fix: add workflows

Signed-off-by: Debarati Basu-Nag <dbasunag@redhat.com>

Author: dbasunag

.github/workflows/add-remove-labels.yml

@@ -11,7 +11,8 @@ on:
       contains(github.event.comment.body, '/wip') ||
       contains(github.event.comment.body, '/verified') ||
       contains(github.event.comment.body, '/lgtm') ||
-      contains(github.event.comment.body, '/hold')
+      contains(github.event.comment.body, '/hold') ||
+      contains(github.event.comment.body, '/build-push-pr-image')
 
 
 permissions:

.github/workflows/delete-image-tag.yml

@@ -0,0 +1,32 @@
+name: Delete PR Image On PR Close Action
+
+on:
+  pull_request_target:
+    types: [closed]
+
+permissions:
+  pull-requests: write
+  contents: write
+  issues: write
+
+jobs:
+    delete-quay-tag:
+      runs-on: ubuntu-latest
+      steps:
+        - name: Install regctl
+          run: |
+            curl -LO https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64
+            chmod +x regctl-linux-amd64
+            sudo mv regctl-linux-amd64 /usr/local/bin/regctl
+            regctl version
+
+        - name: Configure regctl authentication
+          run: |
+            regctl registry login quay.io -u ${{ secrets.QUAY_USERNAME }} -p ${{ secrets.QUAY_PASSWORD }}
+            echo "PR number: ${{ github.event.pull_request.number }}"
+            echo "TAG_TO_DELETE=$(regctl tag ls quay.io/opendatahub/opendatahub-tests --include pr-${{ github.event.pull_request.number }})" >> $GITHUB_ENV
+        - name: Delete Quay Tag
+          if: env.TAG_TO_DELETE != ''
+          run: |
+            echo "Deleting tag '$TAG_TO_DELETE' from repository..."
+            regctl tag rm quay.io/opendatahub/opendatahub-tests:pr-${{ github.event.pull_request.number }}

.github/workflows/push-container-on-comment.yml

@@ -0,0 +1,68 @@
+name: Push Container Image On PR Comment
+
+on:
+  issue_comment:
+    types: [created]
+
+permissions:
+  pull-requests: write
+  contents: write
+  issues: write
+
+jobs:
+  push-container-on-comment:
+    if: contains(github.event.comment.body, '/build-push-pr-image')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout pull request
+        uses: actions/checkout@v4
+        with:
+          ref: refs/pull/${{ github.event.issue.number }}/head
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+
+      - name: Check if the user is authorized
+        env:
+          GITHUB_TOKEN: ${{ secrets.RHODS_CI_BOT_PAT }}
+          GITHUB_PR_NUMBER: ${{ github.event.issue.number }}
+          GITHUB_EVENT_ACTION: ${{ github.event.action }}
+          GITHUB_EVENT_REVIEW_STATE: ${{ github.event.review.state }}
+          GITHUB_EVENT_NAME: ${{ github.event_name }}
+          COMMENT_BODY: ${{ github.event.comment.body }}
+          REVIEW_COMMENT_BODY: ${{ github.event.review.body }}
+          GITHUB_USER_LOGIN: ${{ github.event.sender.login }}
+          ACTION: "push-container-on-comment"
+        run: uv run python .github/workflows/scripts/pr_workflow.py
+      - name: Set env TAG for image
+        run: |
+          echo "TAG=pr-${{ github.event.issue.number }}" >> "$GITHUB_ENV"
+      - name: Build Image to push
+        id: build-image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: opendatahub-tests
+          tags: ${{ env.TAG }}
+          containerfiles: |
+            ./Dockerfile
+      - name: Push To Image Registry
+        id: push-to-registry
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: ${{ steps.build-image.outputs.image }}
+          tags: ${{ steps.build-image.outputs.tags }}
+          registry: quay.io/opendatahub
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+
+      - name: Add comment to PR
+        if: always()
+        env:
+          URL: ${{ github.event.issue.comments_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          curl \
+            -X POST \
+            $URL \
+            -H "Content-Type: application/json" \
+            -H "Authorization: token $GITHUB_TOKEN" \
+            --data '{ "body": "Status of building tag ${{ env.TAG }}: ${{ steps.build-image.outcome }}. \nStatus of pushing tag ${{ env.TAG }} to image registry: ${{ steps.push-to-registry.outcome }}." }'

