shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-10-03 01:00:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

🚀 update github workflows

Browse Source
This commit is contained in:
auricom
2022-12-21 02:55:23 +01:00
parent 764ea76bda
commit 773f1ad63b
199 changed files with 543 additions and 752 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
.github/workflows/helm-release-differ.yaml vendored
View File

@@ -1,89 +0,0 @@
---
name: "Helm Release Differ"
on: # yamllint disable-line rule:truthy
pull_request:
branches:
- main
paths:
- "cluster/**.yaml"
env:
# Currently no way to detect automatically
DEFAULT_BRANCH: main
BOT_USERNAME: "feisar-bot[bot]"
jobs:
detect-file-changes:
name: Detect File Changes
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Filter Helm Releases
uses: dorny/paths-filter@v2
id: filter
with:
list-files: json
filters: |
yaml:
- added|modified: "**/helm-release.yaml"
outputs:
yaml_files: ${{ steps.filter.outputs.yaml_files }}
helm-release-differ:
name: Helm Release Differ
runs-on: ubuntu-latest
needs: detect-file-changes
strategy:
matrix:
file: ${{ fromJSON(needs.detect-file-changes.outputs.yaml_files) }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Generate Token
uses: tibdex/github-app-token@v1
id: generate-token
with:
app_id: ${{ secrets.BOT_APP_ID }}
private_key: ${{ secrets.BOT_APP_PRIVATE_KEY }}
- name: Checkout default branch
uses: actions/checkout@v3
with:
ref: "${{ env.DEFAULT_BRANCH }}"
path: default
- name: Install Helm
uses: azure/setup-helm@v3
with:
version: latest
- name: Helm Release Differ
id: diff
run: |
diff=$(.github/scripts/helm-release-differ.sh --source-file "default/${{ matrix.file }}" --target-file "${{ matrix.file }}" --remove-common-labels)
echo "${diff}"
diff="${diff//'%'/'%25'}"
diff="${diff//$'\n'/'%0A'}"
diff="${diff//$'\r'/'%0D'}"
echo "::set-output name=diff::$(echo ${diff})"
- name: Find Comment
uses: peter-evans/find-comment@v2
id: find-comment
with:
issue-number: "${{ github.event.pull_request.number }}"
comment-author: "${{ env.BOT_USERNAME }}"
body-includes: "${{ matrix.file }}"
- name: Create or update comment
uses: peter-evans/create-or-update-comment@v2
with:
token: "${{ steps.generate-token.outputs.token }}"
comment-id: "${{ steps.find-comment.outputs.comment-id }}"
issue-number: "${{ github.event.pull_request.number }}"
body: "${{ steps.diff.outputs.diff }}"
edit-mode: replace

91
.github/workflows/helmrelease-diff.yaml vendored Normal file
View File

@@ -0,0 +1,91 @@
---
name: "HelmRelease Diff"
on:
pull_request:
branches: ["main"]
paths: ["kubernetes/**/helmrelease.yaml"]
env:
BOT_USERNAME: rosey-bot[bot]
KUBERNETES_DIR: kubernetes/
jobs:
changed-files:
name: Detect File Changes
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@0626c3f94002c0a9d7491dd7fed7055bbdff6f92 # v35.1.0
with:
json: true
files: |
kubernetes/**/helmrelease.yaml
- id: set-matrix
run: echo "matrix={\"file\":${{ steps.changed-files.outputs.all_changed_files }}}" >> "${GITHUB_OUTPUT}"
diff:
name: Diff on Helm Releases
runs-on: ubuntu-latest
needs: [changed-files]
strategy:
matrix: ${{ fromJSON(needs.changed-files.outputs.matrix) }}
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: Checkout default branch
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
with:
ref: ${{ github.event.repository.default_branch }}
path: default
- name: Generate Token
uses: tibdex/github-app-token@021a2405c7f990db57f5eae5397423dcc554159c # renovate: tag=v1.7.0
id: generate-token
with:
app_id: ${{ secrets.BOT_APP_ID }}
private_key: ${{ secrets.BOT_APP_PRIVATE_KEY }}
- name: Set up Homebrew
uses: Homebrew/actions/setup-homebrew@master
- name: Setup Tools
run: |
brew install helm homeport/tap/dyff kustomize yq
- name: Diff
id: diff
run: |
diff=$(npx zx ./.github/scripts/helmReleaseDiff.mjs \
--current-release "default/${{ matrix.file }}" \
--incoming-release "${{ matrix.file }}" \
--kubernetes-dir ${{ env.KUBERNETES_DIR }})
echo "diff<<EOF" >> "${GITHUB_OUTPUT}"
echo "${diff}" >> "${GITHUB_OUTPUT}"
echo "EOF" >> "${GITHUB_OUTPUT}"
- name: Find Comment
uses: peter-evans/find-comment@81e2da3af01c92f83cb927cf3ace0e085617c556 # v2.2.0
id: find-comment
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: ${{ env.BOT_USERNAME }}
body-includes: ${{ matrix.file }}
- name: Create or update comment
uses: peter-evans/create-or-update-comment@5adcb0bb0f9fb3f95ef05400558bdb3f329ee808 # renovate: tag=v2.1.0
with:
token: ${{ steps.generate-token.outputs.token }}
comment-id: ${{ steps.find-comment.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
body: |
Helm Release: `${{ matrix.file }}`
```
${{ steps.diff.outputs.diff }}
```
edit-mode: replace

