alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions 1 Activity

Compare commits

base: alexlebens:d3de532c6232b77ff3bd9cefba6ead33c91f5bd9
Branches Tags
alexlebens:main alexlebens:manifests alexlebens:renovate/unified-cilium alexlebens:tmp/eraser
..
compare: alexlebens:main
Branches Tags
alexlebens:manifests alexlebens:main alexlebens:renovate/unified-cilium alexlebens:tmp/eraser

28 Commits
d3de532c62 ... main

Author SHA1 Message Date
Renovate Bot
a01b1d6050 Merge pull request 'chore(deps): update searxng/searxng:latest docker digest to 4c6b4f3' (#5846) from renovate/unified-searxng into main
Some checks are pending
renovate / renovate (push) Has started running
Details
lint-test-helm / lint-helm (push) Successful in 35s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
2026-04-13 10:03:44 +00:00
Renovate Bot
9ac1ad2cf0 chore(deps): update searxng/searxng:latest docker digest to 4c6b4f3
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 43s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 1m33s
Details
2026-04-13 10:03:18 +00:00
Alex Lebens
d61c4acf0c ci: reconfigure
All checks were successful
renovate / renovate (push) Successful in 3m46s
Details
2026-04-13 00:29:46 -05:00
Renovate Bot
30e21162d9 Merge pull request 'chore(deps): update ollama/ollama docker tag to v0.20.5' (#5844) from renovate/unified-ollama into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 22s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
lint-test-helm / argo-diff (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m5s
Details
2026-04-13 04:04:47 +00:00
Renovate Bot
7e676a5c4e chore(deps): update ollama/ollama docker tag to v0.20.5
Some checks failed
renovate/stability-days Updates have met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 41s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 25s
Details
render-manifests / render-manifests (pull_request) Successful in 58s
Details
lint-test-helm / argo-diff (pull_request) Failing after 37s
Details
2026-04-13 04:04:29 +00:00
Alex Lebens
89009fd048 ci: reconfigure
All checks were successful
renovate / renovate (push) Successful in 4m46s
Details
2026-04-12 20:51:26 -05:00
Alex Lebens
6e5d2433e9 ci: reconfigure
All checks were successful
renovate / renovate (push) Successful in 2m21s
Details
2026-04-12 20:46:40 -05:00
Alex Lebens
b544493a70 ci: reconfigure
All checks were successful
renovate / renovate (push) Successful in 3m46s
Details
2026-04-12 20:36:55 -05:00
Alex Lebens
c4503f4ecb ci: reconfigure
All checks were successful
renovate / renovate (push) Successful in 3m6s
Details
2026-04-12 20:24:34 -05:00
Alex Lebens
8765741597 ci: reconfigure
All checks were successful
renovate / renovate (push) Successful in 3m19s
Details
2026-04-12 20:17:07 -05:00
Alex Lebens
142f6be558 ci: change root
All checks were successful
renovate / renovate (push) Successful in 3m13s
Details
2026-04-12 20:06:31 -05:00
Alex Lebens
b89e24c8d1 ci: reconfigure
All checks were successful
renovate / renovate (push) Successful in 2m14s
Details
2026-04-12 20:01:52 -05:00
Alex Lebens
ad100879b5 ci: reconfigure
All checks were successful
renovate / renovate (push) Successful in 1m37s
Details
2026-04-12 19:45:51 -05:00
Alex Lebens
54e2cd4c43 Merge pull request 'feat: update unseal' (#5842) from tmp/vault into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 25s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
lint-test-helm / argo-diff (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #5842
 2026-04-13 00:44:31 +00:00
Alex Lebens
5c0f3d5b4e feat: update unseal
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 37s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 40s
Details
lint-test-helm / argo-diff (pull_request) Successful in 44s
Details
render-manifests / render-manifests (pull_request) Successful in 1m4s
Details
2026-04-12 19:35:20 -05:00
Renovate Bot
8ab2c2ff87 Merge pull request 'chore(deps): update dependency ollama/ollama to v0.20.5' (#5841) from renovate/unified-ollama into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 21s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
lint-test-helm / argo-diff (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m18s
Details
2026-04-12 19:02:15 +00:00
