feat(deploy-my-kibana): use github secrets (#142)

elastic · Oct 8, 2024 · 9780588 · 9780588
1 parent bde9fdf
commit 9780588
Show file tree

Hide file tree

Showing 5 changed files with 265 additions and 2 deletions.
diff --git a/.github/workflows/test-oblt-cli-deploy-my-kibana.yml b/.github/workflows/test-oblt-cli-deploy-my-kibana.yml
@@ -0,0 +1,72 @@
+name: test-deploy-my-kibana
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - '.github/workflows/test-deploy-my-kibana.yml'
+      - 'oblt-cli/deploy-my-kibana/**'
+  push:
+    branches:
+      - main
+    paths:
+      - '.github/workflows/test-deploy-my-kibana.yml'
+      - 'oblt-cli/deploy-my-kibana/**'
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  deploy-my-kibana:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: ./oblt-cli/deploy-my-kibana
+        with:
+          github-app-id: ${{ secrets.OBS_AUTOMATION_APP_ID }}
+          github-app-private-key: ${{ secrets.OBS_AUTOMATION_APP_PEM }}
+          comment-url: https://github.com/elastic/oblt-actions/pull/59#issuecomment-2213186823
+          comment-id: 2213186823
+          issue-url: https://api.github.com/repos/elastic/oblt-actions/issues/59
+          repository: 'elastic/oblt-actions'
+
+  no-parameters:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./oblt-cli/deploy-my-kibana
+        id: validation
+        continue-on-error: true
+      - name: Assert is failure if no parameters
+        run: test "${{steps.validation.outcome}}" = "failure"
+
+  all-parameters:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./oblt-cli/deploy-my-kibana
+        id: validation
+        continue-on-error: true
+        with:
+          github-app-id: "app"
+          github-app-private-key: "key"
+          github-token: "foo"
+      - name: Assert is failure if all parameters
+        run: test "${{steps.validation.outcome}}" = "failure"
+
+  test:
+    if: always()
+    needs:
+      - deploy-my-kibana
+      - no-parameters
+      - all-parameters
+    runs-on: ubuntu-latest
+    steps:
+      - id: check
+        uses: elastic/oblt-actions/check-dependent-jobs@v1
+        with:
+          jobs: ${{ toJSON(needs) }}
+      - run: ${{ steps.check.outputs.is-success }}
diff --git a/.github/workflows/test-oblt-cli-undeploy-my-kibana.yml b/.github/workflows/test-oblt-cli-undeploy-my-kibana.yml
@@ -27,7 +27,7 @@ jobs:
         with:
           github-app-id: ${{ secrets.OBS_AUTOMATION_APP_ID }}
           github-app-private-key: ${{ secrets.OBS_AUTOMATION_APP_PEM }}
-          pull-request: '187489'
+          pull-request: '195219'
           repository: 'elastic/kibana'
 
   no-parameters:

