feat: add github action to switch between wait-for and status

Author: Ninfa-Jeon

.github/actions/juju-wait-for/action.yml

@@ -0,0 +1,105 @@
+name: Juju Wait For
+description: Wait for a Juju application, unit or model to reach a specific state.
+inputs:
+  type:
+    description: "The type of resource to wait for"
+    required: true
+    type: choice
+    options:
+      - application
+      - unit
+      - model
+  name:
+    description: "The name of the resource to wait for"
+    required: true
+  query:
+    description: "Optional query string for filtering (Juju 3.x only)"
+    required: false
+  timeout_minutes:
+    description: "Timeout duration in minutes"
+    required: false
+    default: "5"
+  status:
+    description: "Expected status for Juju 4.x polling. Comma-separated for multiple statuses."
+    required: false
+    default: "active"
+  juju-version:
+    description: "Juju version to use for determining wait strategy"
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Extract major version
+      id: version
+      shell: bash
+      run: |
+        MAJOR=$(echo "${{ inputs.juju-version }}" | cut -d'.' -f1)
+        echo "major=$MAJOR" >> "$GITHUB_OUTPUT"
+        echo "Juju major version: $MAJOR"
+    - name: Wait for Juju resource
+      if: ${{ steps.version.outputs.major < 4 }}
+      uses: nick-fields/retry@v3
+      with:
+        timeout_minutes: 1
+        max_attempts: 5
+        command: |
+          CMD="juju wait-for ${{ inputs.type }} '${{ inputs.name }}' --timeout=${{ inputs.timeout_minutes }}m"
+          if [ -n "${{ inputs.query }}" ]; then
+            CMD="$CMD --query='${{ inputs.query }}'"
+          fi
+          echo "Running: $CMD"
+          eval "$CMD"
+    - name: Wait for Juju resource
+      if: ${{ steps.version.outputs.major >= 4 }}
+      shell: bash
+      run: |
+        set -euo pipefail
+
+        TYPE="${{ inputs.type }}"
+        NAME="${{ inputs.name }}"
+        TIMEOUT_MINUTES="${{ inputs.timeout_minutes }}"
+        EXPECTED_STATUS="${{ inputs.status }}"
+
+        # Convert timeout to seconds for polling
+        TIMEOUT_SECONDS=$(($TIMEOUT_MINUTES * 60))
+        echo "Polling juju status"
+        echo "Waiting for $TYPE: $NAME"
+
+        START_TIME=$(date +%s)
+        while true; do
+          CURRENT_TIME=$(date +%s)
+          ELAPSED=$((CURRENT_TIME - START_TIME))
+          
+          if [ $ELAPSED -ge $TIMEOUT_SECONDS ]; then
+            echo "Timeout waiting for $TYPE $NAME"
+            exit 1
+          fi
+          
+          # Get status
+          STATUS=$(juju status "$NAME" --format=json 2>/dev/null | jq -r '.. | .status? // empty' | head -1)
+          if [ -z "$STATUS" ]; then
+            STATUS="unknown"
+          fi
+          
+          echo "Current status: $STATUS (elapsed: ${ELAPSED}s)"
+          
+          # Check if status matches any of the expected statuses
+          IFS=',' read -ra STATUS_ARRAY <<< "$EXPECTED_STATUS"
+          for expected in "${STATUS_ARRAY[@]}"; do
+            expected=$(echo "$expected" | xargs) # trim whitespace
+            if [ "$STATUS" == "$expected" ]; then
+              echo "$TYPE $NAME reached status: $STATUS"
+              exit 0
+            fi
+          done
+          
+          # Check for error states
+          if [ "$STATUS" == "error" ]; then
+            echo "ERROR: $TYPE $NAME is in error state"
+            juju status "$NAME" 2>/dev/null || true
+            exit 1
+          fi
+          
+          sleep 5
+        done

