Release-1.8.0

.github/actions/check-chart-locks/action.yml

@@ -36,22 +36,27 @@ runs:
   - name: Check lockfile for chart lock
     id: check-for-chart-lock
     shell: bash
+    env:
+      GENERATED_LOCKFILE_PATH: ${{ steps.generate-locks.outputs.lockfile-path }}
+      TARGET_CHART_NAME: ${{ inputs.chart-name }}
     run: |
       set -e
       echo "Ensuring expected key exists in lock JSON."
-      jq --exit-status .packages < ${{ steps.generate-locks.outputs.lockfile-path }}
+      jq --exit-status .packages < "${GENERATED_LOCKFILE_PATH}"
 
-      echo "Checking if chart '${{ inputs.chart-name }}' is locked."
-      LOCK_PATH=$(jq -r '.packages."${{ inputs.chart-name }}"' < ${{ steps.generate-locks.outputs.lockfile-path }})
+      echo "Checking if chart \"${TARGET_CHART_NAME}\" is locked."
+      LOCK_TARGET=$(jq -r '.packages.[$chartname]' --arg chartname "${TARGET_CHART_NAME}" < "${GENERATED_LOCKFILE_PATH}")
 
-      echo "locked-to-path=${LOCK_PATH}" | tee -a $GITHUB_OUTPUT
+      echo "locked-to-path=${LOCK_TARGET}" | tee -a $GITHUB_OUTPUT
 
   # Defaults to a locked state as a safeguard.
   - name: Set lock state output
     shell: bash
     id: set-lock-state
+    env:
+      IS_LOCKED: ${{ steps.check-for-chart-lock.outputs.locked-to-path != 'null' }}
     run: |
-      echo "chart-is-locked=${{ steps.check-for-chart-lock.outputs.locked-to-path != 'null' }}" | tee -a $GITHUB_OUTPUT
+      echo "chart-is-locked=${IS_LOCKED}" | tee -a $GITHUB_OUTPUT
 
   - name: Fail if requested and the chart is locked
     shell: bash

.github/actions/generate-chart-locks/action.yaml

@@ -64,10 +64,13 @@ runs:
     working-directory: temp-gen-chart-lock-repo
     id: generate-chart-locks
     shell: bash
+    env:
+      GENERATOR_CMD_PATH: ${{ inputs.generator-cmd-path }}
+      OUT_FILE: ${{ inputs.to-file }}
     run: |
       set -eo pipefail
-      ${{ inputs.generator-cmd-path }} | jq | tee ${{ inputs.to-file }}
-      echo "lockfile-path=$(realpath ${{ inputs.to-file }})" | tee -a $GITHUB_OUTPUT
+       "${GENERATOR_CMD_PATH}" | jq | tee "${OUT_FILE}"
+      echo "lockfile-path=$(realpath ${OUT_FILE})" | tee -a $GITHUB_OUTPUT
   - name: Cleanup
     id: cleanup
     if: always()

.github/actions/get-ocp-range/action.yaml

@@ -23,11 +23,13 @@ runs:
     - name: Run get-ocp-range
       id: run-get-ocp-range
       shell: bash
+      env:
+        KUBEVERSION_RANGE: ${{ inputs.kube-version-range }}
       run: |
-        echo "::debug::Received kubeVersionRange to translate '${{ inputs.kube-version-range }}'"
-        OCP_VERSION_RANGE=$(get-ocp-range '${{ inputs.kube-version-range }}')
-        echo "ocp-version-range=$OCP_VERSION_RANGE" >> $GITHUB_OUTPUT
-        echo "::debug::Successfully translated kubeVersionRange to OCPVersionRange $OCP_VERSION_RANGE"
+        echo "::debug::Received kubeVersionRange to translate \"${KUBEVERSION_RANGE}\""
+        OCP_VERSION_RANGE=$(get-ocp-range "${KUBEVERSION_RANGE}")
+        echo "ocp-version-range=${OCP_VERSION_RANGE}" >> $GITHUB_OUTPUT
+        echo "::debug::Successfully translated kubeVersionRange to OCPVersionRange ${OCP_VERSION_RANGE}"
 
     - name: Display error message if get-ocp-range failed
       if: ${{ failure() && steps.run-get-ocp-range.outcome == 'failure' }}

