220 lines
7.9 KiB
YAML
220 lines
7.9 KiB
YAML
name: render-manifests
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
paths:
|
|
- "clusters/**"
|
|
- ! "clusters/*/archive"
|
|
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
CLUSTERS: cl01tl
|
|
BASE_BRANCH: manifests
|
|
|
|
jobs:
|
|
render-manifests-helm:
|
|
runs-on: ubuntu-js
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v6
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Set up Helm
|
|
uses: azure/setup-helm@v4
|
|
with:
|
|
token: ${{ secrets.GITEA_TOKEN }}
|
|
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
|
|
|
|
- name: Render Helm Manifests
|
|
run: |
|
|
for cluster in ${CLUSTERS}; do
|
|
mkdir -p ${{ gitea.workspace }}/clusters/$cluster/manifests
|
|
|
|
for chart_path in ${{ gitea.workspace }}/clusters/$cluster/helm/*; do
|
|
chart_name=$(basename "$chart_path")
|
|
|
|
echo ">> Rendering chart: $chart_name"
|
|
|
|
if [ -f "$chart_path/Chart.yaml" ]; then
|
|
mkdir -p ${{ gitea.workspace }}/clusters/$cluster/manifests/$chart_name
|
|
OUTPUT_FILE="${{ gitea.workspace }}/clusters/$cluster/manifests/$chart_name/$chart_name.yaml"
|
|
|
|
cd $chart_path
|
|
|
|
echo ""
|
|
echo ">> Building helm dependency ..."
|
|
helm dependency build
|
|
|
|
echo ""
|
|
echo ">> Linting helm ..."
|
|
helm lint --namespace "$chart_name" --with-subcharts
|
|
|
|
echo ""
|
|
echo ">> Rendering templates ..."
|
|
helm template "$chart_name" ./ --namespace "$chart_name" --include-crds > "$OUTPUT_FILE"
|
|
|
|
echo ""
|
|
echo ">> Manifests for $chart_name rendered to $OUTPUT_FILE"
|
|
echo ""
|
|
else
|
|
echo ""
|
|
echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
|
|
echo ""
|
|
fi
|
|
done
|
|
done
|
|
|
|
# - name: Create Pull Request
|
|
# id: pull-request
|
|
# uses: github.com/quentinlegot/gitea-create-pull-request@c05fb67b080696dcdb2d2b7ea83051ec413f7285
|
|
# with:
|
|
# token: ${{ secrets.BOT_TOKEN }}
|
|
# add-paths: |
|
|
# clusters/cl01tl/manifests/*
|
|
# commit-message: "chore: Update manifests after chart change"
|
|
# committer: gitea-bot <gitea-bot@alexlebens.net>
|
|
# author: gitea-bot <gitea-bot@alexlebens.net>
|
|
# branch: auto/update-manifests
|
|
# branch-suffix: timestamp
|
|
# base: manifests
|
|
# title: "Manifest Update"
|
|
# body: |
|
|
# This PR contains the newly rendered Kubernetes manifests.
|
|
|
|
# * Triggered by workflow run ${{ github.run_id }}
|
|
# * Review the `files changed` tab for the full YAML diff.
|
|
# labels: |
|
|
# manifests
|
|
# automated
|
|
|
|
- name: Check for Changes
|
|
id: check-changes
|
|
run: |
|
|
git restore --staged ${{ gitea.workspace }}/clusters/**/helm
|
|
|
|
if git status --porcelain | grep -q .; then
|
|
echo ">> Changes detected"
|
|
git status --porcelain
|
|
echo "changes-detected=true" >> $GITEA_OUTPUT
|
|
else
|
|
echo ">> No changes detected, skipping PR creation"
|
|
exit 0
|
|
fi
|
|
|
|
- name: Commit and Push Changes
|
|
id: commit-push
|
|
if: steps.check-changes.outputs.changes-detected == 'true'
|
|
run: |
|
|
BRANCH_NAME="auto/update-manifests-$(date +%s)"
|
|
|
|
# Configure Git
|
|
echo ">> Configure git to use gitea-bot as user ..."
