alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

ci: reconfigure
All checks were successful
renovate / renovate (push) Successful in 3m58s
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-04-13 00:29:41 -05:00
parent 30e21162d9
commit d61c4acf0c
1 changed files with 190 additions and 190 deletions
Download Patch File Download Diff File Expand all files Collapse all files

380
.gitea/workflows/lint-test-helm.yaml
View File

@@ -378,232 +378,232 @@ jobs:
actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]' actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
image: true image: true
argo-diff: # argo-diff:
needs: lint-helm # needs: lint-helm
runs-on: ubuntu-js # runs-on: ubuntu-js
if: | # if: |
needs.lint-helm.result == 'success' && # needs.lint-helm.result == 'success' &&
needs.lint-helm.outputs.changes-detected == 'true' && # needs.lint-helm.outputs.changes-detected == 'true' &&
github.event_name == 'pull_request' # github.event_name == 'pull_request'
steps: # steps:
- name: Checkout # - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 # uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with: # with:
fetch-depth: 0 # fetch-depth: 0
- name: Cache ArgoCD CLI # - name: Cache ArgoCD CLI
id: cache-argocd # id: cache-argocd
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 # uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
with: # with:
path: /usr/local/bin/argocd # path: /usr/local/bin/argocd
key: ${{ runner.os }}-argocd-${{ env.ARGOCD_VERSION }} # key: ${{ runner.os }}-argocd-${{ env.ARGOCD_VERSION }}
restore-keys: | # restore-keys: |
${{ runner.os }}-argocd- # ${{ runner.os }}-argocd-
- name: Install ArgoCD CLI # - name: Install ArgoCD CLI
if: steps.cache-argocd.outputs.cache-hit != 'true' # if: steps.cache-argocd.outputs.cache-hit != 'true'
run: | # run: |
echo ">> Downloading ArgoCD CLI, version: ${{ env.ARGOCD_VERSION }} ..." # echo ">> Downloading ArgoCD CLI, version: ${{ env.ARGOCD_VERSION }} ..."
curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/download/${{ env.ARGOCD_VERSION }}/argocd-linux-amd64 # curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/download/${{ env.ARGOCD_VERSION }}/argocd-linux-amd64
echo "" # echo ""
echo ">> Installing ArgoCD CLI ..." # echo ">> Installing ArgoCD CLI ..."
sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd # sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
echo "" # echo ""
echo "----" # echo "----"
- name: Verify installation # - name: Verify installation
run: | # run: |
echo "" # echo ""
echo ">> Verifying installation ..." # echo ">> Verifying installation ..."
argocd version --client # argocd version --client
echo "" # echo ""
echo "----" # echo "----"
- name: Set Up Helm # - name: Set Up Helm
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5 # uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
with: # with:
token: ${{ secrets.GITEA_TOKEN }} # token: ${{ secrets.GITEA_TOKEN }}
# renovate: datasource=github-releases depName=helm/helm # # renovate: datasource=github-releases depName=helm/helm
version: v4.1.3 # version: v4.1.3
cache: true # cache: true
- name: Cache Helm Dependencies # - name: Cache Helm Dependencies
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 # uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
with: # with:
path: | # path: |
~/.cache/helm # ~/.cache/helm
~/.config/helm # ~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }} # key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: | # restore-keys: |
helm-cache-${{ runner.os }}- # helm-cache-${{ runner.os }}-
- name: Add Repositories # - name: Add Repositories
env: # env:
CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }} # CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
run: | # run: |
echo ">> Adding repositories for chart dependencies ..." # echo ">> Adding repositories for chart dependencies ..."
echo "" # echo ""
for DIR in ${CHANGED_CHARTS}; do # for DIR in ${CHANGED_CHARTS}; do
helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \ # helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \
| tail -n +2 \ # | tail -n +2 \
| awk 'NF > 0 { print $1, $3 }' \ # | awk 'NF > 0 { print $1, $3 }' \
| while read -r REPO_NAME REPO_URL; do # | while read -r REPO_NAME REPO_URL; do
if [[ "${REPO_URL}" == oci://* ]]; then # if [[ "${REPO_URL}" == oci://* ]]; then
echo ">> Ignoring OCI repo: ${REPO_URL}" # echo ">> Ignoring OCI repo: ${REPO_URL}"
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then # elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}" # helm repo add "${REPO_NAME}" "${REPO_URL}"
fi # fi
done || true # done || true
done # done
if helm repo list > /dev/null 2>&1; then # if helm repo list > /dev/null 2>&1; then
echo "" # echo ""
echo ">> Update repository cache ..." # echo ">> Update repository cache ..."
