Skip to content

Commit b36c983

Browse files
MrSteve81MrSteve81
committed
Update the Teerraform
Signed-off-by: Stephen Williams <stephenw@mindpointgroup.com>
1 parent 2191673 commit b36c983

2 files changed

Lines changed: 292 additions & 1 deletion

File tree

.github/workflows/central_benchmark_tracker.yml

Lines changed: 291 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,291 @@
1+
# Central Benchmark Tracker Workflow
2+
# This workflow handles two jobs:
3+
# 1. 'benchmark-tracker': Triggered when a PR from a benchmark branch is merged in a Private repo. It starts the 90-day tracking process.
4+
# 2. 'monitor-90day-promotions': Runs daily to check the age of benchmark tracking issues and promote them to public after 90+ days.
5+
6+
name: Central Benchmark Tracker
7+
8+
on:
9+
# Triggered by benchmark PR merges via workflow_call from Private repos
10+
workflow_call:
11+
inputs:
12+
repo_name:
13+
required: true
14+
type: string
15+
merged_branch:
16+
required: true
17+
type: string
18+
secrets:
19+
GITHUB_TOKEN:
20+
required: true
21+
TEAMS_WEBHOOK_URL:
22+
required: true
23+
24+
# Daily scheduled run to monitor open 90-day tracking issues
25+
schedule:
26+
- cron: '0 9 * * *' # Runs daily at 9AM UTC
27+
28+
# Job 1: Starts 90-day tracking when PR from benchmark_ is merged to latest in Private-*
29+
jobs:
30+
benchmark-tracker:
31+
name: Track New Benchmark Promotion
32+
if: ${{ github.event_name == 'workflow_call' }}
33+
runs-on: ubuntu-latest
34+
steps:
35+
# Ensure only Private-* repos trigger this
36+
- name: Validate calling repository is Private
37+
if: ${{ !startsWith(inputs.repo_name, 'Private-') }}
38+
run: |
39+
echo "❌ This workflow must be called by Private-* repos."
40+
exit 1
41+
42+
# Extract repo short name and public repo equivalent
43+
- name: Extract short repo name and public repo equivalent
44+
id: names
45+
run: |
46+
short_name=$(echo "${{ inputs.repo_name }}" | sed 's/^Private-//')
47+
echo "repo_short=$short_name" >> $GITHUB_OUTPUT
48+
echo "public_repo=ansible-lockdown/$short_name" >> $GITHUB_OUTPUT
49+
50+
# Clone the private repo and extract benchmark version from README
51+
- name: Clone private repo to extract benchmark version
52+
run: |
53+
git clone --depth 1 --branch latest https://github.com/${{ inputs.repo_name }}.git repo
54+
cd repo
55+
version=$(grep -Eo 'v[0-9]+\.[0-9]+\.[0-9]+' README.md | head -n1)
56+
if [ -z "$version" ]; then
57+
version=$(grep -Eo 'Version [0-9]+, Rel [0-9]+' README.md | head -n1)
58+
fi
59+
if [ -z "$version" ]; then
60+
echo "❌ Unable to determine version from README.md"
61+
exit 1
62+
fi
63+
echo "version=$version" >> $GITHUB_ENV
64+
65+
# Clone public repo to check what version is currently in 'devel'
66+
- name: Check version in public devel branch
67+
run: |
68+
git clone --depth 1 --branch devel https://github.com/${{ steps.names.outputs.public_repo }}.git public
69+
cd public
70+
pub_ver=$(grep -Eo 'v[0-9]+\.[0-9]+\.[0-9]+' README.md | head -n1)
71+
if [ -z "$pub_ver" ]; then
72+
pub_ver=$(grep -Eo 'Version [0-9]+, Rel [0-9]+' README.md | head -n1)
73+
fi
74+
echo "public_version=$pub_ver" >> $GITHUB_ENV
75+
76+
# Determine if a new tracking issue is required
77+
- name: Decide if tracking is needed
78+
id: version-check
79+
run: |
80+
if [ "$version" = "$public_version" ]; then
81+
echo "No tracking needed: $version is already in public repo."
82+
echo "needed=false" >> $GITHUB_OUTPUT
83+
else
84+
echo "Tracking needed: $version is not yet in public repo."
85+
echo "needed=true" >> $GITHUB_OUTPUT
86+
87+
# Create the GitHub issue to start 90-day clock
88+
- name: Create tracking issue in Private repo
89+
if: steps.version-check.outputs.needed == 'true'
90+
run: |
91+
title="Track promotion of $version to public"
92+
existing=$(gh issue list -R ${{ inputs.repo_name }} --state all --search "$title" --json number --jq '.[].number')
93+
if [ -n "$existing" ]; then
94+
echo "Issue already exists: #$existing"
95+
exit 0
96+
fi
97+
98+
gh issue create \
99+
--repo ${{ inputs.repo_name }} \
100+
--title "$title" \
101+
