Update php Docker tag to v8.5.0

.gitea/workflows/render-manifests.yaml

@@ -8,12 +8,15 @@ on:
       - "clusters/**"
       - ! "clusters/*/archive"
 
+  workflow_dispatch:
+
+env:
+  CLUSTERS: cl01tl
+  BASE_BRANCH: manifests
+
 jobs:
   render-manifests-helm:
     runs-on: ubuntu-js
-    permissions:
-      contents: write
-      pull-requests: write
     steps:
       - name: Checkout
         uses: actions/checkout@v6
@@ -24,71 +27,191 @@ jobs:
         uses: azure/setup-helm@v4
         with:
           token: ${{ secrets.GITEA_TOKEN }}
-          version: latest
+          version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
 
       - name: Render Helm Manifests
-        env:
-          CLUSTERS: cl01tl
         run: |
-          for cluster in $CLUSTERS; do
+          for cluster in ${CLUSTERS}; do
-            mkdir clusters/$CLUSTER/manifests
+            mkdir -p ${{ gitea.workspace }}/clusters/$cluster/manifests
 
-            for chart_path in clusters/$CLUSTER/helm/; do
+            for chart_path in ${{ gitea.workspace }}/clusters/$cluster/helm/*; do
-              chart_name=$(basename "$chart")
+              chart_name=$(basename "$chart_path")
 
-              echo "--- Rendering chart: $chart_name ---"
+              echo ">> Rendering chart: $chart_name"
 
               if [ -f "$chart_path/Chart.yaml" ]; then
-                  OUTPUT_FILE="clusters/$CLUSTER/manifests/$chart_name.yaml"
+                  mkdir -p ${{ gitea.workspace }}/clusters/$cluster/manifests/$chart_name
+                  OUTPUT_FILE="${{ gitea.workspace }}/clusters/$cluster/manifests/$chart_name/$chart_name.yaml"
 
-                  helm template "$chart_name" "$chart" --namespace "$chart_name" > "$OUTPUT_FILE"
+                  cd $chart_path
 
-                  echo "Manifests for $chart_name rendered to $OUTPUT_FILE"
+                  echo ""
+                  echo ">> Building helm dependency ..."
+                  helm dependency build
+
+                  echo ""
+                  echo ">> Linting helm ..."
+                  helm lint --namespace "$chart_name" --with-subcharts
+
+                  echo ""
+                  echo ">> Rendering templates ..."
+                  helm template "$chart_name" ./ --namespace "$chart_name" --include-crds > "$OUTPUT_FILE"
+
+                  echo ""
+                  echo ">> Manifests for $chart_name rendered to $OUTPUT_FILE"
+                  echo ""
               else
-                  echo "Directory $chart_path does not contain a Chart.yaml. Skipping ..."
+                  echo ""
+                  echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
+                  echo ""
               fi
             done
           done
 
+      # - name: Create Pull Request
+      #   id: pull-request
+      #   uses: github.com/quentinlegot/gitea-create-pull-request@c05fb67b080696dcdb2d2b7ea83051ec413f7285
+      #   with:
+      #     token: ${{ secrets.BOT_TOKEN }}
+      #     add-paths: |
+      #       clusters/cl01tl/manifests/*
+      #     commit-message: "chore: Update manifests after chart change"
+      #     committer: gitea-bot <gitea-bot@alexlebens.net>
+      #     author: gitea-bot <gitea-bot@alexlebens.net>
+      #     branch: auto/update-manifests
+      #     branch-suffix: timestamp
+      #     base: manifests
+      #     title: "Manifest Update"
+      #     body: |
+      #       This PR contains the newly rendered Kubernetes manifests.
+
+      #       * Triggered by workflow run ${{ github.run_id }}
+      #       * Review the `files changed` tab for the full YAML diff.
+      #     labels: |
+      #       manifests
+      #       automated
+
+      - name: Check for Changes
+        id: check-changes
+        run: |
+          git restore --staged ${{ gitea.workspace }}/clusters/**/helm
+
+          if git status --porcelain | grep -q .; then
+            echo ">> Changes detected"
+            git status --porcelain
+            echo "changes-detected=true" >> $GITEA_OUTPUT
+          else
+            echo ">> No changes detected, skipping PR creation"
+            exit 0
+          fi
+
+      - name: Commit and Push Changes
+        id: commit-push
+        if: steps.check-changes.outputs.changes-detected == 'true'
+        run: |
+          BRANCH_NAME="auto/update-manifests-$(date +%s)"
+
+          # Configure Git
+          echo ">> Configure git to use gitea-bot as user ..."
+          git config user.name "gitea-bot"
+          git config user.email "gitea-bot@alexlebens.net"
+
+          # Create a new branch and stage all changes
+          echo ">> Creating and commiting to $BRANCH_NAME ..."
+          git checkout -b $BRANCH_NAME
+          git add .
+          git commit -m "chore: Update manifests after change"
+
+          # Push the new branch to the remote repository
+          REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
+          echo ">> Pushing changes to $REPO_URL ..."
+          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" $BRANCH_NAME
+
+          echo "HEAD_BRANCH=$BRANCH_NAME" >> $GITEA_OUTPUT
+          echo "push=true" >> $GITEA_OUTPUT
+
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
+        id: create-pull-request
-        with:
+        if: steps.commit-push.outputs.push == 'true'
-          token: ${{ secrets.GITEA_TOKEN }}
+        env:
-          commit-message: "chore: Update manifests after chart change"
+          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
-          branch: auto/update-manifests
+          GITEA_URL: ${{ secrets.REPO_URL }}
-          base: manifests
+          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
-          title: "Manifest Update: App Changes"
+        run: |
-          body: |
+          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository_owner }}/${{ gitea.repository_name }}/pulls"
-            This PR contains the newly rendered Kubernetes manifests.
 