helm repo update # helm repo update
fi # fi
echo "" # echo ""
echo "----" # echo "----"
- name: Render Templates # - name: Render Templates
id: render # id: render
env: # env:
CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }} # CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
run: | # run: |
for APP_NAME in ${CHANGED_CHARTS}; do # for APP_NAME in ${CHANGED_CHARTS}; do
echo ">> Render templates for ${APP_NAME} ..." # echo ">> Render templates for ${APP_NAME} ..."
CHART_PATH="clusters/${CLUSTER}/helm/${APP_NAME}" # CHART_PATH="clusters/${CLUSTER}/helm/${APP_NAME}"
OUTPUT_FOLDER="clusters/${CLUSTER}/manifests/${APP_NAME}/" # OUTPUT_FOLDER="clusters/${CLUSTER}/manifests/${APP_NAME}/"
helm dependency build "${CHART_PATH}" --skip-refresh # helm dependency build "${CHART_PATH}" --skip-refresh
NAMESPACE="${APP_NAME}" # NAMESPACE="${APP_NAME}"
case "${APP_NAME}" in # case "${APP_NAME}" in
"stack") # "stack")
NAMESPACE="argocd" # NAMESPACE="argocd"
echo ">> Special Rendering into 'argocd' namespace ..." # echo ">> Special Rendering into 'argocd' namespace ..."
;; # ;;
"cilium" | "coredns" | "metrics-server") # "cilium" | "coredns" | "metrics-server")
NAMESPACE="kube-system" # NAMESPACE="kube-system"
echo ">> Special Rendering for ${APP_NAME} into 'kube-system' namespace ..." # echo ">> Special Rendering for ${APP_NAME} into 'kube-system' namespace ..."
;; # ;;
*) # *)
echo ">> Standard Rendering ..." # echo ">> Standard Rendering ..."
esac # esac
TEMPLATE=$(helm template "${APP_NAME}" "${CHART_PATH}" --include-crds --namespace "${NAMESPACE}" --include-crds --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor") # TEMPLATE=$(helm template "${APP_NAME}" "${CHART_PATH}" --include-crds --namespace "${NAMESPACE}" --include-crds --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
# Format and split rendered template # # Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"' # echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness # # Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do # for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file # yq -i '... comments=""' $file
done # done
echo "" # echo ""
echo ">> Templates in output folder: ${OUTPUT_FOLDER}" # echo ">> Templates in output folder: ${OUTPUT_FOLDER}"
ls ${OUTPUT_FOLDER} # ls ${OUTPUT_FOLDER}
done # done
echo "----" # echo "----"
- name: Run App Diff # - name: Run App Diff
id: diff # id: diff
env: # env:
ARGOCD_SERVER: ${{ secrets.ARGOCD_SERVER }} # ARGOCD_SERVER: ${{ secrets.ARGOCD_SERVER }}
ARGOCD_AUTH_TOKEN: ${{ secrets.ARGOCD_AUTH_TOKEN }} # ARGOCD_AUTH_TOKEN: ${{ secrets.ARGOCD_AUTH_TOKEN }}
CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }} # CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
run: | # run: |
FAILED_CHARTS="" # FAILED_CHARTS=""
DIFF_FOUND="false" # DIFF_FOUND="false"
for APP_NAME in ${CHANGED_CHARTS}; do # for APP_NAME in ${CHANGED_CHARTS}; do
echo ">> Running argocd app diff for ${APP_NAME} ..." # echo ">> Running argocd app diff for ${APP_NAME} ..."
