Update php Docker tag to v8.5.0

.gitea/workflows/render-manifests.yaml

@@ -8,75 +8,194 @@ on:
       - "clusters/**"
       - ! "clusters/*/archive"
 
+  workflow_dispatch:
+
+env:
+  CLUSTERS: cl01tl
+  BASE_BRANCH: manifests
+  MAIN_DIR: /workspace/alexlebens/infrastructure
+  MANIFEST_DIR: /workspace/alexlebens/infrastructure-manifests
+
 jobs:
   render-manifests-helm:
     runs-on: ubuntu-js
-    permissions:
-      contents: write
-      pull-requests: write
     steps:
       - name: Checkout
         uses: actions/checkout@v6
         with:
-          fetch-depth: 0
+          path: infrastructure
+
+      - name: Checkout Manifests
+        uses: actions/checkout@v6
+        with:
+          ref: manifests
+          path: infrastructure-manifests
 
       - name: Set up Helm
         uses: azure/setup-helm@v4
         with:
           token: ${{ secrets.GITEA_TOKEN }}
-          version: latest
+          version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
 
       - name: Render Helm Manifests
-        env:
-          CLUSTERS: cl01tl
         run: |
-          for cluster in $CLUSTERS; do
+          for cluster in ${CLUSTERS}; do
-            mkdir clusters/$CLUSTER/manifests
+            for chart_path in ${MAIN_DIR}/clusters/$cluster/helm/*; do
-
+              chart_name=$(basename "$chart_path")
-            for chart_path in clusters/$CLUSTER/helm/; do
+              echo ">> Rendering chart: $chart_name"
-              chart_name=$(basename "$chart")
-
-              echo "--- Rendering chart: $chart_name ---"
 
               if [ -f "$chart_path/Chart.yaml" ]; then
-                  OUTPUT_FILE="clusters/$CLUSTER/manifests/$chart_name.yaml"
+                  mkdir -p ${MANIFEST_DIR}/clusters/$cluster/manifests/$chart_name
+                  OUTPUT_FILE="${MANIFEST_DIR}/clusters/$cluster/manifests/$chart_name/$chart_name.yaml"
 
-                  helm template "$chart_name" "$chart" --namespace "$chart_name" > "$OUTPUT_FILE"
+                  cd $chart_path
 
-                  echo "Manifests for $chart_name rendered to $OUTPUT_FILE"
+                  echo ""
+                  echo ">> Building helm dependency ..."
+                  helm dependency build
+
+                  echo ""
+                  echo ">> Linting helm ..."
+                  helm lint --namespace "$chart_name" --with-subcharts
+
+                  echo ""
+                  echo ">> Rendering templates ..."
+                  helm template "$chart_name" ./ --namespace "$chart_name" --include-crds > "$OUTPUT_FILE"
+
+                  echo ""
+                  echo ">> Manifests for $chart_name rendered to $OUTPUT_FILE"
+                  echo ""
               else
-                  echo "Directory $chart_path does not contain a Chart.yaml. Skipping ..."
+                  echo ""
+                  echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
+                  echo ""
               fi
             done
           done
 
+      - name: Check for Changes
+        id: check-changes
+        run: |
+          cd ${MANIFEST_DIR}
+
+          if git status --porcelain | grep -q .; then
+            echo ">> Changes detected"
+            git status --porcelain
+            echo "changes-detected=true" >> $GITEA_OUTPUT
+          else
+            echo ">> No changes detected, skipping PR creation"
+            exit 0
+          fi
+
+      - name: Commit and Push Changes
+        id: commit-push
+        if: steps.check-changes.outputs.changes-detected == 'true'
+        run: |
+          cd ${MANIFEST_DIR}
+
+          BRANCH_NAME="auto/update-manifests-$(date +%s)"
+
+          # Configure Git
+          echo ">> Configure git to use gitea-bot as user ..."
+          git config user.name "gitea-bot"
+          git config user.email "gitea-bot@alexlebens.net"
+
+          # Create a new branch and stage all changes
+          echo ">> Creating and commiting to $BRANCH_NAME ..."
+          git checkout -b $BRANCH_NAME
+          git add .
+          git commit -m "chore: Update manifests after change"
+
+          # Push the new branch to the remote repository
+          REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
+          echo ">> Pushing changes to $REPO_URL ..."
+          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" $BRANCH_NAME
+
+          echo "HEAD_BRANCH=$BRANCH_NAME" >> $GITEA_OUTPUT
+          echo "push=true" >> $GITEA_OUTPUT
+
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
+        id: create-pull-request
-        with:
+        if: steps.commit-push.outputs.push == 'true'
-          token: ${{ secrets.GITEA_TOKEN }}
+        env:
-          commit-message: "chore: Update manifests after chart change"
+          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
-          branch: auto/update-manifests
+          GITEA_URL: ${{ secrets.REPO_URL }}
-          base: manifests
+          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
-          title: "Manifest Update: App Changes"
+        run: |
-          body: |
+          cd ${MANIFEST_DIR}
-            This PR contains the newly rendered Kubernetes manifests.
 