Renovate Bot
9897e85408 chore(deps): update dependency ollama/ollama to v0.20.5
All checks were successful
renovate/stability-days Updates have met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 27s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 20s
Details
lint-test-helm / argo-diff (pull_request) Successful in 25s
Details
render-manifests / render-manifests (pull_request) Successful in 52s
Details
2026-04-12 18:17:28 +00:00
Renovate Bot
83fd3796b0 Merge pull request 'chore(deps): update dependency immich-app/immich to v2.7.3' (#5840) from renovate/unified-immich into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 42s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
lint-test-helm / argo-diff (push) Has been skipped
Details
renovate / renovate (push) Successful in 4m38s
Details
2026-04-12 18:13:15 +00:00
Renovate Bot
667ed97498 chore(deps): update dependency immich-app/immich to v2.7.3
All checks were successful
renovate/stability-days Updates have met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 27s
Details
render-manifests / render-manifests (pull_request) Successful in 53s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 44s
Details
lint-test-helm / argo-diff (pull_request) Successful in 51s
Details
2026-04-12 18:12:57 +00:00
Renovate Bot
0bfef47841 Merge pull request 'chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.111.0' (#5839) from renovate/unified-renovate into main
Some checks failed
renovate / renovate (push) Has been cancelled
Details
2026-04-12 18:09:57 +00:00
Renovate Bot
5ffe958c30 chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.111.0
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
2026-04-12 18:09:28 +00:00
Alex Lebens
7131c4debd ci: reconfigure
Some checks failed
renovate / renovate (push) Has been cancelled
Details
2026-04-12 13:06:34 -05:00
Alex Lebens
edb122e2e4 Merge pull request 'chore(deps): update medialyze to v0.6.0' (#5835) from renovate/unified-medialyze into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 57s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
lint-test-helm / argo-diff (push) Has been skipped
Details
renovate / renovate (push) Successful in 2m46s
Details 
Reviewed-on: #5835
 2026-04-12 15:18:19 +00:00
Renovate Bot
03d82ed180 chore(deps): update medialyze to v0.6.0 2026-04-12 15:18:19 +00:00
Alex Lebens
a23dc349c5 Merge pull request 'chore(deps): update harbor.alexlebens.net/images/site-profile docker tag to v3.18.0' (#5828) from renovate/unified-site-profile into main
Some checks failed
lint-test-helm / lint-helm (push) Successful in 1m13s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
lint-test-helm / argo-diff (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details 
Reviewed-on: #5828
 2026-04-12 15:16:06 +00:00
Renovate Bot
9c18fe23c6 chore(deps): update harbor.alexlebens.net/images/site-profile docker tag to v3.18.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 1m21s
Details
lint-test-helm / argo-diff (pull_request) Successful in 40s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 1m5s
Details
render-manifests / render-manifests (pull_request) Successful in 2m4s
Details
2026-04-12 14:05:52 +00:00
Renovate Bot
a86f139373 Merge pull request 'chore(deps): update clickhouse/clickhouse-server docker tag to v26.3.5' (#5837) from renovate/unified-clickhouse-server into main
Some checks failed
renovate / renovate (push) Successful in 3m30s
Details
render-manifests / render-manifests (push) Successful in 11m25s
Details
lint-test-helm / validate-kubeconform (push) Has been cancelled
Details
lint-test-helm / argo-diff (push) Has been cancelled
Details
lint-test-helm / lint-helm (push) Has started running
Details
2026-04-12 14:02:22 +00:00
Renovate Bot
a6a87bfcbd chore(deps): update clickhouse/clickhouse-server docker tag to v26.3.5
All checks were successful
renovate/stability-days Updates have met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 30s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
lint-test-helm / argo-diff (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 1m0s
Details
2026-04-12 14:02:06 +00:00
11 changed files with 226 additions and 303 deletions
Expand all files Collapse all files

