ci: update github workflows

2025-09-17 18:24:14 +02:00 · 2021-07-28 03:11:06 +02:00
parent 1588499c9f
commit b73ec1db7d
14 changed files with 303 additions and 127 deletions
--- a/.github/lint/.markdownlint.yaml
+++ b/.github/lint/.markdownlint.yaml
@@ -0,0 +1,35 @@
+---
+default: true
+
+# MD013/line-length - Line length
+MD013:
+  # Number of characters
+  line_length: 120
+  # Number of characters for headings
+  heading_line_length: 80
+  # Number of characters for code blocks
+  code_block_line_length: 80
+  # Include code blocks
+  code_blocks: true
+  # Include tables
+  tables: true
+  # Include headings
+  headings: true
+  # Include headers
+  headers: true
+  # Strict length checking
+  strict: false
+  # Stern length checking
+  stern: false
+
+# MD026/no-trailing-punctuation - Trailing punctuation in heading
+MD026:
+  # Punctuation characters
+  punctuation: "："
+
+# MD033/no-inline-html - Inline HTML
+MD033:
+  # Allowed elements
+  allowed_elements:
+    - br
+    - img
--- a/.github/lint/.prettierignore
+++ b/.github/lint/.prettierignore
@@ -0,0 +1,6 @@
+.private
+.vscode
+ansible
+*.enc.yaml
+*.sops.yml
+gotk-components.yaml
--- a/.github/lint/.prettierrc.yaml
+++ b/.github/lint/.prettierrc.yaml
@@ -0,0 +1,5 @@
+---
+trailingComma: "es5"
+tabWidth: 2
+semi: false
+singleQuote: false
--- a/.github/yamllint.config.yaml
+++ b/.github/yamllint.config.yaml
@@ -1,14 +1,15 @@
+---
 ignore: |
-  .yamllint.yml
-  .github/
-  server/ansible
-  ignore/
-  secrets/
-  *-crds.yaml
+  .private/
+  .vscode/
+  ansible/
+  *.enc.yaml
+  *.sops.yml
+  gotk-components.yaml
 extends: default
 rules:
  truthy:
-    allowed-values: ['true', 'false', 'on', 'yes']
+    allowed-values: ["true", "false", "on"]
  comments:
    min-spaces-from-content: 1
  line-length: disable
@@ -18,6 +19,4 @@ rules:
  brackets:
    min-spaces-inside: 0
    max-spaces-inside: 0
-  indentation:
-    spaces: 2
-    indent-sequences: consistent
+  indentation: enable
--- a/.github/workflows/flux-schedule.yaml
+++ b/.github/workflows/flux-schedule.yaml
@@ -0,0 +1,44 @@
+---
+name: Schedule - Update Flux
+
+on: # yamllint disable-line rule:truthy
+  workflow_dispatch:
+  schedule:
+    - cron: "0 */12 * * *"
+
+jobs:
+  flux-upgrade:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 1
+
+      - name: Setup Flux CLI
+        uses: fluxcd/flux2/action@main
+
+      - name: Upgrade Flux
+        id: upgrade
+        run: |
+          UGLY_VERSION="$(flux -v)"
+          VERSION="v${UGLY_VERSION#*flux version }"
+          flux install --version="${VERSION}" \
+            --network-policy=false \
+            --export > ./cluster/base/flux-system/gotk-components.yaml
+          echo "::set-output name=flux_version::$VERSION"
+
+      - name: Create pull request for Flux upgrade
+        uses: peter-evans/create-pull-request@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          branch: "flux/upgrade-${{ steps.upgrade.outputs.flux_version }}"
+          delete-branch: true
+          title: "chore(deps): upgrade flux components to ${{ steps.upgrade.outputs.flux_version }}"
+          signoff: true
+          committer: "auricom <27022259+auricom@users.noreply.github.com>"
+          author: "auricom <27022259+auricom@users.noreply.github.com>"
