diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index e3623885b4..1d76fe98d3 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -4,39 +4,73 @@ name: Flux Diff on: pull_request: branches: ["master"] - paths: ["kubernetes/**.yaml"] + paths: ["kubernetes/**"] concurrency: group: ${{ github.workflow }}-${{ github.event.number || github.ref }} cancel-in-progress: true jobs: + changed-files: + name: Changed Files + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.changed-files.outputs.all_changed_and_modified_files }} + steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Checkout + uses: actions/checkout@v4 + with: + token: "${{ steps.app-token.outputs.token }}" + + - name: Get Changed Files + id: changed-files + uses: tj-actions/changed-files@v41 + with: + files: kubernetes/** + dir_names: true + dir_names_max_depth: 1 + json: true + escape_json: false + + - name: List All Changed Files + run: echo "${{ steps.changed-files.outputs.all_changed_and_modified_files }}" + flux-diff: name: Flux Diff runs-on: ubuntu-latest + needs: ["changed-files"] permissions: pull-requests: write strategy: matrix: - path: ["kubernetes"] + paths: ${{ fromJSON(needs.changed-files.outputs.matrix) }} resources: ["helmrelease", "kustomization"] + max-parallel: 4 + fail-fast: false steps: - name: Generate Token - uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2 + uses: actions/create-github-app-token@v1 id: app-token with: app-id: "${{ secrets.BOT_APP_ID }}" private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - - name: Checkout Live Branch - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - name: Checkout Default Branch + uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" - ref: master + ref: "${{ github.event.repository.default_branch }}" path: default - - name: Checkout PR branch - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - name: Checkout Pull Request Branch + uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" path: pull @@ -48,8 +82,8 @@ jobs: --log-level DEBUG diff ${{ matrix.resources }} --unified 6 - --path-orig /github/workspace/default/${{ matrix.path }} - --path /github/workspace/pull/${{ matrix.path }} + --path-orig /github/workspace/default/${{ matrix.paths }} + --path /github/workspace/pull/${{ matrix.paths }} --strip-attrs "helm.sh/chart,checksum/config,app.kubernetes.io/version,chart" --limit-bytes 10000 --all-namespaces @@ -66,12 +100,23 @@ jobs: - if: ${{ steps.diff.outputs.diff != '' }} name: Add comment - uses: mshick/add-pr-comment@7c0890544fb33b0bdd2e59467fbacb62e028a096 # v2.8.1 + uses: mshick/add-pr-comment@v2.8.1 with: repo-token: "${{ steps.app-token.outputs.token }}" - message-id: "${{ github.event.pull_request.number }}/${{ matrix.path }}/${{ matrix.resources }}" + message-id: "${{ github.event.pull_request.number }}/${{ matrix.paths }}/${{ matrix.resources }}" message-failure: Diff was not successful message: | ```diff ${{ steps.diff.outputs.diff }} ``` + + # Summarize matrix https://github.community/t/status-check-for-a-matrix-jobs/127354/7 + flux-diff-success: + if: ${{ always() }} + needs: ["flux-diff"] + name: Flux Diff Successful + runs-on: ubuntu-latest + steps: + - if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} + name: Check matrix status + run: exit 1 diff --git a/.github/workflows/flux-hr-image-test.yaml b/.github/workflows/flux-hr-image-test.yaml deleted file mode 100644 index f2d8861697..0000000000 --- a/.github/workflows/flux-hr-image-test.yaml +++ /dev/null @@ -1,120 +0,0 @@ ---- -name: Flux HelmRelease Image Test - -on: - pull_request: - branches: ["master"] - paths: ["kubernetes/**/helmrelease.yaml"] - -concurrency: - group: ${{ github.workflow }}-${{ github.event.number || github.ref }} - cancel-in-progress: true - -env: - KUBERNETES_DIR: ./kubernetes - -jobs: - changed-files: - name: Get Changed Files - runs-on: ubuntu-latest - outputs: - matrix: ${{ steps.changed-files.outputs.all_changed_and_modified_files }} - steps: - - name: Generate Token - uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2 - id: app-token - with: - app-id: "${{ secrets.BOT_APP_ID }}" - private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - token: "${{ steps.app-token.outputs.token }}" - - - name: Get changed files - id: changed-files - uses: tj-actions/changed-files@716b1e13042866565e00e85fd4ec490e186c4a2f # v41.0.1 - with: - escape_json: false - files: kubernetes/**/helmrelease.yaml - json: true - - - name: List all changed files - run: echo "${{ steps.changed-files.outputs.all_changed_and_modified_files }}" - - extract-images: - name: Extract images from HelmRelease - runs-on: ubuntu-latest - needs: ["changed-files"] - strategy: - matrix: - files: ${{ fromJSON(needs.changed-files.outputs.matrix) }} - max-parallel: 4 - fail-fast: false - outputs: - matrix: ${{ steps.extract-images.outputs.images }} - steps: - - name: Generate Token - uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2 - id: app-token - with: - app-id: "${{ secrets.BOT_APP_ID }}" - private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - token: "${{ steps.app-token.outputs.token }}" - - - name: Setup System Tools - shell: bash - run: sudo apt-get -qq update && sudo apt-get -qq install --no-install-recommends -y curl git - - - name: Setup Workflow Tools - uses: jdx/rtx-action@61c1bfbed63c70a82ff0ce3301bde41875b17844 # v1 - with: - install: true - cache: true - rtx_toml: | - [tools] - helm = "latest" - kustomize = "latest" - - - name: Extract Images from HelmRelease - id: extract-images - run: | - images=$( - npx zx .github/scripts/extract-images.mjs \ - --kubernetes-dir "${{ env.KUBERNETES_DIR }}" \ - --helmrelease "${{ matrix.files }}" - ) - echo "images=${images}" >> $GITHUB_OUTPUT - echo "${images}" - - test-images: - name: Test images from HelmRelease - runs-on: ubuntu-latest - needs: ["extract-images"] - strategy: - matrix: - images: ${{ fromJSON(needs.extract-images.outputs.matrix) }} - max-parallel: 4 - fail-fast: false - steps: - - name: Generate Token - uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2 - id: app-token - with: - app-id: "${{ secrets.BOT_APP_ID }}" - private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - - - name: Login to GitHub Container Registry - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - registry: ghcr.io - username: "${{ secrets.BOT_APP_ID }}" - password: "${{ steps.app-token.outputs.token }}" - - - name: Test Images from HelmRelease - run: docker pull ${{ matrix.images }} diff --git a/.github/workflows/flux-image-test.yaml b/.github/workflows/flux-image-test.yaml new file mode 100644 index 0000000000..b7563b0d1b --- /dev/null +++ b/.github/workflows/flux-image-test.yaml @@ -0,0 +1,156 @@ +--- +name: Flux Image Test + +on: + pull_request: + branches: ["master"] + paths: ["kubernetes/**"] + +concurrency: + group: ${{ github.workflow }}-${{ github.event.number || github.ref }} + cancel-in-progress: true + +jobs: + changed-files: + name: Changed Files + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.changed-files.outputs.all_changed_and_modified_files }} + steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Checkout + uses: actions/checkout@v4 + with: + token: "${{ steps.app-token.outputs.token }}" + + - name: Get Changed Files + id: changed-files + uses: tj-actions/changed-files@v41 + with: + files: kubernetes/** + dir_names: true + dir_names_max_depth: 1 + json: true + escape_json: false + + - name: List All Changed Files + run: echo "${{ steps.changed-files.outputs.all_changed_and_modified_files }}" + + extract-images: + name: Extract Images + runs-on: ubuntu-latest + needs: ["changed-files"] + permissions: + pull-requests: write + strategy: + matrix: + paths: ${{ fromJSON(needs.changed-files.outputs.matrix) }} + max-parallel: 4 + fail-fast: false + outputs: + matrix: ${{ steps.extract-images.outputs.images }} + steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Setup System Tools + shell: bash + run: sudo apt-get -qq update && sudo apt-get -qq install --no-install-recommends -y curl git + + - name: Setup Workflow Tools + uses: jdx/rtx-action@v1 + with: + install: true + cache: true + rtx_toml: | + [tools] + flux2 = "latest" + yq = "latest" + + - name: Checkout Default Branch + uses: actions/checkout@v4 + with: + token: "${{ steps.app-token.outputs.token }}" + ref: "${{ github.event.repository.default_branch }}" + path: default + + - name: Checkout Pull Request Branch + uses: actions/checkout@v4 + with: + token: "${{ steps.app-token.outputs.token }}" + path: pull + + - name: Gather Images in Default Branch + uses: docker://ghcr.io/allenporter/flux-local:pr-472 + with: + args: >- + get cluster + --path /github/workspace/default/${{ matrix.paths }} + --enable-images + --output yaml + --output-file default.yaml + + - name: Gather Images in Pull Request Branch + uses: docker://ghcr.io/allenporter/flux-local:pr-472 + with: + args: >- + get cluster + --path /github/workspace/pull/${{ matrix.paths }} + --enable-images + --output yaml + --output-file pull.yaml + + - name: Filter Default Branch Results + shell: bash + run: | + yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \ + default.yaml > default.txt + + - name: Filter Pull Request Branch Results + shell: bash + run: | + yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \ + pull.yaml > pull.txt + + - name: Compare Default and Pull Request Images + id: extract-images + shell: bash + run: | + images=$(jo -a $(grep -vf default.txt pull.txt)) + echo "images=${images}" >> $GITHUB_OUTPUT + echo "${images}" + + test-images: + if: ${{ needs.extract-images.outputs.matrix != '[]' }} + name: Test images + runs-on: ubuntu-latest + needs: ["extract-images"] + strategy: + matrix: + images: ${{ fromJSON(needs.extract-images.outputs.matrix) }} + max-parallel: 4 + fail-fast: false + steps: + - name: Test Images + run: docker pull ${{ matrix.images }} + + # Summarize matrix https://github.community/t/status-check-for-a-matrix-jobs/127354/7 + test-images-success: + if: ${{ always() }} + needs: ["test-images"] + name: Test Images Successful + runs-on: ubuntu-latest + steps: + - if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} + name: Check matrix status + run: exit 1