397
.gitea/workflows/lint-test-helm.yaml
View File

@@ -378,249 +378,232 @@ jobs:
actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]' actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
image: true image: true
argo-diff: # argo-diff:
needs: lint-helm # needs: lint-helm
runs-on: ubuntu-js # runs-on: ubuntu-js
if: | # if: |
needs.lint-helm.result == 'success' && # needs.lint-helm.result == 'success' &&
needs.lint-helm.outputs.changes-detected == 'true' && # needs.lint-helm.outputs.changes-detected == 'true' &&
github.event_name == 'pull_request' # github.event_name == 'pull_request'
steps: # steps:
- name: Checkout # - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 # uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with: # with:
fetch-depth: 0 # fetch-depth: 0
- name: Cache ArgoCD CLI # - name: Cache ArgoCD CLI
id: cache-argocd # id: cache-argocd
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 # uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
with: # with:
path: /usr/local/bin/argocd # path: /usr/local/bin/argocd
key: ${{ runner.os }}-argocd-${{ env.ARGOCD_VERSION }} # key: ${{ runner.os }}-argocd-${{ env.ARGOCD_VERSION }}
restore-keys: | # restore-keys: |
${{ runner.os }}-argocd- # ${{ runner.os }}-argocd-
- name: Install ArgoCD CLI # - name: Install ArgoCD CLI
if: steps.cache-argocd.outputs.cache-hit != 'true' # if: steps.cache-argocd.outputs.cache-hit != 'true'
run: | # run: |
echo ">> Downloading ArgoCD CLI, version: ${{ env.ARGOCD_VERSION }} ..." # echo ">> Downloading ArgoCD CLI, version: ${{ env.ARGOCD_VERSION }} ..."
curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/download/${{ env.ARGOCD_VERSION }}/argocd-linux-amd64 # curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/download/${{ env.ARGOCD_VERSION }}/argocd-linux-amd64
echo "" # echo ""
echo ">> Installing ArgoCD CLI ..." # echo ">> Installing ArgoCD CLI ..."
sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd # sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
echo "" # echo ""
echo "----" # echo "----"
- name: Verify installation # - name: Verify installation
run: | # run: |
echo "" # echo ""
echo ">> Verifying installation ..." # echo ">> Verifying installation ..."
argocd version --client # argocd version --client
echo "" # echo ""
echo "----" # echo "----"
- name: Set Up Helm # - name: Set Up Helm
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5 # uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
with: # with:
token: ${{ secrets.GITEA_TOKEN }} # token: ${{ secrets.GITEA_TOKEN }}
# renovate: datasource=github-releases depName=helm/helm # # renovate: datasource=github-releases depName=helm/helm
version: v4.1.3 # version: v4.1.3
cache: true # cache: true
- name: Cache Helm Dependencies # - name: Cache Helm Dependencies
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 # uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
with: # with:
path: | # path: |
~/.cache/helm # ~/.cache/helm
~/.config/helm # ~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }} # key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: | # restore-keys: |
helm-cache-${{ runner.os }}- # helm-cache-${{ runner.os }}-
- name: Add Repositories # - name: Add Repositories
env: # env:
CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }} # CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
run: | # run: |
echo ">> Adding repositories for chart dependencies ..." # echo ">> Adding repositories for chart dependencies ..."
echo "" # echo ""
for DIR in ${CHANGED_CHARTS}; do # for DIR in ${CHANGED_CHARTS}; do
helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \ # helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \
| tail -n +2 \ # | tail -n +2 \
| awk 'NF > 0 { print $1, $3 }' \ # | awk 'NF > 0 { print $1, $3 }' \
