Added CI to create PRs to bump to latest Ark timestamps

.github/actions/is_callee/action.yml

@@ -0,0 +1,21 @@
+name: Check if being used as reusable workflow
+description: Determines if running as part of a reusable workflow by checking if the specified current workflow file is the same as the caller
+inputs:
+  current_workflow_file:
+    required: true
+    description: The name of the workflow file this action is called from
+outputs:
+  is_callee: 
+    value: ${{ steps.workflows_match.outputs.is_callee }}
+    description: Returns 'true' (string) if called as a reusable workflow
+runs:
+  using: "composite"
+  steps:
+    - id: workflows_match
+      run: |
+        if echo ${{ github.workflow_ref }} | grep ${{ inputs.current_workflow_file }}; then
+          echo "is_callee=false" >> "$GITHUB_OUTPUT"
+        else
+          echo "is_callee=true" >> "$GITHUB_OUTPUT"
+        fi
+      shell: bash

.github/workflows/fatimage.yml

@@ -10,6 +10,21 @@ on:
             - LEAFCLOUD
             - SMS
             - ARCUS
+  workflow_call:
+      inputs:
+        ci_cloud_override:
+          type: string
+          default: LEAFCLOUD
+        target_branch:
+          type: string
+          default: ${{ github.ref }}
+      outputs:
+        openhpc-RL8-image:
+          description: "RL8 image"
+          value: "${{ jobs.openstack.outputs.openhpc-RL8-image }}"
+        openhpc-RL9-image:
+          description: "RL9 image"
+          value: "${{ jobs.openstack.outputs.openhpc-RL9-image }}"
 
 jobs:
   openstack:
@@ -31,12 +46,22 @@ jobs:
     env:
       ANSIBLE_FORCE_COLOR: True
       OS_CLOUD: openstack
-      CI_CLOUD: ${{ github.event.inputs.ci_cloud }}
+      CI_CLOUD: ${{ github.event.inputs.ci_cloud || inputs.ci_cloud_override }}
       ARK_PASSWORD: ${{ secrets.ARK_PASSWORD }}
       LEAFCLOUD_PULP_PASSWORD: ${{ secrets.LEAFCLOUD_PULP_PASSWORD }}
+    outputs:
+      openhpc-RL8-image: "${{ steps.manifest.outputs.openhpc-RL8-image }}"
+      openhpc-RL9-image: "${{ steps.manifest.outputs.openhpc-RL9-image }}"
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: stackhpc/ansible-slurm-appliance/.github/actions/is_callee@feat/auto-bump-timestamps # todo: change to main once merges
+        id: callee_check
+        with:
+          current_workflow_file: fatimage.yml
+
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ steps.callee_check.outputs.is_callee == 'true' && inputs.target_branch || github.ref }}
 
       - name: Record settings for CI cloud
         run: |
@@ -96,6 +121,7 @@ jobs:
           IMAGE_NAME=$(openstack image show -f value -c name $IMAGE_ID)
           echo "image-name=${IMAGE_NAME}" >> "$GITHUB_OUTPUT"
           echo "image-id=$IMAGE_ID" >> "$GITHUB_OUTPUT"
+          echo "${{ matrix.build.image_name }}-image=${IMAGE_NAME}" >> "$GITHUB_OUTPUT"
           echo $IMAGE_ID > image-id.txt
           echo $IMAGE_NAME > image-name.txt
 

.github/workflows/stackhpc.yml

@@ -2,6 +2,11 @@
 name: Test deployment and reimage on OpenStack
 on:
   workflow_dispatch:
+  workflow_call:
+    inputs:
+      target_branch:
+        type: string
+        default: ${{ github.ref }}
   push:
     branches:
       - main
@@ -44,7 +49,14 @@ jobs:
       CI_CLOUD: ${{ vars.CI_CLOUD }} # default from repo settings
       TF_VAR_os_version: ${{ matrix.os_version }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: stackhpc/ansible-slurm-appliance/.github/actions/is_callee@feat/auto-bump-timestamps # todo: change to main once merges
+        id: callee_check
+        with:
+          current_workflow_file: stackhpc.yml
+
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ steps.callee_check.outputs.is_callee == 'true' && inputs.target_branch || github.ref }}
 
       - name: Override CI_CLOUD if PR label is present
         if: ${{ github.event_name == 'pull_request' }}

.github/workflows/trivyscan.yml

@@ -12,7 +12,7 @@ jobs:
     concurrency:
       group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.build }} # to branch/PR + build
       cancel-in-progress: true
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     strategy:
       fail-fast: false
       matrix:

