♻️ rename github-releases job

kubernetes/apps/default/pushover-notifier/github-releases/config/config.yaml

@@ -0,0 +1,2 @@
+repositories:
+  - siderolabs/talos

kubernetes/apps/default/pushover-notifier/github-releases/config/script.py

@@ -0,0 +1,79 @@
+import os
+import requests
+import yaml
+import psycopg2
+from psycopg2 import sql
+from datetime import datetime
+
+# Load configuration file
+with open("config.yaml", "r") as config_file:
+    config = yaml.safe_load(config_file)
+
+# Pushover credentials
+PUSHOVER_API_URL = "https://api.pushover.net/1/messages.json"
+PUSHOVER_API_TOKEN = os.environ["PUSHOVER_API_TOKEN"]
+PUSHOVER_USER_KEY = os.environ["PUSHOVER_USER_KEY"]
+
+# PostgreSQL connection
+conn = psycopg2.connect(
+    dbname=os.environ["POSTGRES_DB"],
+    user=os.environ["POSTGRES_USER"],
+    password=os.environ["POSTGRES_PASS"],
+    host=os.environ["POSTGRES_HOST"],
+    port=os.environ.get("POSTGRES_PORT", "5432"),
+)
+
+# Create table if not exists
+def create_table():
+    with conn.cursor() as cursor:
+        cursor.execute("""
+        CREATE TABLE IF NOT EXISTS release_tracker (
+            repo_name VARCHAR(255) PRIMARY KEY,
+            latest_release VARCHAR(255),
+            release_date TIMESTAMP
+        )
+        """)
+        conn.commit()
+
+# Check for new release
+def check_new_release(repo_name):
+    response = requests.get(f"https://api.github.com/repos/{repo_name}/releases/latest")
+    response.raise_for_status()
+    release_data = response.json()
+    return release_data["tag_name"], release_data["published_at"]
+
+# Send pushover notification
+def send_pushover_notification(repo_name, tag_name):
+    payload = {
+        "token": PUSHOVER_API_TOKEN,
+        "user": PUSHOVER_USER_KEY,
+        "message": f"New stable release {tag_name} for repository {repo_name} is available."
+    }
+    response = requests.post(PUSHOVER_API_URL, data=payload)
+    response.raise_for_status()
+
+# Main function
+def main():
+    create_table()
+    for repo_name in config["repositories"]:
+        latest_tag, release_date = check_new_release(repo_name)
+        release_date = datetime.strptime(release_date, "%Y-%m-%dT%H:%M:%SZ")
+
+        with conn.cursor() as cursor:
+            cursor.execute("""
+            INSERT INTO release_tracker (repo_name, latest_release, release_date)
+            VALUES (%s, %s, %s)
+            ON CONFLICT (repo_name) DO UPDATE
+            SET latest_release = EXCLUDED.latest_release,
+                release_date = EXCLUDED.release_date
+            WHERE EXCLUDED.release_date > release_tracker.release_date
+            RETURNING *
+            """, (repo_name, latest_tag, release_date))
+            result = cursor.fetchone()
+            conn.commit()
+
+            if result:
+                send_pushover_notification(repo_name, latest_tag)
+
+if __name__ == "__main__":
+    main()

kubernetes/apps/default/pushover-notifier/github-releases/helmrelease.yaml

@@ -0,0 +1,69 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app pushover-notifier-github-releases
+  namespace: default
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.3.2
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  maxHistory: 3
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    controller:
+      type: cronjob
+      cronjob:
+        concurrencyPolicy: Forbid
+        schedule: "23 */3 * * *"
+    image:
+      repository: ghcr.io/auricom/python
+      tag: rolling@sha256:7bd5bf78236f5e7e0cc61b87e0dbd745bdc3588e3555b811960624930b9799f0
+    command:
+      - python
+      - /app/script.py
+    service:
+      main:
+        enabled: false
+    env:
+      POSTGRES_HOST: ${POSTGRES_HOST}
+    envFrom:
+      - secretRef:
+          name: pushover-notifier-github-releases-secret
+    podAnnotations:
+      reloader.stakater.com/auto: "true"
+    resources:
+      requests:
+        cpu: 50m
+        memory: 250Mi
+      limits:
+        memory: 250Mi
+    persistence:
+      config:
+        enabled: true
+        type: configMap
+        name: pushover-notifier-github-releases-configmap
+        mountPath: /app/config.yaml
+        subPath: config.yaml
+      script:
+        enabled: true
+        type: configMap
+        name: pushover-notifier-github-releases-configmap
+        mountPath: /app/script.py
+        subPath: script.py