| while read -r REPO_NAME REPO_URL; do # | while read -r REPO_NAME REPO_URL; do
if [[ "${REPO_URL}" == oci://* ]]; then # if [[ "${REPO_URL}" == oci://* ]]; then
echo ">> Ignoring OCI repo: ${REPO_URL}" # echo ">> Ignoring OCI repo: ${REPO_URL}"
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then # elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}" # helm repo add "${REPO_NAME}" "${REPO_URL}"
fi # fi
done || true # done || true
done # done
if helm repo list > /dev/null 2>&1; then # if helm repo list > /dev/null 2>&1; then
echo "" # echo ""
echo ">> Update repository cache ..." # echo ">> Update repository cache ..."
helm repo update # helm repo update
fi # fi
echo "" # echo ""
echo "----" # echo "----"
- name: Render Templates # - name: Render Templates
id: render # id: render
env: # env:
CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }} # CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
run: | # run: |
for APP_NAME in ${CHANGED_CHARTS}; do # for APP_NAME in ${CHANGED_CHARTS}; do
echo ">> Render templates for ${APP_NAME} ..." # echo ">> Render templates for ${APP_NAME} ..."
CHART_PATH="clusters/${CLUSTER}/helm/${APP_NAME}" # CHART_PATH="clusters/${CLUSTER}/helm/${APP_NAME}"
OUTPUT_FOLDER="clusters/${CLUSTER}/manifests/${APP_NAME}/" # OUTPUT_FOLDER="clusters/${CLUSTER}/manifests/${APP_NAME}/"
helm dependency build "${CHART_PATH}" --skip-refresh # helm dependency build "${CHART_PATH}" --skip-refresh
NAMESPACE="${APP_NAME}" # NAMESPACE="${APP_NAME}"
case "${APP_NAME}" in # case "${APP_NAME}" in
"stack") # "stack")
NAMESPACE="argocd" # NAMESPACE="argocd"
echo ">> Special Rendering into 'argocd' namespace ..." # echo ">> Special Rendering into 'argocd' namespace ..."
;; # ;;
"cilium" | "coredns" | "metrics-server") # "cilium" | "coredns" | "metrics-server")
NAMESPACE="kube-system" # NAMESPACE="kube-system"
echo ">> Special Rendering for ${APP_NAME} into 'kube-system' namespace ..." # echo ">> Special Rendering for ${APP_NAME} into 'kube-system' namespace ..."
;; # ;;
*) # *)
echo ">> Standard Rendering ..." # echo ">> Standard Rendering ..."
esac # esac
TEMPLATE=$(helm template "${APP_NAME}" "${CHART_PATH}" --include-crds --namespace "${NAMESPACE}" --include-crds --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor") # TEMPLATE=$(helm template "${APP_NAME}" "${CHART_PATH}" --include-crds --namespace "${NAMESPACE}" --include-crds --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
# Format and split rendered template # # Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"' # echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness # # Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do # for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file # yq -i '... comments=""' $file
done # done
echo "" # echo ""
echo ">> Templates in outpute folder: ${OUTPUT_FOLDER}" # echo ">> Templates in output folder: ${OUTPUT_FOLDER}"
ls ${OUTPUT_FOLDER} # ls ${OUTPUT_FOLDER}
done # done
echo "----" # echo "----"
- name: Run App Diff # - name: Run App Diff
id: diff # id: diff
env: # env:
ARGOCD_SERVER: ${{ secrets.ARGOCD_SERVER }} # ARGOCD_SERVER: ${{ secrets.ARGOCD_SERVER }}
ARGOCD_AUTH_TOKEN: ${{ secrets.ARGOCD_AUTH_TOKEN }} # ARGOCD_AUTH_TOKEN: ${{ secrets.ARGOCD_AUTH_TOKEN }}
CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }} # CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
run: | # run: |
# argo diff outputs 1 on any diff, but this is expected, only error on output 2+ # FAILED_CHARTS=""
set +e # DIFF_FOUND="false"
OVERALL_EXIT_CODE=0
FAILED_CHARTS=""
DIFF_FOUND="false"
for APP_NAME in ${CHANGED_CHARTS}; do # for APP_NAME in ${CHANGED_CHARTS}; do
echo ">> Running argocd app diff for ${APP_NAME} ..." # echo ">> Running argocd app diff for ${APP_NAME} ..."
