From 08ac2e05980cbe6aa62212f41daa8529becc9f7b Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Sun, 6 Oct 2024 21:13:22 +0200 Subject: [PATCH 1/9] feat: undeploy-my-kibana --- oblt-cli/undeploy-my-kibana/README.md | 47 ++++++++++++++++++ oblt-cli/undeploy-my-kibana/action.yml | 66 ++++++++++++++++++++++++++ 2 files changed, 113 insertions(+) create mode 100644 oblt-cli/undeploy-my-kibana/README.md create mode 100644 oblt-cli/undeploy-my-kibana/action.yml diff --git a/oblt-cli/undeploy-my-kibana/README.md b/oblt-cli/undeploy-my-kibana/README.md new file mode 100644 index 0000000..4fe1d15 --- /dev/null +++ b/oblt-cli/undeploy-my-kibana/README.md @@ -0,0 +1,47 @@ +# oblt-cli/undeploy-my-kibana + +[![usages](https://img.shields.io/badge/usages-white?logo=githubactions&logoColor=blue)](https://github.com/search?q=elastic%2Foblt-actions%2Foblt-cli%2Fundeploy-my-kibana+%28path%3A.github%2Fworkflows+OR+path%3A**%2Faction.yml+OR+path%3A**%2Faction.yaml%29&type=code) +[![test-oblt-cli-cluster-name-validation](https://github.com/elastic/oblt-actions/actions/workflows/test-oblt-cli-undeploy-my-kibana.yml/badge.svg?branch=main)](https://github.com/elastic/oblt-actions/actions/workflows/test-oblt-cli-undeploy-my-kibana.yml) + + +Undeploy my kibana given the Pull Request + + +## Inputs + +| Name | Description | Required | Default | +|----------------|----------------------------|----------|-------------------------------------------| +| `pull-request` | The GitHub Pull Request ID | `false` | `${{ github.event.pull_request.number }}` | +| `repository` | The GitHub repository | `false` | `${{ github.repository }}` | +| `github-token` | The GitHub access token. | `true` | ` ` | + + +## Outputs + +| Name | Description | +|---------|---------------------------------------------------------------| +| `issue` | The GitHub issue that has been created to destroy the cluster | + + +## Usage + +```yaml +name: undeploy-my-kibana + +on: + pull_request_target: + types: [closed] + +permissions: + contents: read + +jobs: + undeploy-my-kibana: + runs-on: ubuntu-latest + steps: + - uses: elastic/oblt-actions/oblt-cli/undeploy-my-kibana@v1 + with: + github-token: ${{ secrets.PAT_TOKEN }} + +``` + diff --git a/oblt-cli/undeploy-my-kibana/action.yml b/oblt-cli/undeploy-my-kibana/action.yml new file mode 100644 index 0000000..6213703 --- /dev/null +++ b/oblt-cli/undeploy-my-kibana/action.yml @@ -0,0 +1,66 @@ +name: 'oblt-cli/undeploy-my-kibana' +description: 'Undeploy my kibana given the Pull Request' +inputs: + pull-request: + description: 'The GitHub Pull Request ID' + default: ${{ github.event.pull_request.number }} + repository: + description: 'The GitHub repository' + default: ${{ github.repository }} + github-token: + description: 'The GitHub access token.' + required: true + +outputs: + issue: + description: 'The GitHub issue that has been created to destroy the cluster' + value: ${{ steps.undeploy-my-kibana.outputs.issue }} + +runs: + using: "composite" + steps: + - id: gh_api_pr_author + name: Gather PR Owner + run: |- + PR_AUTHOR=$(gh pr view ${{ inputs.pull-request }} --repo ${{ inputs.repository }} --json author --jq .author.login) + echo "result=${PR_AUTHOR}" >> $GITHUB_OUTPUT + env: + GH_TOKEN: ${{ inputs.github-token }} + shell: bash + + - uses: elastic/oblt-actions/github/is-member-of@v1 + id: is_elastic_member + with: + github-user: ${{ steps.gh_api_pr_author.outputs.result }} + github-org: "elastic" + github-token: ${{ inputs.github-token }} + + - if: steps.is_elastic_member.outputs.result == true + name: Create GitHub issue body + id: undeploy-my-kibana + run: |- + cat <> .body-content + ### Kibana pull request + + ${{ env.PR }} + + ### Further details + + Caused by @${{ env.USER }} in https://github.com/${{ env.REPO }}/pull/${{ env.PR }} + EOT + + gh issue \ + create \ + --label 'destroy-custom-kibana-serverless' \ + --title "[Undeploy Kibana] ${{ env.REPO }}@pr-${{ env.PR }}" \ + --body-file .body-content \ + --repo elastic/observability-test-environments | tee .issue + echo "issue=$(cat .issue)" >> "$GITHUB_OUTPUT" + + rm .issue .body-content || true + env: + GH_TOKEN: ${{ inputs.github-token }} + PR: ${{ inputs.pull-request }} + REPO: ${{ inputs.repository }} + USER: ${{ steps.gh_api_pr_author.outputs.result }} + shell: bash From 8463cb5e357850400098ca3f0d0b5105c2ba65ea Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Sun, 6 Oct 2024 21:19:44 +0200 Subject: [PATCH 2/9] test for undeploy-my-kibana --- .../test-oblt-cli-undeploy-my-kibana.yml | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 .github/workflows/test-oblt-cli-undeploy-my-kibana.yml diff --git a/.github/workflows/test-oblt-cli-undeploy-my-kibana.yml b/.github/workflows/test-oblt-cli-undeploy-my-kibana.yml new file mode 100644 index 0000000..2cc2d72 --- /dev/null +++ b/.github/workflows/test-oblt-cli-undeploy-my-kibana.yml @@ -0,0 +1,42 @@ +name: test-undeploy-my-kibana + +on: + pull_request: + branches: + - main + paths: + - '.github/workflows/test-undeploy-my-kibana.yml' + - 'oblt-cli/undeploy-my-kibana/**' + push: + branches: + - main + paths: + - '.github/workflows/test-undeploy-my-kibana.yml' + - 'oblt-cli/undeploy-my-kibana/**' + +permissions: + contents: read + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Get token + id: get_token + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 + with: + app_id: ${{ secrets.OBS_AUTOMATION_APP_ID }} + private_key: ${{ secrets.OBS_AUTOMATION_APP_PEM }} + permissions: >- + { + "issues": "write" + } + repositories: >- + ["observability-test-environments"] + + - uses: ./oblt-cli/undeploy-my-kibana + with: + github-token: ${{ steps.get_token.outputs.token }} + pull-request: 1 From 6143a6372061185a1dc12b7ec3fd69a30498d431 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Sun, 6 Oct 2024 21:25:54 +0200 Subject: [PATCH 3/9] different conditional --- oblt-cli/undeploy-my-kibana/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oblt-cli/undeploy-my-kibana/action.yml b/oblt-cli/undeploy-my-kibana/action.yml index 6213703..5ff4c51 100644 --- a/oblt-cli/undeploy-my-kibana/action.yml +++ b/oblt-cli/undeploy-my-kibana/action.yml @@ -35,7 +35,7 @@ runs: github-org: "elastic" github-token: ${{ inputs.github-token }} - - if: steps.is_elastic_member.outputs.result == true + - if: contains(steps.is_elastic_member.outputs.result, 'true') name: Create GitHub issue body id: undeploy-my-kibana run: |- From 9602794874b60891721d12c5d9d8ab44f235d1fd Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Sun, 6 Oct 2024 21:26:03 +0200 Subject: [PATCH 4/9] test kibana instead --- .github/workflows/test-oblt-cli-undeploy-my-kibana.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-oblt-cli-undeploy-my-kibana.yml b/.github/workflows/test-oblt-cli-undeploy-my-kibana.yml index 2cc2d72..fe7ad55 100644 --- a/.github/workflows/test-oblt-cli-undeploy-my-kibana.yml +++ b/.github/workflows/test-oblt-cli-undeploy-my-kibana.yml @@ -39,4 +39,5 @@ jobs: - uses: ./oblt-cli/undeploy-my-kibana with: github-token: ${{ steps.get_token.outputs.token }} - pull-request: 1 + pull-request: '187489' + repository: 'elastic/kibana' From 81cd567c01af282853bc8298c1230c93af5c0933 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Sun, 6 Oct 2024 21:28:09 +0200 Subject: [PATCH 5/9] we cannot use a gh app without enough permissions the github label should be the gatekeeper --- oblt-cli/undeploy-my-kibana/README.md | 1 + oblt-cli/undeploy-my-kibana/action.yml | 10 +--------- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/oblt-cli/undeploy-my-kibana/README.md b/oblt-cli/undeploy-my-kibana/README.md index 4fe1d15..34c9d71 100644 --- a/oblt-cli/undeploy-my-kibana/README.md +++ b/oblt-cli/undeploy-my-kibana/README.md @@ -37,6 +37,7 @@ permissions: jobs: undeploy-my-kibana: + if: contains(github.event.pull_request.labels.