re-usable workflow for generating base-component-descriptor

"Base-Component-Descriptor(s)" have been proven to be beneficial for integrating OCM-Component-Descriptors into CICD-Pipelines. Implement a reusable workflow that will generate a base-component-descriptor to avoid boilerplate in downstream pipelines. This is a preliminary for enabling both a stand-alone `component-descriptor` workflow/action(s), as well as support for draft-release-pipelines (which can operate on base-component-descriptors).
gardener · Jan 10, 2025 · bb09e40 · bb09e40
1 parent 947f06e
commit bb09e40
Show file tree

Hide file tree

Showing 2 changed files with 188 additions and 41 deletions.
diff --git a/.github/workflows/base-component-descriptor.yaml b/.github/workflows/base-component-descriptor.yaml
@@ -0,0 +1,155 @@
+name: Generate Base Component-Descriptor
+on:
+  workflow_call:
+    inputs:
+      version:
+        required: true
+        type: string
+      component-name:
+        required: false
+        type: string
+        description: |
+          Sets the Component-Name. If not passed, defaults to repository-URL
+      ocm-repo:
+        required: true
+        type: string
+        description: |
+          the OCM-Repository the Component-Descriptor is intended to be published to
+      commit-digest:
+        required: false
+        type: string
+        description: |
+          the commit-digest to use for declaring main source. If not passed, will default to
+          current HEAD. Useful in conjunction with `capture-commit` / `import-commit`, if
+          release-commit is created upfront.
+      provider:
+        required: false
+        type: string
+        default: SAP SE
+      labels:
+        required: false
+        type: string
+        description: |
+          Labels to set for the component in YAML-form (caveat: need to quote). May either be a
+          single object, or an array.
+          Example:
+            # single label
+            name: cloud.gardener.cnudie/responsibles
+            value:
+              - type: githubTeam
+                teamname: gardener/maintainers
+                github_hostname: github.com
+
+            # list of labels
+            - name: label1
+              value: value1
+            - name: label2
+              value: value2
+      src-labels:
+        required: false
+        type: string
+        description: |
+          Labels to be set for main-source. Same syntax as for `labels`
+      artefact-name:
+        default: base-component-descriptor
+        type: string
+        description: |
+          Base-Component-Descriptor is exposed both via output (component-descriptor) and as
+          artefact. If needed, target-artefact-name can be configured through this input.
+
+jobs:
+  base-component-descriptor:
+    runs-on: ubuntu-latest
+    outputs:
+      component-descriptor: ${{ steps.generate.outputs.component-descriptor }}
+      artefact-name: ${{ steps.generate.outputs.artefact-name }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: install gardener-gha-libs
+        uses: ./.github/actions/install-gardener-gha-libs
+      - name: Generate Base-Component-Descriptor
+        id: generate
+        run: |
+          set -eu
+          host="$(echo ${{ github.server_url }} | cut -d / -f3)"
+          if  ${{ inputs.component-name || false }}; then
+            component_name="${{inputs.component-name}}"
+          else
+            component_name="${host}/${{ github.repository }}"
+          fi
+
+          version="${{ inputs.version }}"
+          ocm_repo="${{ inputs.ocm-repo }}"
+          provider="${{ inputs.provider }}"
+          if [ -n "${{ inputs.labels }}" ]; then
+            labels="${{ inputs.labels }}"
+          else
+            labels="[]"
+          fi
+
+          echo "Initial Component-Descriptor:"
+          python3 -m ocm create \
+            --name "${component_name}" \
+            --version "${version}" \
+            --ocm-repo "${ocm_repo}" \
+            --provider "${provider}" \
+            --label "${labels}" \
+          > component-descriptor.yaml
+          cat component-descriptor.yaml
+
+          echo "Adding main source:"
+          set -x
+          if [ -n "${{ inputs.commit-digest }}" ]; then
+            commit="${{ inputs.commit-digest }}"
+          else
+            commit="${{ github.sha }}"
+          fi
+
+          if [ -n "${{ inputs.src-labels }}" ]; then
+            src_labels="${{ inputs.src-labels }}"
+          else
+            src_labels='[]'
+          fi
+
+          classification_label="$(cat << EOF
+          name: cloud.gardener/cicd/source
+          value:
+            repository-classification: main
+          EOF
+          )"
+
+          cat << EOF | python3 -m ocm append source \
+            --label "${src_labels}" \
+            --label "${classification_label}" \
+            --file component-descriptor.yaml
+          name: main-source
+          version: ${version}
+          type: git
+          access:
+            type: github
+            repoUrl: ${host}/${{ github.repository }}
+            commit: ${commit}
+            ref: ${{ github.ref }}
+          EOF
+
+          echo "Component-Descriptor:"
+          cat component-descriptor.yaml
+
+          # XXX: TODO: honour .ci/component_descriptor-callback
+
+          echo 'component-descriptor<<EOF' >> ${GITHUB_OUTPUT}
+          cat component-descriptor.yaml >> ${GITHUB_OUTPUT}
+          echo EOF >> ${GITHUB_OUTPUT}
+
+          cat << EOF > ${GITHUB_STEP_SUMMARY}
+          ## Base OCM-Component-Descriptor
+          \`\`\`
+          $(cat component-descriptor.yaml)
+          \`\`\`
+          EOF
+
+      - name: Upload Base-Component-Descriptor
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ inputs.artefact-name }}
+          path: component-descriptor.yaml
diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml
@@ -213,6 +213,33 @@ jobs:
         name: distribution-packages
         path: dist/
 