38
.github/workflows/kubeconform.yaml vendored Normal file
View File

@@ -0,0 +1,38 @@
---
name: "Kubeconform"
on:
workflow_dispatch:
push:
branches: ["main"]
paths: ["kubernetes/**"]
pull_request:
branches: ["main"]
paths: ["kubernetes/**"]
env:
KUBERNETES_DIR: ./kubernetes
SCHEMA_DIR: /home/runner/.datree/crdSchemas
jobs:
kubeconform:
name: Kubeconform
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: Set up Homebrew
uses: Homebrew/actions/setup-homebrew@master
- name: Setup Tools
run: |
brew install fluxcd/tap/flux kubeconform kustomize
- name: Download CRDs
run: |
mkdir -p ${{ env.SCHEMA_DIR }}
flux pull artifact oci://ghcr.io/onedr0p/cluster-crds-oci:latest \
--output=${{ env.SCHEMA_DIR }}
- name: Run kubeconform
run: |
bash ./.github/scripts/kubeconform.sh ${{ env.KUBERNETES_DIR }} ${{ env.SCHEMA_DIR }}

16
.github/workflows/schedule-link-checker.yaml → .github/workflows/link-checker.yaml vendored
View File

@@ -1,6 +1,7 @@
name: "Schedule: Link Checker"
---
name: "Link Checker"
on: # yamllint disable-line rule:truthy
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * *"
@@ -11,31 +12,30 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: Generate Token
uses: tibdex/github-app-token@v1
uses: tibdex/github-app-token@021a2405c7f990db57f5eae5397423dcc554159c # renovate: tag=v1.7.0
id: generate-token
with:
app_id: "${{ secrets.BOT_APP_ID }}"
private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
- name: Link Checker
uses: lycheeverse/lychee-action@v1.5.4
uses: lycheeverse/lychee-action@4dcb8bee2a0a4531cba1a1f392c54e8375d6dd81 # renovate: tag=v1.5.4
id: lychee
env:
GITHUB_TOKEN: "${{ steps.generate-token.outputs.token }}"
- name: Find Link Checker Issue
id: link-checker-issue
uses: micalevisk/last-issue-action@v2
uses: micalevisk/last-issue-action@044e1cb7e9a4dde20e22969cb67818bfca0797be # renovate: tag=2.0.0
with:
state: open
labels: |
link-checker
- name: Update Issue
uses: peter-evans/create-issue-from-file@v4
uses: peter-evans/create-issue-from-file@433e51abf769039ee20ba1293a088ca19d573b7f # renovate: tag=v4.0.1
with:
title: Broken links detected in docs 🔗
issue-number: "${{ steps.link-checker-issue.outputs.issue-number }}"

67
.github/workflows/lint.yaml vendored
View File

@@ -1,67 +0,0 @@
---
name: "Lint"
on: # yamllint disable-line rule:truthy
workflow_dispatch:
pull_request:
branches:
- main
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
jobs:
build:
name: MegaLinter
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Generate Token
uses: tibdex/github-app-token@v1
id: generate-token
with:
app_id: "${{ secrets.BOT_APP_ID }}"
private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
- name: MegaLinter
uses: oxsecurity/megalinter@v6.15.0
env:
GITHUB_TOKEN: "${{ steps.generate-token.outputs.token }}"
PRINT_ALPACA: false
VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'workflow_dispatch' }}
ENABLE_LINTERS: |-
${{
join(
fromJSON('
[
"ACTION_ACTIONLINT",
"ANSIBLE_ANSIBLE_LINT",
"COPYPASTE_JSCPD",
"KUBERNETES_KUBEVAL",
"MARKDOWN_MARKDOWNLINT",
"REPOSITORY_GIT_DIFF",
"REPOSITORY_SECRETLINT",
"TERRAFORM_TERRAFORM_FMT",
"YAML_PRETTIER",
"YAML_YAMLLINT"
]
'),
','
)
}}
ANSIBLE_DIRECTORY: ansible
ANSIBLE_ANSIBLE_LINT_CONFIG_FILE: .ansible-lint
COPYPASTE_JSCPD_CONFIG_FILE: .github/linters/.jspcd.json
KUBERNETES_DIRECTORY: cluster
KUBERNETES_KUBEVAL_ARGUMENTS: --ignore-missing-schemas
KUBERNETES_KUBEVAL_FILTER_REGEX_INCLUDE: "(kubernetes)"
MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .github/linters/.markdownlint.yaml
MARKDOWN_MARKDOWNLINT_RULES_PATH: .github/
YAML_YAMLLINT_CONFIG_FILE: .github/linters/.yamllint.yaml
YAML_PRETTIER_CONFIG_FILE: .github/linters/.prettierrc.yaml
YAML_PRETTIER_FILTER_REGEX_EXCLUDE: "(.*\\.sops\\.ya?ml)"

