Merge branch 'opendatahub-io:main' into main

Author: dbasunag

.github/workflows/add-remove-labels.yml

@@ -19,7 +19,8 @@ jobs:
       contains(github.event.comment.body, '/verified') ||
       contains(github.event.comment.body, '/lgtm') ||
       contains(github.event.comment.body, '/hold') ||
-      contains(github.event.comment.body, '/cherry-pick')
+      contains(github.event.comment.body, '/cherry-pick') ||
+      contains(github.event.comment.body, '/build-push-pr-image')
     runs-on: ubuntu-latest
 
     steps:
@@ -41,7 +42,7 @@ jobs:
 
       - name: Run add remove labels
         env:
-          GITHUB_TOKEN: ${{ secrets.OPENDATAHUB_TESTS_BOT_PAT }}
+          GITHUB_TOKEN: ${{ secrets.RHODS_CI_BOT_PAT }}
           GITHUB_PR_NUMBER: "${{ github.event.pull_request.number || github.event.issue.number }}"
           GITHUB_EVENT_ACTION: ${{ github.event.action }}
           GITHUB_EVENT_REVIEW_STATE: ${{ github.event.review.state }}

.github/workflows/cherry-pick-comment.yml

@@ -17,9 +17,9 @@ jobs:
       - name: Checkout the latest code
         uses: actions/checkout@v4
         with:
-          token: ${{ secrets.OPENDATAHUB_TESTS_BOT_PAT }}
+          token: ${{ secrets.RHODS_CI_BOT_PAT }}
           fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
       - name: Automatic Cherry Pick
         uses:  dbasunag/cherry-pick-pr@master
         env:
-          GITHUB_TOKEN: ${{ secrets.OPENDATAHUB_TESTS_BOT_PAT }}
+          GITHUB_TOKEN: ${{ secrets.RHODS_CI_BOT_PAT }}

.github/workflows/delete-image-tag.yml

@@ -0,0 +1,32 @@
+name: Delete PR Image On PR Close Action
+
+on:
+  pull_request_target:
+    types: [closed]
+
+permissions:
+  pull-requests: write
+  contents: write
+  issues: write
+
+jobs:
+    delete-quay-tag:
+      runs-on: ubuntu-latest
+      steps:
+        - name: Install regctl
+          run: |
+            curl -LO https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64
+            chmod +x regctl-linux-amd64
+            sudo mv regctl-linux-amd64 /usr/local/bin/regctl
+            regctl version
+
+        - name: Configure regctl authentication
+          run: |
+            regctl registry login quay.io -u ${{ secrets.QUAY_USERNAME }} -p ${{ secrets.QUAY_PASSWORD }}
+            echo "PR number: ${{ github.event.pull_request.number }}"
+            echo "TAG_TO_DELETE=$(regctl tag ls quay.io/opendatahub/opendatahub-tests --include pr-${{ github.event.pull_request.number }})" >> $GITHUB_ENV
+        - name: Delete Quay Tag
+          if: env.TAG_TO_DELETE != ''
+          run: |
+            echo "Deleting tag '$TAG_TO_DELETE' from repository..."
+            regctl tag rm quay.io/opendatahub/opendatahub-tests:pr-${{ github.event.pull_request.number }}

.github/workflows/on-review-add-label.yml

@@ -83,6 +83,6 @@ jobs:
         uses: astral-sh/setup-uv@v6
       - name: 'Run add-remove-labels action'
         env:
-          GITHUB_TOKEN: ${{ secrets.OPENDATAHUB_TESTS_BOT_PAT }}
+          GITHUB_TOKEN: ${{ secrets.RHODS_CI_BOT_PAT }}
           GITHUB_EVENT_NAME: ${{ needs.download_context_artifact.outputs.event_name }}
         run: uv run python .github/workflows/scripts/pr_workflow.py

