-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: undeploy-my-kibana #140
Merged
Merged
Changes from all commits
Commits
Show all changes
10 commits
Select commit
Hold shift + click to select a range
08ac2e0
feat: undeploy-my-kibana
v1v 8463cb5
test for undeploy-my-kibana
v1v 6143a63
different conditional
v1v 9602794
test kibana instead
v1v 81cd567
we cannot use a gh app without enough permissions
v1v 1a6f74d
trying to fix GraphQL: Resource not accessible by integration (reposi…
v1v dcb19ad
simplify with github app
v1v d0db167
test no params and all params
v1v 418458c
add workflow
v1v 076b9eb
Merge branch 'main' into feature/undeploy-kibana
v1v File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| name: test-undeploy-my-kibana | ||
|
|
||
| on: | ||
| pull_request: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - '.github/workflows/test-undeploy-my-kibana.yml' | ||
| - 'oblt-cli/undeploy-my-kibana/**' | ||
| push: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - '.github/workflows/test-undeploy-my-kibana.yml' | ||
| - 'oblt-cli/undeploy-my-kibana/**' | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| undeploy-my-kibana: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - uses: ./oblt-cli/undeploy-my-kibana | ||
| with: | ||
| github-app-id: ${{ secrets.OBS_AUTOMATION_APP_ID }} | ||
| github-app-private-key: ${{ secrets.OBS_AUTOMATION_APP_PEM }} | ||
| pull-request: '187489' | ||
| repository: 'elastic/kibana' | ||
|
|
||
| no-parameters: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: ./oblt-cli/undeploy-my-kibana | ||
| id: validation | ||
| continue-on-error: true | ||
| - name: Assert is failure if no parameters | ||
| run: test "${{steps.validation.outcome}}" = "failure" | ||
|
|
||
| all-parameters: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: ./oblt-cli/undeploy-my-kibana | ||
| id: validation | ||
| continue-on-error: true | ||
| with: | ||
| github-app-id: "app" | ||
| github-app-private-key: "key" | ||
| github-token: "foo" | ||
| - name: Assert is failure if all parameters | ||
| run: test "${{steps.validation.outcome}}" = "failure" | ||
|
|
||
| test: | ||
| if: always() | ||
| needs: | ||
| - undeploy-my-kibana | ||
| - no-parameters | ||
| - all-parameters | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - id: check | ||
| uses: elastic/oblt-actions/check-dependent-jobs@v1 | ||
| with: | ||
| jobs: ${{ toJSON(needs) }} | ||
| - run: ${{ steps.check.outputs.is-success }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| # <!--name-->oblt-cli/undeploy-my-kibana<!--/name--> | ||
|
|
||
| [](https:/search?q=elastic%2Foblt-actions%2Foblt-cli%2Fundeploy-my-kibana+%28path%3A.github%2Fworkflows+OR+path%3A**%2Faction.yml+OR+path%3A**%2Faction.yaml%29&type=code) | ||
| [](https:/elastic/oblt-actions/actions/workflows/test-oblt-cli-undeploy-my-kibana.yml) | ||
|
|
||
| <!--description--> | ||
| Undeploy my kibana given the Pull Request | ||
| <!--/description--> | ||
|
|
||
| ## Inputs | ||
| <!--inputs--> | ||
| | Name | Description | Required | Default | | ||
| |--------------------------|-------------------------------------------------------------|----------|-------------------------------------------| | ||
| | `pull-request` | The GitHub Pull Request ID | `false` | `${{ github.event.pull_request.number }}` | | ||
| | `repository` | The GitHub repository | `false` | `${{ github.repository }}` | | ||
| | `github-token` | The GitHub Personal Access Token. | `false` | ` ` | | ||
| | `github-app-id` | The GitHub App ID to generate the ephemeral token. | `false` | ` ` | | ||
| | `github-app-private-key` | The GitHub App Private Key to generate the ephemeral token. | `false` | ` ` | | ||
| <!--/inputs--> | ||
|
|
||
| ## Outputs | ||
| <!--outputs--> | ||
| | Name | Description | | ||
| |---------|---------------------------------------------------------------| | ||
| | `issue` | The GitHub issue that has been created to destroy the cluster | | ||
| <!--/outputs--> | ||
|
|
||
| ## Usage | ||
| <!--usage action="elastic/oblt-actions/**" version="env:VERSION"--> | ||
| ```yaml | ||
| name: undeploy-my-kibana | ||
|
|
||
| on: | ||
| pull_request_target: | ||
| types: [closed] | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| undeploy-my-kibana: | ||
| if: contains(github.event.pull_request.labels.*.name, 'ci:deploy-observability') | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: elastic/oblt-actions/oblt-cli/undeploy-my-kibana@v1 | ||
| with: | ||
| github-token: ${{ secrets.PAT_TOKEN }} | ||
|
|
||
| ``` | ||
| <!--/usage--> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,90 @@ | ||
| name: 'oblt-cli/undeploy-my-kibana' | ||
| description: 'Undeploy my kibana given the Pull Request' | ||
| inputs: | ||
| pull-request: | ||
| description: 'The GitHub Pull Request ID' | ||
| default: ${{ github.event.pull_request.number }} | ||
| repository: | ||
| description: 'The GitHub repository' | ||
