infrastructure/.gitea/workflows/render-manifests.yaml

name: render-manifests

on:
  push:
    branches:
      - main
    paths:
      - "clusters/**"
      - ! "clusters/*/archive"

  workflow_dispatch:

env:
  CLUSTERS: cl01tl
  BASE_BRANCH: manifests
  MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
  MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests

jobs:
  render-manifests-helm:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          path: infrastructure

      - name: Checkout Manifests
        uses: actions/checkout@v6
        with:
          ref: manifests
          path: infrastructure-manifests

      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743

      - name: Render Helm Manifests
        run: |
          for cluster in ${CLUSTERS}; do
            for chart_path in ${MAIN_DIR}/clusters/$cluster/helm/*; do
              chart_name=$(basename "$chart_path")
              echo ">> Rendering chart: $chart_name"

              if [ -f "$chart_path/Chart.yaml" ]; then
                  mkdir -p ${MANIFEST_DIR}/clusters/$cluster/manifests/$chart_name
                  OUTPUT_FILE="${MANIFEST_DIR}/clusters/$cluster/manifests/$chart_name/$chart_name.yaml"

                  cd $chart_path

                  echo ""
                  echo ">> Building helm dependency ..."
                  helm dependency build

                  echo ""
                  echo ">> Linting helm ..."
                  helm lint --namespace "$chart_name" --with-subcharts

                  echo ""
                  echo ">> Rendering templates ..."
                  helm template "$chart_name" ./ --namespace "$chart_name" --include-crds > "$OUTPUT_FILE"

                  echo ""
                  echo ">> Manifests for $chart_name rendered to $OUTPUT_FILE"
                  echo ""
              else
                  echo ""
                  echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
                  echo ""
              fi
            done
          done

      - name: Check for Changes
        id: check-changes
        run: |
          cd ${MANIFEST_DIR}

          if git status --porcelain | grep -q .; then
            echo ">> Changes detected"
            git status --porcelain
            echo "changes-detected=true" >> $GITEA_OUTPUT
          else
            echo ">> No changes detected, skipping PR creation"
            exit 0
          fi

      - name: Commit and Push Changes
        id: commit-push
        if: steps.check-changes.outputs.changes-detected == 'true'
        run: |
          cd ${MANIFEST_DIR}

          BRANCH_NAME="auto/update-manifests-$(date +%s)"

          # Configure Git
          echo ">> Configure git to use gitea-bot as user ..."
          git config user.name "gitea-bot"
          git config user.email "gitea-bot@alexlebens.net"

          # Create a new branch and stage all changes
          echo ">> Creating and commiting to $BRANCH_NAME ..."
          git checkout -b $BRANCH_NAME
          git add .
          git commit -m "chore: Update manifests after change"

          # Push the new branch to the remote repository
          REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
          echo ">> Pushing changes to $REPO_URL ..."
          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" $BRANCH_NAME

          echo "HEAD_BRANCH=$BRANCH_NAME" >> $GITEA_OUTPUT
          echo "push=true" >> $GITEA_OUTPUT

      - name: Create Pull Request
        id: create-pull-request
        if: steps.commit-push.outputs.push == 'true'
        env:
          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
          GITEA_URL: ${{ secrets.REPO_URL }}
          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
        run: |
          cd ${MANIFEST_DIR}

          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"

          PAYLOAD=$( jq -n \
            --arg head "${HEAD_BRANCH}" \
            --arg base "${BASE_BRANCH}" \
            --arg title "Automated Manifest Update: $(date +%F)" \
            --arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
            '{head: $head, base: $base, title: $title, body: $body'} )

          echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
          echo ">> With Endpoint of:"
          echo "$API_ENDPOINT"
          echo ">> With Payload of:"
          echo "$PAYLOAD"

          HTTP_STATUS=$(
            curl -X POST \
              --silent \
              --write-out '%{http_code}' \
              --output response_body.json \
              --dump-header response_headers.txt \
              --data "$PAYLOAD" \
              -H "Authorization: token ${GITEA_TOKEN}" \
              -H "Content-Type: application/json" \
              "$API_ENDPOINT" 2> response_errors.txt
          )

          echo ">> HTTP Status Code: $HTTP_STATUS"
          echo ">> Response Output ..."
          echo "----"
          cat response_body.json
          echo "----"
          cat response_headers.txt
          echo "----"
          cat response_errors.txt
          echo "----"

          if [ "$HTTP_STATUS" == "201" ]; then
            echo ">> Pull Request created successfully!"

            PR_URL=$(cat response_body.json | jq -r .html_url)
            echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
            echo "pull-request-operation=created" >> $GITEA_OUTPUT

          elif [ "$HTTP_STATUS" == "422" ]; then
            echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
          else
            echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
            exit 1
          fi

      - name: Cleanup Branch
        if: failure() && steps.create-pull-request.outcome == 'failure'
        env:
          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
        run: |
          echo ">> Removing branch: ${HEAD_BRANCH}"
          git push origin --delete ${HEAD_BRANCH}

      - name: ntfy Created
        uses: niniyas/ntfy-action@master
        if: steps.create-pull-request.outputs.pull-request-operation == 'created'
        with:
          url: "${{ secrets.NTFY_URL }}"
          topic: "${{ secrets.NTFY_TOPIC }}"
          title: "Manifest Render PR Created - Infrastructure"
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,successfully,completed
          details: "Manifest rendering for Infrastructure has created a new Pull Request!"
          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
          actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'

      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: "${{ secrets.NTFY_URL }}"
          topic: "${{ secrets.NTFY_TOPIC }}"
          title: "Manifest Render Failure - Infrastructure"
          priority: 4
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: "Manifest rendering for Infrastructure has failed!"
          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
          image: true