+          assignees: "auricom"
+          commit-message: "chore(deps): upgrade flux components to ${{ steps.upgrade.outputs.flux_version }}"
+          body: |
+            Release notes: https://github.com/fluxcd/flux2/releases/tag/${{ steps.upgrade.outputs.flux_version }}
+          labels: flux/upgrade
--- a/.github/workflows/helmrelease-pr.yaml
+++ b/.github/workflows/helmrelease-pr.yaml
@@ -0,0 +1,124 @@
+---
+name: Create diff on updated Helm Releases
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "cluster/**.yaml"
+
+env:
+  conf_live_branch: main
+  conf_ignore_known_labels_containing_versions: true
+
+jobs:
+  changes:
+    name: Detect changes
+    runs-on: ubuntu-20.04
+    outputs:
+      files: "${{ steps.extract.outputs.files }}"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Get changes
+        uses: dorny/paths-filter@v2
+        id: filter
+        with:
+          list-files: shell
+          filters: |
+            changed:
+              - '**'
+      - name: Keep HelmReleases only
+        id: extract
+        run: |
+          filtered=$(grep -zl "kind: HelmRelease.*registryUrl=" ${{ steps.filter.outputs.changed_files }} \
+            | jq -nR '[inputs | select(length>0)]')
+          echo ::set-output name=files::${filtered}
+
+  helm:
+    name: Template HelmReleases
+    runs-on: ubuntu-20.04
+    if: ${{ needs.changes.outputs.files != '[]' }}
+    needs:
+      - changes
+    strategy:
+      matrix:
+        file: ${{ fromJson(needs.changes.outputs.files) }}
+      fail-fast: false
+    steps:
+      - name: Setup Kubernetes Tools
+        uses: yokawasa/action-setup-kube-tools@v0.7.1
+        with:
+          setup-tools: |
+            helmv3
+            yq
+      - name: Checkout live branch
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ env.conf_live_branch }}
+          path: live
+      - name: Checkout PR branch
+        uses: actions/checkout@v2
+        with:
+          path: pr
+      - name: Create diff
+        id: diff
+        run: |
+          hr_live_url=$(sed -nr 's|.*registryUrl=(.+)$|\1|p' live/${{ matrix.file }})
+          hr_live_chart=$(yq e .spec.chart.spec.chart live/${{ matrix.file }})
+          hr_live_version=$(yq e .spec.chart.spec.version live/${{ matrix.file }})
+          hr_live_values=$(yq e .spec.values live/${{ matrix.file }})
+          hr_pr_url=$(sed -nr 's|.*registryUrl=(.+)$|\1|p' pr/${{ matrix.file }})
+          hr_pr_chart=$(yq e .spec.chart.spec.chart pr/${{ matrix.file }})
+          hr_pr_version=$(yq e .spec.chart.spec.version pr/${{ matrix.file }})
+          hr_pr_values=$(yq e .spec.values pr/${{ matrix.file }})
+          helm repo add live "$hr_live_url"
+          helm repo add pr "$hr_pr_url"
+          resources_live=$(echo "$hr_live_values" | \
+            helm template "$hr_live_chart" \
+            live/"$hr_live_chart" \
+            --version "$hr_live_version" -f - || true)
+          echo "$resources_live"
+          echo "#####################################################"
+          resources_pr=$(echo "$hr_pr_values" | \
+            helm template "$hr_pr_chart" \
+            pr/"$hr_pr_chart" \
+            --version "$hr_pr_version" -f -)
+          echo "$resources_pr"
+          echo "#####################################################"