*.name, 'ci:deploy-observability') runs-on: ubuntu-latest steps: - uses: elastic/oblt-actions/oblt-cli/undeploy-my-kibana@v1 diff --git a/oblt-cli/undeploy-my-kibana/action.yml b/oblt-cli/undeploy-my-kibana/action.yml index 5ff4c51..4a7c430 100644 --- a/oblt-cli/undeploy-my-kibana/action.yml +++ b/oblt-cli/undeploy-my-kibana/action.yml @@ -28,15 +28,7 @@ runs: GH_TOKEN: ${{ inputs.github-token }} shell: bash - - uses: elastic/oblt-actions/github/is-member-of@v1 - id: is_elastic_member - with: - github-user: ${{ steps.gh_api_pr_author.outputs.result }} - github-org: "elastic" - github-token: ${{ inputs.github-token }} - - - if: contains(steps.is_elastic_member.outputs.result, 'true') - name: Create GitHub issue body + - name: Create GitHub issue body id: undeploy-my-kibana run: |- cat <> .body-content From 1a6f74dbb661fc0bd45ea6198c860a475be8c39e Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Sun, 6 Oct 2024 21:31:23 +0200 Subject: [PATCH 6/9] trying to fix GraphQL: Resource not accessible by integration (repository.defaultBranchRef) --- .github/workflows/test-oblt-cli-undeploy-my-kibana.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test-oblt-cli-undeploy-my-kibana.yml b/.github/workflows/test-oblt-cli-undeploy-my-kibana.yml index fe7ad55..d3f8223 100644 --- a/.github/workflows/test-oblt-cli-undeploy-my-kibana.yml +++ b/.github/workflows/test-oblt-cli-undeploy-my-kibana.yml @@ -31,6 +31,7 @@ jobs: private_key: ${{ secrets.OBS_AUTOMATION_APP_PEM }} permissions: >- { + "contents": "read", "issues": "write" } repositories: >- From dcb19adddbeee723e1bd37f89090f32af6b2478b Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Sun, 6 Oct 2024 21:41:40 +0200 Subject: [PATCH 7/9] simplify with github app --- oblt-cli/undeploy-my-kibana/README.md | 12 +++--- oblt-cli/undeploy-my-kibana/action.yml | 52 +++++++++++++++++++++----- 2 files changed, 49 insertions(+), 15 deletions(-) diff --git a/oblt-cli/undeploy-my-kibana/README.md b/oblt-cli/undeploy-my-kibana/README.md index 34c9d71..7cd6ee7 100644 --- a/oblt-cli/undeploy-my-kibana/README.md +++ b/oblt-cli/undeploy-my-kibana/README.md @@ -9,11 +9,13 @@ Undeploy my kibana given the Pull Request ## Inputs -| Name | Description | Required | Default | -|----------------|----------------------------|----------|-------------------------------------------| -| `pull-request` | The GitHub Pull Request ID | `false` | `${{ github.event.pull_request.number }}` | -| `repository` | The GitHub repository | `false` | `${{ github.repository }}` | -| `github-token` | The GitHub access token. | `true` | ` ` | +| Name | Description | Required | Default | +|--------------------------|-------------------------------------------------------------|----------|-------------------------------------------| +| `pull-request` | The GitHub Pull Request ID | `false` | `${{ github.event.pull_request.number }}` | +| `repository` | The GitHub repository | `false` | `${{ github.repository }}` | +| `github-token` | The GitHub Personal Access Token. | `false` | ` ` | +| `github-app-id` | The GitHub App ID to generate the ephemeral token. | `false` | ` ` | +| `github-app-private-key` | The GitHub App Private Key to generate the ephemeral token. | `false` | ` ` | ## Outputs diff --git a/oblt-cli/undeploy-my-kibana/action.yml b/oblt-cli/undeploy-my-kibana/action.yml index 4a7c430..5051b12 100644 --- a/oblt-cli/undeploy-my-kibana/action.yml +++ b/oblt-cli/undeploy-my-kibana/action.yml @@ -8,8 +8,14 @@ inputs: description: 'The GitHub repository' default: ${{ github.repository }} github-token: - description: 'The GitHub access token.' - required: true + description: 'The GitHub Personal Access Token.' + required: false + github-app-id: + description: 'The GitHub App ID to generate the ephemeral token.' + required: false + github-app-private-key: + description: 'The GitHub App Private Key to generate the ephemeral token.' + required: false outputs: issue: @@ -19,13 +25,41 @@ outputs: runs: using: "composite" steps: - - id: gh_api_pr_author - name: Gather PR Owner + + - if: ${{ (inputs.github-token == '' && inputs.github-app-id == '' && inputs.github-app-private-key == '') || (inputs.github-token != '' && inputs.github-app-id != '' && inputs.github-app-private-key != '') }} + name: Validate input parameters + run: echo "use either github-token or github-app-id and github-app-private-key" && exit 1 + shell: bash + + - name: Get token + if: ${{ inputs.github-token == '' }} + id: get_token + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 + with: + app_id: ${{ inputs.github-app-id }} + private_key: ${{ inputs.github-app-private-key }} + permissions: >- + { + "contents": "read", + "issues": "write" + } + repositories: >- + ["observability-test-environments"] + + - if: ${{ inputs.github-token == '' }} + name: If ephemeral GitHub token app generated + run: echo "GH_TOKEN=${{ steps.get_token.outputs.token }}" >> "$GITHUB_ENV" + shell: bash + + - if: ${{ inputs.github-token != '' }} + name: If GitHub token provided + run: echo "GH_TOKEN=${{ inputs.github-token }}" >> "$GITHUB_ENV" + shell: bash + + - name: Gather PR Owner run: |- PR_AUTHOR=$(gh pr view ${{ inputs.pull-request }} --repo ${{ inputs.repository }} --json author --jq .author.login) - echo "result=${PR_AUTHOR}" >> $GITHUB_OUTPUT - env: - GH_TOKEN: ${{ inputs.github-token }} + echo "PR_AUTHOR=${PR_AUTHOR}" >> $GITHUB_ENV shell: bash - name: Create GitHub issue body @@ -38,7 +72,7 @@ runs: ### Further details - Caused by @${{ env.USER }} in https://github.com/${{ env.REPO }}/pull/${{ env.PR }} + Caused by @${{ env.PR_AUTHOR }} in https://github.com/${{ env.REPO }}/pull/${{ env.PR }} EOT gh issue \ @@ -51,8 +85,6 @@ runs: rm .issue .body-content || true env: - GH_TOKEN: ${{ inputs.github-token }} PR: ${{ inputs.pull-request }} REPO: ${{ inputs.repository }} - USER: ${{ steps.gh_api_pr_author.outputs.result }} shell: bash From d0db167c7d35e5ed6950917d88aeca93a734366a Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Sun, 6 Oct 2024 21:45:25 +0200 Subject: [PATCH 8/9] test no params and all params --- .../test-oblt-cli-undeploy-my-kibana.yml | 57 +++++++++++++------ 1 file changed, 41 insertions(+), 16 deletions(-) diff --git a/.github/workflows/test-oblt-cli-undeploy-my-kibana.yml b/.github/workflows/test-oblt-cli-undeploy-my-kibana.yml index d3f8223..b332b8d 100644 --- a/.github/workflows/test-oblt-cli-undeploy-my-kibana.yml +++ b/.github/workflows/test-oblt-cli-undeploy-my-kibana.yml @@ -18,27 +18,52 @@ permissions: contents: read jobs: - test: + undeploy-my-kibana: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Get token - id: get_token - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 - with: - app_id: ${{ secrets.OBS_AUTOMATION_APP_ID }} - private_key: ${{ secrets.OBS_AUTOMATION_APP_PEM }} - permissions: >- - { - "contents": "read", - "issues": "write" - } - repositories: >- - ["observability-test-environments"] - - uses: ./oblt-cli/undeploy-my-kibana with: - github-token: ${{ steps.get_token.outputs.token }} + github-app-id: ${{ secrets.OBS_AUTOMATION_APP_ID }} + github-app-private-key: ${{ secrets.OBS_AUTOMATION_APP_PEM }} pull-request: '187489' repository: 'elastic/kibana' + + no-parameters: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: ./oblt-cli/undeploy-my-kibana + id: validation + continue-on-error: true + - name: Assert is failure if no parameters + run: test "${{steps.validation.outcome}}" = "failure" + + all-parameters: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: ./oblt-cli/undeploy-my-kibana + id: validation + continue-on-error: true + with: + github-app-id: "app" + github-app-private-key: "key" + github-token: "foo" + - name: Assert is failure if all parameters + run: test "${{steps.validation.outcome}}" = "failure" + + test: + if: always() + needs: + - undeploy-my-kibana + - no-parameters + - all-parameters + runs-on: ubuntu-latest + steps: + - id: check + uses: elastic/oblt-actions/check-dependent-jobs@v1 + with: + jobs: ${{ toJSON(needs) }} + - run: ${{ steps.check.outputs.is-success }} From 418458c4cd11ad97af39503b32fe4ef2ca812fa8 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Mon, 7 Oct 2024 12:14:42 +0200 Subject: [PATCH 9/9] add workflow --- oblt-cli/undeploy-my-kibana/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oblt-cli/undeploy-my-kibana/action.yml b/oblt-cli/undeploy-my-kibana/action.yml index 5051b12..833fc70 100644 --- a/oblt-cli/undeploy-my-kibana/action.yml +++ b/oblt-cli/undeploy-my-kibana/action.yml @@ -72,7 +72,7 @@ runs: ### Further details - Caused by @${{ env.PR_AUTHOR }} in https://github.com/${{ env.REPO }}/pull/${{ env.PR }} + Caused by @${{ env.PR_AUTHOR }} in https://github.com/${{ env.REPO }}/pull/${{ env.PR }} via this [GitHub workflow build](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}/attempts/${{ github.run_attempt }}) EOT gh issue \