.github/actions/setup-jimm/action.yml

@@ -17,6 +17,9 @@ inputs:
     description: Channel of Juju to use.
     required: false
     default: 3/stable
+  juju-version:
+    description: The version of Juju.
+    required: true
 outputs:
   jimm-controller-name:
     description: Name of the JIMM workloads controller
@@ -59,14 +62,13 @@ runs:
         juju add-model iam
         juju deploy identity-platform --trust --channel latest/edge
     - name: Wait for IAM
-      uses: nick-fields/retry@v3
+      uses: ./.github/actions/juju-wait-for
       with:
+        type: model
+        name: iam
         timeout_minutes: 1
-        max_attempts: 5 # Retry the wait-for with a short timeout in case it gets stuck and times out. If it fails after multiple tries it's probably a real error.
-        command: |
-          # Wait for everything to be ready except kratos-external-idp-integrator
-          # which will remain as blocked as we're not using an external identity provider.
-          juju wait-for model iam --timeout=1m --query='forEach(applications, app => (app.name == "kratos-external-idp-integrator" && app.status=="blocked") || (app.name != "kratos-external-idp-integrator" && app.status=="active"))'
+        query: 'forEach(applications, app => (app.name == "kratos-external-idp-integrator" && app.status=="blocked") || (app.name != "kratos-external-idp-integrator" && app.status=="active"))'
+        juju-version: ${{ inputs.juju-version }}
     - name: Create IAM offers for cross-model relations
       shell: bash
       run: |
@@ -76,11 +78,12 @@ runs:
       shell: bash
       run: juju config kratos enforce_mfa=False
     - name: Wait for Kratos
-      uses: nick-fields/retry@v3
+      uses: ./.github/actions/juju-wait-for
       with:
+        type: unit
+        name: kratos/0
         timeout_minutes: 1
-        max_attempts: 5 # Retry the wait-for with a short timeout in case it gets stuck and times out. If it fails after multiple tries it's probably a real error.
-        command: juju wait-for unit kratos/0 --timeout=1m
+        juju-version: ${{ inputs.juju-version }}
     - name: Create admin user
       shell: bash
       run: |
@@ -98,41 +101,61 @@ runs:
         juju deploy nginx-ingress-integrator --channel=latest/stable --trust ingress
         juju trust postgresql --scope=cluster
     - name: Wait for Postgres
-      uses: nick-fields/retry@v3
+      uses: ./.github/actions/juju-wait-for
       with:
+        type: unit
+        name: postgresql/0
         timeout_minutes: 1
-        max_attempts: 5 # Retry the wait-for with a short timeout in case it gets stuck and times out. If it fails after multiple tries it's probably a real error.
-        command: juju wait-for unit postgresql/0 --timeout=1m # Wait for postgres to prevent issues when relating to other apps: https://github.com/canonical/openfga-operator/issues/25.
+        juju-version: ${{ inputs.juju-version }}
     - name: Add JIMM relations
       shell: bash
       run: |
         juju relate jimm:nginx-route ingress
         juju relate jimm:openfga openfga
         juju relate jimm:database postgresql
-    - name: Wait for Postgres
-      uses: nick-fields/retry@v3
+    - name: Wait for Postgres (before openfga)
+      uses: ./.github/actions/juju-wait-for
       with:
+        type: unit
+        name: postgresql/0
         timeout_minutes: 1
-        max_attempts: 5 # Retry the wait-for with a short timeout in case it gets stuck and times out. If it fails after multiple tries it's probably a real error.
-        command: juju wait-for unit postgresql/0 --timeout=1m # Wait for postgres to prevent issues when relating to openfga: https://github.com/canonical/openfga-operator/issues/25.
+        juju-version: ${{ inputs.juju-version }}
     - name: Add openfga relation
       shell: bash
       run: juju relate openfga:database postgresql
+    - name: Check and fix openfga error state
+      shell: bash
+      run: |
+        STATUS=$(juju status --format json | yq .applications.openfga.application-status.current)
+        if [ "$STATUS" == "error" ]; then
+          # Sometimes the postgresql unit has a PrematureDataAccessError error so remove the relation and try again.
+          echo "OpenFGA is in error state, removing and re-adding relation..."
+          juju remove-relation openfga:database postgresql
+        fi
+    - name: Wait for openfga to be blocked
+      if: ${{ success() }}
+      uses: ./.github/actions/juju-wait-for
+      with:
+        type: application
+        name: openfga
+        timeout_minutes: 1
+        status: blocked
+        juju-version: ${{ inputs.juju-version }}
+    - name: Re-relate openfga if needed
+      if: ${{ success() }}
+      shell: bash
+      run: |
+        STATUS=$(juju status --format json | yq .applications.openfga.application-status.current)
+        if [ "$STATUS" == "blocked" ]; then
+          juju relate openfga:database postgresql
+        fi
     - name: Wait for openfga
-      uses: nick-fields/retry@v3
+      uses: ./.github/actions/juju-wait-for
       with:
+        type: unit
+        name: openfga/0
         timeout_minutes: 1
-        max_attempts: 5 # Retry the wait-for with a short timeout in case it gets stuck and times out. If it fails after multiple tries it's probably a real error.
-        command: |
-          STATUS=$(juju status --format json | yq .applications.openfga.application-status.current)
-          if [ "$STATUS" == "error" ]; then
-            # Sometimes the postgresql unit has a PrematureDataAccessError error so remove the relation and try again.