# argocd app diff "${APP_NAME}" \
# --server "${ARGOCD_SERVER}" \
# --revision ${{ gitea.sha }} \
# --diff-exit-code 0 \
# --local "clusters/${CLUSTER}/manifests/${APP_NAME}" \
# --local-repo-root "." \
# --grpc-web > "diff_output_${APP_NAME}.txt"
argocd app diff "${APP_NAME}" \ # if [ -s "diff_output_${APP_NAME}.txt" ]; then
--server "${ARGOCD_SERVER}" \ # echo ">> Argo diff:"
--revision ${{ gitea.sha }} \ # echo ""
--grpc-web > diff_output_${APP_NAME}.txt # cat diff_output_${APP_NAME}.txt
# echo ""
EXIT_CODE=$? # DIFF_FOUND="true"
if [ -s "diff_output_${APP_NAME}.txt" ]; then # else
echo ">> Argo diff:" # echo ">> No Argo diff found for ${APP_NAME}"
echo "" # rm "diff_output_${APP_NAME}.txt"
cat diff_output_${APP_NAME}.txt
echo ""
DIFF_FOUND="true" # fi
# done
else # echo "----"
echo ">> No Argo diff found for ${APP_NAME}" # echo "diff-detected=${DIFF_FOUND}" >> "$GITHUB_OUTPUT"
rm "diff_output_${APP_NAME}.txt" # echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT"
fi # exit $OVERALL_EXIT_CODE
if [ $EXIT_CODE -eq 2 ]; then # - name: Post Diff
echo ">> ArgoCD diff failed for ${APP_NAME} due to a manifest error" # if: |
# always() &&
# steps.diff.outputs.diff-detected == 'true' &&
# gitea.event.pull_request.number != null
# env:
# GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
# run: |
# COMMENT_BODY="### ArgoCD Diff Results
# "
OVERALL_EXIT_CODE=1 # for f in diff_output_*.txt; do
# APP_NAME=$(echo $f | sed 's/diff_output_//;s/.txt//')
# DIFF_CONTENT=$(cat "$f")
if [ -z "${FAILED_CHARTS}" ]; then # COMMENT_BODY="${COMMENT_BODY}
FAILED_CHARTS="${APP_NAME}" # #### App: ${APP_NAME}
# "
else # if [ -z "$DIFF_CONTENT" ]; then
FAILED_CHARTS="${FAILED_CHARTS}, ${APP_NAME}" # COMMENT_BODY="${COMMENT_BODY} No changes detected."
# else
# COMMENT_BODY="${COMMENT_BODY}
# \`\`\`diff
# ${DIFF_CONTENT}
# \`\`\`"
# fi
# done
fi # curl -X 'POST' \
fi # "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \
done # -H "Authorization: token ${GITEA_TOKEN}" \
# -H "Content-Type: application/json" \
# -d "$(jq -n --arg body "$COMMENT_BODY" '{body: $body}')"
echo "----" # - name: ntfy Failed
echo "diff-detected=${DIFF_FOUND}" >> "$GITHUB_OUTPUT" # uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT" # if: failure()
# with:
exit $OVERALL_EXIT_CODE # url: '${{ secrets.NTFY_URL }}'
# topic: '${{ secrets.NTFY_TOPIC }}'
- name: Post Diff # title: 'ArgoCD Diff Failure'
if: | # priority: 3
always() && # headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
steps.diff.outputs.diff-detected == 'true' && # tags: action,failed
gitea.event.pull_request.number != null # details: "ArgoCD diff for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.diff.outputs.failed-charts }}"
env: # icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} # actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
run: | # image: true
COMMENT_BODY="### ArgoCD Diff Results
"
for f in diff_output_*.txt; do
APP_NAME=$(echo $f | sed 's/diff_output_//;s/.txt//')
DIFF_CONTENT=$(cat "$f")
COMMENT_BODY="${COMMENT_BODY}
#### App: ${APP_NAME}
"
if [ -z "$DIFF_CONTENT" ]; then
COMMENT_BODY="${COMMENT_BODY} No changes detected."
else
COMMENT_BODY="${COMMENT_BODY}
\`\`\`diff
${DIFF_CONTENT}
\`\`\`"
fi
done
curl -X 'POST' \
"${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
-d "$(jq -n --arg body "$COMMENT_BODY" '{body: $body}')"
- name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
if: failure()
with:
url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}'
title: 'ArgoCD Diff Failure'
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: "ArgoCD diff for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.diff.outputs.failed-charts }}"
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
image: true

