Skip to content

canonical/operator-workflows

Repository files navigation

operator-workflows

This repository includes several parametrized CI workflows to be used for both kubernetes and machine charms.

To use the workflows in your repository, just reuse them including the secrets: inherit key. Examples of usage for every workflow can be found at the indico operator. Note that you will need a CHARMHUB_TOKEN among your repository secrets to be able to run the workflows that interact with charmhub.

Workflows

Test Workflow (canonical/operator-workflows/.github/workflows/test.yaml@main)

This workflow executes the default tox targets defined in the tox.ini file and generates a plain text report. This requires the lint, unit, static and coverage-report tox environments to be included in the tox defaults. See the workflow file for workflow inputs.

Comment Workflow (canonical/operator-workflows/.github/workflows/comment.yaml@main)

Posts the content of the artifact specified as a comment in a PR. It needs to be triggered from a PR triggered workflow.

Integration Test Workflow (canonical/operator-workflows/.github/workflows/integration_test.yaml@main)

Builds the existing docker or rock images, if any, and executes the integration test target defined in the tox.ini file. The tox environment used can be changed with the test-tox-env input. See the workflow file for workflow inputs.

More information about OWASP ZAP testing can be found here.

More information about Trivy testing can be found here.

The following secrets are available for this workflow:

Name Description
INTEGRATION_TEST_ARGS Additional arguments to pass to the integration test execution that contain secrets

When running the integration tests, the following posargs will be automatically passed to the integration target:

  • --charm-file [charm_file_name]: The name of the charm artifact generated prior to the integration tests run, this argument can be supplied multiple times for charm with multiple bases.
  • --{image-name}-image: The name of the image artifact built prior to the integration tests run, this argument may be supplied multiple times or not at all depending on the plan
  • --{resource-name}-resource: The name of the charm file resources built prior to the integration tests run, this argument may be supplied multiple times or not at all depending on the plan
  • --series [series]: As defined in the series configuration described option above
  • -k [module]: As defined in the modules configuration option described above
  • --keep-models
  • --model testing: Only for tests running on a microk8s substrate
  • One parameter per resource defined in the metadata.yaml of the charm, containing a reference to the built image

For instance, for pytest you can leverage this by adding a conftest.py file

def pytest_addoption(parser):
    """Add test arguments."""
    parser.addoption("--charm-file", action="append")

and then use the argument value

charm = pytestconfig.getoption("--charm-file")[0] # the charm only has one base

tmate can be run on failed tests either by setting the tmate-debug input to 'true' or by re-running a job with the "Enable debug logging" checkbox checked.

Publish Charm Workflow (canonical/operator-workflows/.github/workflows/publish_charm.yaml@main)

Publishes the charm and its resources to appropriate channel, as defined here.

This workflow requires a CHARMHUB_TOKEN secret containing a charmhub token with package-manage and package-view permissions for the charm and the destination channel. See how to generate it here.

By default, the publish workflow will search for an integration test workflow that was succeeded with the exact matching git tree ID. It will then use the artifacts built in that workflow run (charms and images) as the assets for upload. This default behavior can be overridden by providing the workflow-run-id input to the publish workflow. When this input is supplied, the publish workflow will specifically retrieve artifacts from the given workflow run.

See the workflow file for workflow inputs.

Promote Charm Workflow (canonical/operator-workflows/.github/workflows/promote_charm.yaml@main)

Promotes a charm from the selected origin channel to the selected target channel.

This workflow requires a CHARMHUB_TOKEN secret containing a charmhub token with package-manage and package-view permissions for the charm and the origin and destination channels. See how to generate it here.

See the workflow file for workflow inputs.

Update Charm Libs Workflow (canonical/operator-workflows/.github/workflows/auto_update_charm_libs.yaml@main)

Checks if updates to the charm libraries are available and, of necessary, opens a pull request to update them.

This workflow requires pull_request and content write permissions and a CHARMHUB_TOKEN secret containing a charmhub token. See how to generate it here.

Bot PR Approval Workflow (canonical/operator-workflows/.github/workflows/bot_pr_approval.yaml@main)

Automatically provides 1 approval for PRs generated by bots.