+          if [ "$conf_ignore_known_labels_containing_versions" = "true" ]; then
+            labels='.metadata.labels."helm.sh/chart"'
+            labels+=',.metadata.labels.chart'
+            labels+=',.metadata.labels."app.kubernetes.io/version"'
+            labels+=',.spec.template.metadata.labels."helm.sh/chart"'
+            labels+=',.spec.template.metadata.labels.chart'
+            labels+=',.spec.template.metadata.labels."app.kubernetes.io/version"'
+            resources_live=$(echo "$resources_live" | yq e "del($labels)" -)
+            resources_pr=$(echo "$resources_pr" | yq e "del($labels)" -)
+          fi
+          diff=$((diff -u <(echo "$resources_live") <(echo "$resources_pr") || true) | tail +3)
+          echo "$diff"
+          message="Path: \`${{ matrix.file }}\`"
+          if [ "$hr_live_chart" != "$hr_pr_chart" ]; then
+            message="$message"$'\n'"Chart: \`$hr_live_chart\` -> \`$hr_pr_chart\`"
+          fi
+          if [ "$hr_live_version" != "$hr_pr_version" ]; then
+            message="$message"$'\n'"Version: \`$hr_live_version\` -> \`$hr_pr_version\`"
+          fi
+          if [ "$hr_live_url" != "$hr_pr_url" ]; then
+            message="$message"$'\n'"Repo: \`$hr_live_url\` -> \`$hr_pr_url\`"
+          fi
+          message="$message"$'\n'$'\n'
+          if [ -z "$diff" ]; then
+            message="$message"'```'$'\n'"No changes in detected in resources"$'\n''```'
+          else
+            message="$message"'```diff'$'\n'"$diff"$'\n''```'
+          fi
+          echo "::set-output name=message::$(echo "$message" | jq --raw-input --slurp)"
+
+      - name: Create comment
+        uses: peter-evans/create-or-update-comment@v1
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          body: "${{ fromJSON(steps.diff.outputs.message) }}"
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -0,0 +1,32 @@
+---
+name: Lint
+
+on: # yamllint disable-line rule:truthy
+  pull_request:
+
+jobs:
+  yamllint:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+      - name: yamllint
+        uses: reviewdog/action-yamllint@v1
+        with:
+          yamllint_flags: "-c .github/lint/.yamllint.yaml ./cluster"
+  shellcheck:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+      # - name: shellcheck
+      #   uses: reviewdog/action-shellcheck@v1
+      #   with:
+      #     path: "./hack"
+      #     level: "error"
+  markdownlint:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+      - name: markdownlint
+        uses: reviewdog/action-markdownlint@v0.2
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/renovate-annotations.yaml
+++ b/.github/workflows/renovate-annotations.yaml
@@ -1,12 +1,13 @@
-name: renovate-annotations
+---
+name: Schedule - Renovate Helm Releases

-on:
+on: # yamllint disable-line rule:truthy
  workflow_dispatch:
  schedule:
-    - cron: "15 * * * *"
+    - cron: "0 */12 * * *"

 jobs:
-  renovate-helmrelease:
+  renovate-helm-releases:
    runs-on: ubuntu-20.04
    steps:
      - uses: actions/checkout@v2
@@ -19,7 +20,7 @@ jobs:
        with:
          cluster-path: "./cluster"

-      - name: Create pull request for HelmRelease annotations
+      - name: Create pull request for renovatebot helm-release annotations
