|
| 1 | +name: Create test image mirror PR |
| 2 | + |
| 3 | +on: |
| 4 | + workflow_dispatch: |
| 5 | + inputs: |
| 6 | + pr_number: |
| 7 | + description: "PR number in dd-trace-java-docker-build (e.g. 123)" |
| 8 | + required: true |
| 9 | + |
| 10 | +jobs: |
| 11 | + create-test-mirror-pr: |
| 12 | + runs-on: ubuntu-latest |
| 13 | + permissions: |
| 14 | + id-token: write # Required for OIDC token federation |
| 15 | + contents: read |
| 16 | + steps: |
| 17 | + - uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3 |
| 18 | + id: octo-sts |
| 19 | + with: |
| 20 | + scope: DataDog/images |
| 21 | + policy: dd-trace-java-docker-build.update-mirror |
| 22 | + |
| 23 | + - name: Checkout DataDog/images |
| 24 | + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 |
| 25 | + with: |
| 26 | + repository: DataDog/images |
| 27 | + token: ${{ steps.octo-sts.outputs.token }} |
| 28 | + |
| 29 | + - name: Capture images HEAD SHA |
| 30 | + id: images-head |
| 31 | + run: echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT" |
| 32 | + |
| 33 | + - name: Install crane |
| 34 | + run: | |
| 35 | + CRANE_VERSION="0.20.2" |
| 36 | + curl -fsSL "https://github.com/google/go-containerregistry/releases/download/v${CRANE_VERSION}/go-containerregistry_Linux_x86_64.tar.gz" -o crane.tar.gz |
| 37 | + tar -xzf crane.tar.gz crane |
| 38 | + sudo mv crane /usr/local/bin/crane |
| 39 | + rm crane.tar.gz |
| 40 | +
|
| 41 | + - name: Resolve digests and update mirror files |
| 42 | + id: update-mirror |
| 43 | + env: |
| 44 | + PR_NUMBER: ${{ github.event.inputs.pr_number }} |
| 45 | + run: | |
| 46 | + python3 - <<'PYEOF' |
| 47 | + import subprocess, re, os |
| 48 | +
|
| 49 | + SOURCE_REPO = "ghcr.io/datadog/dd-trace-java-docker-build" |
| 50 | + VARIANTS = [ |
| 51 | + "base", "7", "8", "11", "17", "21", "25", "tip", |
| 52 | + "zulu8", "zulu11", "oracle8", "ibm8", |
| 53 | + "semeru8", "semeru11", "semeru17", |
| 54 | + "graalvm17", "graalvm21", "graalvm25", |
| 55 | + ] |
| 56 | +
|
| 57 | + pr_number = os.environ["PR_NUMBER"] |
| 58 | + if not pr_number.isdigit(): |
| 59 | + raise ValueError(f"PR_NUMBER must be numeric, got: {pr_number!r}") |
| 60 | +
|
| 61 | + prefix = f"{pr_number}_merge-" |
| 62 | + print(f"Resolving digests for prefix: {prefix!r}") |
| 63 | +
|
| 64 | + digests = {} |
| 65 | + for variant in VARIANTS: |
| 66 | + tag = f"{prefix}{variant}" |
| 67 | + result = subprocess.run( |
| 68 | + ["crane", "digest", f"{SOURCE_REPO}:{tag}"], |
| 69 | + capture_output=True, text=True, check=True, |
| 70 | + ) |
| 71 | + digest = result.stdout.strip() |
| 72 | + digests[variant] = digest |
| 73 | + print(f" {tag}: {digest}") |
| 74 | +
|
| 75 | + # Check whether entries already exist in mirror.yaml (use base as sentinel) |
| 76 | + with open("mirror.yaml", "r") as f: |
| 77 | + yaml_content = f.read() |
| 78 | +
|
| 79 | + entries_exist = f"{SOURCE_REPO}:{prefix}base" in yaml_content |
| 80 | + mode = "update" if entries_exist else "add" |
| 81 | + print(f"\nMode: {mode} ({'entries exist, updating digests only' if entries_exist else 'no entries found, adding new entries'})") |
| 82 | +
|
| 83 | + github_output = os.environ.get("GITHUB_OUTPUT", "") |
| 84 | + if github_output: |
| 85 | + with open(github_output, "a") as f: |
| 86 | + f.write(f"mode={mode}\n") |
| 87 | +
|
| 88 | + if mode == "add": |
| 89 | + yaml_entries = [] |
| 90 | + for variant in VARIANTS: |
| 91 | + tag = f"{prefix}{variant}" |
| 92 | + source = f"{SOURCE_REPO}:{tag}" |
| 93 | + yaml_entries.append( |
| 94 | + f' - source: "{source}"\n' |
| 95 | + f' dest:\n' |
| 96 | + f' repo: "dd-trace-java-docker-build"\n' |
| 97 | + f' tag: "{tag}"\n' |
