name: render-manifests on: push: branches: - main paths: - "clusters/**" - ! "clusters/*/archive" workflow_dispatch: env: CLUSTERS: cl01tl BASE_BRANCH: manifests jobs: render-manifests-helm: runs-on: ubuntu-js steps: - name: Checkout uses: actions/checkout@v6 with: fetch-depth: 0 - name: Set up Helm uses: azure/setup-helm@v4 with: token: ${{ secrets.GITEA_TOKEN }} version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743 - name: Render Helm Manifests run: | for cluster in ${CLUSTERS}; do mkdir -p ${{ gitea.workspace }}/clusters/$cluster/manifests for chart_path in ${{ gitea.workspace }}/clusters/$cluster/helm/*; do chart_name=$(basename "$chart_path") echo ">> Rendering chart: $chart_name" if [ -f "$chart_path/Chart.yaml" ]; then mkdir -p ${{ gitea.workspace }}/clusters/$cluster/manifests/$chart_name OUTPUT_FILE="${{ gitea.workspace }}/clusters/$cluster/manifests/$chart_name/$chart_name.yaml" cd $chart_path echo "" echo ">> Building helm dependency ..." helm dependency build echo "" echo ">> Linting helm ..." helm lint --namespace "$chart_name" --with-subcharts echo "" echo ">> Rendering templates ..." helm template "$chart_name" ./ --namespace "$chart_name" --include-crds > "$OUTPUT_FILE" echo "" echo ">> Manifests for $chart_name rendered to $OUTPUT_FILE" echo "" else echo "" echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..." echo "" fi done done # - name: Create Pull Request # id: pull-request # uses: peter-evans/create-pull-request@v7 # with: # token: ${{ secrets.BOT_TOKEN }} # add-paths: | # clusters/cl01tl/manifests/* # commit-message: "chore: Update manifests after chart change" # committer: gitea-bot # author: gitea-bot # branch: auto/update-manifests # branch-suffix: timestamp # base: manifests # title: "Manifest Update" # body: | # This PR contains the newly rendered Kubernetes manifests. # * Triggered by workflow run ${{ github.run_id }} # * Review the `files changed` tab for the full YAML diff. # labels: | # manifests # automated - name: Check for Changes id: check-changes run: | if git status --porcelain | grep -q .; then echo ">> Changes detected" echo "changes-detected=true" >> $GITEA_OUTPUT else echo ">> No changes detected, skipping PR creation" exit 0 fi - name: Commit and Push Changes id: commit-push if: steps.check-changes.outputs.changes-detected == 'true' run: | BRANCH_NAME="auto/update-manifests-$(date +%s)" # Configure Git git config user.name "gitea-bot" git config user.email "gitea-bot@alexlebens.net" # Create a new branch and stage all changes git checkout -b $BRANCH_NAME git add . git commit -m "chore: Update manifests after change" # Push the new branch to the remote repository REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}" git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" $BRANCH_NAME echo "HEAD_BRANCH=$BRANCH_NAME" >> $GITEA_OUTPUT echo "push=true" >> $GITEA_OUTPUT - name: Create Pull Request id: create-pull-request if: steps.commit-push.outputs.push == 'true' env: GITEA_TOKEN: ${{ secrets.BOT_TOKEN }} GITEA_URL: ${{ secrets.REPO_URL }} OWNER: ${{ gitea.repository_owner }} REPO: ${{ gitea.repository_name }} HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }} run: | echo ">> Creating PR from branch: ${HEAD_BRANCH} into ${BASE_BRANCH}" apt update && apt install tea tea pulls create \ --repo "${OWNER}/${REPO}" \ --head "${HEAD_BRANCH}" \ --base "${BASE_BRANCH}" \ --title "Automated Manifest Update: $(date +%F)" \ --body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." echo "pull-request-operation=created" >> $GITEA_OUTPUT # - name: ntfy Created # uses: niniyas/ntfy-action@master # if: steps.create-pull-request.outputs.pull-request-operation == 'created' # with: # url: "${{ secrets.NTFY_URL }}" # topic: "${{ secrets.NTFY_TOPIC }}" # title: "Manifest Render PR Created - Infrastructure" # priority: 3 # headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}' # tags: action,successfully,completed # details: "Manifest rendering for Infrastructure has created PR ${{ steps.pull-request.outputs.pull-request-number }}!" # icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png" # - name: ntfy Failed # uses: niniyas/ntfy-action@master # if: failure() # with: # url: "${{ secrets.NTFY_URL }}" # topic: "${{ secrets.NTFY_TOPIC }}" # title: "Manifest Render Failure - Infrastructure" # priority: 4 # headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}' # tags: action,failed # details: "Manifest rendering for Infrastructure has failed!" # icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png" # actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]' # image: true