|
|
git config user.name "gitea-bot"
|
|
git config user.email "gitea-bot@alexlebens.net"
|
|
|
|
# Create a new branch and stage all changes
|
|
echo ">> Creating and commiting to $BRANCH_NAME ..."
|
|
git checkout -b $BRANCH_NAME
|
|
git add .
|
|
git commit -m "chore: Update manifests after change"
|
|
|
|
# Push the new branch to the remote repository
|
|
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
|
|
echo ">> Pushing changes to $REPO_URL ..."
|
|
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" $BRANCH_NAME
|
|
|
|
echo "HEAD_BRANCH=$BRANCH_NAME" >> $GITEA_OUTPUT
|
|
echo "push=true" >> $GITEA_OUTPUT
|
|
|
|
- name: Create Pull Request
|
|
id: create-pull-request
|
|
if: steps.commit-push.outputs.push == 'true'
|
|
env:
|
|
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
|
|
GITEA_URL: ${{ secrets.REPO_URL }}
|
|
HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
|
|
run: |
|
|
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository_owner }}/${{ gitea.repository_name }}/pulls"
|
|
|
|
PAYLOAD=$(cat <<-EOF
|
|
{
|
|
"head": "${HEAD_BRANCH}",
|
|
"base": "${BASE_BRANCH}",
|
|
"title": "Automated Manifest Update: $(date +%F)",
|
|
"body": "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow.",
|
|
}
|
|
EOF
|
|
)
|
|
|
|
echo ">> Creating PR from branch: ${HEAD_BRANCH} into ${BASE_BRANCH}"
|
|
|
|
HTTP_STATUS=$(
|
|
curl -X POST \
|
|
--write-out '%{http_code}' \
|
|
--silent \
|
|
--output /tmp/pr_response \
|
|
-H "Authorization: token ${GITEA_TOKEN}" \
|
|
-H "Content-Type: application/json" \
|
|
--data "${PAYLOAD}" \
|
|
"${API_ENDPOINT}"
|
|
)
|
|
|
|
echo ">> Gitea API Response Body ..."
|
|
echo "----"
|
|
echo "$(cat /tmp/pr_response)"
|
|
echo "----"
|
|
|
|
if [ "$HTTP_STATUS" == "201" ]; then
|
|
echo ">> Pull Request created successfully!"
|
|
|
|
PR_URL=$(cat /tmp/pr_response.json | jq -r .html_url)
|
|
echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
|
|
echo "pull-request-operation=created" >> $GITEA_OUTPUT
|
|
|
|
elif [ "$HTTP_STATUS" == "422" ]; then
|
|
echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
|
|
else
|
|
echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Cleanup Branch
|
|
if: failure() && steps.create-pull-request.outcome == 'failure'
|
|
env:
|
|
HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
|
|
run: |
|
|
echo ">> Removing branch: ${HEAD_BRANCH}"
|
|
git push origin --delete ${HEAD_BRANCH}
|
|
|
|
# - name: ntfy Created
|
|
# uses: niniyas/ntfy-action@master
|
|
# if: steps.create-pull-request.outputs.pull-request-operation == 'created'
|
|
# with:
|
|
# url: "${{ secrets.NTFY_URL }}"
|
|
# topic: "${{ secrets.NTFY_TOPIC }}"
|
|
# title: "Manifest Render PR Created - Infrastructure"
|
|
# priority: 3
|
|
# headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
|
# tags: action,successfully,completed
|
|
# details: "Manifest rendering for Infrastructure has created PR ${{ steps.pull-request.outputs.pull-request-number }}!"
|
|
# icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
|
|
|
|
# - name: ntfy Failed
|
|
# uses: niniyas/ntfy-action@master
|
|
# if: failure()
|
|
# with:
|
|
# url: "${{ secrets.NTFY_URL }}"
|
|
# topic: "${{ secrets.NTFY_TOPIC }}"
|
|
# title: "Manifest Render Failure - Infrastructure"
|
|
# priority: 4
|
|
# headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
|
# tags: action,failed
|
|
# details: "Manifest rendering for Infrastructure has failed!"
|
|
# icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
|
|
# actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
|
|
# image: true
|