-
Notifications
You must be signed in to change notification settings - Fork 74
CNF-23534: Add automated OpenAPI schema generation for PolicyGenerator list merging #787
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
2738ba5
bae2fc6
1a5246f
e1e3b43
3cb1a09
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| name: OpenAPI Schema Check | ||
|
|
||
| on: | ||
| schedule: | ||
| # Run daily at 7:00 AM UTC | ||
| - cron: '0 7 * * *' | ||
| workflow_dispatch: # Allow manual trigger | ||
|
|
||
| permissions: | ||
| contents: write | ||
| pull-requests: write | ||
|
|
||
| jobs: | ||
| check-schemas: | ||
| name: Check OpenAPI Schemas | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| persist-credentials: false | ||
|
|
||
| - name: Install dependencies | ||
| run: | | ||
| YQ_VERSION="v4.53.2" | ||
| YQ_SHA256="d56bf5c6819e8e696340c312bd70f849dc1678a7cda9c2ad63eebd906371d56b" | ||
| curl -sL "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" -o /usr/local/bin/yq | ||
| echo "${YQ_SHA256} /usr/local/bin/yq" | sha256sum -c - | ||
|
imiller0 marked this conversation as resolved.
|
||
| chmod +x /usr/local/bin/yq | ||
| pip install PyYAML==6.0.2 | ||
|
|
||
| - name: Regenerate OpenAPI schemas | ||
| run: make generate-openapi-schemas | ||
|
|
||
| - name: Create Pull Request | ||
| uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11 | ||
| with: | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| commit-message: 'chore: Update OpenAPI schemas for PolicyGenerator' | ||
| committer: GitHub Actions Bot <actions@github.com> | ||
| author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com> | ||
| branch: update-openapi-schemas | ||
| delete-branch: true | ||
| title: 'Update OpenAPI schemas for PolicyGenerator list merging' | ||
| body: | | ||
| ## Automated OpenAPI Schema Update | ||
|
|
||
| The `schema.openapi` files used by ACM PolicyGenerator for strategic | ||
| list merging are out of date with respect to the current Subscription | ||
| channels and upstream CRDs. | ||
|
|
||
| ### Changed files | ||
| - `hack/crd-schema-config.json` — updated channels / refs | ||
| - `telco-ran/.../acmpolicygenerator/schema.openapi` | ||
| - `telco-core/configuration/schema.openapi` | ||
|
|
||
| ### How to Review | ||
| - Verify the updated refs match the expected operator release branches | ||
| - Check that merge keys are still correct for the new CRD versions | ||
|
|
||
| --- | ||
| *This PR was automatically generated by `make generate-openapi-schemas`.* | ||
| labels: | | ||
| automated | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,138 @@ | ||
| { | ||
| "_comment": [ | ||
| "Single source of truth for OpenAPI schema generation.", | ||
| "Static fields (source, merge_keys, version, package_name, ref_rule)", | ||
| "are manually maintained.", | ||
| "Dynamic fields (subscription_channel, components, source.github.ref)", | ||
| "are updated by: python3 hack/generate-schema-config.py", | ||
|
Comment on lines
+4
to
+7
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Would it make sense to separate the static and dynamic/derived data into separate files? Perhaps yaml file listing the static (human generated) data.
