onedr0p · onedr0p · Dec 24, 2023 · Dec 24, 2023 · Dec 25, 2023 · Dec 25, 2023
@@ -0,0 +1,158 @@
+---
+  # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+  name: "Flux Image Test"
+
+  on:
+    pull_request:
+      branches: ["main"]
+      paths: ["kubernetes/**"]
+
+  concurrency:
+    group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
+    cancel-in-progress: true
+
+  jobs:
+    changed-files:
+      name: Get Changed Files
+      runs-on: ubuntu-latest
+      outputs:
+        matrix: ${{ steps.changed-files.outputs.all_changed_and_modified_files }}
+      steps:
+        - name: Generate Token
+          uses: actions/create-github-app-token@v1
+          id: app-token
+          with:
+            app-id: "${{ secrets.BOT_APP_ID }}"
+            private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+
+        - name: Checkout
+          uses: actions/checkout@v4
+          with:
+            token: "${{ steps.app-token.outputs.token }}"
+            fetch-depth: 0
+
+        - name: Get changed files
+          id: changed-files
+          uses: tj-actions/changed-files@v41
+          with:
+            files: kubernetes/**
+            dir_names_max_depth: 2
+            dir_names: true
+            json: true
+            escape_json: false
+
+        - name: List all changed files
+          run: echo "${{ steps.changed-files.outputs.all_changed_and_modified_files }}"
+
+    extract-images:
+      name: Flux Image Test
+      runs-on: ubuntu-latest
+      needs: ["changed-files"]
+      permissions:
+        pull-requests: write
+      strategy:
+        matrix:
+          paths: ${{ fromJSON(needs.changed-files.outputs.matrix) }}
+        max-parallel: 4
+        fail-fast: false
+      outputs:
+        matrix: ${{ steps.extract-images.outputs.images }}
+      steps:
+        - name: Generate Token
+          uses: actions/create-github-app-token@v1
+          id: app-token
+          with:
+            app-id: "${{ secrets.BOT_APP_ID }}"
+            private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+
+        - name: Setup System Tools
+          shell: bash
+          run: sudo apt-get -qq update && sudo apt-get -qq install --no-install-recommends -y curl git jo
+
+        - name: Setup Workflow Tools
+          uses: jdx/rtx-action@v1
+          with:
+            install: true
+            cache: true
+            rtx_toml: |
+              [tools]
+              flux2 = "latest"
+              yq = "latest"
+
+        - name: Checkout Default Branch
+          uses: actions/checkout@v4
+          with:
+            token: "${{ steps.app-token.outputs.token }}"
+            ref: main
+            path: default
+
+        - name: Checkout Pull Request Branch
+          uses: actions/checkout@v4
+          with:
+            token: "${{ steps.app-token.outputs.token }}"
+            path: pull
+
+        - name: Gather Images in Default Branch
+          uses: docker://ghcr.io/allenporter/flux-local:pr-472
+          with:
+            args: >-
+              get cluster
+              --path /github/workspace/default/${{ matrix.paths }}
+              --enable-images
+              --output yaml
+              --output-file default.yaml
+
+        - name: Filter Default Branch Results
+          shell: bash
+          run: |
+            yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \
+                default.yaml > default.txt
+
+        - name: Gather Images in Pull Request Branch
+          uses: docker://ghcr.io/allenporter/flux-local:pr-472
+          with:
+            args: >-
+              get cluster
+              --path /github/workspace/pull/${{ matrix.paths }}
+              --enable-images
+              --output yaml
+              --output-file pull.yaml
+
+        - name: Filter Pull Request Branch Results
+          shell: bash
+          run: |
+            yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \
+                pull.yaml > pull.txt
+
+        - name: Diff results
+          id: extract-images
+          shell: bash
+          run: |
+            images=$(jo -a $(grep -vf default.txt pull.txt))
+            echo "images=${images}" >> $GITHUB_OUTPUT
+            echo "${images}"
+
+    test-images:
+      if: ${{ needs.extract-images.outputs.matrix != '[]' }}
+      name: Test images from Helm Release
+      runs-on: ubuntu-latest
+      needs: ["extract-images"]
+      strategy:
+        matrix:
+          images: ${{ fromJSON(needs.extract-images.outputs.matrix) }}
+        max-parallel: 4
+        fail-fast: false
+      steps:
+        - name: Test Images from Helm Release
+          run: docker pull ${{ matrix.images }}
+
+    # Summarize matrix https://github.community/t/status-check-for-a-matrix-jobs/127354/7
+    test-images-success:
+      if: ${{ always() }}
+      needs: ["test-images"]
+      name: Test images from Helm Release successful
+      runs-on: ubuntu-latest
+      steps:
+        - if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
+          name: Check matrix status
+          run: exit 1
@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: cert-manager
-      version: v1.13.3
+      version: v1.13.2
       sourceRef:
         kind: HelmRepository
         name: jetstack

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: ingress-nginx
-      version: 4.9.0
+      version: 4.8.3
       sourceRef:
         kind: HelmRepository
         name: ingress-nginx

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: ingress-nginx
-      version: 4.9.0
+      version: 4.8.3
       sourceRef:
         kind: HelmRepository
         name: ingress-nginx

@@ -10,7 +10,7 @@ spec:
   chart:
     spec:
       chart: rook-ceph
-      version: v1.13.1
+      version: v1.12.10
       sourceRef:
         kind: HelmRepository
         name: rook-ceph

@@ -10,7 +10,7 @@ spec:
   chart:
     spec:
       chart: rook-ceph-cluster
-      version: v1.13.1
+      version: v1.12.10
       sourceRef:
         kind: HelmRepository
         name: rook-ceph