.github/workflows/push-container-on-comment.yml

@@ -0,0 +1,68 @@
+name: Push Container Image On PR Comment
+
+on:
+  issue_comment:
+    types: [created]
+
+permissions:
+  pull-requests: write
+  contents: write
+  issues: write
+
+jobs:
+  push-container-on-comment:
+    if: contains(github.event.comment.body, '/build-push-pr-image')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout pull request
+        uses: actions/checkout@v4
+        with:
+          ref: refs/pull/${{ github.event.issue.number }}/head
+      - name: Install uv
+        uses: astral-sh/setup-uv@v6
+
+      - name: Check if the user is authorized
+        env:
+          GITHUB_TOKEN: ${{ secrets.RHODS_CI_BOT_PAT }}
+          GITHUB_PR_NUMBER: ${{ github.event.issue.number }}
+          GITHUB_EVENT_ACTION: ${{ github.event.action }}
+          GITHUB_EVENT_REVIEW_STATE: ${{ github.event.review.state }}
+          GITHUB_EVENT_NAME: ${{ github.event_name }}
+          COMMENT_BODY: ${{ github.event.comment.body }}
+          REVIEW_COMMENT_BODY: ${{ github.event.review.body }}
+          GITHUB_USER_LOGIN: ${{ github.event.sender.login }}
+          ACTION: "push-container-on-comment"
+        run: uv run python .github/workflows/scripts/pr_workflow.py
+      - name: Set env TAG for image
+        run: |
+          echo "TAG=pr-${{ github.event.issue.number }}" >> "$GITHUB_ENV"
+      - name: Build Image to push
+        id: build-image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: opendatahub-tests
+          tags: ${{ env.TAG }}
+          containerfiles: |
+            ./Dockerfile
+      - name: Push To Image Registry
+        id: push-to-registry
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: ${{ steps.build-image.outputs.image }}
+          tags: ${{ steps.build-image.outputs.tags }}
+          registry: quay.io/opendatahub
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+
+      - name: Add comment to PR
+        if: always()
+        env:
+          URL: ${{ github.event.issue.comments_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          curl \
+            -X POST \
+            $URL \
+            -H "Content-Type: application/json" \
+            -H "Authorization: token $GITHUB_TOKEN" \
+            --data '{ "body": "Status of building tag ${{ env.TAG }}: ${{ steps.build-image.outcome }}. \nStatus of pushing tag ${{ env.TAG }} to image registry: ${{ steps.push-to-registry.outcome }}." }'

.github/workflows/scripts/pr_workflow.py

@@ -34,10 +34,12 @@ class SupportedActions:
         add_remove_labels_action_name: str = "add-remove-labels"
         pr_size_action_name: str = "add-pr-size-label"
         welcome_comment_action_name: str = "add-welcome-comment-set-assignee"
+        build_push_pr_image_action_name: str = "push-container-on-comment"
         supported_actions: set[str] = {
             pr_size_action_name,
             add_remove_labels_action_name,
             welcome_comment_action_name,
+            build_push_pr_image_action_name,
         }
 
     def __init__(self) -> None:
@@ -58,7 +60,7 @@ def __init__(self) -> None:
     def verify_base_config(self) -> None:
         if not self.action or self.action not in self.SupportedActions.supported_actions:
             sys.exit(
-                "`ACTION` is not set in workflow or is not supported. "
+                f"{self.action} is not set in workflow or is not supported. "
                 f"Supported actions: {self.SupportedActions.supported_actions}"
             )
 
@@ -97,10 +99,9 @@ def __init__(self) -> None:
             self.comment_body = os.getenv("REVIEW_COMMENT_BODY", "")
         self.last_commit = list(self.pr.get_commits())[-1]
         self.last_commit_sha = self.last_commit.sha
-
         self.verify_labeler_config()
 
-    def verify_allowed_user(self) -> None:
+    def verify_allowed_user(self) -> bool:
         org: Organization = self.gh_client.get_organization("opendatahub-io")
         # slug is the team name with replaced special characters,
         # all words to lowercase and spaces replace with a -
@@ -109,9 +110,10 @@ def verify_allowed_user(self) -> None:
             # check if the user is a member of opendatahub-tests-contributors
             membership = team.get_team_membership(member=self.user_login)
             LOGGER.info(f"User {self.user_login} is a member of the test contributor team. {membership}")
+            return True
         except UnknownObjectException:
             LOGGER.error(f"User {self.user_login} is not allowed for this action. Exiting.")
-            sys.exit(0)
+            return False
 
     def verify_labeler_config(self) -> None:
         if self.action == self.SupportedActions.add_remove_labels_action_name and self.event_name in (
@@ -131,9 +133,13 @@ def run_pr_label_action(self) -> None:
         if self.action == self.SupportedActions.pr_size_action_name:
             self.set_pr_size()
 