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs: jobs:
renovate: renovate:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.110.14@sha256:f3ba59186f17171bf2eaacc35014192d4862bf1b2af3116fb694ba9c17f04f70 container: ghcr.io/renovatebot/renovate:43.111.0@sha256:b70f50fc874a6443809ede68809a9169d8f308418eb2c5cd67ff88edda036f1c
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

2
clusters/cl01tl/helm/immich/Chart.yaml
View File

@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
# renovate: datasource=github-releases depName=immich-app/immich # renovate: datasource=github-releases depName=immich-app/immich
appVersion: v2.7.2 appVersion: v2.7.3

2
clusters/cl01tl/helm/ollama/Chart.yaml
View File

@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
# renovate: datasource=github-releases depName=ollama/ollama # renovate: datasource=github-releases depName=ollama/ollama
appVersion: 0.20.4 appVersion: 0.20.5

6
clusters/cl01tl/helm/ollama/values.yaml
View File

@@ -21,7 +21,7 @@ ollama:
main: main:
image: image:
repository: ollama/ollama repository: ollama/ollama
tag: 0.20.3@sha256:87d71eb588a28c747094ca5d011392a3790f6ea9bd9c87594780ad7c65cc7ed1 tag: 0.20.5@sha256:662109db8037f17257cfc6e816289c0d4c9ae8a2a4ff760b653d8d410e234ba0
env: env:
- name: OLLAMA_KEEP_ALIVE - name: OLLAMA_KEEP_ALIVE
value: 24h value: 24h
@@ -55,7 +55,7 @@ ollama:
main: main:
image: image:
repository: ollama/ollama repository: ollama/ollama
tag: 0.20.3@sha256:87d71eb588a28c747094ca5d011392a3790f6ea9bd9c87594780ad7c65cc7ed1 tag: 0.20.5@sha256:662109db8037f17257cfc6e816289c0d4c9ae8a2a4ff760b653d8d410e234ba0
env: env:
- name: OLLAMA_KEEP_ALIVE - name: OLLAMA_KEEP_ALIVE
value: 24h value: 24h
@@ -89,7 +89,7 @@ ollama:
main: main:
image: image:
repository: ollama/ollama repository: ollama/ollama
tag: 0.20.3@sha256:87d71eb588a28c747094ca5d011392a3790f6ea9bd9c87594780ad7c65cc7ed1 tag: 0.20.5@sha256:662109db8037f17257cfc6e816289c0d4c9ae8a2a4ff760b653d8d410e234ba0
env: env:
- name: OLLAMA_KEEP_ALIVE - name: OLLAMA_KEEP_ALIVE
value: 24h value: 24h

2
clusters/cl01tl/helm/rybbit/values.yaml
View File

@@ -112,7 +112,7 @@ rybbit:
main: main:
image: image:
repository: clickhouse/clickhouse-server repository: clickhouse/clickhouse-server
tag: 26.3.4@sha256:e9de4678349386db2bd6282aa71e93ef465912ae9fa419ead2e83eb1cbce7a4a tag: 26.3.5@sha256:0115c4aa8d29ef873a533bcebaf5a65ec12815cf3b08b4fe6a20c30d460e8133
env: env:
- name: CLICKHOUSE_DB - name: CLICKHOUSE_DB
value: analytics value: analytics

4
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -8,7 +8,7 @@ searxng:
main: main:
image: image:
repository: searxng/searxng repository: searxng/searxng
tag: latest@sha256:e86a5bd7537b6eb01176a8bfd53f9b535fe14bcf193d04648b6c0892d7b59d2f tag: latest@sha256:4c6b4f3e1fc10a907a40b7eaaf5b92d50f5b4097d6fb5b02041c0f9926233b36
env: env:
- name: SEARXNG_BASE_URL - name: SEARXNG_BASE_URL
value: http://searxng-api.searxng:8080 value: http://searxng-api.searxng:8080
@@ -36,7 +36,7 @@ searxng:
main: main:
image: image:
repository: searxng/searxng repository: searxng/searxng
tag: latest@sha256:e86a5bd7537b6eb01176a8bfd53f9b535fe14bcf193d04648b6c0892d7b59d2f tag: latest@sha256:4c6b4f3e1fc10a907a40b7eaaf5b92d50f5b4097d6fb5b02041c0f9926233b36
env: env:
- name: SEARXNG_BASE_URL - name: SEARXNG_BASE_URL
value: https://searxng.alexlebens.net/ value: https://searxng.alexlebens.net/