| default: ${{ github.repository }} | ||
| github-token: | ||
| description: 'The GitHub Personal Access Token.' | ||
| required: false | ||
| github-app-id: | ||
| description: 'The GitHub App ID to generate the ephemeral token.' | ||
| required: false | ||
| github-app-private-key: | ||
| description: 'The GitHub App Private Key to generate the ephemeral token.' | ||
| required: false | ||
|
|
||
| outputs: | ||
| issue: | ||
| description: 'The GitHub issue that has been created to destroy the cluster' | ||
| value: ${{ steps.undeploy-my-kibana.outputs.issue }} | ||
|
|
||
| runs: | ||
| using: "composite" | ||
| steps: | ||
|
|
||
| - if: ${{ (inputs.github-token == '' && inputs.github-app-id == '' && inputs.github-app-private-key == '') || (inputs.github-token != '' && inputs.github-app-id != '' && inputs.github-app-private-key != '') }} | ||
| name: Validate input parameters | ||
| run: echo "use either github-token or github-app-id and github-app-private-key" && exit 1 | ||
| shell: bash | ||
|
|
||
| - name: Get token | ||
| if: ${{ inputs.github-token == '' }} | ||
| id: get_token | ||
| uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 | ||
| with: | ||
| app_id: ${{ inputs.github-app-id }} | ||
| private_key: ${{ inputs.github-app-private-key }} | ||
| permissions: >- | ||
| { | ||
| "contents": "read", | ||
| "issues": "write" | ||
| } | ||
| repositories: >- | ||
| ["observability-test-environments"] | ||
|
|
||
| - if: ${{ inputs.github-token == '' }} | ||
| name: If ephemeral GitHub token app generated | ||
| run: echo "GH_TOKEN=${{ steps.get_token.outputs.token }}" >> "$GITHUB_ENV" | ||
| shell: bash | ||
|
|
||
| - if: ${{ inputs.github-token != '' }} | ||
| name: If GitHub token provided | ||
| run: echo "GH_TOKEN=${{ inputs.github-token }}" >> "$GITHUB_ENV" | ||
| shell: bash | ||
|
|
||
| - name: Gather PR Owner | ||
| run: |- | ||
| PR_AUTHOR=$(gh pr view ${{ inputs.pull-request }} --repo ${{ inputs.repository }} --json author --jq .author.login) | ||
| echo "PR_AUTHOR=${PR_AUTHOR}" >> $GITHUB_ENV | ||
| shell: bash | ||
|
|
||
| - name: Create GitHub issue body | ||
| id: undeploy-my-kibana | ||
| run: |- | ||
| cat <<EOT >> .body-content | ||
| ### Kibana pull request | ||
|
|
||
| ${{ env.PR }} | ||
|
|
||
| ### Further details | ||
|
|
||
| Caused by @${{ env.PR_AUTHOR }} in https:/${{ env.REPO }}/pull/${{ env.PR }} via this [GitHub workflow build](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}/attempts/${{ github.run_attempt }}) | ||
| EOT | ||
|
|
||
| gh issue \ | ||
| create \ | ||
| --label 'destroy-custom-kibana-serverless' \ | ||
| --title "[Undeploy Kibana] ${{ env.REPO }}@pr-${{ env.PR }}" \ | ||
| --body-file .body-content \ | ||
| --repo elastic/observability-test-environments | tee .issue | ||
| echo "issue=$(cat .issue)" >> "$GITHUB_OUTPUT" | ||
|
|
||
| rm .issue .body-content || true | ||
| env: | ||
| PR: ${{ inputs.pull-request }} | ||
| REPO: ${{ inputs.repository }} | ||
| shell: bash | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know whether keeping both approaches might be good... WDYT?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the GitHub app credentials are only a temporary solution. I understand the benefit right now, but I don't think we want GitHub app credentials as GitHub secrets in the future, as they are very powerful.
Also, as we know, a new approach is on the horizon already.
Hence, we should not add it here and just pass the GH token from the output of the tibdex action.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's even more protected this implementation since it pretty much generates the token with the expected permissions.
While if using the other approach implies the consumers will need to know what kind of permissions need be generated.
I somehow feel this approach, even if temporary, will facilitate the consumers since they don't need to know much. WDYT?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point.
On the other hand, there is only one consumer. https:/search?q=org%3Aelastic+elastic%2Fapm-pipeline-library%2F.github%2Factions%2Fundeploy-my-kibana+%28path%3A**%2F*.yml+OR+path%3A**%2F*.yaml%29&type=code
And it's basically us maintaining it. (this may be true also for other oblt-actions, but I think this one is even more true for this one)
I'm also torn now.
The only thing I can think of is that we don't have to remove the inputs in a breaking change in the future if we don't add them in the first place.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree about the
breaking change. I initially didn't implement see dcb19ad, but to a certain extent, I found it a bit complicated when I wrote the tests, see d0db167 - it's much cleaner.In any case, we can support both cases and then once we have the new GH ephemeral token, the change will be pretty much using the
github-tokeninput, so we won't need to care about the other two input parameters, we just won't use them