.github/actions/install-ci-scripts/action.yml

@@ -0,0 +1,33 @@
+name: Install our CI scripts
+description: |
+  Handles installation and caching/restore of the CI scripts in a virtualenv.
+inputs:
+  working-directory:
+    description: Basedir in which to save / restore cache and install venv.
+    default: './'
+    required: false
+  python-version:
+    description: Installed Python version
+    required: true
+runs:
+  using: composite
+  steps:
+  # This attempts to restore the virtualenv from a GitHub cache with the corresponding cache key.
+  # On cache-miss, this automatically adds a post step that creates a cache from this path and using this cache key.
+  - name: Cache virtualenv
+    id: cache
+    uses: actions/cache@v4
+    with:
+      key: venv-${{ runner.os }}-${{ inputs.python-version }}-${{ hashFiles('scripts/requirements.txt') }}
+      path: ${{ inputs.working-directory }}/ve1
+
+  - name: Setup venv on cache-miss
+    if: steps.cache.outputs.cache-hit != 'true'
+    shell: bash
+    working-directory: ${{ inputs.working-directory }}
+    run: |
+      # set up python
+      python3 -m venv ve1
+      cd scripts
+      ../ve1/bin/pip3 install -r requirements.txt
+      ../ve1/bin/pip3 install .

.github/actions/setup-python/action.yml

@@ -5,9 +5,14 @@ description: |
 
   Serves as the single place to update python versions over time across the
   project.
+outputs:
+  python-version:
+    description: Version of Python installed
+    value: ${{ steps.setup-python.outputs.python-version }}
 runs:
   using: composite
   steps:
   - uses: actions/setup-python@v5
+    id: setup-python
     with:
       python-version: '3.10'

.github/workflows/behave.yml

@@ -56,7 +56,7 @@ on:
           for verifying the user is a trusted user.
     secrets:
       # bot-name is not technically secret, but must be listed as a secret
-      # because you can't pass the ${{ secrets }} context as an input in the
+      # because you can't pass GitHub's "secrets" context as an input in the
       # calling workflow, and our repos have this configured as a secret.
       bot-name:
         required: true
@@ -103,7 +103,7 @@ jobs:
     needs: [get-features]
     strategy:
       fail-fast: false
-      max-parallel: 2
+      max-parallel: 4
       matrix: 
         feature-file: ${{ fromJson(needs.get-features.outputs.features) }}
     steps:
@@ -116,35 +116,36 @@ jobs:
           fetch-depth: ${{ inputs.checkout-fetch-depth }}
 
       - name: Set up Python
+        id: setup-python
         uses: ./.github/actions/setup-python
 
-      - name: Set up CI scripts
-        run: |
-          # set up python scripts
-          echo "set up python script in $PWD"
-          python3 -m venv ve1
-          cd scripts
-          ../ve1/bin/pip3 install -r requirements.txt
-          ../ve1/bin/pip3 install .
-          cd ..
+      - name: Install CI scripts
+        uses: ./.github/actions/install-ci-scripts
+        with:
+          python-version: ${{ steps.setup-python.outputs.python-version }}
 
         # Pull request numbers are included in generated chart names in E2E, so it's included
         # as an environment variable which E2E consumes.
       - name: Populate PR_NUMBER environment variable
         if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request'
+        env:
+          GITHUB_PR_NUMBER: ${{ github.event.pull_request.number }}
         run: |
-          echo "PR_NUMBER=${{ github.event.pull_request.number }}" | tee $GITHUB_ENV
+          echo "PR_NUMBER=${GITHUB_PR_NUMBER}" | tee $GITHUB_ENV
 
       - name: Run Tests
         env:
           GITHUB_TOKEN: ${{ secrets.github-token }}
           BOT_NAME: ${{ secrets.bot-name }}
           BOT_TOKEN: ${{ secrets.bot-token }}
           PR_BODY: ${{ inputs.pr-body }}
+          FEATURE_FILE: ${{ matrix.feature-file }}
+          INCLUDED_TAGS: ${{ inputs.tags }}
+          BEHAVE_LOG_LEVEL: ${{ inputs.behave-logging-level }}
         run: |
           ve1/bin/behave tests/functional/behave_features/ \
-            --include ${{ matrix.feature-file }} \
-            --tags=${{ inputs.tags }} \
-            --logging-level=${{ inputs.behave-logging-level }} \
+            --include "${FEATURE_FILE}" \
+            --tags="${INCLUDED_TAGS}"  \
+            --logging-level="${BEHAVE_LOG_LEVEL}" \
             --no-capture \
             --no-color