        uses: peter-evans/create-pull-request@v3
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
@@ -27,8 +28,8 @@ jobs:
          delete-branch: true
          title: "chore(deps): update renovate annotations"
          signoff: true
-          committer: "Auricom <auricom@users.noreply.github.com>"
-          author: "Auricom <auricom@users.noreply.github.com>"
+          committer: "auricom <27022259+auricom@users.noreply.github.com>"
+          author: "auricom <27022259+auricom@users.noreply.github.com>"
          assignees: "auricom"
          commit-message: "chore(deps): update renovate annotations"
          body: |
--- a/.github/workflows/update-flux.yaml
+++ b/.github/workflows/update-flux.yaml
@@ -1,43 +0,0 @@
-name: update-flux
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "0 12 * * *"
-
-jobs:
-  flux-update:
-    runs-on: ubuntu-20.04
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          fetch-depth: 1
-
-      - name: Setup Flux CLI
-        uses: fluxcd/flux2/action@main
-
-      - name: Update Flux components
-        id: update
-        run: |
-          CLI_VERSION="$(flux -v)"
-          VERSION="v${CLI_VERSION#*flux version }"
-          flux install --version="${VERSION}" \
-            --network-policy=false \
-            --export > ./cluster/base/flux-system/gotk-components.yaml
-          echo "::set-output name=flux_version::$VERSION"
-
-      - name: Create pull request for Flux update
-        uses: peter-evans/create-pull-request@v3
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          branch: "flux/update-${{ steps.update.outputs.flux_version }}"
-          delete-branch: true
-          title: "chore(deps): update flux components to ${{ steps.update.outputs.flux_version }} [ci-skip]"
-          signoff: true
-          committer: "Auricom <auricom@users.noreply.github.com>"
-          author: "Auricom <auricom@users.noreply.github.com>"
-          assignees: "auricom"
-          commit-message: "chore(deps): update flux components to ${{ steps.update.outputs.flux_version }} [ci-skip]"
-          body: |
-            Release notes: https://github.com/fluxcd/flux2/releases/tag/${{ steps.update.outputs.flux_version }}
-          labels: flux/update
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -3,36 +3,29 @@
 # See https://pre-commit.com/hooks.html for more hooks
 fail_fast: false
 repos:
-  - repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook
-    rev: v5.0.0
-    hooks:
-      - id: commitlint
-        stages: [commit-msg]
-        additional_dependencies: ['@commitlint/config-angular']
  - repo: https://github.com/adrienverge/yamllint.git
    rev: v1.26.1
    hooks:
      - id: yamllint
        args:
-          - -c
-          - ".github/yamllint.config.yaml"
+          - --config-file
+          - .github/lint/.yamllint.yaml
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.0.1
    hooks:
      - id: trailing-whitespace
-      - id: check-added-large-files
-        args: [--maxkb=2048]
-      - id: check-merge-conflict
+      - id: end-of-file-fixer
+      - id: mixed-line-ending
  - repo: https://github.com/Lucas-C/pre-commit-hooks
    rev: v1.1.10
    hooks:
      - id: forbid-crlf
      - id: forbid-tabs
-  - repo: https://github.com/jumanjihouse/pre-commit-hooks