argocd app diff "${APP_NAME}" \ # argocd app diff "${APP_NAME}" \
--server "${ARGOCD_SERVER}" \ # --server "${ARGOCD_SERVER}" \
--revision ${{ gitea.sha }} \ # --revision ${{ gitea.sha }} \
--diff-exit-code 0 \ # --diff-exit-code 0 \
--local "clusters/${CLUSTER}/manifests/${APP_NAME}" \ # --local "clusters/${CLUSTER}/manifests/${APP_NAME}" \
--local-repo-root "." \ # --local-repo-root "." \
--grpc-web > "diff_output_${APP_NAME}.txt" # --grpc-web > "diff_output_${APP_NAME}.txt"
if [ -s "diff_output_${APP_NAME}.txt" ]; then # if [ -s "diff_output_${APP_NAME}.txt" ]; then
echo ">> Argo diff:" # echo ">> Argo diff:"
echo "" # echo ""
cat diff_output_${APP_NAME}.txt # cat diff_output_${APP_NAME}.txt
echo "" # echo ""
DIFF_FOUND="true" # DIFF_FOUND="true"
else # else
echo ">> No Argo diff found for ${APP_NAME}" # echo ">> No Argo diff found for ${APP_NAME}"
rm "diff_output_${APP_NAME}.txt" # rm "diff_output_${APP_NAME}.txt"
fi # fi
done # done
echo "----" # echo "----"
echo "diff-detected=${DIFF_FOUND}" >> "$GITHUB_OUTPUT" # echo "diff-detected=${DIFF_FOUND}" >> "$GITHUB_OUTPUT"
echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT" # echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT"
exit $OVERALL_EXIT_CODE # exit $OVERALL_EXIT_CODE
- name: Post Diff # - name: Post Diff
if: | # if: |
always() && # always() &&
steps.diff.outputs.diff-detected == 'true' && # steps.diff.outputs.diff-detected == 'true' &&
gitea.event.pull_request.number != null # gitea.event.pull_request.number != null
env: # env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} # GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
run: | # run: |
COMMENT_BODY="### ArgoCD Diff Results # COMMENT_BODY="### ArgoCD Diff Results
" # "
for f in diff_output_*.txt; do # for f in diff_output_*.txt; do
APP_NAME=$(echo $f | sed 's/diff_output_//;s/.txt//') # APP_NAME=$(echo $f | sed 's/diff_output_//;s/.txt//')
DIFF_CONTENT=$(cat "$f") # DIFF_CONTENT=$(cat "$f")
COMMENT_BODY="${COMMENT_BODY} # COMMENT_BODY="${COMMENT_BODY}
#### App: ${APP_NAME} # #### App: ${APP_NAME}
" # "
if [ -z "$DIFF_CONTENT" ]; then # if [ -z "$DIFF_CONTENT" ]; then
COMMENT_BODY="${COMMENT_BODY} No changes detected." # COMMENT_BODY="${COMMENT_BODY} No changes detected."
else # else
COMMENT_BODY="${COMMENT_BODY} # COMMENT_BODY="${COMMENT_BODY}
\`\`\`diff # \`\`\`diff
${DIFF_CONTENT} # ${DIFF_CONTENT}
\`\`\`" # \`\`\`"
fi # fi
done # done
curl -X 'POST' \ # curl -X 'POST' \
"${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \ # "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \
-H "Authorization: token ${GITEA_TOKEN}" \ # -H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \ # -H "Content-Type: application/json" \
-d "$(jq -n --arg body "$COMMENT_BODY" '{body: $body}')" # -d "$(jq -n --arg body "$COMMENT_BODY" '{body: $body}')"
- name: ntfy Failed # - name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master # uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
if: failure() # if: failure()
with: # with:
url: '${{ secrets.NTFY_URL }}' # url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}' # topic: '${{ secrets.NTFY_TOPIC }}'
title: 'ArgoCD Diff Failure' # title: 'ArgoCD Diff Failure'
priority: 3 # priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}' # headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed # tags: action,failed
details: "ArgoCD diff for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.diff.outputs.failed-charts }}" # details: "ArgoCD diff for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.diff.outputs.failed-charts }}"
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png' # icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]' # actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
image: true # image: true