-            juju remove-relation openfga:database postgresql
-            # The unit will be blocked when it is waiting for the relation
-            juju wait-for application openfga --timeout=1m --query='name=="openfga" && status=="blocked"'
-            juju relate openfga:database postgresql
-          fi
-          juju wait-for unit openfga/0 --timeout=1m
+        juju-version: ${{ inputs.juju-version }}
     - name: Add JIMM relations and certs
       shell: bash
       run: |
@@ -150,18 +173,22 @@ runs:
         KEYS=$(go run github.com/go-macaroon-bakery/macaroon-bakery/cmd/bakery-keygen/v3@latest)
         juju config jimm public-key=$(echo $KEYS | yq .public)
         juju config jimm private-key=$(echo $KEYS | yq .private)
+    - name: Check and resolve ingress error state
+      shell: bash
+      run: |
+        STATUS=$(juju status --format json | yq .applications.ingress.application-status.current)
+        if [ "$STATUS" == "error" ]; then
+          # Sometimes the ingress unit will get into an error state, so resolve and try again.
+          echo "Ingress is in error state, resolving..."
+          juju resolved ingress/0
+        fi
     - name: Wait for ingress
-      uses: nick-fields/retry@v3
+      uses: ./.github/actions/juju-wait-for
       with:
+        type: unit
+        name: ingress/0
         timeout_minutes: 1
-        max_attempts: 5 # Retry the wait-for with a short timeout in case it gets stuck and times out. If it fails after multiple tries it's probably a real error.
-        command: |
-          STATUS=$(juju status --format json | yq .applications.ingress.application-status.current)
-          if [ "$STATUS" == "error" ]; then
-            # Sometimes the ingress unit will get into an error state, so resolve and try again.
-            juju resolved ingress/0
-          fi
-          juju wait-for unit ingress/0 --timeout=1m
+        juju-version: ${{ inputs.juju-version }}
     - name: Set up ingress hostname and certs
       shell: bash
       run: |
@@ -170,11 +197,12 @@ runs:
         juju run --wait=2m jimm-cert/0 get-ca-certificate --quiet | yq .ca-certificate | sudo tee /usr/local/share/ca-certificates/jimm-test.crt
         sudo update-ca-certificates --fresh
     - name: Wait for JIMM
-      uses: nick-fields/retry@v3
+      uses: ./.github/actions/juju-wait-for
       with:
+        type: unit
+        name: jimm/0
         timeout_minutes: 1
-        max_attempts: 5 # Retry the wait-for with a short timeout in case it gets stuck and times out. If it fails after multiple tries it's probably a real error.
-        command: juju wait-for unit jimm/0 --timeout=1m # Wait for JIMM to be ready if it's still making config changes.
+        juju-version: ${{ inputs.juju-version }}
     - name: Bootstrap workloads controller
       id: workloads-controller
       shell: bash
@@ -205,29 +233,35 @@ runs:
       run: |
         juju jaas register-controller '${{ steps.workloads-controller.outputs.name }}' --local --tls-hostname juju-apiserver
         juju update-credentials microk8s --controller ${{ steps.workloads-controller.outputs.public }}
+    - name: Switch to JIMM model
+      shell: bash
+      run: juju switch '${{ steps.jimm-controller.outputs.name }}:jimm'
     - name: Wait for JIMM
-      uses: nick-fields/retry@v3
+      uses: ./.github/actions/juju-wait-for
       with:
+        type: unit
+        name: jimm/0
         timeout_minutes: 1
-        max_attempts: 5 # Retry the wait-for with a short timeout in case it gets stuck and times out. If it fails after multiple tries it's probably a real error.
-        command: |
-          juju switch '${{ steps.jimm-controller.outputs.name }}:jimm'
-          # Wait for JIMM to be ready if it's still making config changes.
-          juju wait-for unit jimm/0 --timeout=1m
+        juju-version: ${{ inputs.juju-version }}
     - name: Restart JIMM
       shell: bash
       run: sudo microk8s kubectl delete pod jimm-0 -n jimm # Fix ListModels issue:
+    - name: Switch to JIMM model and check status
+      shell: bash
+      run: |
+        juju switch '${{ steps.jimm-controller.outputs.name }}:jimm'
+        STATUS=$(juju status --format json | yq .applications.jimm.application-status.current)
+        if [ "$STATUS" == "error" ]; then
+          # Sometimes the jimm unit will get into an error state, so resolve and try again.
+          echo "JIMM is in error state, resolving..."
+          juju resolved jimm/0
+        fi
     - name: Wait for JIMM pod to be recreated
-      uses: nick-fields/retry@v3
+      continue-on-error: true
+      uses: ./.github/actions/juju-wait-for
       with:
+        type: application
+        name: jimm
         timeout_minutes: 1
-        max_attempts: 5 # Retry the wait-for with a short timeout in case it gets stuck and times out. If it fails after multiple tries it's probably a real error.
-        continue_on_error: true # Sometimes the error persists after a retry but it seems to work anyway.
-        command: |
-          juju switch '${{ steps.jimm-controller.outputs.name }}:jimm'
-          STATUS=$(juju status --format json | yq .applications.jimm.application-status.current)
-          if [ "$STATUS" == "error" ]; then
-            # Sometimes the jimm unit will get into an error state, so resolve and try again.
-            juju resolved jimm/0
-          fi
-          juju wait-for application jimm --timeout=1m --query='name=="jimm" && (status=="active" || status=="error")'
+        status: active,error
+        juju-version: ${{ inputs.juju-version }}

