From 5adfc98c25c529f4f9b8aae783906dc655f95517 Mon Sep 17 00:00:00 2001 From: kireque <5346530+kireque@users.noreply.github.com> Date: Sat, 4 May 2024 22:22:59 +0200 Subject: [PATCH] feat(workflows): update --- .github/labeler.yaml | 5 +- .github/linters/.flake8 | 2 - .github/linters/.markdownlint.yaml | 23 ---- .github/linters/.yamllint.yaml | 29 ----- .github/renovate.json5 | 42 +----- .github/renovate/allowedVersions.json5 | 7 +- .github/renovate/autoMerge.json5 | 13 +- .github/renovate/clusters.json5 | 10 ++ .github/renovate/grafanaDashboards.json5 | 34 +++++ .github/renovate/groups.json5 | 64 +++++++--- .github/renovate/versioning.json5 | 51 ++++++++ .github/workflows/build-terraform-oci.yaml | 5 +- .github/workflows/flux-diff.yaml | 129 +++++++++++++++++++ .github/workflows/flux-hr-image-test.yaml | 142 +++++++++++++++++++++ .github/workflows/flux-ks-sync.yaml | 50 ++++++++ .github/workflows/lint.yaml | 13 +- .github/workflows/meta-label-size.yaml | 34 ----- .github/workflows/meta-labeler.yaml | 14 +- 18 files changed, 493 insertions(+), 174 deletions(-) delete mode 100644 .github/linters/.flake8 delete mode 100644 .github/linters/.markdownlint.yaml delete mode 100644 .github/linters/.yamllint.yaml create mode 100644 .github/renovate/clusters.json5 create mode 100644 .github/renovate/grafanaDashboards.json5 create mode 100644 .github/renovate/versioning.json5 create mode 100644 .github/workflows/flux-diff.yaml create mode 100644 .github/workflows/flux-hr-image-test.yaml create mode 100644 .github/workflows/flux-ks-sync.yaml delete mode 100644 .github/workflows/meta-label-size.yaml diff --git a/.github/labeler.yaml b/.github/labeler.yaml index 400a51ba8..180c6ed8e 100644 --- a/.github/labeler.yaml +++ b/.github/labeler.yaml @@ -9,7 +9,4 @@ area/kubernetes: # Cluster cluster/main: - changed-files: - - any-glob-to-any-file: kubernetes/main/**/* -cluster/nas: - - changed-files: - - any-glob-to-any-file: kubernetes/nas/**/* \ No newline at end of file + - any-glob-to-any-file: kubernetes/main/**/* \ No newline at end of file diff --git a/.github/linters/.flake8 b/.github/linters/.flake8 deleted file mode 100644 index 6deafc261..000000000 --- a/.github/linters/.flake8 +++ /dev/null @@ -1,2 +0,0 @@ -[flake8] -max-line-length = 120 diff --git a/.github/linters/.markdownlint.yaml b/.github/linters/.markdownlint.yaml deleted file mode 100644 index 3443fa755..000000000 --- a/.github/linters/.markdownlint.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -default: true - -# MD013/line-length - Line length -MD013: - # Number of characters - line_length: 240 - # Number of characters for headings - heading_line_length: 80 - # Number of characters for code blocks - code_block_line_length: 80 - # Include code blocks - code_blocks: true - # Include tables - tables: true - # Include headings - headings: true - # Include headings - headers: true - # Strict length checking - strict: false - # Stern length checking - stern: false diff --git a/.github/linters/.yamllint.yaml b/.github/linters/.yamllint.yaml deleted file mode 100644 index bb7b058db..000000000 --- a/.github/linters/.yamllint.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -ignore: | - .ansible/ - .direnv/ - .private/ - .vscode/ - *.sops.* - ansible/roles/xanmanning.k3s/ - -extends: default - -rules: - truthy: - allowed-values: ["true", "false", "on"] - - comments: - min-spaces-from-content: 1 - - line-length: disable - - braces: - min-spaces-inside: 0 - max-spaces-inside: 1 - - brackets: - min-spaces-inside: 0 - max-spaces-inside: 0 - - indentation: enable diff --git a/.github/renovate.json5 b/.github/renovate.json5 index acb3312b7..ea76a53e2 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -5,14 +5,12 @@ "github>kireque/renovate-config:automerge-github-actions", "github>kireque/home-ops//.github/renovate/allowedVersions.json5", "github>kireque/home-ops//.github/renovate/autoMerge.json5", - "github>kireque/home-ops//.github/renovate/disabledDatasources.json5", + "github>kireque/home-ops//.github/renovate/versioning.json5", "github>kireque/home-ops//.github/renovate/groups.json5", + "github>kireque/home-ops//.github/renovate/clusters.json5", + "github>kireque/home-ops//.github/renovate/grafanaDashboards.json5", ], - platform: "github", - username: "kireque-bot[bot]", - gitAuthor: "kireque-bot <143391978+kireque-bot[bot]@users.noreply.github.com>", - repositories: ["kireque/home-ops"], - ignorePaths: ["^archive/**"], + ignorePaths: [".archive/**"], flux: { fileMatch: ["^kubernetes/.+\\.ya?ml$"], }, @@ -22,34 +20,4 @@ kubernetes: { fileMatch: ["^kubernetes/.