Skip to content
This repository has been archived by the owner on Feb 14, 2024. It is now read-only.

Commit

Permalink
feat(chatops): Introduce chatops to repo (#231)
Browse files Browse the repository at this point in the history
  • Loading branch information
horiagunica authored Jan 8, 2024
1 parent a1fb93b commit eb679f1
Show file tree
Hide file tree
Showing 8 changed files with 478 additions and 0 deletions.
53 changes: 53 additions & 0 deletions .github/workflows/apply-command.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: ChatOPS Apply
run-name: "On demand Apply test for PR - (#${{ github.event.inputs.pr-id }}) ${{ github.event.inputs.pr-title }}"

permissions:
contents: read

concurrency: chatops-apply

on:
workflow_dispatch:
inputs:
paths:
description: Space delimited list of module paths to test
type: string
required: true
tf_version:
description: Terraform versions to use for tests, comma-separated list
type: string
pr-id:
description: ID of the PR that triggered this workflow
type: string
required: true
pr-title:
description: Title of the PR that triggered this workflow
type: string
required: true
comment-id:
description: 'The comment-id of the slash command'
type: string
required: true
branch:
description: Branch on which the tests should run
type: string
default: main

jobs:
test:
name: Run apply test
permissions:
contents: read
pull-requests: write
id-token: write
uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/[email protected]
secrets: inherit
with:
cloud: azure
paths: ${{ inputs.paths }}
tf_version: ${{ inputs.tf_version }}
pr-id: ${{ inputs.pr-id }}
comment-id: ${{ inputs.comment-id }}
branch: ${{ inputs.branch }}
terratest_action: Apply
apply_timeout: 60
87 changes: 87 additions & 0 deletions .github/workflows/chatops.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
name: ChatOPS dispatcher
run-name: "ChatOPS bot for PR - (#${{ github.event.issue.number }}) ${{ github.event.issue.title }}"

permissions:
contents: read

on:
issue_comment:
types: [created]

concurrency:
group: chat-${{ github.event.issue.number }}
cancel-in-progress: true

jobs:
dispatch:
name: Dispatch a test job
if: ${{ github.event.issue.pull_request }}
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: get PR head branch
uses: actions/github-script@v6
id: pr
with:
result-encoding: string
script: |
let pr = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
})
console.log(pr.data.head.ref)
return pr.data.head.ref
- name: Generate GitHub token
id: generate-token
uses: tibdex/github-app-token@v2
with:
app_id: ${{ secrets.CHATOPS_APP_ID }}
private_key: ${{ secrets.CHATOPS_APP_PRIVATE_KEY }}
installation_retrieval_mode: id
installation_retrieval_payload: ${{ secrets.CHATOPS_APP_INSTALLATION_ID }}

- name: "dispatch test command on branch: ${{ steps.pr.outputs.result }}"
id: scd
uses: peter-evans/slash-command-dispatch@v3
with:
token: ${{ steps.generate-token.outputs.token }}
issue-type: pull-request
dispatch-type: workflow
permission: maintain
commands: |
validate
plan
apply
idempotence
sca
help
static-args: |
comment-id=${{ github.event.comment.id }}
pr-id=${{ github.event.issue.number }}
pr-title=${{ github.event.issue.title }}
branch=${{ steps.pr.outputs.result }}
- name: Edit comment with error message
if: steps.scd.outputs.error-message
uses: peter-evans/create-or-update-comment@v3
with:
comment-id: ${{ github.event.comment.id }}
body: |
> ${{ steps.scd.outputs.error-message }}
reactions: '-1'
reactions-edit-mode: replace

- name: Concurency ratio fallback
if: cancelled()
uses: peter-evans/create-or-update-comment@v3
with:
comment-id: ${{ github.event.comment.id }}
body: |
> ChatOPS run cancelled.
> See [job run log](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details.
reactions: 'confused'
reactions-edit-mode: replace
67 changes: 67 additions & 0 deletions .github/workflows/help-command.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
name: ChatOPS Help
run-name: "Display ChatOPS help (#${{ github.event.inputs.pr-id }}) ${{ github.event.inputs.pr-title }}"

on:
workflow_dispatch:
inputs:
pr-id:
description: ID of the PR that triggered this workflow
type: string
required: true
pr-title:
description: Title of the PR that triggered this workflow
type: string
required: true
comment-id:
description: 'The comment-id of the slash command'
type: string
required: true
branch:
description: Branch on which the tests should run
type: string
default: main