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The dynamic fields ( Splitting into two files would add complexity to the merge/read logic, since the round-trip update preserves static fields and git diff shows exactly what changed. The _comment block at the top documents which fields are static vs dynamic. We can revisit if the config grows significantly, but for 6 CRD entries the single file keeps things simple. |
||
| "To regenerate schemas: make generate-openapi-schemas" | ||
| ], | ||
| "crds": [ | ||
| { | ||
| "name": "PtpConfig", | ||
| "package_name": "ptp-operator", | ||
| "ref_rule": "release-ocp", | ||
| "components": [ | ||
| "ran" | ||
| ], | ||
| "subscription_channel": "stable", | ||
| "source": { | ||
| "github": { | ||
| "owner": "openshift", | ||
| "repo": "ptp-operator", | ||
| "ref": "release-4.22", | ||
| "path": "config/crd/bases/ptp.openshift.io_ptpconfigs.yaml" | ||
| } | ||
| }, | ||
| "merge_keys": { | ||
| "spec.profile": "name", | ||
| "spec.recommend": "profile", | ||
| "status.matchList": "nodeName" | ||
| } | ||
| }, | ||
| { | ||
| "name": "ClusterLogForwarder", | ||
| "package_name": "cluster-logging", | ||
| "ref_rule": "release-channel", | ||
| "components": [ | ||
| "core", | ||
| "ran" | ||
| ], | ||
| "subscription_channel": "stable-6.5", | ||
| "source": { | ||
| "github": { | ||
| "owner": "openshift", | ||
| "repo": "cluster-logging-operator", | ||
| "ref": "release-6.5", | ||
| "path": "config/crd/bases/observability.openshift.io_clusterlogforwarders.yaml" | ||
| } | ||
| }, | ||
| "merge_keys": { | ||
| "spec.filters": "name", | ||
| "spec.inputs": "name", | ||
| "spec.outputs": "name", | ||
| "spec.pipelines": "name" | ||
| } | ||
| }, | ||
| { | ||
| "name": "Tuned", | ||
| "ref_rule": "release-ocp", | ||
| "components": [ | ||
| "core", | ||
| "ran" | ||
| ], | ||
| "subscription_channel": "built-in (NTO)", | ||
| "source": { | ||
| "github": { | ||
| "owner": "openshift", | ||
| "repo": "cluster-node-tuning-operator", | ||
| "ref": "release-4.22", | ||
| "path": "manifests/20-tuned.crd.yaml" | ||
| } | ||
| }, | ||
| "merge_keys": { | ||
| "spec.profile": "name", | ||
| "spec.recommend": "profile" | ||
| } | ||
| }, | ||
| { | ||
| "name": "PerformanceProfile", | ||
| "version": "v2", | ||
| "ref_rule": "release-ocp", | ||
| "components": [ | ||
| "core", | ||
| "ran" | ||
| ], | ||
| "subscription_channel": "built-in (NTO)", | ||
| "source": { | ||
| "github": { | ||
| "owner": "openshift", | ||
| "repo": "cluster-node-tuning-operator", | ||
| "ref": "release-4.22", | ||
| "path": "manifests/20-performance-profile.crd.yaml" | ||
| } | ||
| }, | ||
| "merge_keys": {} | ||
| }, | ||
| { | ||
| "name": "NUMAResourcesOperator", | ||
| "package_name": "numaresources-operator", | ||
| "ref_rule": "release-ocp", | ||
| "components": [ | ||
| "core" | ||
| ], | ||
| "subscription_channel": "4.22", | ||
| "source": { | ||
| "github": { | ||
| "owner": "openshift-kni", | ||
| "repo": "numaresources-operator", | ||
| "ref": "release-4.22", | ||
| "path": "config/crd/bases/nodetopology.openshift.io_numaresourcesoperators.yaml" | ||
| } | ||
| }, | ||
| "merge_keys": { | ||
| "spec.nodeGroups": "poolName" | ||
| } | ||
| }, | ||
| { | ||
| "name": "ImageDigestMirrorSet", | ||
| "ref_rule": "release-ocp", | ||
| "components": [ | ||
| "core", | ||
| "ran" | ||
| ], | ||
| "subscription_channel": "built-in (OCP)", | ||
| "source": { | ||
| "github": { | ||
| "owner": "openshift", | ||
| "repo": "api", | ||
| "ref": "release-4.22", | ||
| "path": "config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_imagedigestmirrorsets.crd.yaml" | ||
| } | ||
| }, | ||
| "merge_keys": { | ||
| "spec.imageDigestMirrors": "source" | ||
| } | ||
| } | ||
| ] | ||
| } | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are there finer grained permissions that can be granted. These are pretty broad.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are already the minimum required permissions for peter-evans/create-pull-request - contents: write to push the commit and pull-requests: write to create the PR. This matches the permissions used by doc-updater.yml in this repo. There are no finer-grained alternatives for this use case where we want to automatically create PRs.
What restrictions/rules did you have in mind?