diff --git a/.github/workflows/flux-hr-sync.yaml b/.github/workflows/helm-repository-sync.yaml similarity index 93% rename from .github/workflows/flux-hr-sync.yaml rename to .github/workflows/helm-repository-sync.yaml index 5618b57820..fe6452e168 100644 --- a/.github/workflows/flux-hr-sync.yaml +++ b/.github/workflows/helm-repository-sync.yaml @@ -1,6 +1,6 @@ --- # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json -name: "Flux Helm Repository Sync" +name: "Helm Repository Sync" on: workflow_dispatch: @@ -22,7 +22,7 @@ on: jobs: sync: - name: Flux Helm Repository Sync + name: Helm Repository Sync runs-on: ["gha-runner-scale-set"] steps: - name: Configure 1password @@ -52,12 +52,13 @@ jobs: token: ${{ steps.app-token.outputs.token }} fetch-depth: 0 - - name: Setup Homebrew - uses: Homebrew/actions/setup-homebrew@master - - - name: Setup Workflow Tools - shell: bash - run: brew install fluxcd/tap/flux yq + - name: Setup mise + uses: jdx/mise-action@v2 + with: + mise_toml: | + [tools] + "aqua:fluxcd/flux2" = "latest" + "aqua:mikefarah/yq" = "latest" - name: Write kubeconfig id: kubeconfig diff --git a/.github/workflows/nas-restart.yaml b/.github/workflows/nas-restart.yaml index 77508a491c..7c2fc8c8f4 100644 --- a/.github/workflows/nas-restart.yaml +++ b/.github/workflows/nas-restart.yaml @@ -15,12 +15,15 @@ matrix: cluster: ["main", "utility"] steps: + - name: Configure 1password + uses: 1password/load-secrets-action/configure@v2 + with: + service-account-token: ${{ secrets.ONEPASS_SA_TOKEN }} - name: Get Secrets uses: 1password/load-secrets-action@v2 with: export-env: true env: - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.ONEPASS_SA_TOKEN }} BOT_APP_ID: op://Kubernetes/github-bot/BOT_APP_ID BOT_APP_PRIVATE_KEY: op://Kubernetes/github-bot/BOT_APP_PRIVATE_KEY KUBECONFIG: op://Kubernetes/kubernetes/KUBECONFIG_BASE64 diff --git a/.github/workflows/flux-image-test.yaml b/.github/workflows/pre-pull-images.yaml similarity index 63% rename from .github/workflows/flux-image-test.yaml rename to .github/workflows/pre-pull-images.yaml index c330be9ff6..aff7f48511 100644 --- a/.github/workflows/flux-image-test.yaml +++ b/.github/workflows/pre-pull-images.yaml @@ -1,6 +1,6 @@ --- # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json -name: "Flux Image Test" +name: "Pre-pull Images" on: pull_request: @@ -91,12 +91,12 @@ jobs: app-id: ${{ env.BOT_APP_ID }} private-key: ${{ env.BOT_APP_PRIVATE_KEY }} - - name: Setup Homebrew - uses: Homebrew/actions/setup-homebrew@master - - - name: Setup Workflow Tools - shell: bash - run: brew install jo yq + - name: Setup mise + uses: jdx/mise-action@v2 + with: + mise_toml: | + [tools] + "aqua:mikefarah/yq" = "latest" - name: Checkout Default Branch uses: actions/checkout@v4 @@ -147,31 +147,98 @@ jobs: id: extract-images shell: bash run: | - images=$(jo -a $(grep -vf default.txt pull.txt)) + images=$(jq --compact-output --raw-input --null-input '[inputs]' < <(grep -vf default.txt pull.txt)) echo "images=${images}" >> $GITHUB_OUTPUT echo "${images}" echo "### Images" >> $GITHUB_STEP_SUMMARY - echo "${images}" | jq -r 'to_entries[] | "* \(.value)"' >> $GITHUB_STEP_SUMMARY + echo "${images}" | jq --raw-output 