| 98 | + f' replication_target: ""\n' |
| 99 | + ) |
| 100 | + with open("mirror.yaml", "a") as f: |
| 101 | + f.write("".join(yaml_entries)) |
| 102 | + print(f"Appended {len(yaml_entries)} entries to mirror.yaml") |
| 103 | +
|
| 104 | + # Always update mirror.lock.yaml: replace digest in-place if entry exists, append if not |
| 105 | + with open("mirror.lock.yaml", "r") as f: |
| 106 | + lock_content = f.read() |
| 107 | +
|
| 108 | + for variant in VARIANTS: |
| 109 | + tag = f"{prefix}{variant}" |
| 110 | + source = f"{SOURCE_REPO}:{tag}" |
| 111 | + digest = digests[variant] |
| 112 | + pattern = rf"( - source: {re.escape(source)}\n digest: )sha256:[a-f0-9]+" |
| 113 | + if re.search(pattern, lock_content): |
| 114 | + lock_content = re.sub(pattern, rf"\g<1>{digest}", lock_content) |
| 115 | + print(f"Updated mirror.lock.yaml: {tag}") |
| 116 | + else: |
| 117 | + lock_content = lock_content.rstrip("\n") + "\n" |
| 118 | + lock_content += f" - source: {source}\n digest: {digest}\n" |
| 119 | + print(f"Appended to mirror.lock.yaml: {tag}") |
| 120 | +
|
| 121 | + with open("mirror.lock.yaml", "w") as f: |
| 122 | + f.write(lock_content) |
| 123 | +
|
| 124 | + PYEOF |
| 125 | +
|
| 126 | + - name: Define branch name |
| 127 | + id: define-branch |
| 128 | + run: echo "branch=ci/add-dd-trace-java-docker-build-test-images-pr${{ github.event.inputs.pr_number }}" >> "$GITHUB_OUTPUT" |
| 129 | + |
| 130 | + - name: Commit changes |
| 131 | + id: create-commit |
| 132 | + env: |
| 133 | + PR_NUMBER: ${{ github.event.inputs.pr_number }} |
| 134 | + MODE: ${{ steps.update-mirror.outputs.mode }} |
| 135 | + run: | |
| 136 | + git config user.name "github-actions[bot]" |
| 137 | + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" |
| 138 | + git add mirror.yaml mirror.lock.yaml |
| 139 | + if [[ "$MODE" == "update" ]]; then |
| 140 | + git commit -m "chore: Update dd-trace-java-docker-build test image digests for PR #${PR_NUMBER}" |
| 141 | + else |
| 142 | + git commit -m "chore: Add dd-trace-java-docker-build test images for PR #${PR_NUMBER}" |
| 143 | + fi |
| 144 | + echo "commit=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT" |
| 145 | +
|
| 146 | + - name: Push changes |
| 147 | + uses: DataDog/commit-headless@05d7b7ee023e2c7d01c47832d420c2503cd416f3 # action/v2.0.3 |
| 148 | + with: |
| 149 | + token: "${{ steps.octo-sts.outputs.token }}" |
| 150 | + branch: "${{ steps.define-branch.outputs.branch }}" |
| 151 | + head-sha: "${{ steps.images-head.outputs.sha }}" |
| 152 | + create-branch: true |
| 153 | + command: push |
| 154 | + commits: "${{ steps.create-commit.outputs.commit }}" |
| 155 | + |
| 156 | + - name: Create or identify pull request |
| 157 | + env: |
| 158 | + GH_TOKEN: ${{ steps.octo-sts.outputs.token }} |
| 159 | + PR_NUMBER: ${{ github.event.inputs.pr_number }} |
| 160 | + run: | |
| 161 | + BRANCH="${{ steps.define-branch.outputs.branch }}" |
| 162 | + EXISTING_PR=$(gh pr list --repo DataDog/images --head "$BRANCH" --json url -q '.[0].url' 2>/dev/null || true) |
| 163 | + if [[ -n "$EXISTING_PR" ]]; then |
| 164 | + echo "PR already exists: $EXISTING_PR" |
| 165 | + else |
| 166 | + gh pr create \ |
| 167 | + --repo DataDog/images \ |
| 168 | + --draft \ |
| 169 | + --title "Add dd-trace-java-docker-build test images for PR #${PR_NUMBER}" \ |
| 170 | + --base master \ |
| 171 | + --head "$BRANCH" \ |
| 172 | + --body "Adds mirror entries for \`${PR_NUMBER}_merge-*\` test images from DataDog/dd-trace-java-docker-build#${PR_NUMBER}. To use in dd-trace-java CI, set \`TESTER_IMAGE_VERSION_PREFIX: \"${PR_NUMBER}_merge-\"\` in \`.gitlab-ci.yml\`." |
| 173 | + fi |
0 commit comments