Merge branch 'main' into flux-opertor

onedr0p · Jan 7, 2025 · 6e87c74 · 6e87c74
2 parents 2337aec + 78efd66
commit 6e87c74
Show file tree

Hide file tree

Showing 59 changed files with 380 additions and 315 deletions.
diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml
@@ -47,7 +47,7 @@ jobs:
           path: default
 
       - name: Diff Resources
-        uses: docker://ghcr.io/allenporter/flux-local:v6.1.1
+        uses: docker://ghcr.io/allenporter/flux-local:v7.0.0@sha256:abf237e31d20de26f8a4b08e588cc927cb0a9f0ecf90d04bada00f393b919354
         with:
           args: >-
             diff ${{ matrix.resources }}
@@ -65,15 +65,15 @@ jobs:
         run: |
           cat diff.patch;
           {
-            echo 'diff<<EOF'
-            cat diff.patch
-            echo EOF
+              echo 'diff<<EOF'
+              cat diff.patch
+              echo EOF
           } >> "$GITHUB_OUTPUT";
           {
-            echo "### Diff"
-            echo '```diff'
-            cat diff.patch
-            echo '```'
+              echo "### Diff"
+              echo '```diff'
+              cat diff.patch
+              echo '```'
           } >> "$GITHUB_STEP_SUMMARY"
 
       - if: ${{ steps.diff.outputs.diff != '' }}

diff --git a/.github/workflows/helm-repository-sync.yaml b/.github/workflows/helm-repository-sync.yaml
@@ -16,6 +16,9 @@ on:
     branches: ["main"]
     paths: ["kubernetes/**/helmrelease.yaml"]
 
+env:
+  HOMEBREW_NO_ANALYTICS: "1"
+
 jobs:
   sync:
     name: Helm Repository Sync
@@ -32,14 +35,12 @@ jobs:
         uses: actions/checkout@v4
         with:
           token: "${{ steps.app-token.outputs.token }}"
-          fetch-depth: 0
 
       - name: Setup Homebrew
         uses: Homebrew/actions/setup-homebrew@master
 
       - name: Setup Workflow Tools
-        shell: bash
-        run: brew install fluxcd/tap/flux yq
+        run: brew install fluxcd/tap/flux
 
       - if: ${{ github.event.inputs.helmRepoNamespace == '' && github.event.inputs.helmRepoName == '' }}
         name: Get Changed Files
@@ -51,7 +52,6 @@ jobs:
 
       - if: ${{ github.event.inputs.helmRepoNamespace == '' && github.event.inputs.helmRepoName == '' }}
         name: Sync Helm Repository
-        shell: bash
         run: |
           declare -a repos=()
           for f in ${{ steps.changed-files.outputs.all_changed_and_modified_files }}; do
@@ -68,7 +68,6 @@ jobs:
 
       - if: ${{ github.event.inputs.helmRepoNamespace != '' && github.event.inputs.helmRepoName != '' }}
         name: Sync Helm Repository
-        shell: bash
         run: |
           flux --namespace ${{ github.event.inputs.helmRepoNamespace }} \
               reconcile source helm ${{ github.event.inputs.helmRepoName }} || true
diff --git a/.github/workflows/pre-pull-images.yaml b/.github/workflows/pre-pull-images.yaml
@@ -14,14 +14,20 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
   cancel-in-progress: true
 
+env:
+  HOMEBREW_NO_ANALYTICS: "1"
+
 jobs:
   extract-images:
     name: Extract Images
     runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
+    strategy:
+      matrix:
+        branches: ["default", "pull"]
+      fail-fast: false
     outputs:
-      matrix: ${{ steps.extract-images.outputs.images }}
+      default: ${{ steps.extract-images.outputs.default }}
+      pull: ${{ steps.extract-images.outputs.pull }}
     steps:
       - name: Generate Token
         uses: actions/create-github-app-token@v1
@@ -30,84 +36,62 @@ jobs:
           app-id: "${{ secrets.BOT_APP_ID }}"
           private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
 
-      - name: Setup Homebrew
-        uses: Homebrew/actions/setup-homebrew@master
-
-      - name: Setup Workflow Tools
-        shell: bash
-        run: brew install jo yq
-
-      - name: Checkout Default Branch
+      - name: Checkout
         uses: actions/checkout@v4
         with:
           token: "${{ steps.app-token.outputs.token }}"
-          ref: "${{ github.event.repository.default_branch }}"
-          path: default
-
-      - name: Checkout Pull Request Branch
-        uses: actions/checkout@v4
-        with:
-          token: "${{ steps.app-token.outputs.token }}"
-          path: pull
-
-      - name: Gather Images in Default Branch
-        uses: docker://ghcr.io/allenporter/flux-local:v6.1.1
-        with:
-          args: >-
-            get cluster
-            --path /github/workspace/default/kubernetes/main/flux
-            --enable-images
-            --output yaml
-            --output-file default.yaml
+          ref: "${{ matrix.branches == 'default' && github.event.repository.default_branch || '' }}"
 