+        if self.action == self.SupportedActions.build_push_pr_image_action_name:
+            if not self.verify_allowed_user():
+                sys.exit(1)
+
         if self.action == self.SupportedActions.add_remove_labels_action_name:
-            self.verify_allowed_user()
-            self.add_remove_pr_labels()
+            if self.verify_allowed_user():
+                self.add_remove_pr_labels()
 
         if self.action == self.SupportedActions.welcome_comment_action_name:
             self.add_welcome_comment_set_assignee()

.github/workflows/workflow-review.yml

@@ -1,3 +1,4 @@
+# https://stackoverflow.com/questions/67247752/how-to-use-secret-in-pull-request-review-similar-to-pull-request-target
 name: Dummy Workflow on review
 
 on:

.pre-commit-config.yaml

@@ -35,7 +35,7 @@ repos:
       - id: detect-secrets
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.11.8
+    rev: v0.11.9
     hooks:
       - id: ruff
       - id: ruff-format

docs/GITHUB_WORKFLOWS.md

@@ -10,9 +10,12 @@
 
 ### On user action
 - Add to or remove a label from PR; supported labels: `wip`, `lgtm`, `verified`, and `hold`.  
-  To add a new label, add `/<label name>` in a comment.  
-  To remove a label, add `/<label name> cancel` in a comment.  
+- To add a new label, add `/<label name>` in a comment.  
+- To remove a label, add `/<label name> cancel` in a comment.  
   `verified` and `lgtm` are removed on new commits.
+- To build and push image to quay, add `/build-push-pr-image` in a comment.
+  This would create an image with tag pr-<pr_number> to quay repository. This image tag,
+  however would be deleted on PR merge or close action.
 
 ## How to add a new workflow
 1. Create a new file in `.github/workflows` directory.
@@ -25,7 +28,6 @@
 ## To be added
 - Block merging if not all defined checks pass. For example: a `verified` label was added and at least 2 approvals.
 - When a PR is opened, add reviewers (requires updates to OWNERS file(s))
-- When a PR is reviewed/commented by a user who's not the PR owner, add `reviewed|commented|approved-by-<username>` label
 - When a PR is ready to be merged (all checks passed), add `ready-to-merge` label
 - If a label is missing from the repository (i.e was manually deleted), add it back (label colors should be defined as well)
 - Tests

tests/conftest.py

@@ -14,6 +14,7 @@
 from ocp_resources.pod import Pod
 from ocp_resources.secret import Secret
 from ocp_resources.service import Service
+from ocp_utilities.monitoring import Prometheus
 from pyhelper_utils.shell import run_command
 from pytest import FixtureRequest, Config
 from kubernetes.dynamic import DynamicClient
@@ -23,6 +24,7 @@
 from pytest_testconfig import config as py_config
 from simple_logger.logger import get_logger
 
+from utilities.certificates_utils import create_ca_bundle_file
 from utilities.data_science_cluster_utils import update_components_in_dsc
 from utilities.exceptions import ClusterLoginError
 from utilities.infra import (
@@ -520,3 +522,15 @@ def cluster_sanity_scope_session(
         dsci_resource=dsci_resource,
         junitxml_property=junitxml_plugin,
     )
+
+
+@pytest.fixture(scope="session")
+def prometheus(admin_client: DynamicClient) -> Prometheus:
+    return Prometheus(
+        client=admin_client,
+        resource_name="thanos-querier",
+        verify_ssl=create_ca_bundle_file(
+            client=admin_client, ca_type="openshift"
+        ),  # TODO: Verify SSL with appropriate certs
+        bearer_token=get_openshift_token(),
+    )