diff --git a/.github/workflows/pre-pull-images.yaml b/.github/workflows/pre-pull-images.yaml index d9f3024598..f671840bf8 100644 --- a/.github/workflows/pre-pull-images.yaml +++ b/.github/workflows/pre-pull-images.yaml @@ -11,20 +11,12 @@ concurrency: cancel-in-progress: true jobs: - extract-images: - name: Extract Images + default-images: + name: Default Images runs-on: ubuntu-latest - permissions: - pull-requests: write outputs: - matrix: ${{ steps.extract-images.outputs.images }} + images: ${{ steps.extract-images.outputs.images }} steps: - - name: Setup Homebrew - uses: Homebrew/actions/setup-homebrew@master - - - name: Setup Workflow Tools - run: brew install jo yq - - name: Generate Token uses: actions/create-github-app-token@v1 id: app-token @@ -32,60 +24,101 @@ jobs: app-id: "${{ secrets.BOT_APP_ID }}" private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - - name: Checkout Default Branch + - name: Checkout uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" ref: "${{ github.event.repository.default_branch }}" - path: default - - name: Checkout Pull Request Branch + - name: Setup Workflow Tools + uses: jdx/mise-action@v2 + env: + GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}" + + - name: Gather Images + shell: bash + run: | + flux-local get cluster \ + --path ${{ github.workspace }}/kubernetes/flux \ + --enable-images \ + --output yaml \ + --output-file images.yaml + + - name: Filter Images + shell: bash + run: | + yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \ + images.yaml > images.txt + + - name: Extract Images + id: extract-images + shell: bash + run: | + images=$(jq --compact-output --raw-input --null-input '[inputs]' images.txt) + echo "images=${images}" >> $GITHUB_OUTPUT + + pull-request-images: + name: Pull Request Images + runs-on: ubuntu-latest + outputs: + images: ${{ steps.extract-images.outputs.images }} + steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Checkout uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" - path: pull - - name: Gather Images in Default Branch - uses: docker://ghcr.io/allenporter/flux-local:v6.1.1 - with: - args: >- - get cluster - --path /github/workspace/default/kubernetes/flux - --enable-images - --output yaml - --output-file default.yaml - - - name: Gather Images in Pull Request Branch - uses: docker://ghcr.io/allenporter/flux-local:v6.1.1 - with: - args: >- - get cluster - --path /github/workspace/pull/kubernetes/flux - --enable-images - --output yaml - --output-file pull.yaml - - - name: Filter Default Branch Results + - name: Setup Workflow Tools + uses: jdx/mise-action@v2 + env: + GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}" + + - name: Gather Images shell: bash run: | - yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \ - default.yaml > default.txt + flux-local get cluster \ + --path ${{ github.workspace }}/kubernetes/flux \ + --enable-images \ + --output yaml \ + --output-file images.yaml - - name: Filter Pull Request Branch Results + - name: Filter Images shell: bash run: | yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \ - pull.yaml > pull.txt + images.yaml > images.txt + + - name: Extract Images + id: extract-images + shell: bash + run: | + images=$(jq --compact-output --raw-input --null-input '[inputs]' images.txt) + echo "images=${images}" >> $GITHUB_OUTPUT + extract-images: + name: Extract Images + runs-on: ubuntu-latest + needs: ["default-images", "pull-request-images"] + outputs: + matrix: ${{ steps.extract-images.outputs.images }} + steps: - name: Compare Default and Pull Request Images id: extract-images shell: bash run: | - images=$(jo -a $(grep -vf default.txt pull.txt)) + images=$(jq --compact-output --null-input \ + --argjson f1 '${{ needs.default-images.outputs.images }}' \ + --argjson f2 '${{ needs.pull-request-images.outputs.images }}' \ + '$f2 - $f1' \ + ) echo "images=${images}" >> $GITHUB_OUTPUT - echo "${images}" - echo "### Images" >> $GITHUB_STEP_SUMMARY - echo "${images}" | jq --raw-output 'to_entries[] | "* \(.value)"' >> $GITHUB_STEP_SUMMARY pre-pull-images: if: ${{ needs.extract-images.outputs.matrix != '[]' }} @@ -98,11 +131,17 @@ jobs: max-parallel: 4 fail-fast: false steps: - - name: Setup Homebrew - uses: Homebrew/actions/setup-homebrew@master + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - name: Setup Workflow Tools - run: brew install siderolabs/tap/talosctl + uses: jdx/mise-action@v2 + env: + GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}" - name: Pre-pull Image run: talosctl -n $NODE_IP image pull ${{ matrix.images }} diff --git a/.mise.toml b/.mise.toml new file mode 100644 index 0000000000..85554b7ce6 --- /dev/null +++ b/.mise.toml @@ -0,0 +1,8 @@ +[tools] +python = "3.13.1" +"aqua:astral-sh/uv" = "0.5.13" +"aqua:fluxcd/flux2" = "2.4.0" +"aqua:helm/helm" = "3.16.4" +"aqua:kubernetes-sigs/kustomize" = "5.5.0" +"pipx:flux-local" = "6.1.1" +"aqua:mikefarah/yq" = "4.44.6"