patch: Add _update_bundle.yaml (#239)

This PR aims to condense both previous patches #237 and #235 in a single, experimental `_update_bundle.yaml` workflow that will pin both snap and rock resource versions, in accordance to what was previously discussed: - For rocks: Roughly follows John Meinel's proposed format, with `oci-*` lines commented in order to preserve compatibility with `juju deploy`. See the following PR commit: canonical/postgresql-k8s-bundle@2683a2d - For snaps: follows existing [store proxy standard](https://documentation.ubuntu.com/snap-store-proxy/en/airgap-charmhub/#export-snap-resources). See the following PR commit: canonical/postgresql-bundle@b223dc3 See also test runs on: - mysql bundle VM: canonical/mysql-bundle@612d531 - mysql bundle K8s: canonical/mysql-k8s-bundle@018fae7 Important info: - `storage-admin` currently has 2 blocking issues: - Pinning of charm revisions is being ignored: https://bugs.launchpad.net/snapstore-client/+bug/2083876 - Charm resource (e.g. rocks) version pinning not supported: https://bugs.launchpad.net/snapstore-client/+bug/2083878 - This is `amd64` only. An eventual patch for `arm64` should be straightforward. - This is specific to SQL bundles and their associated charms. This is the case because snap pinning requires specific logic per-charm, see point below. - This fetches snap revisions by individual parsing of each charm's source code (not by deploying the bundle, like on previous patch) --------- Co-authored-by: Carl Csaposs <[email protected]>
canonical · Oct 8, 2024 · a78e496 · a78e496
1 parent ea05e4e
commit a78e496
Show file tree

Hide file tree

Showing 4 changed files with 393 additions and 0 deletions.
diff --git a/.github/workflows/_update_bundle.md b/.github/workflows/_update_bundle.md
@@ -0,0 +1,26 @@
+Workflow file: [_update_bundle.yaml](_update_bundle.yaml)
+
+> [!WARNING]
+> Subject to **breaking changes on patch release**. `_update_bundle.yaml` is experimental & not part of the public interface.
+
+## Usage
+Add `.yaml` file to `.github/workflows/`
+```yaml
+# Copyright 2024 Canonical Ltd.
+# See LICENSE file for licensing details.
+name: Update bundle
+
+on:
+  schedule:
+    - cron: '53 0 * * *'  # Daily at 00:53 UTC
+
+jobs:
+  update-bundle:
+    name: Update bundle
+    uses: canonical/data-platform-workflows/.github/workflows/[email protected]
+    with:
+      path-to-bundle-file: bundle.yaml
+      reviewers: canonical/data-platform-engineers,octocat
+    secrets:
+      token: ${{ secrets.CREATE_PR_APP_TOKEN }}
+```
diff --git a/.github/workflows/_update_bundle.yaml b/.github/workflows/_update_bundle.yaml
@@ -0,0 +1,80 @@
+# Copyright 2023 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+# Usage documentation: _update_bundle.md
+
+on:
+  workflow_call:
+    inputs:
+      path-to-bundle-file:
+        description: Relative path to bundle file from repository directory
+        required: true
+        type: string
+      reviewers:
+        description: Comma separated list of GitHub usernames to request to review pull request (e.g. "canonical/data-platform-engineers,octocat")
+        required: false
+        type: string
+    secrets:
+      token:
+        description: |
+          GitHub App token or personal access token (not GITHUB_TOKEN)
+
+          Permissions needed for App token:
+          - Access: Read & write for Repository permissions: Pull requests
+          - Access: Read & write for Repository permissions: Contents
+          - If GitHub team is requested for pull request review,
+            Access: Read-only for Organization permissions: Members
+
+          Permissions needed for personal access token: write access to repository, read:org
+          Personal access tokens with fine grained access are not supported (by GraphQL API, which is used by GitHub CLI).
+
+          The GITHUB_TOKEN can create a pull request or push a branch, but `on: pull_request` workflows will not be triggered.
+
+          Source: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs
+        required: true
+
+jobs:
+  update-bundle:
+    name: Update bundle
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: Get workflow version
+        id: workflow-version
+        uses: canonical/get-workflow-version-action@v1
+        with:
+          repository-name: canonical/data-platform-workflows
+          file-name: _update_bundle.yaml
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Install CLI
+        run: pipx install git+https://github.com/canonical/data-platform-workflows@'${{ steps.workflow-version.outputs.sha }}'#subdirectory=python/cli
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.token }}
+      - name: Update bundle file
+        id: update-file
+        run: update-bundle '${{ inputs.path-to-bundle-file }}'
+      - name: Push `update-bundle` branch
+        if: ${{ fromJSON(steps.update-file.outputs.updates_available) }}
+        run: |
+          git checkout -b update-bundle
+          git add .
+          git config user.name "GitHub Actions"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git commit -m "Update bundle"
+          # Uses token set in checkout step
+          git push origin update-bundle -f
+      - name: Create pull request
+        if: ${{ fromJSON(steps.update-file.outputs.updates_available) }}
+        run: |
+          # Capture output in variable so that step fails if `gh pr list` exits with non-zero code
+          prs=$(gh pr list --head update-bundle --state open --json number)
+          if [[ $prs != "[]" ]]
+          then
+            echo Open pull request already exists
+            exit 0
+          fi
+          gh pr create --head update-bundle --title "Update bundle" --body "Update charm revisions in bundle YAML file" --reviewer '${{ inputs.reviewers }}'
+        env:
+          GH_TOKEN: ${{ secrets.token }}
diff --git a/README.md b/README.md
@@ -11,6 +11,7 @@
 | [release_rock.yaml](.github/workflows/release_rock.md)                     | Release rock to GitHub Container Registry                                  |
 | [release_charm.yaml](.github/workflows/release_charm.md)                   | Release charm to Charmhub                                                  |
 | [sync_docs.yaml](.github/workflows/sync_docs.md)                           | Sync Discourse documentation to GitHub                                     |
+| [_update_bundle.yaml](.github/workflows/_update_bundle.md)                 | **Experimental** Update charm revisions in bundle                          |
 
 ### Version
 Recommendation: pin the latest version (e.g. `v1.0.0`) and use [Renovate](https://docs.renovatebot.com/) to stay up-to-date.