diff --git a/.github/workflows/commit-checker.yaml b/.github/workflows/commit-checker.yaml new file mode 100644 index 000000000000..cbc2bb308316 --- /dev/null +++ b/.github/workflows/commit-checker.yaml @@ -0,0 +1,32 @@ +name: Unit Tests +on: + pull_request: + types: + - opened + - reopened + - closed + - synchronize + workflow_dispatch: +env: + RESOURCES_DIR: ${{ github.workspace }}/.github/resources +jobs: + commit_checker: + runs-on: ubuntu-latest + steps: + - name: Get Commits + id: get-commits + run: | + echo "PR_NUMBER=${{ github.event.pull_request.number }}" + COMMITS=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/commits") + + COMMITS_HASHES=`echo ${COMMITS} | jq -r '.[].sha'` + echo "commits_hashes=${COMMITS_HASHES}" >> $GITHUB_OUTPUT + - name: Run Commit Checker + run: | + repo_dir=$(pwd) + for COMMIT_HASH in ${{ steps.get-commits.outputs.commits_hashes }} + do + echo "Validate Commit $COMMIT_HASH" + podman run -v $(pwd):/src/app-root quay.io/rmartine/commitchecker:latest --start $COMMIT_HASH --end $COMMIT_HASH + done \ No newline at end of file diff --git a/samples/v2/pipeline_secret_env.yaml b/samples/v2/pipeline_secret_env.yaml new file mode 100644 index 000000000000..e76a7fa90930 --- /dev/null +++ b/samples/v2/pipeline_secret_env.yaml @@ -0,0 +1,64 @@ +# PIPELINE DEFINITION +# Name: pipeline-secret-env +components: + comp-comp: + executorLabel: exec-comp +deploymentSpec: + executors: + exec-comp: + container: + args: + - --executor_input + - '{{$}}' + - --function_to_execute + - comp + command: + - sh + - -c + - "\nif ! [ -x \"$(command -v pip)\" ]; then\n python3 -m ensurepip ||\ + \ python3 -m ensurepip --user || apt-get install python3-pip\nfi\n\nPIP_DISABLE_PIP_VERSION_CHECK=1\ + \ python3 -m pip install --quiet --no-warn-script-location 'kfp==2.7.0'\ + \ '--no-deps' 'typing-extensions>=3.7.4,<5; python_version<\"3.9\"' && \"\ + $0\" \"$@\"\n" + - sh + - -ec + - 'program_path=$(mktemp -d) + + + printf "%s" "$0" > "$program_path/ephemeral_component.py" + + _KFP_RUNTIME=true python3 -m kfp.dsl.executor_main --component_module_path "$program_path/ephemeral_component.py" "$@" + + ' + - "\nimport kfp\nfrom kfp import dsl\nfrom kfp.dsl import *\nfrom typing import\ + \ *\n\ndef comp():\n import os\n import sys\n if os.environ['SECRET_VAR']\ + \ == \"service_account\":\n print(\"Success\")\n return 0\n\ + \ else:\n print(os.environ['SECRET_VAR'] + \" is not service_account\"\ + )\n sys.exit(\"Failure: cannot access secret as env variable\")\n\ + \n" + image: python:3.7 +pipelineInfo: + name: pipeline-secret-env +root: + dag: + tasks: + comp: + cachingOptions: + enableCache: true + componentRef: + name: comp-comp + taskInfo: + name: comp +schemaVersion: 2.1.0 +sdkVersion: kfp-2.7.0 +--- +platforms: + kubernetes: + deploymentSpec: + executors: + exec-comp: + secretAsEnv: + - keyToEnv: + - envVar: SECRET_VAR + secretKey: type + secretName: user-gcp-sa diff --git a/tools/commit_checker/Dockerfile b/tools/commit_checker/Dockerfile new file mode 100644 index 000000000000..ac3f3f71240d --- /dev/null +++ b/tools/commit_checker/Dockerfile @@ -0,0 +1,26 @@ +FROM registry.access.redhat.com/ubi8/go-toolset:1.20 as builder + +WORKDIR /tmp +RUN git clone https://github.com/openshift/build-machinery-go.git && \ + cd /tmp/build-machinery-go/commitchecker && \ + go build + +FROM registry.access.redhat.com/ubi8/ubi-minimal:8.9 + +WORKDIR /bin + +COPY --from=builder /tmp/build-machinery-go/commitchecker/commitchecker /bin/commitchecker +RUN microdnf install git && \ + chmod +x /bin/commitchecker && \ + mkdir -p /src/app-root + +WORKDIR /src/app-root +ENTRYPOINT ["commitchecker"] + +LABEL name="Commit Checker tool" \ + summary="commitchecker validates a range of commits in a git repository and ensures they meet specific requirements: \ + 1. The author's email address does not start with "root@". \ + 2. The message starts with one of: \ + i. UPSTREAM: : description \ + ii. UPSTREAM: revert: \ + This is useful for repositories that are downstream forks of upstream repositories." \ No newline at end of file diff --git a/tools/commit_checker/validate_pr_commits.sh b/tools/commit_checker/validate_pr_commits.sh new file mode 100755 index 000000000000..8bfe448df89d --- /dev/null +++ b/tools/commit_checker/validate_pr_commits.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +start=$1 +end=$2 +config=$3 +fetch_mode=$4 + +print_usage() { + printf "Usage: validate_pr_commits.sh START [END [CONFIG [FETCH_MODE]]]\n" + printf " START = Commit hash to start\n" + printf " END = Last commit hash to check\n" + printf " CONFIG = Pass a config file\n" + printf " FETCH_MODE = Git fetch mode (default: https)\n" +} + +run_commit_checker() { + args="--start $start" + if [ ! -z "$end" ]; then + args="${args} --end $end" + fi + if [ ! -z "$config" ]; then + args="${args} --config $config" + fi + if [ ! -z "$fetch_mode" ]; then + args="${args} --fech-mode $fetch_mode" + fi + podman run -v $(pwd):/src/app-root quay.io/rmartine/commitchecker:latest $args +} + +if [ $# -eq 0 ]; then + print_usage + exit 0 +fi + +run_commit_checker \ No newline at end of file