-      - name: Gather Images in Pull Request Branch
-        uses: docker://ghcr.io/allenporter/flux-local:v6.1.1
+      - name: Gather Images
+        uses: docker://ghcr.io/allenporter/flux-local:v7.0.0
         with:
           args: >-
             get cluster
-            --path /github/workspace/pull/kubernetes/main/flux
+            --path /github/workspace/kubernetes/main/flux
             --enable-images
             --output yaml
-            --output-file pull.yaml
-
-      - name: Filter Default Branch Results
-        shell: bash
-        run: |
-          yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \
-              default.yaml > default.txt
+            --output-file images.yaml
 
-      - name: Filter Pull Request Branch Results
-        shell: bash
+      - name: Extract Images
+        id: extract-images
         run: |
-          yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \
-              pull.yaml > pull.txt
+          images=$(yq --indent=0 --output-format=json \
+              '[.. | .images? | select(. != null)] | flatten | sort | unique' images.yaml \
+          )
+          echo "${{ matrix.branches }}=${images}" >> $GITHUB_OUTPUT
 
-      - name: Compare Default and Pull Request Images
-        id: extract-images
-        shell: bash
+  compare-images:
+    name: Compare Images
+    runs-on: ubuntu-latest
+    needs: ["extract-images"]
+    outputs:
+      images: ${{ steps.compare-images.outputs.images }}
+    steps:
+      - name: Compare Images
+        id: compare-images
         run: |
-          images=$(jo -a $(grep -vf default.txt pull.txt))
+          images=$(jq --compact-output --null-input \
+              --argjson f1 '${{ needs.extract-images.outputs.default }}' \
+              --argjson f2 '${{ needs.extract-images.outputs.pull }}' \
+              '$f2 - $f1' \
+          )
           echo "images=${images}" >> $GITHUB_OUTPUT
-          echo "${images}"
-          echo "### Images" >> $GITHUB_STEP_SUMMARY
-          echo "${images}" | jq --raw-output 'to_entries[] | "* \(.value)"' >> $GITHUB_STEP_SUMMARY
 
   pre-pull-images:
-    if: ${{ needs.extract-images.outputs.matrix != '[]' }}
+    if: ${{ needs.compare-images.outputs.images != '[]' }}
     name: Pre-pull Images
     runs-on: ["gha-runner-scale-set"]
-    needs: ["extract-images"]
+    needs: ["compare-images"]
     strategy:
       matrix:
-        images: ${{ fromJSON(needs.extract-images.outputs.matrix) }}
+        images: ${{ fromJSON(needs.compare-images.outputs.images) }}
       max-parallel: 4
       fail-fast: false
     steps:
       - name: Setup Homebrew
         uses: Homebrew/actions/setup-homebrew@master
 
       - name: Setup Workflow Tools
-        shell: bash
         run: brew install siderolabs/tap/talosctl
 
       - name: Pre-pull Image

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -19,34 +19,44 @@ jobs:
           app-id: "${{ secrets.BOT_APP_ID }}"
           private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
 
-      - name: Checkout
-        uses: actions/checkout@v4
+      - name: Get Previous Release Tag and Determine Next Tag
+        id: determine-next-tag
+        uses: actions/github-script@v7
         with:
-          token: "${{ steps.app-token.outputs.token }}"
+          github-token: "${{ steps.app-token.outputs.token }}"
+          result-encoding: string
+          script: |
+            const { data: releases } = await github.rest.repos.listReleases({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              per_page: 1,
+            });
+
+            let previousTag = "0.0.0"; // Default if no previous release exists
+            if (releases.length > 0) {
+              previousTag = releases[0].tag_name;
+            }
+
+            const [previousMajor, previousMinor, previousPatch] = previousTag.split('.').map(Number);
+            const currentYear = new Date().getFullYear();
+            const currentMonth = new Date().getMonth() + 1; // Months are 0-indexed in JavaScript
+
+            const nextMajorMinor = `${currentYear}.${currentMonth}`;
+            let nextPatch;
+
+            if (`${previousMajor}.${previousMinor}` === nextMajorMinor) {
+              console.log("Month release already exists for the year. Incrementing patch number by 1.");
+              nextPatch = previousPatch + 1;
+            } else {
+              console.log("Month release does not exist for the year. Starting with patch number 0.");
+              nextPatch = 0;
+            }
+
+            return `${nextMajorMinor}.${nextPatch}`;
 
