|
|
allowed-endpoints: >
|
|
github.com:443
|
|
api.github.com:443
|
|
pypi.org:443
|
|
files.pythonhosted.org:443
|
|
catalog.redhat.com:443
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
|
with:
|
|
fetch-depth: 1
|
|
|
|
- name: Format matrix variables
|
|
id: var_format
|
|
env:
|
|
MATRIX_BUILD: ${{ matrix.component }}
|
|
run: |
|
|
set -Eeuo pipefail
|
|
|
|
MATRIX_BUILD="${MATRIX_BUILD^^}"
|
|
MATRIX_BUILD="${MATRIX_BUILD//-/_}"
|
|
|
|
echo "::group::Result"
|
|
echo "matrix_build=${MATRIX_BUILD}"
|
|
echo "::endgroup::"
|
|
|
|
echo "matrix_build=${MATRIX_BUILD}" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Check Python requirements file
|
|
env:
|
|
PYTHON_REQUIREMENTS_FILE: ${{ env.PYTHON_REQUIREMENTS_FILE }}
|
|
run: |
|
|
set -Eeuo pipefail
|
|
|
|
if [[ ! -f "$PYTHON_REQUIREMENTS_FILE" ]]; then
|
|
echo "::error::File $PYTHON_REQUIREMENTS_FILE is missing"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Setup Python 3.12
|
|
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
|
|
with:
|
|
python-version: '3.12'
|
|
cache: 'pip'
|
|
cache-dependency-path: ${{ env.PYTHON_REQUIREMENTS_FILE }}
|
|
|
|
- name: Install Python packages
|
|
env:
|
|
PYTHON_REQUIREMENTS_FILE: ${{ env.PYTHON_REQUIREMENTS_FILE }}
|
|
run: |
|
|
set -Eeuo pipefail
|
|
|
|
python -m pip install --upgrade pip
|
|
pip install -r "$PYTHON_REQUIREMENTS_FILE"
|
|
|
|
- name: Check description source
|
|
env:
|
|
DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README', env.DOCKERFILES_DIRECTORY, matrix.component) }}
|
|
run: |
|
|
set -Eeuo pipefail
|
|
|
|
if [[ ! -f "${DESCRIPTION_FILE}.html" && ! -f "${DESCRIPTION_FILE}.md" ]]; then
|
|
echo "::error::No description file found: ${DESCRIPTION_FILE}.html or ${DESCRIPTION_FILE}.md"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Update Red Hat project description
|
|
env:
|
|
DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README', env.DOCKERFILES_DIRECTORY, matrix.component) }}
|
|
PROJECT_ID: ${{ secrets[format('RHEL_{0}_{1}_PROJECT', needs.init.outputs.zabbix_release, steps.var_format.outputs.matrix_build)] }}
|
|
PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }}
|
|
API_URL: ${{ env.API_URL }}
|
|
run: |
|
|
set -Eeuo pipefail
|
|
python ./.github/scripts/rhel_description.py
|
|
|
|
- name: Print Red Hat Catalog URL
|
|
env:
|
|
COMPONENT: ${{ matrix.component }}
|
|
MATRIX_FILE: ${{ env.MATRIX_FILE }}
|
|
run: |
|
|
set -Eeuo pipefail
|
|
|
|
PROJECT_ID="$(jq -r ".components.\"$COMPONENT\".rhel_project" "$MATRIX_FILE")"
|
|
|
|
echo "::group::URL"
|
|
echo "https://catalog.redhat.com/software/containers/${PROJECT_ID}"
|
|
echo "::endgroup::"
|