--body "This issue tracks promotion of version $version from Private to public.\n\nDue: 90 days from now." \
102+
--label benchmark-90day
103+
env:
104+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
105+
106+
# Send Teams message to notify tracking has started
107+
- name: Send Teams notification about tracking start
108+
if: steps.version-check.outputs.needed == 'true'
109+
run: |
110+
curl -X POST -H 'Content-Type: application/json' -d "{
111+
\"type\": \"message\",
112+
\"attachments\": [
113+
{
114+
\"contentType\": \"application/vnd.microsoft.card.adaptive\",
115+
\"content\": {
116+
\"type\": \"AdaptiveCard\",
117+
\"version\": \"1.4\",
118+
\"body\": [
119+
{
120+
\"type\": \"TextBlock\",
121+
\"size\": \"Large\",
122+
\"weight\": \"Bolder\",
123+
\"text\": \"📘 Benchmark Tracking Started\"
124+
},
125+
{
126+
\"type\": \"TextBlock\",
127+
\"text\": \"Tracking started for $version in ${{ inputs.repo_name }}.\n\nExpected promotion to public repo: ${{ steps.names.outputs.public_repo }} in 90 days.\",
128+
\"wrap\": true
129+
}
130+
],
131+
\"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\"
132+
}
133+
}
134+
]
135+
}" ${{ secrets.TEAMS_WEBHOOK_URL }}
136+
137+
monitor-90day-promotions:
138+
name: Monitor & Auto-Promote Benchmarks
139+
if: ${{ github.event_name == 'schedule' }}
140+
runs-on: ubuntu-latest
141+
142+
steps:
143+
# Install GitHub CLI so we can query issues and create/merge PRs
144+
- name: Install GitHub CLI
145+
run: |
146+
sudo apt-get update && sudo apt-get install -y gh
147+
148+
# Set the repository to monitor (the one that triggered this scheduled workflow)
149+
- name: Define repos to monitor
150+
run: |
151+
echo "PRIVATE_REPOS=${{ github.repository }}" >> $GITHUB_ENV
152+
153+
# Loop through each issue in the repo that is being tracked
154+
- name: Loop through repos and process issues
155+
run: |
156+
for repo in $PRIVATE_REPOS; do
157+
echo "Checking issues in $repo"
158+
159+
# Get all open issues labeled 'benchmark-90day'
160+
gh issue list -R ansible-lockdown/$repo --label benchmark-90day --state open --json title,number,createdAt --jq '.[]' > issues.json
161+
162+
# Process each issue individually
163+
jq -c '.' issues.json | while read -r issue; do
164+
# Extract issue metadata
165+
title=$(echo "$issue" | jq -r '.title')
166+
number=$(echo "$issue" | jq -r '.number')
167+
created_at=$(echo "$issue" | jq -r '.createdAt')
168+
169+
# Calculate age of issue in days
170+
age_days=$(( ( $(date +%s) - $(date -d "$created_at" +%s) ) / 86400 ))
171+
echo "Issue #$number ($title) is $age_days days old."
172+
173+
# Get the corresponding public repo name
174+
repo_short=$(echo "$repo" | sed 's/^Private-//')
175+
public_repo="ansible-lockdown/$repo_short"
176+
177+
# Prepare temp directory for version comparison
178+
rm -rf tmp && mkdir -p tmp && cd tmp
179+
180+
# Clone private repo to get current benchmark version
181+
git clone --depth 1 --branch latest https://github.com/ansible-lockdown/$repo.git private
182+
priv_ver=$(grep -Eo 'v[0-9]+\.[0-9]+\.[0-9]+' private/README.md | head -n1)
183+
[ -z "$priv_ver" ] && priv_ver=$(grep -Eo 'Version [0-9]+, Rel [0-9]+' private/README.md | head -n1)
184+
185+
# Clone public repo to get current version in 'devel'
186+
git clone --depth 1 --branch devel https://github.com/$public_repo.git public
187+
pub_ver=$(grep -Eo 'v[0-9]+\.[0-9]+\.[0-9]+' public/README.md | head -n1)
188+
[ -z "$pub_ver" ] && pub_ver=$(grep -Eo 'Version [0-9]+, Rel [0-9]+' public/README.md | head -n1)
189+
190+
cd .. && rm -rf tmp
191+
192+
# If version already promoted, close the issue
193+
if [ "$priv_ver" = "$pub_ver" ]; then
194+
echo "Already promoted. Closing issue #$number."
195+
gh issue close $number -R ansible-lockdown/$repo --comment "Benchmark version $priv_ver has been promoted to public. Closing tracker."
196+
continue
197+
fi
198+
199+
# If day 85-94: Send reminder card to Teams
200+
if [ $age_days -ge 85 ] && [ $age_days -lt 95 ]; then
201+
if [ $age_days -eq 90 ]; then
202+
reminder_msg="Benchmark $priv_ver from $repo is due for public release **today** (day 90)."