'to_entries[] | "* \(.value)"' >> $GITHUB_STEP_SUMMARY - test-images: - if: ${{ needs.extract-images.outputs.matrix != '[]' }} - name: Test images + generate-matrix: + name: Generate Matrix runs-on: ubuntu-latest - needs: ["extract-images"] + needs: ["changed-clusters", "extract-images"] + outputs: + matrix: ${{ steps.generate-matrix.outputs.matrix }} + steps: + - name: Setup mise + uses: jdx/mise-action@v2 + with: + mise_toml: | + [tools] + "aqua:mikefarah/yq" = "latest" + + - name: Generate Combined Matrix + id: generate-matrix + run: | + images=${{ needs.extract-images.outputs.matrix }} + clusters=${{ needs.changed-clusters.outputs.matrix }} + + # Map clusters to their corresponding talosconfig files + configs=$(jq -n ' + { + "kubernetes/main": "op://Kubernetes/kubernetes/TALOSCONFIG_MAIN", + "kubernetes/utility": "op://Kubernetes/kubernetes/TALOSCONFIG_UTILITY" + } + ') + + # Combine images with cluster and talosconfig mappings + combined=$(jq -n ' + inputs as $images | + inputs as $clusters | + inputs as $configs | + [ + $images[] as $image | + $clusters[] as $cluster | + { + image: $image, + cluster: $cluster, + talosconfig: $configs[$cluster] + } + ] + ' <<<"$images" <<<"$clusters" <<<"$configs") + + echo "matrix=$combined" >> $GITHUB_OUTPUT + + - name: Debug Combined Matrix + run: echo "${{ steps.generate-matrix.outputs.matrix }}" + + pre-pull-images: + if: ${{ needs.extract-images.outputs.matrix != '[]' }} + name: Pre-pull Images + runs-on: ["gha-runner-scale-set"] + needs: ["generate-matrix"] strategy: - matrix: - images: ${{ fromJSON(needs.extract-images.outputs.matrix) }} + matrix: ${{ fromJSON(needs.generate-matrix.outputs.matrix) }} max-parallel: 4 fail-fast: false steps: - - name: Inspect Image - run: docker manifest inspect ${{ matrix.images }} + - name: Configure 1password + uses: 1password/load-secrets-action/configure@v2 + with: + service-account-token: ${{ secrets.ONEPASS_SA_TOKEN }} + + - name: Get Secrets + uses: 1password/load-secrets-action@v2 + with: + export-env: true + env: + TALOSCONFIG: ${{ matrix.talosconfig }} + + - name: Setup mise + uses: jdx/mise-action@v2 + with: + mise_toml: | + [tools] + "aqua:siderolabs/talos" = "latest" + + - name: Pre-pull Image + run: talosctl -n $NODE_IP image pull ${{ matrix.images }} # Summarize matrix https://github.community/t/status-check-for-a-matrix-jobs/127354/7 - test-images-success: + pre-pull-images-success: if: ${{ always() }} - needs: ["test-images"] - name: Test Images Successful + needs: ["pre-pull-images"] + name: Pre-pull Images Successful runs-on: ubuntu-latest steps: - if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} diff --git a/.github/workflows/schemas.yaml b/.github/workflows/schemas.yaml index e3694e1091..46459cbe41 100644 --- a/.github/workflows/schemas.yaml +++ b/.github/workflows/schemas.yaml @@ -8,7 +8,7 @@ on: - cron: "0 0 * * *" # Every day at midnight push: branches: ["main"] - paths: [".github/workflows/publish-schemas.yaml"] + paths: [".github/workflows/schemas.yaml"] jobs: publish: @@ -31,7 +31,7 @@ jobs: BOT_APP_ID: op://Kubernetes/github-bot/BOT_APP_ID BOT_APP_PRIVATE_KEY: op://Kubernetes/github-bot/BOT_APP_PRIVATE_KEY KUBECONFIG: op://Kubernetes/kubernetes/KUBECONFIG_BASE4 - CLOUDFLARE_API_KEY: op://Kubernetes/cloudflare/CLOUDFLARE_API_KEY_GHA + CLOUDFLARE_API_TOKEN: op://Kubernetes/cloudflare/CLOUDFLARE_API_TOKEN_GHA CLOUDFLARE_ACCOUNT_ID: op://Kubernetes/cloudflare/CLOUDFLARE_ACCOUNT_TAG - name: Generate Token @@ -46,12 +46,12 @@ jobs: with: token: ${{ steps.app-token.outputs.token }} - - name: Setup Homebrew - uses: Homebrew/actions/setup-homebrew@master - - - name: Setup Workflow Tools - shell: bash - run: brew install kubernetes-cli + - name: Setup mise + uses: jdx/mise-action@v2 + with: + mise_toml: | + [tools] + "aqua:kubernetes/kubectl" = "latest" - name: Setup Python uses: actions/setup-python@v5 @@ -83,7 +83,7 @@ jobs: - name: Deploy to Cloudflare Pages uses: cloudflare/wrangler-action@v3 with: - apiToken: ${{ env.CLOUDFLARE_API_KEY }} + apiToken: ${{ env.CLOUDFLARE_API_TOKEN }} accountId: ${{ env.CLOUDFLARE_ACCOUNT_ID }} workingDirectory: /home/runner/.datree/crdSchemas command: pages deploy --project-name=kube-schemas --branch main . diff --git a/.github/workflows/flux-ks-sync.yaml b/.github/workflows/utility-ks-sync.yaml similarity index 88% rename from .github/workflows/flux-ks-sync.yaml rename to .github/workflows/utility-ks-sync.yaml index c848d4d255..65983a4a48 100644 --- a/.github/workflows/flux-ks-sync.yaml +++ b/.github/workflows/utility-ks-sync.yaml @@ -40,13 +40,15 @@ jobs: uses: actions/checkout@v4 with: token: ${{ steps.app-token.outputs.token }} + fetch-depth: 0 - - name: Setup Homebrew - uses: Homebrew/actions/setup-homebrew@master - - - name: Setup Workflow Tools - shell: bash - run: brew install fluxcd/tap/flux + - name: Setup mise + uses: jdx/mise-action@v2 + with: + mise_toml: | + [tools] + "aqua:fluxcd/flux2" = "latest" + "aqua:mikefarah/yq" = "latest" - name: Write kubeconfig id: kubeconfig diff --git a/kubernetes/main/apps/actions-runner-system/gha-runner-scale-set/app/helmrelease.yaml b/kubernetes/main/apps/actions-runner-system/gha-runner-scale-set/app/helmrelease.yaml index 208a29f1c2..972f260a39 100644 --- a/kubernetes/main/apps/actions-runner-system/gha-runner-scale-set/app/helmrelease.yaml +++ b/kubernetes/main/apps/actions-runner-system/gha-runner-scale-set/app/helmrelease.yaml @@ -42,7 +42,7 @@ spec: spec: containers: - name: runner - image: ghcr.io/joryirving/actions-runner:2.321.0@sha256:81f64a94e65c70c676d29e1779d1cc4069665abb970803c76beb08ca234638b6 + image: ghcr.io/joryirving/actions-runner:2.321.0@sha256:4a11ad0cda33fba7e3fc76effdfdb1ae74b054cd0376e1fbe0b9c9f4e1440da6 command: ["/home/runner/run.sh"] controllerServiceAccount: name: gha-runner-scale-set-controller diff --git a/kubernetes/main/apps/self-hosted/atuin/app/helmrelease.yaml b/kubernetes/main/apps/self-hosted/atuin/app/helmrelease.yaml index 9a96fb093e..4cd5b9a135 100644 --- a/kubernetes/main/apps/self-hosted/atuin/app/helmrelease.yaml +++ b/kubernetes/main/apps/self-hosted/atuin/app/helmrelease.yaml @@ -33,7 +33,7 @@ spec: app: image: repository: ghcr.io/atuinsh/atuin - tag: 18.3.0@sha256:678def8e9d59652a502759ca431f9c5b54ebdd5e9361507c7fcf24705c9862e0 + tag: 18.4.0@sha256:8c6fa0aea944bf2a39665c9c69df1c2c0f9c05207bda5b942d450142285e3ee1 env: ATUIN_HOST: 0.0.0.0 ATUIN_PORT: &port 80