-            * Triggered by workflow run ${{ github.run_id }}
+          PAYLOAD=$(cat <<-EOF
-            * Review the `files changed` tab for the full YAML diff.
+          {
-          add-paths: "clusters/*/rendered-manifests/"
+            "head": "${HEAD_BRANCH}",
+            "base": "${BASE_BRANCH}",
+            "title": "Automated Manifest Update: $(date +%F)",
+            "body": "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow.",
+          }
+          EOF
+          )
 
-      - name: ntfy Success
+          echo ">> Creating PR from branch: ${HEAD_BRANCH} into ${BASE_BRANCH}"
-        uses: niniyas/ntfy-action@master
-        if: success()
-        with:
-          url: "${{ secrets.NTFY_URL }}"
-          topic: "${{ secrets.NTFY_TOPIC }}"
-          title: "Manifest Render Success - Infrastructure"
-          priority: 3
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,successfully,completed
-          details: "Manifest rendering for Infrastructure has succeeded"
-          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
 
-      - name: ntfy Failed
+          HTTP_STATUS=$(
-        uses: niniyas/ntfy-action@master
+            curl -X POST \
-        if: failure()
+              -H "Authorization: token ${GITEA_TOKEN}" \
-        with:
+              -H "Content-Type: application/json" \
-          url: "${{ secrets.NTFY_URL }}"
+              --data "${PAYLOAD}" \
-          topic: "${{ secrets.NTFY_TOPIC }}"
+              "${API_ENDPOINT}" | tee /tmp/pr_response.json \
-          title: "Manifest Render Failure - Infrastructure"
+              | head -n 1
-          priority: 4
+          )
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+
-          tags: action,failed
+          echo ">> Gitea API Response Body ...
-          details: "Manifest rendering for Infrastructure has failed!"
+          echo "----
-          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
+          echo "$(cat /tmp/pr_response.json)"
-          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
+          echo "----
-          image: true
+
+          if [ "$HTTP_STATUS" == "201" ]; then
+            echo ">> Pull Request created successfully!"
+
+            PR_URL=$(cat /tmp/pr_response.json | jq -r .html_url)
+            echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
+            echo "pull-request-operation=created" >> $GITEA_OUTPUT
+
+          elif [ "$HTTP_STATUS" == "422" ]; then
+            echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
+          else
+            echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
+            exit 1
+          fi
+
+      - name: Cleanup Branch
+        if: failure() && steps.create-pull-request.outcome == 'failure'
+        env:
+          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
+        run: |
+            echo ">> Removing branch: ${HEAD_BRANCH}"
+            git push origin --delete ${HEAD_BRANCH}
+
+      # - name: ntfy Created
+      #   uses: niniyas/ntfy-action@master
+      #   if: steps.create-pull-request.outputs.pull-request-operation == 'created'
+      #   with:
+      #     url: "${{ secrets.NTFY_URL }}"
+      #     topic: "${{ secrets.NTFY_TOPIC }}"
+      #     title: "Manifest Render PR Created - Infrastructure"
+      #     priority: 3
+      #     headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+      #     tags: action,successfully,completed
+      #     details: "Manifest rendering for Infrastructure has created PR ${{ steps.pull-request.outputs.pull-request-number }}!"
+      #     icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
+
+      # - name: ntfy Failed
+      #   uses: niniyas/ntfy-action@master
+      #   if: failure()
+      #   with:
+      #     url: "${{ secrets.NTFY_URL }}"
+      #     topic: "${{ secrets.NTFY_TOPIC }}"
+      #     title: "Manifest Render Failure - Infrastructure"
+      #     priority: 4
+      #     headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+      #     tags: action,failed
+      #     details: "Manifest rendering for Infrastructure has failed!"
+      #     icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
+      #     actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
+      #     image: true

clusters/cl01tl/monitoring/shelly-plug/values.yaml

@@ -36,7 +36,7 @@ shelly-plug:
         main:
           image:
             repository: php
-            tag: 8.4.15-apache-bookworm
+            tag: 8.5.0-apache-bookworm
             pullPolicy: IfNotPresent
           env:
             - name: SHELLY_HOSTNAME

clusters/cl01tl/platform/qbittorrent/values.yaml

@@ -28,7 +28,7 @@ qbittorrent:
         qbittorrent:
           image:
             repository: ghcr.io/linuxserver/qbittorrent
-            tag: 5.1.4@sha256:26a08cd60d81e632aba8947b2c64dfd5f870a5f4a837ec4abedf2e1d174df891
+            tag: 5.1.4@sha256:a2eedc99b4876916943bd33e7c415efc448f6b514aa39b4f98c1e6472a717301
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/storage/whodb/values.yaml

@@ -8,7 +8,7 @@ whodb:
         main:
           image:
             repository: clidey/whodb
-            tag: 0.77.0
+            tag: 0.78.0
             pullPolicy: IfNotPresent
           env:
             - name: WHODB_OLLAMA_HOST