feat: validate catalog (#272)

v1v · web-flow · commit 8e520e6084fd · 2025-05-06T13:28:45.000Z
* feat: validate catalog

* fix

* avoid checkout and create empty file for testing purposes

* fix

* test failures

* fix
diff --git a/.github/workflows/no-test.yml b/.github/workflows/no-test.yml
@@ -13,6 +13,7 @@ on:
       - '!buildkite/run/**'
       - '!check-dependent-jobs/**'
       - '!elastic/github-commands/**'
+      - '!elastic/validate-catalog/**'
       - '!git/setup/**'
       - '!github/backport-active/**'
       - '!github/project-add/**'
diff --git a/.github/workflows/test-elastic-validate-catalog.yml b/.github/workflows/test-elastic-validate-catalog.yml
@@ -0,0 +1,50 @@
+name: test-elastic-validate-catalog
+
+on:
+  merge_group: ~
+  workflow_dispatch: ~
+  pull_request:
+    paths:
+      - 'elastic/validate-catalog/**'
+      - '.github/workflows/test-elastic-validate-catalog.yml'
+  push:
+    branches:
+      - main
+    paths:
+      - 'elastic/validate-catalog/**'
+      - '.github/workflows/test-elastic-validate-catalog.yml'
+
+permissions:
+  contents: read
+  packages: read
+
+jobs:
+  test:
+    needs:
+      - main
+      - failed
+    runs-on: ubuntu-latest
+    steps:
+      - id: check
+        uses: elastic/oblt-actions/check-dependent-jobs@v1
+        with:
+          jobs: ${{ toJSON(needs) }}
+      - run: ${{ steps.check.outputs.is-success }}
+
+  main:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: touch catalog-info.yaml
+      - uses: ./elastic/validate-catalog
+
+  failed:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: echo "wrong-content" > catalog-info.yaml
+      - uses: ./elastic/validate-catalog
+        id: validate-catalog
+        continue-on-error: true
+      - name: Assert is failure
+        run: test "${{steps.validate-catalog.outcome}}" = "failure"
diff --git a/elastic/validate-catalog/README.md b/elastic/validate-catalog/README.md
@@ -0,0 +1,58 @@
+# <!--name-->elastic/validate-catalog<!--/name-->
+
+[![usages](https://img.shields.io/badge/usages-white?logo=githubactions&logoColor=blue)](https://github.com/search?q=elastic%2Foblt-actions%2Felastic%2Fvalidate-catalog+%28path%3A.github%2Fworkflows+OR+path%3A**%2Faction.yml+OR+path%3A**%2Faction.yaml%29&type=code)
+[![test-elastic-validate-catalog](https://github.com/elastic/oblt-actions/actions/workflows/test-elastic-validate-catalog.yml/badge.svg?branch=main)](https://github.com/elastic/oblt-actions/actions/workflows/test-elastic-validate-catalog.yml)
+
+<!--description-->
+Run the catalog-info validation
+<!--/description-->
+
+## Inputs
+<!--inputs-->
+| Name              | Description                       | Required | Default                                                               |
+|-------------------|-----------------------------------|----------|-----------------------------------------------------------------------|
+| `container-image` | The catalog info container image. | `false`  | `ghcr.io/elastic/observability-robots/ci-agent-images/pipelib:latest` |
+| `github-token`    | The GitHub access token.          | `false`  | `${{ github.token }}`                                                 |
+<!--/inputs-->
+
+## Outputs
+
+<!--outputs-->
+| Name | Description |
+|------|-------------|
+<!--/outputs-->
+
+## Usage
+
+You need to grant the read access to the container image called [pipelib](https://github.com/orgs/elastic/packages?tab=packages&q=pipelib). It's not public available but granted to individual GitHub repositories.
+
+
+<!--usage action="elastic/oblt-actions/**" version="env:VERSION"-->
+```yaml
+---
+name: catalog-info
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'catalog-info.yaml'
+
+permissions:
+  contents: read
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: read
+    steps:
+      - uses: actions/checkout@v4
+      - uses: elastic/oblt-actions/elastic/validate-catalog@v1
+```
+<!--/usage-->
diff --git a/elastic/validate-catalog/action.yml b/elastic/validate-catalog/action.yml
@@ -0,0 +1,39 @@
+---
+name: elastic/validate-catalog
+description: |
+  Run the catalog-info validation
+
+inputs:
+  container-image:
+    description: 'The catalog info container image.'
+    required: false
+    type: string
+    default: 'ghcr.io/elastic/observability-robots/ci-agent-images/pipelib:latest'
+  github-token:
+    description: 'The GitHub access token.'
+    required: false
+    type: string
+    default: ${{ github.token }}
+
+runs:
+  using: "composite"
+  steps:
+    - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ inputs.github-token }}
+
+    - run: docker pull --quiet ${{ env.IMAGE }}
+      shell: bash
+      env:
+        IMAGE: ${{ inputs.container-image }}
+
+    - run: |-
+        docker run -t \
+          --mount type=bind,source=./catalog-info.yaml,target=/home/app/catalog-info.yaml \
+          ${{ env.IMAGE }} \
+          rre validate --backstage-entity-aware --verbose catalog-info.yaml
+      shell: bash
+      env:
+        IMAGE: ${{ inputs.container-image }}