+  base-component-descriptor:
+    name: Generate Base-OCM-Component-Descriptor
+    needs:
+      - version
+      - params
+    uses: ./.github/workflows/base-component-descriptor.yaml
+    with:
+      version: ${{ needs.version.outputs.effective_version }}
+      ocm-repo: ${{ needs.params.outputs.ocm_repository }}
+      commit-digest: ${{ needs.version.outputs.release-commit-digest }}
+      labels: |
+        name: cloud.gardener.cnudie/responsibles
+        value:
+          - type: githubTeam
+            teamname: gardener/ci-maintainers
+            github_hostname: github.com
+      src-labels: |
+        - name: gardener.cloud/purposes
+          value:
+            - lint
+            - sast
+            - pybandit
+        - name: gardener.cloud/comment
+          value: |
+            we use bandit (linter) for SAST scans
+            see: https://bandit.readthedocs.io/en/latest/
+
   component_descriptor:
     name: Generate + Publish OCM-Component-Descriptor
     runs-on: ubuntu-latest
@@ -222,6 +249,7 @@ jobs:
       contents: write
       id-token: write
     needs:
+      - base-component-descriptor
       - version
       - params
       - package
@@ -264,51 +292,15 @@ jobs:
             requests \
             www-authenticate \
           &>/dev/null
-          python -c "import oci"
           version=${{ needs.version.outputs.effective_version }}
           ocm_repo=${{ needs.params.outputs.ocm_repository }}
-          echo "generating component-descriptor"
-          python3 -m ocm create \
-            --name github.com/${{ github.repository }} \
-            --version ${version} \
-            --ocm-repo ${ocm_repo} \
-            --provider sap-se \
-            --label '{
-                "name": "cloud.gardener.cnudie/responsibles",
-                "value": [
-                  {
-                    "type": "githubTeam",
-                    "teamname": "gardener/ci-maintainers",
-                    "github_hostname": "github.com"
-                  }
-                ]
-            }' \
+          echo "importing base-component-descriptor"
+          echo "${{ needs.base-component-descriptor.outputs.component-descriptor }}" \
             > component-descriptor.yaml
 
-          if ${{ inputs.release || false }}; then
-            commit_digest=${{ needs.version.outputs.release-commit-digest }}
-          else
-            commit_digest=${{ github.sha }}
-          fi
-
-          echo "adding main source"
-          echo "\
-          name: main-source
-          version: ${version}
-          type: git
-          labels:
-            - name: cloud.gardener/cicd/source
-              value:
-                repository-classification: main
-          access:
-            type: github
-            repoUrl: github.com/${{ github.repository }}
-            version: ${version}
-            commit: ${commit_digest}
-            ref: ${{ github.ref }}
-          " \
-          | python3 -m ocm append source \
-            --file component-descriptor.yaml
+          echo "base-component-descriptor:"
+          cat component-descriptor.yaml
+          echo "------------------------------------"
 
           echo "adding resources"
           ocm_resources=${{ needs.package.outputs.ocm_resources }}