34
.github/workflows/meta-label-size.yaml vendored
View File

@@ -1,34 +0,0 @@
---
name: "Meta: Label Size"
on: # yamllint disable-line rule:truthy
pull_request:
branches:
- main
jobs:
label-size:
name: Label Size
runs-on: ubuntu-latest
steps:
- name: Generate Token
uses: tibdex/github-app-token@v1
id: generate-token
with:
app_id: "${{ secrets.BOT_APP_ID }}"
private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
- name: Label Size
uses: pascalgn/size-label-action@v0.4.3
env:
GITHUB_TOKEN: "${{ steps.generate-token.outputs.token }}"
with:
sizes: >
{
"0": "XS",
"20": "S",
"50": "M",
"200": "L",
"800": "XL",
"2000": "XXL"
}

11
.github/workflows/meta-labeler.yml vendored
View File

@@ -1,10 +1,9 @@
---
name: "Meta: Labeler"
name: "Meta Labeler"
on: # yamllint disable-line rule:truthy
on:
pull_request:
branches:
- main
branches: ["main"]
jobs:
labeler:
@@ -12,14 +11,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Generate Token
uses: tibdex/github-app-token@v1
uses: tibdex/github-app-token@021a2405c7f990db57f5eae5397423dcc554159c # renovate: tag=v1.7.0
id: generate-token
with:
app_id: "${{ secrets.BOT_APP_ID }}"
private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
- name: Labeler
uses: actions/labeler@v4
uses: actions/labeler@5c7539237e04b714afd8ad9b4aed733815b9fab4 # renovate: tag=v4.0.2
with:
configuration-path: .github/labeler.yaml
repo-token: "${{ steps.generate-token.outputs.token }}"

17
.github/workflows/meta-sync-labels.yaml vendored
View File

@@ -1,12 +1,11 @@
name: "Meta: Sync labels"
---
name: "Meta Sync labels"
on: # yamllint disable-line rule:truthy
on:
workflow_dispatch:
push:
branches:
- main
paths:
- ".github/labels.yaml"
branches: ["main"]
paths: [".github/labels.yaml"]
jobs:
labels:
@@ -14,17 +13,17 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: Generate Token
uses: tibdex/github-app-token@v1
uses: tibdex/github-app-token@021a2405c7f990db57f5eae5397423dcc554159c # renovate: tag=v1.7.0
id: generate-token
with:
app_id: "${{ secrets.BOT_APP_ID }}"
private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
- name: Sync Labels
uses: EndBug/label-sync@v2
uses: EndBug/label-sync@da00f2c11fdb78e4fae44adac2fdd713778ea3e8 # renovate: tag=v2.3.2
with:
config-file: .github/labels.yaml
token: "${{ steps.generate-token.outputs.token }}"

14
.github/workflows/schedule-renovate.yaml → .github/workflows/renovate.yaml vendored
View File

@@ -1,6 +1,6 @@
name: "Schedule: Renovate"
name: "Renovate"
on: # yamllint disable-line rule:truthy
on:
workflow_dispatch:
inputs:
dryRun:
@@ -14,8 +14,7 @@ on: # yamllint disable-line rule:truthy
schedule:
- cron: "0 * * * *"
push:
branches:
- main
branches: ["main"]
paths:
- ".github/renovate.json5"
- ".github/renovate/**.json5"
@@ -31,10 +30,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: Generate Token
uses: tibdex/github-app-token@v1
uses: tibdex/github-app-token@021a2405c7f990db57f5eae5397423dcc554159c # renovate: tag=v1.7.0
id: generate-token
with:
app_id: "${{ secrets.BOT_APP_ID }}"
@@ -44,9 +43,8 @@ jobs:
run: |
echo "RENOVATE_DRY_RUN=${{ github.event.inputs.dryRun || env.RENOVATE_DRY_RUN }}" >> "${GITHUB_ENV}"
echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.LOG_LEVEL }}" >> "${GITHUB_ENV}"
- name: Renovate
uses: renovatebot/github-action@v34.66.1
uses: renovatebot/github-action@65207aa35d382e44f5152d0482bb5334139ecfc4 # v34.66.1
with:
configurationFile: "${{ env.RENOVATE_CONFIG_FILE }}"
token: "${{ steps.generate-token.outputs.token }}"