.github/workflows/scripts/pr_workflow.py

@@ -32,10 +32,12 @@ class SupportedActions:
         add_remove_labels_action_name: str = "add-remove-labels"
         pr_size_action_name: str = "add-pr-size-label"
         welcome_comment_action_name: str = "add-welcome-comment"
+        build_push_pr_image_action_name: str = "push-container-on-comment"
         supported_actions: set[str] = {
             pr_size_action_name,
             add_remove_labels_action_name,
             welcome_comment_action_name,
+            build_push_pr_image_action_name,
         }
 
     def __init__(self) -> None:
@@ -55,7 +57,7 @@ def __init__(self) -> None:
     def verify_base_config(self) -> None:
         if not self.action or self.action not in self.SupportedActions.supported_actions:
             sys.exit(
-                "`ACTION` is not set in workflow or is not supported. "
+                f"{self.action} is not set in workflow or is not supported. "
                 f"Supported actions: {self.SupportedActions.supported_actions}"
             )
 
@@ -77,8 +79,8 @@ def verify_base_config(self) -> None:
         )
 
     def set_gh_config(self) -> None:
-        gh_client: Github = Github(login_or_token=self.github_token)
-        self.repo = gh_client.get_repo(full_name_or_id=self.repo_name)
+        self.gh_client: Github = Github(login_or_token=self.github_token)
+        self.repo = self.gh_client.get_repo(full_name_or_id=self.repo_name)
         self.pr = self.repo.get_pull(number=self.pr_number)
 
 
@@ -88,9 +90,10 @@ def __init__(self) -> None:
         self.user_login = os.getenv("GITHUB_USER_LOGIN")
         self.review_state = os.getenv("GITHUB_EVENT_REVIEW_STATE")
         self.comment_body = os.getenv("COMMENT_BODY", "")
+        if self.event_name == "pull_request_review":
+            self.comment_body = os.getenv("REVIEW_COMMENT_BODY", "")
         self.last_commit = list(self.pr.get_commits())[-1]
         self.last_commit_sha = self.last_commit.sha
-
         self.verify_labeler_config()
 
     def verify_labeler_config(self) -> None:
@@ -107,12 +110,31 @@ def verify_labeler_config(self) -> None:
             if self.event_name == "pull_request_review" and not self.review_state:
                 sys.exit("`GITHUB_EVENT_REVIEW_STATE` is not set")
 
+    def verify_allowed_user(self) -> bool:
+        org = self.gh_client.get_organization("opendatahub-io")
+        # slug is the team name with replaced special characters,
+        # all words to lowercase and spaces replace with a -
+        try:
+            team = org.get_team_by_slug("opendatahub-tests-contributors")
+            # check if the user is a member of opendatahub-tests-contributors
+            membership = team.get_team_membership(member=self.user_login)
+            LOGGER.info(f"User {self.user_login} is a member of the test contributor team. {membership}")
+            return True
+        except UnknownObjectException:
+            LOGGER.error(f"User {self.user_login} is not allowed for this action. Exiting.")
+            return False
+
     def run_pr_label_action(self) -> None:
         if self.action == self.SupportedActions.pr_size_action_name:
             self.set_pr_size()
 
+        if self.action == self.SupportedActions.build_push_pr_image_action_name:
+            if not self.verify_allowed_user():
+                sys.exit(1)
+
         if self.action == self.SupportedActions.add_remove_labels_action_name:
-            self.add_remove_pr_labels()
+            if self.verify_allowed_user():
+                self.add_remove_pr_labels()
 
         if self.action == self.SupportedActions.welcome_comment_action_name:
             self.add_welcome_comment()