.github/workflows/update-timestamps.yml

@@ -0,0 +1,170 @@
+name: Check for new Release Train snapshots
+on:
+  workflow_dispatch: # temporary
+  pull_request: #temporary 
+  schedule:
+    - cron: '0 7 * * *'  # Run at 7am on default branch
+
+jobs:
+  upstream_check:
+    outputs:
+      new_fatimage: "${{ steps.fatimage_check.outputs.new_fatimage }}"
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Check automation branch exists
+        id: auto-branch-check
+        run: |
+          git fetch
+          branches=$(git branch -r)
+          set +e
+          echo $branches | grep auto/bump-timestamps
+          branch_exists="$?"
+          echo "branch_exists=$branch_exists" >> "$GITHUB_OUTPUT"
+
+      - name: Create automation branch
+        if: steps.auto-branch-check.outputs.branch_exists == '1'
+        run: |
+          git checkout -b auto/bump-timestamps
+          git config --global --add --bool push.autoSetupRemote true
+          git push
+
+      - uses: actions/checkout@v2
+        with:
+          ref: auto/bump-timestamps
+
+      - name: Check for updated Ark timestamps and replace in defaults.yml
+        run: |
+          dev/setup-env.sh
+          . venv/bin/activate
+          . environments/.stackhpc/activate
+          ansible-playbook ansible/ci/update_timestamps.yml -v
+
+      - name: Check if timestamps were changed
+        id: timestamp_check
+        run: |
+          set +e
+          git diff --quiet
+          echo "timestamps_changed=$?" >> "$GITHUB_OUTPUT"
+
+      # TODO: find way to stop CI running if pushing to existing PR
+      - name: Push new timestamps
+        if: steps.timestamp_check.outputs.timestamps_changed == '1'
+        run: |
+          git fetch origin refs/notes/*:refs/notes/*
+          git add environments/common/inventory/group_vars/all/defaults.yml
+          git config user.name 'github-actions[bot]'
+          git config user.email 'github-actions[bot]@users.noreply.github.com'
+          git commit -m "Bumped repo timestamps"
+          git notes add --force -m "timestamp_bump_commit"
+          git config --global --add --bool push.autoSetupRemote true
+          git push
+          git push origin refs/notes/*
+
+      - name: Check if new fatimage needed
+        id: fatimage_check
+        run: |
+          git fetch origin refs/notes/*:refs/notes/*
+          NEED_NEW_IMAGE="false"
+          set +e
+          if git notes show ; then
+            HEAD_NOTES=$(git notes show)
+            if [[ $HEAD_NOTES == "timestamp_bump_commit" ]] ; then
+              NEED_NEW_IMAGE="true"
+            fi
+          fi
+          set -e
+          echo $NEED_NEW_IMAGE
+          echo "new_fatimage=$NEED_NEW_IMAGE" >> "$GITHUB_OUTPUT"
+
+  build_fatimage:
+    if: needs.upstream_check.outputs.new_fatimage == 'true'
+    needs: upstream_check
+    secrets: inherit
+    uses: ./.github/workflows/fatimage.yml
+    with:
+      ci_cloud_override: 'LEAFCLOUD'
+      target_branch: auto/bump-timestamps
+
+  bump_images:
+    if: needs.upstream_check.outputs.new_fatimage == 'true'
+    needs: build_fatimage
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          ref: auto/bump-timestamps
+      - name: Bump CI with new images
+        run: |
+          git checkout auto/bump-timestamps
+          sed -i 's/"RL8".*$/"RL8": "${{ needs.build_fatimage.outputs.openhpc-RL8-image }}",/' environments/.stackhpc/terraform/cluster_image.auto.tfvars.json
+          sed -i 's/"RL9".*$/"RL9": "${{ needs.build_fatimage.outputs.openhpc-RL9-image }}"/' environments/.stackhpc/terraform/cluster_image.auto.tfvars.json 
+
+      - name: Push new images
+        run: |
+          git add environments/.stackhpc/terraform/cluster_image.auto.tfvars.json
+          git config user.name 'github-actions[bot]'
+          git config user.email 'github-actions[bot]@users.noreply.github.com'
+          git commit -m "Bumped images"
+          git push
+
+  create_pr:
+    needs: bump_images
+    if: always() && (needs.bump_images.result == 'skipped' || needs.bump_images.result == 'success')
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          ref: auto/bump-timestamps
+
+      - name: Check if PR exists
+        id: pr-check
+        run: |
+          set +e
+          gh pr list --json headRefName --jq '.[].headRefName' | grep auto/bump-timestamps
+          PR_EXISTS=$?
+          echo "pr_exists=$PR_EXISTS" >> "$GITHUB_OUTPUT"
+        env:
+          GH_TOKEN: ${{ github.token }}
+
+      - name: Create PR
+        if: steps.pr-check.outputs.pr_exists == '1'
+        run: gh pr create --title "[Auto] Bump repo timestamps to latest" --base main --head auto/bump-timestamps --body "Updated Release Train timestamps in defaults.yml with latest from Ark"
+        env:
+          GH_TOKEN: ${{ github.token }}
+
+  run_ci:
+    needs:
+    - bump_images
+    - upstream_check
+    if: always() && (needs.bump_images.result == 'success' || needs.upstream_check.outputs.new_fatimage == 'false') # should always run only on image bump commits
+    uses: ./.github/workflows/stackhpc.yml
+    secrets: inherit
+    with:
+      target_branch: auto/bump-timestamps
+
+  comment_result:
+    if: always() && (needs.run_ci.result == 'failure' || needs.run_ci.result == 'success') && (needs.create_pr.result == 'skipped' || needs.create_pr.result == 'success')
+    needs:
+     - run_ci
+     - create_pr
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout branch
+        uses: actions/checkout@v3
+
+      - name: Get created PR number
+        id: number_check
+        run: |
+          PR_NUMBER=$(gh pr list --head auto/bump-timestamps --state open --json number --jq .[0].number)
+          echo "pr_number=$PR_NUMBER" >> "$GITHUB_OUTPUT"
+        env:
+          GH_TOKEN: ${{ github.token }}
+
+      - name: Comment CI status
+        uses: thollander/actions-comment-pull-request@v1
+        with:
+          message: 'CI ${{ needs.run_ci.result }}: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}'
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          pr_number: ${{ steps.number_check.outputs.pr_number }}