2
clusters/cl01tl/helm/site-profile/values.yaml
View File

@@ -10,7 +10,7 @@ site-profile:
main: main:
image: image:
repository: harbor.alexlebens.net/images/site-profile repository: harbor.alexlebens.net/images/site-profile
tag: 3.17.0@sha256:22c5bebe1148c019cdd50c2da06d9e8679e1b2653762cb3f3febf1aba75c309f tag: 3.18.0@sha256:1219a291faaaef87761e9f8b0857270165c505d95c0a30325fe4e2be422ba377
resources: resources:
requests: requests:
cpu: 10m cpu: 10m

102
clusters/cl01tl/helm/vault/templates/external-secret.yaml
View File

@@ -138,40 +138,20 @@ spec:
data: data:
- secretKey: ENVIRONMENT - secretKey: ENVIRONMENT
remoteRef: remoteRef:
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal
property: ENVIRONMENT property: ENVIRONMENT
- secretKey: CHECK_INTERVAL
remoteRef:
key: /cl01tl/vault/unseal/config-1
property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL
remoteRef:
key: /cl01tl/vault/unseal/config-1
property: MAX_CHECK_INTERVAL
- secretKey: NODES - secretKey: NODES
remoteRef: remoteRef:
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal
property: NODES property: NODES
- secretKey: TLS_SKIP_VERIFY
remoteRef:
key: /cl01tl/vault/unseal/config-1
property: TLS_SKIP_VERIFY
- secretKey: TOKENS - secretKey: TOKENS
remoteRef: remoteRef:
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal
property: TOKENS property: TOKENS_1
- secretKey: EMAIL_ENABLED - secretKey: NOTIFY_QUEUE_URLS
remoteRef: remoteRef:
key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal
property: EMAIL_ENABLED property: NOTIFY_QUEUE_URLS
- secretKey: NOTIFY_MAX_ELAPSED
remoteRef:
key: /cl01tl/vault/unseal/config-1
property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY
remoteRef:
key: /cl01tl/vault/unseal/config-1
property: NOTIFY_QUEUE_DELAY
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
@@ -190,40 +170,20 @@ spec:
data: data:
- secretKey: ENVIRONMENT - secretKey: ENVIRONMENT
remoteRef: remoteRef:
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal
property: ENVIRONMENT property: ENVIRONMENT
- secretKey: CHECK_INTERVAL
remoteRef:
key: /cl01tl/vault/unseal/config-2
property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL
remoteRef:
key: /cl01tl/vault/unseal/config-2
property: MAX_CHECK_INTERVAL
- secretKey: NODES - secretKey: NODES
remoteRef: remoteRef:
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal
property: NODES property: NODES
- secretKey: TLS_SKIP_VERIFY
remoteRef:
key: /cl01tl/vault/unseal/config-2
property: TLS_SKIP_VERIFY
- secretKey: TOKENS - secretKey: TOKENS
remoteRef: remoteRef:
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal
property: TOKENS property: TOKENS_2
- secretKey: EMAIL_ENABLED - secretKey: NOTIFY_QUEUE_URLS
remoteRef: remoteRef:
key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal
property: EMAIL_ENABLED property: NOTIFY_QUEUE_URLS
- secretKey: NOTIFY_MAX_ELAPSED
remoteRef:
key: /cl01tl/vault/unseal/config-2
property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY
remoteRef:
key: /cl01tl/vault/unseal/config-2
property: NOTIFY_QUEUE_DELAY
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
@@ -242,40 +202,20 @@ spec:
data: data:
- secretKey: ENVIRONMENT - secretKey: ENVIRONMENT
remoteRef: remoteRef:
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal
property: ENVIRONMENT property: ENVIRONMENT
- secretKey: CHECK_INTERVAL
remoteRef:
key: /cl01tl/vault/unseal/config-3
property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL
remoteRef:
key: /cl01tl/vault/unseal/config-3
property: MAX_CHECK_INTERVAL
- secretKey: NODES - secretKey: NODES
remoteRef: remoteRef:
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal
property: NODES property: NODES
- secretKey: TLS_SKIP_VERIFY
remoteRef:
key: /cl01tl/vault/unseal/config-3
property: TLS_SKIP_VERIFY
- secretKey: TOKENS - secretKey: TOKENS
remoteRef: remoteRef:
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal
property: TOKENS property: TOKENS_3
- secretKey: EMAIL_ENABLED - secretKey: NOTIFY_QUEUE_URLS
remoteRef: remoteRef:
key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal
property: EMAIL_ENABLED property: NOTIFY_QUEUE_URLS
- secretKey: NOTIFY_MAX_ELAPSED
remoteRef:
key: /cl01tl/vault/unseal/config-3
property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY
remoteRef:
key: /cl01tl/vault/unseal/config-3
property: NOTIFY_QUEUE_DELAY
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1