-            * Triggered by workflow run ${{ github.run_id }}
+          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
-            * Review the `files changed` tab for the full YAML diff.
-          add-paths: "clusters/*/rendered-manifests/"
 
-      - name: ntfy Success
+          PAYLOAD=$( jq -n \
+            --arg head "${HEAD_BRANCH}" \
+            --arg base "${BASE_BRANCH}" \
+            --arg title "Automated Manifest Update: $(date +%F)" \
+            --arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
+            '{head: $head, base: $base, title: $title, body: $body'} )
+
+          echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
+          echo ">> With Endpoint of:"
+          echo "$API_ENDPOINT"
+          echo ">> With Payload of:"
+          echo "$PAYLOAD"
+
+          HTTP_STATUS=$(
+            curl -X POST \
+              --silent \
+              --write-out '%{http_code}' \
+              --output response_body.json \
+              --dump-header response_headers.txt \
+              --data "$PAYLOAD" \
+              -H "Authorization: token ${GITEA_TOKEN}" \
+              -H "Content-Type: application/json" \
+              "$API_ENDPOINT" 2> response_errors.txt
+          )
+
+          echo ">> HTTP Status Code: $HTTP_STATUS"
+          echo ">> Response Output ..."
+          echo "----"
+          cat response_body.json
+          echo "----"
+          cat response_headers.txt
+          echo "----"
+          cat response_errors.txt
+          echo "----"
+
+          if [ "$HTTP_STATUS" == "201" ]; then
+            echo ">> Pull Request created successfully!"
+
+            PR_URL=$(cat response_body.json | jq -r .html_url)
+            echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
+            echo "pull-request-operation=created" >> $GITEA_OUTPUT
+
+          elif [ "$HTTP_STATUS" == "422" ]; then
+            echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
+          else
+            echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
+            exit 1
+          fi
+
+      - name: Cleanup Branch
+        if: failure() && steps.create-pull-request.outcome == 'failure'
+        env:
+          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
+        run: |
+          echo ">> Removing branch: ${HEAD_BRANCH}"
+          git push origin --delete ${HEAD_BRANCH}
+
+      - name: ntfy Created
         uses: niniyas/ntfy-action@master
-        if: success()
+        if: steps.create-pull-request.outputs.pull-request-operation == 'created'
         with:
           url: "${{ secrets.NTFY_URL }}"
           topic: "${{ secrets.NTFY_TOPIC }}"
-          title: "Manifest Render Success - Infrastructure"
+          title: "Manifest Render PR Created - Infrastructure"
           priority: 3
           headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
           tags: action,successfully,completed
-          details: "Manifest rendering for Infrastructure has succeeded"
+          details: "Manifest rendering for Infrastructure has created a new Pull Request!"
           icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
 
       - name: ntfy Failed
         uses: niniyas/ntfy-action@master

clusters/cl01tl/monitoring/shelly-plug/values.yaml

@@ -36,7 +36,7 @@ shelly-plug:
         main:
           image:
             repository: php
-            tag: 8.4.15-apache-bookworm
+            tag: 8.5.0-apache-bookworm
             pullPolicy: IfNotPresent
           env:
             - name: SHELLY_HOSTNAME

clusters/cl01tl/platform/qbittorrent/values.yaml

@@ -28,7 +28,7 @@ qbittorrent:
         qbittorrent:
           image:
             repository: ghcr.io/linuxserver/qbittorrent
-            tag: 5.1.4@sha256:26a08cd60d81e632aba8947b2c64dfd5f870a5f4a837ec4abedf2e1d174df891
+            tag: 5.1.4@sha256:a2eedc99b4876916943bd33e7c415efc448f6b514aa39b4f98c1e6472a717301
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/storage/whodb/values.yaml

@@ -8,7 +8,7 @@ whodb:
         main:
           image:
             repository: clidey/whodb
-            tag: 0.77.0
+            tag: 0.78.0
             pullPolicy: IfNotPresent
           env:
             - name: WHODB_OLLAMA_HOST