Skip to content

[Index] Monitor remote index.yaml #1150

[Index] Monitor remote index.yaml

[Index] Monitor remote index.yaml #1150

Workflow file for this run

name: '[Index] Monitor remote index.yaml'
on:
schedule:
# Every 10 minutes
- cron: '*/10 * * * *'
# Remove all permissions by default
permissions: {}
jobs:
integrity-check:
name: Compare the index.yaml checksums remote and locally
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
result: ${{ steps.integrity-check.outputs.result }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
ref: 'index'
- name: Check index integrity
id: integrity-check
run: |
status="fail"
attempts=0
# We want to check for consistent failures
# To do so, we will look for 3 consecutive failures with a 30 seconds wait
# A single success is enough to pass
while [[ "${status}" != "ok" && $attempts -lt 3 ]]; do
# Check the index.yaml integrity
REMOTE_MD5=($(curl -Ls https://charts.bitnami.com/bitnami/index.yaml | md5sum))
REPOSITORY_MD5=($(md5sum bitnami/index.yaml))
# Compare the index.yaml checksums remote and locally
if [[ "${REPOSITORY_MD5[0]}" == "${REMOTE_MD5[0]}" ]]; then
status='ok'
else
attempts=$((attempts+1))
echo "Integrity check failed. Remote checksum '${REMOTE_MD5[0]}' does not match expected '${REPOSITORY_MD5[0]}'";
# Refresh the 'index' branch in case it was updated
git fetch origin index
git reset --hard origin/index
# Wait 30 seconds
sleep 30
fi
done
echo "result=${status}" >> $GITHUB_OUTPUT
- name: Show messages
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with:
script: |
if ("${{ steps.integrity-check.outputs.result }}" != "ok" ) {
core.setFailed("Integrity check failed");
} else {
core.info("Integrity check succeeded")
}
validation-check:
name: Validate the helm repository can be added and updated
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
result: ${{ steps.validation-check.outputs.result }}
steps:
- name: Install helm
run: |
HELM_TARBALL="helm-v3.8.1-linux-amd64.tar.gz"
curl -SsLfO "https://get.helm.sh/${HELM_TARBALL}" && sudo tar xf "$HELM_TARBALL" --strip-components 1 -C /usr/local/bin
- name: Validate helm repository
id: validation-check
run: |
repo="https://charts.bitnami.com/bitnami"
status="fail"
attempts=0
# We want to check for consistent failures
# To do so, we will look for 3 consecutive failures with a 30 seconds wait
# A single success is enough to pass
while [[ "${status}" != "ok" && $attempts -lt 3 ]]; do
# Validates the helm repository can be added and updated
if helm repo add bitnami "${repo}" && helm repo update bitnami; then
status="ok"
else
attempts=$((attempts+1))
echo "Failed to pull charts from helm repository '${repo}'"
# If present, remove repository to allow retries
if helm repo list | grep -q bitnami; then
helm repo remove bitnami
fi
# Wait 30 seconds
sleep 30
fi
done
echo "result=${status}" >> $GITHUB_OUTPUT
- name: Show messages
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with:
script: |
if ("${{ steps.validation-check.outputs.result }}" != "ok" ) {
core.setFailed("Validation check failed");
} else {
core.info("Validation check succeeded")
}
upload:
name: Re-upload index.yaml
needs: [validation-check, integrity-check]
if: ${{ always() && (needs.validation-check.outputs.result != 'ok' || needs.integrity-check.outputs.result != 'ok') }}
uses: bitnami/charts/.github/workflows/sync-chart-cloudflare-index.yml@index
secrets: inherit
permissions:
contents: read
notify:
name: Send notification
needs: [validation-check, integrity-check]
if: ${{ always() && (needs.validation-check.outputs.result != 'ok' || needs.integrity-check.outputs.result != 'ok') }}
uses: bitnami/charts/.github/workflows/gchat-notification.yml@main
with:
workflow: ${{ github.workflow }}
job-url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
secrets: inherit