ci: update github workflows

2026-01-01 02:55:52 +01:00 · 2021-07-28 03:11:06 +02:00
parent 1588499c9f
commit b73ec1db7d
14 changed files with 303 additions and 127 deletions
--- a/.github/workflows/flux-schedule.yaml
+++ b/.github/workflows/flux-schedule.yaml
@@ -0,0 +1,44 @@
+---
+name: Schedule - Update Flux
+
+on: # yamllint disable-line rule:truthy
+  workflow_dispatch:
+  schedule:
+    - cron: "0 */12 * * *"
+
+jobs:
+  flux-upgrade:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 1
+
+      - name: Setup Flux CLI
+        uses: fluxcd/flux2/action@main
+
+      - name: Upgrade Flux
+        id: upgrade
+        run: |
+          UGLY_VERSION="$(flux -v)"
+          VERSION="v${UGLY_VERSION#*flux version }"
+          flux install --version="${VERSION}" \
+            --network-policy=false \
+            --export > ./cluster/base/flux-system/gotk-components.yaml
+          echo "::set-output name=flux_version::$VERSION"
+
+      - name: Create pull request for Flux upgrade
+        uses: peter-evans/create-pull-request@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          branch: "flux/upgrade-${{ steps.upgrade.outputs.flux_version }}"
+          delete-branch: true
+          title: "chore(deps): upgrade flux components to ${{ steps.upgrade.outputs.flux_version }}"
+          signoff: true
+          committer: "auricom <27022259+auricom@users.noreply.github.com>"
+          author: "auricom <27022259+auricom@users.noreply.github.com>"
+          assignees: "auricom"
+          commit-message: "chore(deps): upgrade flux components to ${{ steps.upgrade.outputs.flux_version }}"
+          body: |
+            Release notes: https://github.com/fluxcd/flux2/releases/tag/${{ steps.upgrade.outputs.flux_version }}
+          labels: flux/upgrade
--- a/.github/workflows/helmrelease-pr.yaml
+++ b/.github/workflows/helmrelease-pr.yaml
@@ -0,0 +1,124 @@
+---
+name: Create diff on updated Helm Releases
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "cluster/**.yaml"
+
+env:
+  conf_live_branch: main
+  conf_ignore_known_labels_containing_versions: true
+
+jobs:
+  changes:
+    name: Detect changes
+    runs-on: ubuntu-20.04
+    outputs:
+      files: "${{ steps.extract.outputs.files }}"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Get changes
+        uses: dorny/paths-filter@v2
+        id: filter
+        with:
+          list-files: shell
+          filters: |
+            changed:
+              - '**'
+      - name: Keep HelmReleases only
+        id: extract
+        run: |
+          filtered=$(grep -zl "kind: HelmRelease.*registryUrl=" ${{ steps.filter.outputs.changed_files }} \
+            | jq -nR '[inputs | select(length>0)]')
+          echo ::set-output name=files::${filtered}
+
+  helm:
+    name: Template HelmReleases
+    runs-on: ubuntu-20.04
+    if: ${{ needs.changes.outputs.files != '[]' }}
+    needs:
+      - changes
+    strategy:
+      matrix:
+        file: ${{ fromJson(needs.changes.outputs.files) }}
+      fail-fast: false
+    steps:
+      - name: Setup Kubernetes Tools
+        uses: yokawasa/action-setup-kube-tools@v0.7.1
+        with:
+          setup-tools: |
+            helmv3
+            yq
+      - name: Checkout live branch
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ env.conf_live_branch }}
+          path: live
+      - name: Checkout PR branch
+        uses: actions/checkout@v2
+        with:
+          path: pr
+      - name: Create diff
+        id: diff
+        run: |
+          hr_live_url=$(sed -nr 's|.*registryUrl=(.+)$|\1|p' live/${{ matrix.file }})
+          hr_live_chart=$(yq e .spec.chart.spec.chart live/${{ matrix.file }})
+          hr_live_version=$(yq e .spec.chart.spec.version live/${{ matrix.file }})
+          hr_live_values=$(yq e .spec.values live/${{ matrix.file }})
+          hr_pr_url=$(sed -nr 's|.*registryUrl=(.+)$|\1|p' pr/${{ matrix.file }})
+          hr_pr_chart=$(yq e .spec.chart.spec.chart pr/${{ matrix.file }})
+          hr_pr_version=$(yq e .spec.chart.spec.version pr/${{ matrix.file }})
+          hr_pr_values=$(yq e .spec.values pr/${{ matrix.file }})
+          helm repo add live "$hr_live_url"
+          helm repo add pr "$hr_pr_url"
+          resources_live=$(echo "$hr_live_values" | \
+            helm template "$hr_live_chart" \
+            live/"$hr_live_chart" \
+            --version "$hr_live_version" -f - || true)
+          echo "$resources_live"
+          echo "#####################################################"
+          resources_pr=$(echo "$hr_pr_values" | \
+            helm template "$hr_pr_chart" \
+            pr/"$hr_pr_chart" \
+            --version "$hr_pr_version" -f -)
+          echo "$resources_pr"
+          echo "#####################################################"
+          if [ "$conf_ignore_known_labels_containing_versions" = "true" ]; then
+            labels='.metadata.labels."helm.sh/chart"'
+            labels+=',.metadata.labels.chart'
+            labels+=',.metadata.labels."app.kubernetes.io/version"'
+            labels+=',.spec.template.metadata.labels."helm.sh/chart"'
+            labels+=',.spec.template.metadata.labels.chart'
+            labels+=',.spec.template.metadata.labels."app.kubernetes.io/version"'
+            resources_live=$(echo "$resources_live" | yq e "del($labels)" -)
+            resources_pr=$(echo "$resources_pr" | yq e "del($labels)" -)
+          fi
+          diff=$((diff -u <(echo "$resources_live") <(echo "$resources_pr") || true) | tail +3)
+          echo "$diff"
+          message="Path: \`${{ matrix.file }}\`"
+          if [ "$hr_live_chart" != "$hr_pr_chart" ]; then
+            message="$message"$'\n'"Chart: \`$hr_live_chart\` -> \`$hr_pr_chart\`"
+          fi
+          if [ "$hr_live_version" != "$hr_pr_version" ]; then
+            message="$message"$'\n'"Version: \`$hr_live_version\` -> \`$hr_pr_version\`"
+          fi
+          if [ "$hr_live_url" != "$hr_pr_url" ]; then
+            message="$message"$'\n'"Repo: \`$hr_live_url\` -> \`$hr_pr_url\`"
+          fi
+          message="$message"$'\n'$'\n'
+          if [ -z "$diff" ]; then
+            message="$message"'```'$'\n'"No changes in detected in resources"$'\n''```'
+          else
+            message="$message"'```diff'$'\n'"$diff"$'\n''```'
+          fi
+          echo "::set-output name=message::$(echo "$message" | jq --raw-input --slurp)"
+
+      - name: Create comment
+        uses: peter-evans/create-or-update-comment@v1
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          body: "${{ fromJSON(steps.diff.outputs.message) }}"
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -0,0 +1,32 @@
+---
+name: Lint
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+
+jobs:
+  yamllint:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+      - name: yamllint
+        uses: reviewdog/action-yamllint@v1
+        with:
+          yamllint_flags: "-c .github/lint/.yamllint.yaml ./cluster"
+  shellcheck:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+      # - name: shellcheck
+      #   uses: reviewdog/action-shellcheck@v1
+      #   with:
+      #     path: "./hack"
+      #     level: "error"
+  markdownlint:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+      - name: markdownlint
+        uses: reviewdog/action-markdownlint@v0.2
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/renovate-annotations.yaml
+++ b/.github/workflows/renovate-annotations.yaml
@@ -1,12 +1,13 @@
-name: renovate-annotations
+---
+name: Schedule - Renovate Helm Releases