kubernetes/apps/default/pushover-notifier/github-releases/kustomization.yaml

@@ -0,0 +1,17 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+  - ./helmrelease.yaml
+  - ./secret.sops.yaml
+patchesStrategicMerge:
+  - ./patches/postgres.yaml
+configMapGenerator:
+  - name: pushover-notifier-github-releases-configmap
+    files:
+      - ./config/config.yaml
+      - ./config/script.py
+generatorOptions:
+  disableNameSuffixHash: true

kubernetes/apps/default/pushover-notifier/github-releases/patches/postgres.yaml

@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: pushover-notifier-github-releases
+  namespace: default
+spec:
+  values:
+    initContainers:
+      init-db:
+        image: ghcr.io/onedr0p/postgres-initdb:14.7
+        env:
+          - name: POSTGRES_HOST
+            value: ${POSTGRES_HOST}
+          - name: POSTGRES_SUPER_PASS
+            valueFrom:
+              secretKeyRef:
+                name: postgres-superuser
+                key: password
+        envFrom:
+          - secretRef:
+              name: pushover-notifier-github-releases-secret

kubernetes/apps/default/pushover-notifier/github-releases/secret.sops.yaml

@@ -0,0 +1,33 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+    name: pushover-notifier-github-releases-secret
+    namespace: default
+type: Opaque
+stringData:
+    POSTGRES_DB: ENC[AES256_GCM,data:TnN+0+oj8dnOfK4cLhG7X92uSKnQXYG8,iv:OhJfVcPs7abVQSkVdXfFz/Fquoo5RxJ/Wc3oiV4Bt6s=,tag:fIKiwnzjvmxa8MDMkUQBdw==,type:str]
+    POSTGRES_USER: ENC[AES256_GCM,data:bVUPMIrL2WLRdwJvraggsxv3NE6PN9KH,iv:k2+xPOalt7Qy/HQSA5TnRcUVWKxiuEAXsAdFMGZaajc=,tag:75ijQQTliXZrOu4gGPEHTw==,type:str]
+    POSTGRES_PASS: ENC[AES256_GCM,data:HifiMzAawK0mls6hrE58j2c23lc=,iv:O59tbU+JN4LAfuhLo+4y+AJx7ZrTPWPxPX9QtGLFvYQ=,tag:xtdaVNj6D0Wr/Ven+p8tJg==,type:str]
+    PUSHOVER_API_TOKEN: ENC[AES256_GCM,data:3L6WwMNDFwmlOr5fqjvcAAZDzqkC+amE5YLdNVfR,iv:VHAadcQN5Ymr5iH9zZ5rZ5OLvYwe5HDuTQMLfQhIPnA=,tag:EdyCcoDrh8NvbzN3UnCInw==,type:str]
+    PUSHOVER_USER_KEY: ENC[AES256_GCM,data:zgoGVo8k7xjuT0+W5AyAkGtJpmTkplW3wmAWqZrY,iv:8ZYZT1I7EOK2mfvjSY+4RfRHQeczYmxihfDHcjRpUSI=,tag:Vkq+ny1eVmAOHmBiAutuNg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2
+            bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC
+            VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw
+            OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+
+            LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-03-18T13:42:19Z"
+    mac: ENC[AES256_GCM,data:1qGdFDmCJw2rnKQfhLbx/qENNRGKBQnW/r+/xWtrSTFX3qM8L7EK/qqStyfXYiNdxYa7EkvmwzXde7zCMm3kEnfVo3oPjkz30ZR4yEN2dHHfHvaop+b8BtpU9jBi3cDMn3R/jpTjUltVzU/nJjH/ezFzSrnOwKcvlFxOsD2TBvs=,iv:igCtiZAzdpK4k3bmMTT6LFbjZu7wk/9t5JZOTvqgHUg=,tag:7fCVE3/wv3rgXWHb+6wPhg==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3