203+
elif [ $age_days -lt 90 ]; then
204+
days_left=$((90 - age_days))
205+
reminder_msg="Benchmark $priv_ver from $repo is due for public release in **$days_left day(s)** (target: day 90)."
206+
else
207+
overdue_days=$((age_days - 90))
208+
merge_in_days=$((95 - age_days))
209+
reminder_msg="Benchmark $priv_ver from $repo is **overdue by $overdue_days day(s)**.\nIt will be auto-promoted in **$merge_in_days day(s)** (at day 95)."
210+
fi
211+
212+
# Send reminder message to Teams
213+
echo "Sending Teams reminder for issue #$number: $reminder_msg"
214+
curl -X POST -H 'Content-Type: application/json' -d "{
215+
\"type\": \"message\",
216+
\"attachments\": [
217+
{
218+
\"contentType\": \"application/vnd.microsoft.card.adaptive\",
219+
\"content\": {
220+
\"type\": \"AdaptiveCard\",
221+
\"version\": \"1.4\",
222+
\"body\": [
223+
{ \"type\": \"TextBlock\", \"size\": \"Large\", \"weight\": \"Bolder\", \"text\": \"⏰ Benchmark Reminder\" },
224+
{ \"type\": \"TextBlock\", \"text\": \"$reminder_msg\", \"wrap\": true }
225+
],
226+
\"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\"
227+
}
228+
}
229+
]
230+
}" ${{ secrets.TEAMS_WEBHOOK_URL }}
231+
continue
232+
fi
233+
234+
# If day 95+: Auto-promote to public repo
235+
if [ $age_days -ge 95 ]; then
236+
echo "Auto-promoting $priv_ver from $repo to $public_repo"
237+
238+
# Create working directory and clone public repo
239+
mkdir -p promote && cd promote
240+
git clone --depth 1 --branch devel https://github.com/$public_repo.git public_repo
241+
cd public_repo
242+
git checkout -b promote-$priv_ver
243+
244+
# Clone private repo and copy files over (without git history)
245+
git clone --depth 1 --branch latest https://github.com/ansible-lockdown/$repo.git ../private_repo
246+
rsync -av --delete --exclude='.git' ../private_repo/ ./
247+
248+
# Commit and push changes to public repo
249+
git config user.name "github-actions"
250+
git config user.email "actions@github.com"
251+
git add .
252+
git commit -m "Auto-promoting $priv_ver from $repo"
253+
git push origin promote-$priv_ver
254+
255+
# Open and auto-merge the PR to devel
256+
gh pr create \
257+
--repo $public_repo \
258+
--head promote-$priv_ver \
259+
--base devel \
260+
--title "Promote $priv_ver from $repo" \
261+
--body "Auto-promoted after 95 days."
262+
gh pr merge promote-$priv_ver --squash --delete-branch --repo $public_repo
263+
264+
# Clean up workspace
265+
cd ../.. && rm -rf promote
266+
267+
# Close issue in private repo and notify Teams
268+
gh issue close $number -R ansible-lockdown/$repo --comment "Benchmark version $priv_ver auto-promoted to public on day $age_days."
269+
270+
curl -X POST -H 'Content-Type: application/json' -d "{
271+
\"type\": \"message\",
272+
\"attachments\": [
273+
{
274+
\"contentType\": \"application/vnd.microsoft.card.adaptive\",
275+
\"content\": {
276+
\"type\": \"AdaptiveCard\",
277+
\"version\": \"1.4\",
278+
\"body\": [
279+
{ \"type\": \"TextBlock\", \"size\": \"Large\", \"weight\": \"Bolder\", \"text\": \"📤 Benchmark Auto-Promoted\" },
280+
{ \"type\": \"TextBlock\", \"text\": \"Benchmark $priv_ver from $repo has been automatically promoted after $age_days days.\", \"wrap\": true }
281+
],
282+
\"$schema\": \"http://adaptivecards.io/schemas/adaptive-card.json\"
283+
}
284+
}
285+
]
286+
}" ${{ secrets.TEAMS_WEBHOOK_URL }}
287+
fi
288+
done
289+
done
290+
env:
291+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/export_badges_private.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ jobs:
5858
##################################################
5959
6060
# Windows GPO Pipeline Badge
61-
if [[ "$repo_short" == Windows-* ]]; then
61+
if [[ "$repo_short" == Private-Windows-* ]]; then
6262
status=$(gh run list -R "${{ inputs.repo_name }}" --workflow="main_pipeline_validation_gpo.yml" --json status,conclusion --jq '.[0] | .status + ":" + .conclusion' || echo "unknown:unknown")
6363
if [[ "$status" == "completed:success" ]]; then
6464
color=brightgreen; msg=Passing

0 commit comments

Comments
 (0)