diff --git a/oblt-cli/deploy-my-kibana/README.md b/oblt-cli/deploy-my-kibana/README.md
@@ -0,0 +1,51 @@
+# <!--name-->oblt-cli/deploy-my-kibana<!--/name-->
+
+[![usages](https://img.shields.io/badge/usages-white?logo=githubactions&logoColor=blue)](https://github.com/search?q=elastic%2Foblt-actions%2Foblt-cli%2Fdeploy-my-kibana+%28path%3A.github%2Fworkflows+OR+path%3A**%2Faction.yml+OR+path%3A**%2Faction.yaml%29&type=code)
+[![test-oblt-cli-deploy-my-kibana](https://github.com/elastic/oblt-actions/actions/workflows/test-oblt-cli-deploy-my-kibana.yml/badge.svg?branch=main)](https://github.com/elastic/oblt-actions/actions/workflows/test-oblt-cli-deploy-my-kibana.yml)
+
+
+<!--description-->
+Run the deploy my Kibana PR.
+<!--/description-->
+
+## Inputs
+<!--inputs-->
+| Name                     | Description                                                 | Required | Default                                 |
+|--------------------------|-------------------------------------------------------------|----------|-----------------------------------------|
+| `comment-url`            | The GitHub Comment URL                                      | `false`  | `${{ github.event.comment.html_url }}`  |
+| `comment-id`             | The GitHub Comment ID                                       | `false`  | `${{ github.event.comment.id }}`        |
+| `issue-url`              | The GitHub Issue URL                                        | `false`  | `${{ github.event.comment.issue_url }}` |
+| `repository`             | The GitHub repository                                       | `false`  | `${{ github.repository }}`              |
+| `user`                   | The GitHub user that triggered the workflow                 | `false`  | `${{ github.triggering_actor }}`        |
+| `github-token`           | The GitHub Personal Access Token.                           | `false`  | ` `                                     |
+| `github-app-id`          | The GitHub App ID to generate the ephemeral token.          | `false`  | ` `                                     |
+| `github-app-private-key` | The GitHub App Private Key to generate the ephemeral token. | `false`  | ` `                                     |
+<!--/inputs-->
+
+## Output
+<!--outputs-->
+| Name    | Description                                                   |
+|---------|---------------------------------------------------------------|
+| `issue` | The GitHub issue that has been created to destroy the cluster |
+<!--/outputs-->
+
+## Usage
+<!--usage action="elastic/oblt-actions/**" version="env:VERSION"-->
+```yaml
+on:
+  issue_comment:
+    types: [created]
+jobs:
+  deploy-my-kibana:
+    runs-on: ubuntu-latest
+    permissions:
+      # if you listen for PRs, use this to use some comment reactions
+      pull-requests: write
+      # if you listen for issues, use this to use some comment reactions
+      issues: write
+    steps:
+      - uses: elastic/oblt-actions/oblt-cli/deploy-my-kibana@v1
+        with:
+          github-token: ${{ secrets.PAT_TOKEN }}
+```
+<!--/usage-->
diff --git a/oblt-cli/deploy-my-kibana/action.yml b/oblt-cli/deploy-my-kibana/action.yml
@@ -0,0 +1,140 @@
+name: 'oblt-cli/deploy-my-kibana'
+description: 'Run the deploy my Kibana PR.'
+inputs:
+  comment-url:
+    description: 'The GitHub Comment URL'
+    default: ${{ github.event.comment.html_url }}
+  comment-id:
+    description: 'The GitHub Comment ID'
+    default: ${{ github.event.comment.id }}
+  issue-url:
+    description: 'The GitHub Issue URL'
+    default: ${{ github.event.comment.issue_url }}
+  repository:
+    description: 'The GitHub repository'
+    default: ${{ github.repository }}
+  user:
+    description: 'The GitHub user that triggered the workflow'
+    default: ${{ github.triggering_actor }}
+  github-token:
+    description: 'The GitHub Personal Access Token.'
+    required: false
+  github-app-id:
+    description: 'The GitHub App ID to generate the ephemeral token.'
+    required: false
+  github-app-private-key:
+    description: 'The GitHub App Private Key to generate the ephemeral token.'
+    required: false
+
+outputs:
+  issue:
+    description: 'The GitHub issue that has been created to destroy the cluster'
+    value: ${{ steps.deploy-my-kibana.outputs.issue }}
+
+runs:
+  using: "composite"
+  steps:
+    - uses: elastic/oblt-actions/github/comment-reaction@v1
+      with:
+        repository: ${{ inputs.repository }}
+        comment-id: ${{ inputs.comment-id }}
+        github-token: ${{ github.token }}
+
