feat(container): update kube-prometheus-stack ( 67.5.0 → 67.7.0 ) #83
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
| name: "Pre-pull Images" | |
| on: | |
| pull_request: | |
| branches: ["main"] | |
| paths: | |
| - kubernetes/**/apps/** | |
| - kubernetes/**/flux/** | |
| - kubernetes/shared/** | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| changed-clusters: | |
| name: Changed Clusters | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.changed-clusters.outputs.all_changed_and_modified_files }} | |
| steps: | |
| - name: Configure 1password | |
| uses: 1password/load-secrets-action/configure@v2 | |
| with: | |
| service-account-token: ${{ secrets.ONEPASS_SA_TOKEN }} | |
| - name: Get Secrets | |
| uses: 1password/load-secrets-action@v2 | |
| with: | |
| export-env: true | |
| env: | |
| BOT_APP_ID: op://Kubernetes/github-bot/BOT_APP_ID | |
| BOT_APP_PRIVATE_KEY: op://Kubernetes/github-bot/BOT_APP_PRIVATE_KEY | |
| - name: Generate Token | |
| uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ env.BOT_APP_ID }} | |
| private-key: ${{ env.BOT_APP_PRIVATE_KEY }} | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ steps.app-token.outputs.token }} | |
| fetch-depth: 0 | |
| - name: Get Changed Clusters | |
| id: changed-clusters | |
| uses: tj-actions/changed-files@v45 | |
| with: | |
| files: kubernetes/** | |
| files_ignore: kubernetes/shared/** | |
| dir_names: true | |
| dir_names_max_depth: 2 | |
| matrix: true | |
| - name: List All Changed Clusters | |
| run: echo ${{ steps.changed-clusters.outputs.all_changed_and_modified_files }} | |
| extract-images: | |
| name: Extract Images | |
| runs-on: ubuntu-latest | |
| needs: ["changed-clusters"] | |
| permissions: | |
| pull-requests: write | |
| strategy: | |
| matrix: | |
| paths: ${{ fromJSON(needs.changed-clusters.outputs.matrix) }} | |
| max-parallel: 4 | |
| fail-fast: false | |
| outputs: | |
| images: ${{ steps.extract-images.outputs.images }} | |
| paths: ${{ needs.changed-clusters.outputs.matrix }} | |
| steps: | |
| - name: Configure 1password | |
| uses: 1password/load-secrets-action/configure@v2 | |
| with: | |
| service-account-token: ${{ secrets.ONEPASS_SA_TOKEN }} | |
| - name: Get Secrets | |
| uses: 1password/load-secrets-action@v2 | |
| with: | |
| export-env: true | |
| env: | |
| BOT_APP_ID: op://Kubernetes/github-bot/BOT_APP_ID | |
| BOT_APP_PRIVATE_KEY: op://Kubernetes/github-bot/BOT_APP_PRIVATE_KEY | |
| - name: Generate Token | |
| uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ env.BOT_APP_ID }} | |
| private-key: ${{ env.BOT_APP_PRIVATE_KEY }} | |
| - name: Setup Homebrew | |
| uses: Homebrew/actions/setup-homebrew@master | |
| - name: Setup Workflow Tools | |
| shell: bash | |
| run: brew install jo yq | |
| - name: Checkout Default Branch | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ steps.app-token.outputs.token }} | |
| ref: ${{ github.event.repository.default_branch }} | |
| path: default | |
| - name: Checkout Pull Request Branch | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ steps.app-token.outputs.token }} | |
| path: pull | |
| - name: Gather Images in Default Branch | |
| uses: docker://ghcr.io/allenporter/flux-local:v7.0.0 | |
| with: | |
| args: >- | |
| get cluster | |
| --path /github/workspace/default/${{ matrix.paths }}/flux | |
| --enable-images | |
| --output yaml | |
| --output-file default.yaml | |
| - name: Gather Images in Pull Request Branch | |
| uses: docker://ghcr.io/allenporter/flux-local:v7.0.0 | |
| with: | |
| args: >- | |
| get cluster | |
| --path /github/workspace/pull/${{ matrix.paths }}/flux | |
| --enable-images | |
| --output yaml | |
| --output-file pull.yaml | |
| - name: Filter Default Branch Results | |
| shell: bash | |
| run: | | |
| yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \ | |
| default.yaml > default.txt | |
| - name: Filter Pull Request Branch Results | |
| shell: bash | |
| run: | | |
| yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \ | |
| pull.yaml > pull.txt | |
| - name: Compare Default and Pull Request Images | |
| id: extract-images | |
| shell: bash | |
| run: | | |
| images=$(jq --compact-output --raw-input --null-input '[inputs]' < <(grep -vf default.txt pull.txt)) | |
| echo "images=${images}" >> $GITHUB_OUTPUT | |
| echo "${images}" | |
| echo "### Images" >> $GITHUB_STEP_SUMMARY | |
| echo "${images}" | jq --raw-output 'to_entries[] | "* \(.value)"' >> $GITHUB_STEP_SUMMARY | |
| pre-pull-images: | |
| if: ${{ needs.extract-images.outputs.images != '[]' }} | |
| name: Pre-pull Images | |
| runs-on: ["gha-runner-scale-set"] | |
| needs: ["extract-images"] | |
| strategy: | |
| matrix: | |
| images: ${{ fromJSON(needs.extract-images.outputs.images) }} | |
| paths: ${{ fromJSON(needs.extract-images.outputs.paths) }} | |
| max-parallel: 4 | |
| fail-fast: false | |
| steps: | |
| - name: Grab Cluster Name | |
| run: | | |
| cluster="${{ matrix.paths }}" | |
| cluster="${cluster/kubernetes\//}" | |
| echo "cluster=${cluster^^}" >> $GITHUB_ENV | |
| - name: Configure 1password | |
| uses: 1password/load-secrets-action/configure@v2 | |
| with: | |
| service-account-token: ${{ secrets.ONEPASS_SA_TOKEN }} | |
| - name: Get Secrets | |
| uses: 1password/load-secrets-action@v2 | |
| with: | |
| export-env: true | |
| env: | |
| TALOSCONFIG_BASE64: op://Kubernetes/kubernetes/TALOSCONFIG_${{ env.cluster }}_BASE64 | |
| - name: Write talosconfig | |
| id: talosconfig | |
| uses: timheuer/base64-to-file@v1 | |
| with: | |
| encodedString: "${{ env.TALOSCONFIG_BASE64 }}" | |
| fileName: talosconfig | |
| - name: Setup Homebrew | |
| uses: Homebrew/actions/setup-homebrew@master | |
| - name: Setup Workflow Tools | |
| shell: bash | |
| run: brew install siderolabs/tap/talosctl | |
| - name: Pre-pull Image | |
| env: | |
| TALOSCONFIG: ${{ steps.talosconfig.outputs.filePath }} | |
| run: | | |
| NODE=$(talosctl config info --output json | jq --raw-output '.nodes[]' | shuf -n 1) | |
| talosctl -n $NODE image pull ${{ matrix.images }} | |
| # Summarize matrix https://github.community/t/status-check-for-a-matrix-jobs/127354/7 | |
| pre-pull-images-success: | |
| if: ${{ always() }} | |
| needs: ["pre-pull-images"] | |
| name: Pre-pull Images Successful | |
| runs-on: ubuntu-latest | |
| steps: | |
| - if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} | |
| name: Check matrix status | |
| run: exit 1 |