jobs:
help:
name: Add help comment to originating PR
permissions:
contents: read
pull-requests: write
runs-on: ubuntu-latest
steps:
- name: add help comment
uses: peter-evans/create-or-update-comment@v3
with:
comment-id: ${{ inputs.comment-id }}
issue-number: ${{ inputs.pr-id }}
body: |
## ChatOPS built in help:
Currently supported commands include:
* `/sca` - run all SCA tests via `pre-commit`
* `/validate` - run `terraform validate`
* `/plan` - plan the infrastructure (only examples)
* `/apply` - deploy the infrastructure and destroy afterwards (only examples)
* `/idempotence` - test idempotence: deploy, plan and destroy afterwards (only examples).
The 1<sup>st</sup> command does not take arguments, the remaining take two:
* `paths` - a space delimitied list of module paths
* `tf_version` - (optional, defaults to the latest available) a space delimited list of Terraform versions to test the infrastrucure against.
Examples:
```bash
# run idempotence tests on listed modules with Terraform versions: 1.2 (latest patch available), 1.4 (latest patch available), 1.5.4.
/idempotence paths="examples/common_vmseries examples/panorama_standalone" tf_version="1.2 1.4 1.5.4"
```
```bash
# run validation tests with the latest available Terraform version on listed modules.
/validate paths="modules/vmseries modules/vnet examples/dedicated_vmseries"
```
reactions: '+1'
reactions-edit-mode: replace
53 changes: 53 additions & 0 deletions .github/workflows/idempotence-command.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: ChatOPS Idempotence
run-name: "On demand Idempotence test for PR - (#${{ github.event.inputs.pr-id }}) ${{ github.event.inputs.pr-title }}"

permissions:
contents: read

concurrency: chatops-apply

on:
workflow_dispatch:
inputs:
paths:
description: Space delimited list of module paths to test
type: string
required: true
tf_version:
description: Terraform versions to use for tests, comma-separated list
type: string
pr-id:
description: ID of the PR that triggered this workflow
type: string
required: true
pr-title:
description: Title of the PR that triggered this workflow
type: string
required: true
comment-id:
description: 'The comment-id of the slash command'
type: string
required: true
branch:
description: Branch on which the tests should run
type: string
default: main

jobs:
test:
name: Run idempotence test
permissions:
contents: read
pull-requests: write
id-token: write
uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/[email protected]
secrets: inherit
with:
cloud: azure
paths: ${{ inputs.paths }}
tf_version: ${{ inputs.tf_version }}
pr-id: ${{ inputs.pr-id }}
comment-id: ${{ inputs.comment-id }}
branch: ${{ inputs.branch }}
terratest_action: Idempotence
apply_timeout: 60
52 changes: 52 additions & 0 deletions .github/workflows/plan-command.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
name: ChatOPS Plan
run-name: "On demand Plan test for PR - (#${{ github.event.inputs.pr-id }}) ${{ github.event.inputs.pr-title }}"

permissions:
contents: read

concurrency: chatops-plan

on:
workflow_dispatch:
inputs:
paths:
description: Space delimited list of module paths to test
type: string
required: true
tf_version:
description: Terraform versions to use for tests, comma-separated list
type: string
pr-id:
description: ID of the PR that triggered this workflow
type: string
required: true
pr-title:
description: Title of the PR that triggered this workflow
type: string
required: true
comment-id:
description: 'The comment-id of the slash command'
type: string
required: true
branch:
description: Branch on which the tests should run
type: string
default: main

jobs:
test:
name: Run plan test
permissions:
contents: read
pull-requests: write
id-token: write
uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/[email protected]
secrets: inherit
with:
cloud: azure
paths: ${{ inputs.paths }}
tf_version: ${{ inputs.tf_version }}
pr-id: ${{ inputs.pr-id }}
comment-id: ${{ inputs.comment-id }}
branch: ${{ inputs.branch }}
terratest_action: Plan
34 changes: 34 additions & 0 deletions .github/workflows/pre-commit-update.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: Pre-Commit update
run-name: "Update Pre-Commit dependencies"

permissions:
contents: write
pull-requests: write

on:
workflow_dispatch:
schedule:
- cron: 0 1 1 * * # 1am of every 1st day of every month

jobs:
update:
name: "Update Pre-Commit dependencies"
uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/[email protected]

pre-commit:
name: Run Pre-Commit with the udpated config
needs: [update]
if: needs.update.outputs.pr_operation == 'created' || needs.update.outputs.pr_operation == 'updated'
uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/[email protected]
with:
pre-commit-hooks: terraform_fmt terraform_docs terraform_tflint checkov
branch: pre-commit-dependencies-update

comment-pr:
name: Give comment on the PR if pre-commit failed
needs: [pre-commit, update]
if: always() && (needs.pre-commit.result == 'failure' || needs.pre-commit.result == 'success')
uses: PaloAltoNetworks/terraform-modules-vmseries-ci-workflows/.github/workflows/[email protected]
with:
pr_number: ${{ needs.update.outputs.pr_number }}
job_result: ${{ needs.pre-commit.result }}
Loading

0 comments on commit eb679f1

Please sign in to comment.