ansible/ci/library/latest_timestamps.py

@@ -0,0 +1,95 @@
+#!/usr/bin/python
+
+# Copyright: (c) 2018, Terry Jones <[email protected]>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = r'''
+---
+module: latest_timestamps
+
+short_description: Gets the latest set of snapshots from Pulp and overwrites
+
+version_added: "1.0.0"
+
+description: Gets the latest set of snapshots from given source URLs and returns dictionary in to replace 'appliances_repo_timestamps' with
+
+author:
+    - William Tripp
+'''
+
+EXAMPLES = r'''
+# Pass in a message
+- name: Get latest timestamps
+  latest_timestamps:
+    repos_dict: "{{ appliances_repo_timestamp_sources }}"
+    content_url: "https://ark.stackhpc.com/pulp/content"
+  register: result
+
+'''
+
+RETURN = r'''
+# These are examples of possible return values, and in general should use other names for return values.
+latest_dict:
+    description: Dictionary with updated timestamps
+    type: dict
+    returned: always
+changed_timestamps:
+    description: List of repos that've been updated
+    type: str[]
+    returned: always
+'''
+
+from ansible.module_utils.basic import AnsibleModule
+import requests
+from bs4 import BeautifulSoup
+from copy import deepcopy
+
+def run_module():
+    module_args = dict(
+        repos_dict=dict(type='dict', required=True),
+        content_url=dict(type='str', required=True)
+    )
+
+    result = dict(
+        changed=False,
+        original_message='',
+        message=''
+    )
+
+    module = AnsibleModule(
+        argument_spec=module_args,
+        supports_check_mode=True
+    )
+
+    original_timestamps = dict(module.params['repos_dict'])
+    latest_timestamps = deepcopy(original_timestamps)
+    changed_timestamps = []
+
+    for repo in original_timestamps:
+        for version in original_timestamps[repo]:
+
+            html_txt = requests.get(
+                    url= module.params['content_url'] + '/' + original_timestamps[repo][version]['path']
+                ).text
+            timestamp_link_list = BeautifulSoup(html_txt,features="html.parser").body.find('pre').find_all() # getting raw list of timestamps from html
+            timestamp_link_list = map(lambda x: x.string,timestamp_link_list) # stripping xml tags
+            latest_timestamp = list(timestamp_link_list)[-1][:-1] # last timestamp in list with trailing / removed
+
+            latest_timestamps[repo][version]['timestamp'] = latest_timestamp
+            if original_timestamps[repo][version]['timestamp'] != latest_timestamp:
+                changed_timestamps.append(repo+' '+version+': '+original_timestamps[repo][version]['timestamp']+' -> '+latest_timestamp)
+
+    result['latest_dict'] = latest_timestamps
+    result['changed_timestamps'] = changed_timestamps
+
+    module.exit_json(**result)
+
+
+def main():
+    run_module()
+
+
+if __name__ == '__main__':
+    main()