From 87ee6c05546a1727db26c1e2d37bd3e1273ddbf2 Mon Sep 17 00:00:00 2001 From: Steven Kreitzer Date: Tue, 31 Dec 2024 10:07:55 -0600 Subject: [PATCH] feat(github): better workflows --- .github/workflows/flux-diff.yaml | 30 +++---- .github/workflows/helm-repository-sync.yaml | 5 +- .github/workflows/pre-pull-images.yaml | 94 +++++++++++++-------- 3 files changed, 78 insertions(+), 51 deletions(-) diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index 09c8bf744..6798644a0 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -29,18 +29,18 @@ jobs: app-id: "${{ secrets.BOT_APP_ID }}" private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - - name: Checkout + - name: Checkout Pull Request Branch uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" - ref: "${{ github.event.repository.default_branch }}" - path: default + path: pull - - name: Checkout Pull Request Branch + - name: Checkout Default Branch uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" - path: pull + ref: "${{ github.event.repository.default_branch }}" + path: default - name: Diff Resources uses: docker://ghcr.io/allenporter/flux-local:v6.1.1 @@ -48,12 +48,12 @@ jobs: args: >- diff ${{ matrix.resources }} --unified 6 - --path-orig /github/workspace/default/kubernetes/flux - --path /github/workspace/pull/kubernetes/flux + --path ${{ github.workspace }}/pull/kubernetes/flux + --path-orig ${{ github.workspace }}/default/kubernetes/flux --strip-attrs "helm.sh/chart,checksum/config,app.kubernetes.io/version,chart" --limit-bytes 10000 --all-namespaces - --sources "${{ github.event.repository.name }}" + --sources "k8s-gitops" --output-file diff.patch - name: Generate Diff @@ -61,15 +61,15 @@ jobs: run: | cat diff.patch; { - echo 'diff<> "$GITHUB_OUTPUT"; { - echo "### Diff" - echo '```diff' - cat diff.patch - echo '```' + echo "### Diff" + echo '```diff' + cat diff.patch + echo '```' } >> "$GITHUB_STEP_SUMMARY" - if: ${{ steps.diff.outputs.diff != '' }} diff --git a/.github/workflows/helm-repository-sync.yaml b/.github/workflows/helm-repository-sync.yaml index e0ccbb361..953ab0951 100644 --- a/.github/workflows/helm-repository-sync.yaml +++ b/.github/workflows/helm-repository-sync.yaml @@ -24,7 +24,8 @@ jobs: uses: Homebrew/actions/setup-homebrew@master - name: Setup Workflow Tools - run: brew install fluxcd/tap/flux yq + shell: bash + run: brew install fluxcd/tap/flux - name: Generate Token uses: actions/create-github-app-token@v1 @@ -40,7 +41,7 @@ jobs: fetch-depth: 0 - if: ${{ github.event.inputs.helmRepoNamespace == '' && github.event.inputs.helmRepoName == '' }} - name: Get changed files + name: Get Changed Files id: changed-files uses: tj-actions/changed-files@v45 with: diff --git a/.github/workflows/pre-pull-images.yaml b/.github/workflows/pre-pull-images.yaml index d9f302459..2ce1962b1 100644 --- a/.github/workflows/pre-pull-images.yaml +++ b/.github/workflows/pre-pull-images.yaml @@ -11,20 +11,12 @@ concurrency: cancel-in-progress: true jobs: - extract-images: - name: Extract Images + default-images: + name: Default Images runs-on: ubuntu-latest - permissions: - pull-requests: write outputs: - matrix: ${{ steps.extract-images.outputs.images }} + images: ${{ steps.extract-images.outputs.images }} steps: - - name: Setup Homebrew - uses: Homebrew/actions/setup-homebrew@master - - - name: Setup Workflow Tools - run: brew install jo yq - - name: Generate Token uses: actions/create-github-app-token@v1 id: app-token @@ -32,60 +24,93 @@ jobs: app-id: "${{ secrets.BOT_APP_ID }}" private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - - name: Checkout Default Branch + - name: Checkout uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" ref: "${{ github.event.repository.default_branch }}" - path: default - - - name: Checkout Pull Request Branch - uses: actions/checkout@v4 - with: - token: "${{ steps.app-token.outputs.token }}" - path: pull - - name: Gather Images in Default Branch + - name: Gather Images uses: docker://ghcr.io/allenporter/flux-local:v6.1.1 with: args: >- get cluster - --path /github/workspace/default/kubernetes/flux + --path ${{ github.workspace }}/kubernetes/flux --enable-images --output yaml - --output-file default.yaml + --output-file images.yaml - - name: Gather Images in Pull Request Branch + - name: Filter Images + shell: bash + run: | + yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \ + images.yaml > images.txt + + - name: Extract Images + id: extract-images + shell: bash + run: | + images=$(jq --compact-output --raw-input --null-input '[inputs]' images.txt) + echo "images=${images}" >> $GITHUB_OUTPUT + + pull-request-images: + name: Pull Request Images + runs-on: ubuntu-latest + outputs: + images: ${{ steps.extract-images.outputs.images }} + steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Checkout + uses: actions/checkout@v4 + with: + token: "${{ steps.app-token.outputs.token }}" + + - name: Gather Images uses: docker://ghcr.io/allenporter/flux-local:v6.1.1 with: args: >- get cluster - --path /github/workspace/pull/kubernetes/flux + --path ${{ github.workspace }}/kubernetes/flux --enable-images --output yaml - --output-file pull.yaml + --output-file images.yaml - - name: Filter Default Branch Results + - name: Filter Images shell: bash run: | yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \ - default.yaml > default.txt + images.yaml > images.txt - - name: Filter Pull Request Branch Results + - name: Extract Images + id: extract-images shell: bash run: | - yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \ - pull.yaml > pull.txt + images=$(jq --compact-output --raw-input --null-input '[inputs]' images.txt) + echo "images=${images}" >> $GITHUB_OUTPUT + extract-images: + name: Extract Images + runs-on: ubuntu-latest + needs: ["default-images", "pull-request-images"] + outputs: + matrix: ${{ steps.extract-images.outputs.images }} + steps: - name: Compare Default and Pull Request Images id: extract-images shell: bash run: | - images=$(jo -a $(grep -vf default.txt pull.txt)) + images=$(jq --compact-output --null-input \ + --argjson f1 '${{ needs.default-images.outputs.images }}' \ + --argjson f2 '${{ needs.pull-request-images.outputs.images }}' \ + '$f2 - $f1' \ + ) echo "images=${images}" >> $GITHUB_OUTPUT - echo "${images}" - echo "### Images" >> $GITHUB_STEP_SUMMARY - echo "${images}" | jq --raw-output 'to_entries[] | "* \(.value)"' >> $GITHUB_STEP_SUMMARY pre-pull-images: if: ${{ needs.extract-images.outputs.matrix != '[]' }} @@ -102,6 +127,7 @@ jobs: uses: Homebrew/actions/setup-homebrew@master - name: Setup Workflow Tools + shell: bash run: brew install siderolabs/tap/talosctl - name: Pre-pull Image