       - name: Create Release
-        shell: bash
-        env:
-          GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}"
-        run: |
-          # Retrieve previous release tag
-          previous_tag="$(gh release list --limit 1 | awk '{ print $1 }')"
-          previous_major="${previous_tag%%\.*}"
-          previous_minor="${previous_tag#*.}"
-          previous_minor="${previous_minor%.*}"
-          previous_patch="${previous_tag##*.}"
-          # Determine next release tag
-          next_major_minor="$(date +'%Y').$(date +'%-m')"
-          if [[ "${previous_major}.${previous_minor}" == "${next_major_minor}" ]]; then
-              echo "Month release already exists for year, incrementing patch number by 1"
-              next_patch="$((previous_patch + 1))"
-          else
-              echo "Month release does not exist for year, setting patch number to 0"
-              next_patch="0"
-          fi
-          # Create release
-          release_tag="${next_major_minor}.${next_patch}"
-          gh release create "${release_tag}" \
-              --repo="${GITHUB_REPOSITORY}" \
-              --title="${release_tag}" \
-              --generate-notes
+        uses: ncipollo/release-action@v1
+        with:
+          generateReleaseNotes: true
+          tag: "${{ steps.determine-next-tag.outputs.result }}"
+          token: "${{ steps.app-token.outputs.token }}"
diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml
@@ -56,7 +56,7 @@ jobs:
           token: "${{ steps.app-token.outputs.token }}"
 
       - name: Renovate
-        uses: renovatebot/[email protected].7
+        uses: renovatebot/[email protected].8
         with:
           configurationFile: .github/renovate.json5
           token: "${{ steps.app-token.outputs.token }}"

diff --git a/.github/workflows/schemas.yaml b/.github/workflows/schemas.yaml
@@ -10,6 +10,10 @@ on:
     branches: ["main"]
     paths: [".github/workflows/schemas.yaml"]
 
+env:
+  HOMEBREW_NO_ANALYTICS: "1"
+  UV_SYSTEM_PYTHON: "1"
+
 jobs:
   publish:
     name: Schemas
@@ -34,24 +38,22 @@ jobs:
         uses: Homebrew/actions/setup-homebrew@master
 
       - name: Setup Workflow Tools
-        shell: bash
-        run: brew install kubectl
+        run: brew install kubectl uv
 
       - name: Setup Python
         uses: actions/setup-python@v5
         with:
-          python-version: 3.x
+          python-version: 3.13.x
 
       - name: Setup Node
         uses: actions/setup-node@v4
         with:
-          node-version: 18.x
+          node-version: 22.x
 
       - name: Install Python Dependencies
-        run: pip install pyyaml
+        run: uv pip install pyyaml
 
       - name: Download and run crd-extractor
-        shell: bash
         run: |
           curl -fsSL -o $GITHUB_WORKSPACE/crd-extractor.sh \
               https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/Utilities/crd-extractor.sh

diff --git a/mise.toml → .mise.toml b/mise.toml → .mise.toml
diff --git a/.taskfiles/bootstrap/Taskfile.yaml b/.taskfiles/bootstrap/Taskfile.yaml
@@ -27,7 +27,7 @@ tasks:
     preconditions:
       - talosctl config info
       - test -f {{.CLUSTER_DIR}}/talosconfig
-      - which ls minijinja-cli sops talosctl
+      - which jq ls minijinja-cli sops talosctl
 
   apps:
     desc: Bootstrap Apps [CLUSTER=main]
@@ -60,7 +60,7 @@ tasks:
       vars: [CLUSTER, MODEL]
     preconditions:
       - test -f {{.BOOTSTRAP_RESOURCES_DIR}}/wipe-rook.yaml.j2
-      - which kubectl minijinja-cli stern talosctl
+      - which jq kubectl minijinja-cli stern talosctl
 
   flux:
     desc: Bootstrap Flux [CLUSTER=main]
@@ -82,4 +82,4 @@ tasks:
       vars: [CLUSTER]
     preconditions:
       - op user get --me
-      - which curl flux kubectl ls op
+      - which curl flux jq kubectl ls op
diff --git a/.taskfiles/kubernetes/Taskfile.yaml b/.taskfiles/kubernetes/Taskfile.yaml
@@ -59,3 +59,17 @@ tasks:
       vars: [CLUSTER]
     preconditions:
       - which kubectl
+
+  # https://docs.github.com/en/enterprise-cloud@latest/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller#upgrading-arc
+  upgrade-arc:
+    desc: Upgrade the ARC [CLUSTER=main]
+    cmds:
+      - helm -n actions-runner-system uninstall gha-runner-scale-set
+      - helm -n actions-runner-system uninstall gha-runner-scale-set-controller
+      - sleep 5
+      - flux -n actions-runner-system reconcile hr gha-runner-scale-set-controller
+      - flux -n actions-runner-system reconcile hr gha-runner-scale-set
+    requires:
+      vars: [CLUSTER]
+    preconditions:
+      - which flux helm