6
clusters/cl01tl/helm/vault/values.yaml
View File

@@ -272,7 +272,7 @@ unseal:
main: main:
image: image:
repository: ghcr.io/lrstanley/vault-unseal repository: ghcr.io/lrstanley/vault-unseal
tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c tag: 1.0.0@sha256:24ca9bceccdb0a22ae57574346dee4bec107c9b849f836811972b8f7f1baa4ef
envFrom: envFrom:
- secretRef: - secretRef:
name: vault-unseal-config-1 name: vault-unseal-config-1
@@ -288,7 +288,7 @@ unseal:
main: main:
image: image:
repository: ghcr.io/lrstanley/vault-unseal repository: ghcr.io/lrstanley/vault-unseal
tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c tag: 1.0.0@sha256:24ca9bceccdb0a22ae57574346dee4bec107c9b849f836811972b8f7f1baa4ef
envFrom: envFrom:
- secretRef: - secretRef:
name: vault-unseal-config-2 name: vault-unseal-config-2
@@ -304,7 +304,7 @@ unseal:
main: main:
image: image:
repository: ghcr.io/lrstanley/vault-unseal repository: ghcr.io/lrstanley/vault-unseal
tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c tag: 1.0.0@sha256:24ca9bceccdb0a22ae57574346dee4bec107c9b849f836811972b8f7f1baa4ef
envFrom: envFrom:
- secretRef: - secretRef:
name: vault-unseal-config-3 name: vault-unseal-config-3

4
renovate.json
View File

@@ -89,10 +89,10 @@
{ {
"description": "Specific app grouping overrides", "description": "Specific app grouping overrides",
"matchPackageNames": [ "matchPackageNames": [
"/(^|/|-)(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|rook-ceph|roundcube|rybbit|sonarr|tdarr|traefik)/", "/(^|/|-)(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|radarr|rook-ceph|roundcube|rybbit|sonarr|tdarr|traefik)/",
"/^rook(-ceph|/rook|/ceph)/" "/^rook(-ceph|/rook|/ceph)/"
], ],
"groupName": "{{#if packageName}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|rook-ceph|roundcube|rybbit|sonarr|tdarr|traefik).*$' '$1' packageName}}}{{else}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|rook-ceph|roundcube|rybbit|sonarr|tdarr|traefik).*$' '$1' depName}}}{{/if}}", "groupName": "{{#if packageName}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|radarr|rook-ceph|roundcube|rybbit|sonarr|tdarr|traefik).*$' '$1' packageName}}}{{else}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|radarr|rook-ceph|roundcube|rybbit|sonarr|tdarr|traefik).*$' '$1' depName}}}{{/if}}",
"groupSlug": "unified-{{{groupName}}}" "groupSlug": "unified-{{{groupName}}}"
}, },
{ {