+    - if: ${{ (inputs.github-token == '' && inputs.github-app-id == '' && inputs.github-app-private-key == '') || (inputs.github-token != '' && inputs.github-app-id != '' && inputs.github-app-private-key != '') }}
+      name: Validate input parameters
+      run: echo "use either github-token or github-app-id and github-app-private-key" && exit 1
+      shell: bash
+
+    - name: Get token
+      if: ${{ inputs.github-token == '' }}
+      id: get_token
+      uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+      with:
+        app_id: ${{ inputs.github-app-id }}
+        private_key: ${{ inputs.github-app-private-key }}
+        installation_retrieval_mode: organization
+        installation_retrieval_payload: elastic
+        permissions: >-
+          {
+            "contents": "read",
+            "issues": "write",
+            "members": "read"
+          }
+        # As long as we use members: read we cannot use the repositories input.
+
+    - if: ${{ inputs.github-token == '' }}
+      name: If ephemeral GitHub token app generated
+      run: echo "GH_TOKEN=${{ steps.get_token.outputs.token }}" >> "$GITHUB_ENV"
+      shell: bash
+
+    - if: ${{ inputs.github-token != '' }}
+      name: If GitHub token provided
+      run: echo "GH_TOKEN=${{ inputs.github-token }}" >> "$GITHUB_ENV"
+      shell: bash
+
+    - uses: elastic/oblt-actions/github/is-member-of@v1
+      id: is_elastic_member
+      with:
+        github-user: ${{ inputs.user }}
+        github-org: "elastic"
+        github-token: ${{ env.GH_TOKEN }}
+
+    - name: Get cluster given the target branch (either edge-lite or release)
+      if: contains(steps.is_elastic_member.outputs.result, 'true')
+      run: |-
+        PR=$(basename ${{ inputs.issue-url }})
+        echo "PR=${PR}" >> $GITHUB_ENV
+
+        # issue_comment does not contain any references to github.base_ref
+        TARGET_BRANCH=$(gh pr view ${PR} --repo ${{ inputs.repository }} --json baseRefName --jq .baseRefName)
+
+        if [ "${TARGET_BRANCH}" == 'main' ] ; then
+          echo "CLUSTER=edge-lite-oblt" >> $GITHUB_ENV
+        else
+          echo "CLUSTER=release-oblt" >> $GITHUB_ENV
+        fi
+      shell: bash
+
+    - name: Create GitHub issue
+      if: contains(steps.is_elastic_member.outputs.result, 'true')
+      id: deploy-my-kibana
+      run: |-
+        cat <<EOT >> .body-content
+        ### From cluster
+
+        ${{ env.CLUSTER }}
+
+        ### Kibana branch
+
+        pr/${{ env.PR }}
+
+        ### Custom prefix (Optional)
+
+        _No response_
+
+        ### Oblt-cli user (Optional)
+
+        deploykibana
+
+        ### Further details
+
+        Caused by @${{ inputs.user }} in ${{ inputs.comment-url }} via this [GitHub workflow build](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}/attempts/${{ github.run_attempt }})
+        EOT
+        gh issue \
+          create \
+          --label 'deploy-custom-kibana' \
+          --title "[Deploy Kibana] for user ${{ inputs.user }} with PR kibana@pr-${{ env.PR }} on cluster ${{ env.CLUSTER }}" \
+          --assignee ${{ inputs.user }} \
+          --body-file .body-content \
+          --repo elastic/observability-test-environments | tee .issue
+        echo "issue=$(cat .issue)" >> "$GITHUB_OUTPUT"
+      shell: bash
+
+    - name: Notify with a reaction if a non-elastician comment
+      uses: elastic/oblt-actions/github/comment-reaction@v1
+      if: contains(steps.is_elastic_member.outputs.result, 'false')
+      with:
+        repository: ${{ inputs.repository }}
+        comment-id: ${{ inputs.comment-id }}
+        emoji: '-1'
+        github-token: ${{ github.token }}
diff --git a/oblt-cli/undeploy-my-kibana/README.md b/oblt-cli/undeploy-my-kibana/README.md
@@ -1,7 +1,7 @@
 # <!--name-->oblt-cli/undeploy-my-kibana<!--/name-->
 
 [![usages](https://img.shields.io/badge/usages-white?logo=githubactions&logoColor=blue)](https://github.com/search?q=elastic%2Foblt-actions%2Foblt-cli%2Fundeploy-my-kibana+%28path%3A.github%2Fworkflows+OR+path%3A**%2Faction.yml+OR+path%3A**%2Faction.yaml%29&type=code)
-[![test-oblt-cli-cluster-name-validation](https://github.com/elastic/oblt-actions/actions/workflows/test-oblt-cli-undeploy-my-kibana.yml/badge.svg?branch=main)](https://github.com/elastic/oblt-actions/actions/workflows/test-oblt-cli-undeploy-my-kibana.yml)
+[![test-oblt-cli-undeploy-my-kibana](https://github.com/elastic/oblt-actions/actions/workflows/test-oblt-cli-undeploy-my-kibana.yml/badge.svg?branch=main)](https://github.com/elastic/oblt-actions/actions/workflows/test-oblt-cli-undeploy-my-kibana.yml)
 
 <!--description-->
 Undeploy my kibana given the Pull Request