-on:
+on: # yamllint disable-line rule:truthy
  workflow_dispatch:
  schedule:
-    - cron: "15 * * * *"
+    - cron: "0 */12 * * *"

 jobs:
-  renovate-helmrelease:
+  renovate-helm-releases:
    runs-on: ubuntu-20.04
    steps:
      - uses: actions/checkout@v2
@@ -19,7 +20,7 @@ jobs:
        with:
          cluster-path: "./cluster"

-      - name: Create pull request for HelmRelease annotations
+      - name: Create pull request for renovatebot helm-release annotations
        uses: peter-evans/create-pull-request@v3
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
@@ -27,8 +28,8 @@ jobs:
          delete-branch: true
          title: "chore(deps): update renovate annotations"
          signoff: true
-          committer: "Auricom <auricom@users.noreply.github.com>"
-          author: "Auricom <auricom@users.noreply.github.com>"
+          committer: "auricom <27022259+auricom@users.noreply.github.com>"
+          author: "auricom <27022259+auricom@users.noreply.github.com>"
          assignees: "auricom"
          commit-message: "chore(deps): update renovate annotations"
          body: |
--- a/.github/workflows/update-flux.yaml
+++ b/.github/workflows/update-flux.yaml
@@ -1,43 +0,0 @@
-name: update-flux
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "0 12 * * *"
-
-jobs:
-  flux-update:
-    runs-on: ubuntu-20.04
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          fetch-depth: 1
-
-      - name: Setup Flux CLI
-        uses: fluxcd/flux2/action@main
-
-      - name: Update Flux components
-        id: update
-        run: |
-          CLI_VERSION="$(flux -v)"
-          VERSION="v${CLI_VERSION#*flux version }"
-          flux install --version="${VERSION}" \
-            --network-policy=false \
-            --export > ./cluster/base/flux-system/gotk-components.yaml
-          echo "::set-output name=flux_version::$VERSION"
-
-      - name: Create pull request for Flux update
-        uses: peter-evans/create-pull-request@v3
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          branch: "flux/update-${{ steps.update.outputs.flux_version }}"
-          delete-branch: true
-          title: "chore(deps): update flux components to ${{ steps.update.outputs.flux_version }} [ci-skip]"
-          signoff: true
-          committer: "Auricom <auricom@users.noreply.github.com>"
-          author: "Auricom <auricom@users.noreply.github.com>"
-          assignees: "auricom"
-          commit-message: "chore(deps): update flux components to ${{ steps.update.outputs.flux_version }} [ci-skip]"
-          body: |
-            Release notes: https://github.com/fluxcd/flux2/releases/tag/${{ steps.update.outputs.flux_version }}
-          labels: flux/update