.github/actions/setup-k8s-charm/action.yml

@@ -23,6 +23,9 @@ inputs:
       - latest/stable
       - latest/beta
       - latest/edge
+  juju-version:
+    description: The version of Juju.
+    required: true
 
 runs:
   using: "composite"
@@ -73,18 +76,22 @@ runs:
     - name: Integrate charm
       run: juju integrate '${{ inputs.controller-app }}' dashboard
       shell: bash
+    - name: Check and resolve error state
+      shell: bash
+      run: |
+        STATUS=$(juju status --format json | yq .applications.dashboard.application-status.current)
+        if [ "$STATUS" == "error" ]; then
+          # Sometimes the dashboard unit will get into an error state, so resolve and try again.
+          echo "Dashboard is in error state, resolving..."
+          juju resolved dashboard/0
+        fi
     - name: Wait for charm to be ready
-      uses: nick-fields/retry@v3
+      uses: ./.github/actions/juju-wait-for
       with:
+        type: application
+        name: dashboard
         timeout_minutes: 1
-        max_attempts: 5 # Retry the wait-for with a short timeout in case it gets stuck and times out. If it fails after multiple tries it's probably a real error.
-        command: |
-          STATUS=$(juju status --format json | yq .applications.dashboard.application-status.current)
-          if [ "$STATUS" == "error" ]; then
-            # Sometimes the dashboard unit will get into an error state, so resolve and try again.
-            juju resolved dashboard/0
-          fi
-          juju wait-for application dashboard --timeout=1m
+        juju-version: ${{ inputs.juju-version }}
     - name: Disable analytics
       run: juju config dashboard analytics-enabled=false
       shell: bash