-    rev: 2.1.5
+  - repo: https://github.com/Lucas-C/pre-commit-hooks
+    rev: v1.1.10
    hooks:
-      - id: shellcheck
-        args: [--severity=error]
+      - id: remove-crlf
+      - id: remove-tabs
  - repo: https://github.com/sirosen/fix-smartquotes
    rev: 0.2.0
    hooks:
@@ -41,3 +34,10 @@ repos:
    rev: v2.0.3
    hooks:
      - id: forbid-secrets
+  - repo: https://github.com/igorshubovych/markdownlint-cli
+    rev: v0.28.1
+    hooks:
+      - id: markdownlint
+        args:
+          - --config
+          - ".github/lint/.markdownlint.yaml"
--- a/.taskfiles/ansible.yml
+++ b/.taskfiles/ansible.yml
@@ -1,35 +0,0 @@
---
-version: "3"
-
-env:
-  ANSIBLE_CONFIG: "{{.PROJECT_DIR}}/server/ansible/ansible.cfg"
-
-vars:
-  ANSIBLE_PLAYBOOK_DIR: "{{.ANSIBLE_DIR}}/playbooks"
-  ANSIBLE_INVENTORY_DIR: "{{.ANSIBLE_DIR}}/inventory"
-  ANSIBLE_GROUPS: "master-nodes:worker-nodes"
-
-tasks:
-  ping:
-    desc: Ping all the k3s nodes
-    cmds:
-      - "ansible {{.ANSIBLE_GROUPS}} -i {{.ANSIBLE_INVENTORY_DIR}}/home-cluster/hosts.yml --one-line -m ping"
-    silent: true
-
-  list:
-    desc: List all the k3s nodes
-    cmds:
-      - "ansible {{.ANSIBLE_GROUPS}} -i {{.ANSIBLE_INVENTORY_DIR}}/home-cluster/hosts.yml --list-hosts"
-    silent: true
-
-  upgrade:
-    desc: Upgrade all the k3s node's operating system
-    cmds:
-      - "ansible-playbook -i {{.ANSIBLE_INVENTORY_DIR}}/home-cluster/hosts.yml {{.ANSIBLE_PLAYBOOK_DIR}}/ubuntu/upgrade.yml"
-    silent: true
-
-  reboot:
-    desc: Reboot all the k3s nodes
-    cmds:
-      - "ansible {{.ANSIBLE_GROUPS}} -i {{.ANSIBLE_INVENTORY_DIR}}/home-cluster/hosts.yml -m reboot"
-    silent: true
--- a/.taskfiles/linux/deps.yml
+++ b/.taskfiles/linux/deps.yml
@@ -1,8 +0,0 @@
---
-version: "3"
-
-tasks:
-  default:
-    cmds:
-      - task -l
-    silent: true
--- a/README.md
+++ b/README.md
@@ -1,8 +1,10 @@
-<img src="https://camo.githubusercontent.com/5b298bf6b0596795602bd771c5bddbb963e83e0f/68747470733a2f2f692e696d6775722e636f6d2f7031527a586a512e706e67" align="left" width="144px" height="144px"/>
+# README.md

-### My home Kubernetes cluster :sailboat:
+<img align="left" width="144px" height="144px" src="https://camo.githubusercontent.com/5b298bf6b0596795602bd771c5bddbb963e83e0f/68747470733a2f2f692e696d6775722e636f6d2f7031527a586a512e706e67"/>

-_... managed by Flux and serviced with RenovateBot_ :robot:
+## My home Kubernetes cluster :sailboat:
+
+... managed with Flux and Renovate :robot:

 <br/>
 <br/>
@@ -13,7 +15,7 @@ _... managed by Flux and serviced with RenovateBot_ :robot:
 [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white&style=for-the-badge)](https://github.com/pre-commit/pre-commit)
 [![renovate](https://img.shields.io/badge/renovate-enabled-success?style=for-the-badge&logo=data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjUgNSAzNzAgMzcwIj48Y2lyY2xlIGN4PSIxODkiIGN5PSIxOTAiIHI9IjE4NCIgZmlsbD0iI2ZlMiIvPjxwYXRoIGZpbGw9IiM4YmIiIGQ9Ik0yNTEgMjU2bC0zOC0zOGExNyAxNyAwIDAxMC0yNGw1Ni01NmMyLTIgMi02IDAtN2wtMjAtMjFhNSA1IDAgMDAtNyAwbC0xMyAxMi05LTggMTMtMTNhMTcgMTcgMCAwMTI0IDBsMjEgMjFjNyA3IDcgMTcgMCAyNGwtNTYgNTdhNSA1IDAgMDAwIDdsMzggMzh6Ii8+PHBhdGggZmlsbD0iI2Q1MSIgZD0iTTMwMCAyODhsLTggOGMtNCA0LTExIDQtMTYgMGwtNDYtNDZjLTUtNS01LTEyIDAtMTZsOC04YzQtNCAxMS00IDE1IDBsNDcgNDdjNCA0IDQgMTEgMCAxNXoiLz48cGF0aCBmaWxsPSIjYjMwIiBkPSJNMjg1IDI1OGw3IDdjNCA0IDQgMTEgMCAxNWwtOCA4Yy00IDQtMTEgNC0xNiAwbC02LTdjNCA1IDExIDUgMTUgMGw4LTdjNC01IDQtMTIgMC0xNnoiLz48cGF0aCBmaWxsPSIjYTMwIiBkPSJNMjkxIDI2NGw4IDhjNCA0IDQgMTEgMCAxNmwtOCA3Yy00IDUtMTEgNS0xNSAwbC05LThjNSA1IDEyIDUgMTYgMGw4LThjNC00IDQtMTEgMC0xNXoiLz48cGF0aCBmaWxsPSIjZTYyIiBkPSJNMjYwIDIzM2wtNC00Yy02LTYtMTctNi0yMyAwLTcgNy03IDE3IDAgMjRsNCA0Yy00LTUtNC0xMSAwLTE2bDgtOGM0LTQgMTEtNCAxNSAweiIvPjxwYXRoIGZpbGw9IiNiNDAiIGQ9Ik0yODQgMzA0Yy00IDAtOC0xLTExLTRsLTQ3LTQ3Yy02LTYtNi0xNiAwLTIybDgtOGM2LTYgMTYtNiAyMiAwbDQ3IDQ2YzYgNyA2IDE3IDAgMjNsLTggOGMtMyAzLTcgNC0xMSA0em0tMzktNzZjLTEgMC0zIDAtNCAybC04IDdjLTIgMy0yIDcgMCA5bDQ3IDQ3YTYgNiAwIDAwOSAwbDctOGMzLTIgMy02IDAtOWwtNDYtNDZjLTItMi0zLTItNS0yeiIvPjxwYXRoIGZpbGw9IiMxY2MiIGQ9Ik0xNTIgMTEzbDE4LTE4IDE4IDE4LTE4IDE4em0xLTM1bDE4LTE4IDE4IDE4LTE4IDE4em0tOTAgODlsMTgtMTggMTggMTgtMTggMTh6bTM1LTM2bDE4LTE4IDE4IDE4LTE4IDE4eiIvPjxwYXRoIGZpbGw9IiMxZGQiIGQ9Ik0xMzQgMTMxbDE4LTE4IDE4IDE4LTE4IDE4em0tMzUgMzZsMTgtMTggMTggMTgtMTggMTh6Ii8+PHBhdGggZmlsbD0iIzJiYiIgZD0iTTExNiAxNDlsMTgtMTggMTggMTgtMTggMTh6bTU0LTU0bDE4LTE4IDE4IDE4LTE4IDE4em0tODkgOTBsMTgtMTggMTggMTgtMTggMTh6bTEzOS04NWwyMyAyM2M0IDQgNCAxMSAwIDE2TDE0MiAyNDBjLTQgNC0xMSA0LTE1IDBsLTI0LTI0Yy00LTQtNC0xMSAwLTE1bDEwMS0xMDFjNS01IDEyLTUgMTYgMHoiLz48cGF0aCBmaWxsPSIjM2VlIiBkPSJNMTM0IDk1bDE4LTE4IDE4IDE4LTE4IDE4em0tNTQgMThsMTgtMTcgMTggMTctMTggMTh6bTU1LTUzbDE4LTE4IDE4IDE4LTE4IDE4em05MyA0OGwtOC04Yy00LTUtMTEtNS0xNiAwTDEwMyAyMDFjLTQgNC00IDExIDAgMTVsOCA4Yy00LTQtNC0xMSAwLTE1bDEwMS0xMDFjNS00IDEyLTQgMTYgMHoiLz48cGF0aCBmaWxsPSIjOWVlIiBkPSJNMjcgMTMxbDE4LTE4IDE4IDE4LTE4IDE4em01NC01M2wxOC0xOCAxOCAxOC0xOCAxOHoiLz48cGF0aCBmaWxsPSIjMGFhIiBkPSJNMjMwIDExMGwxMyAxM2M0IDQgNCAxMSAwIDE2TDE0MiAyNDBjLTQgNC0xMSA0LTE1IDBsLTEzLTEzYzQgNCAxMSA0IDE1IDBsMTAxLTEwMWM1LTUgNS0xMSAwLTE2eiIvPjxwYXRoIGZpbGw9IiMxYWIiIGQ9Ik0xMzQgMjQ4Yy00IDAtOC0yLTExLTVsLTIzLTIzYTE2IDE2IDAgMDEwLTIzTDIwMSA5NmExNiAxNiAwIDAxMjIgMGwyNCAyNGM2IDYgNiAxNiAwIDIyTDE0NiAyNDNjLTMgMy03IDUtMTIgNXptNzgtMTQ3bC00IDItMTAxIDEwMWE2IDYgMCAwMDAgOWwyMyAyM2E2IDYgMCAwMDkgMGwxMDEtMTAxYTYgNiAwIDAwMC05bC0yNC0yMy00LTJ6Ii8+PC9zdmc+)](https://github.com/renovatebot/renovate)

-### Bootstrap Flux
+## Bootstrap Flux

 ```bash
 flux bootstrap github \
@@ -25,14 +27,29 @@ flux bootstrap github \
  --network-policy=false
 ```

-### SOPS secret from GPG key
+## SOPS secret from GPG key

 ```bash
-gpg --export-secret-keys --armor <GPG_KEY_ID> | kubectl create secret generic sops-gpg --namespace=flux-system --from-file=sops.asc=/dev/stdin
+gpg \
+  --export-secret-keys \
+  --armor <GPG_KEY_ID> | \
+  kubectl create secret generic sops-gpg \
+  --namespace=flux-system \
+  --from-file=sops.asc=/dev/stdin
 ```

-### Encrypt kubernetes resources with sops binary
+## Encrypt kubernetes resources with sops binary

 ```bash
-sops --encrypt --pgp=<GPG_KEY_ID> --encrypted-regex '^(data|stringData)$' --in-place <FILE_PATH>
+sops \
+  --encrypt \
+  --pgp=<GPG_KEY_ID> \
+  --encrypted-regex '^(data|stringData)$' \
+  --in-place <FILE_PATH>
+```
+
+## Install pre-commit hooks
+
+```bash
+pre-commit install
 ```
--- a/commitlint.config.js
+++ b/commitlint.config.js
@@ -1 +0,0 @@
-module.exports = {extends: ['@commitlint/config-conventional']}
				`@@ -1 +0,0 @@`
				`module.exports = {extends: ['@commitlint/config-conventional']}`