+\\.ya?ml$"], }, - packageRules: [ - // Custom version schemes - { - description: "Use custom versioning for http-https-echo", - matchDatasources: ["docker"], - matchPackageNames: ["ghcr.io/mendhak/http-https-echo"], - versioning: "regex:^(?\\d+)$", - }, - { - description: "Use custom versioning for Minio", - matchDatasources: ["docker"], - versioning: "regex:^RELEASE\\.(?\\d+)-(?\\d+)-(?\\d+)T.*Z(-(?.*))?$", - matchPackageNames: ["quay.io/minio/minio"], - }, - // Version strategies - { - matchDatasources: ["docker"], - matchPackageNames: [ - "ghcr.io/onedr0p/plex", - "ghcr.io/onedr0p/qbittorrent", - "ghcr.io/xirixiz/dsmr-reader-docker", - ], - versioning: "loose", - }, - { - matchDatasources: ["docker"], - matchPackageNames: ["tomsquest/docker-radicale"], - versioning: "pep440", - }, - ], -} +} \ No newline at end of file diff --git a/.github/renovate/allowedVersions.json5 b/.github/renovate/allowedVersions.json5 index 0ac866f75..01936ab90 100644 --- a/.github/renovate/allowedVersions.json5 +++ b/.github/renovate/allowedVersions.json5 @@ -1,5 +1,5 @@ { - "$schema": "https://docs.renovatebot.com/renovate-schema.json", + $schema: "https://docs.renovatebot.com/renovate-schema.json", packageRules: [ { matchDatasources: ["docker"], @@ -11,5 +11,10 @@ matchPackageNames: ["tomsquest/docker-radicale"], allowedVersions: "/^[0-9]+\\.[0-9]+\\.[0-9]+(\\.[0-9]+)?$/", }, + { + matchDatasources: ["docker"], + matchPackageNames: ["docker.io/kopia/kopia"], + allowedVersions: "<999", + }, ], } diff --git a/.github/renovate/autoMerge.json5 b/.github/renovate/autoMerge.json5 index 60bf61027..42851e39c 100644 --- a/.github/renovate/autoMerge.json5 +++ b/.github/renovate/autoMerge.json5 @@ -1,5 +1,5 @@ { - "$schema": "https://docs.renovatebot.com/renovate-schema.json", + $schema: "https://docs.renovatebot.com/renovate-schema.json", packageRules: [ { description: "Auto merge container digests", @@ -7,17 +7,16 @@ automerge: true, automergeType: "branch", matchUpdateTypes: ["digest"], - matchPackagePattern: ["ghcr.io/onedr0p"], + matchPackagePrefixes: ["ghcr.io/onedr0p", "ghcr.io/bjw-s"], ignoreTests: true, }, { - description: "Auto merge containers", - matchDatasources: ["docker"], + description: "Auto merge KPS minors and patches", + matchDatasources: ["helm"], automerge: true, - automergeType: "branch", matchUpdateTypes: ["minor", "patch"], - matchPackageNames: ["ghcr.io/onedr0p/prowlarr-nightly"], - ignoreTests: true, + matchPackageNames: ["kube-prometheus-stack"], + ignoreTests: false, }, ], } diff --git a/.github/renovate/clusters.json5 b/.github/renovate/clusters.json5 new file mode 100644 index 000000000..64c3feade --- /dev/null +++ b/.github/renovate/clusters.json5 @@ -0,0 +1,10 @@ +{ + $schema: "https://docs.renovatebot.com/renovate-schema.json", + packageRules: [ + { + description: "Separate PRs for main cluster", + matchFileNames: ["**/kubernetes/main/**"], + additionalBranchPrefix: "main-", + }, + ], +} diff --git a/.github/renovate/grafanaDashboards.json5 b/.github/renovate/grafanaDashboards.json5 new file mode 100644 index 000000000..e3384adc4 --- /dev/null +++ b/.github/renovate/grafanaDashboards.json5 @@ -0,0 +1,34 @@ +{ + $schema: "https://docs.renovatebot.com/renovate-schema.json", + customDatasources: { + "grafana-dashboards": { + defaultRegistryUrlTemplate: "https://grafana.com/api/dashboards/{{packageName}}", + format: "json", + transformTemplates: ['{"releases":[{"version": $string(revision)}]}'], + }, + }, + customManagers: [ + { + customType: "regex", + description: "Process Grafana dashboards", + fileMatch: ["(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$"], + matchStrings: [ + '# renovate: dashboardName="(?.*)"\\n(?\\s+)gnetId: (?\\d+)\\n.+revision: (?\\d+)', + ], + autoReplaceStringTemplate: '# renovate: dashboardName="{{{depName}}}"\n{{{indentation}}}gnetId: {{{packageName}}}\n{{{indentation}}}revision: {{{newValue}}}', + datasourceTemplate: "custom.grafana-dashboards", + versioningTemplate: "regex:^(?\\d+)$", + }, + ], + packageRules: [ + { + addLabels: ["renovate/grafana-dashboard"], + matchDatasources: ["custom.grafana-dashboards"], + matchUpdateTypes: ["major"], + semanticCommitScope: "grafana-dashboards", + semanticCommitType: "chore", + commitMessageTopic: "dashboard {{depName}}", + commitMessageExtra: "( {{currentVersion}} → {{newVersion}} )", + }, + ], +} diff --git a/.github/renovate/groups.json5 b/.github/renovate/groups.json5 index 26341fc51..2fa5f2c1c 100644 --- a/.github/renovate/groups.json5 +++ b/.github/renovate/groups.json5 @@ -12,20 +12,6 @@ }, separateMinorPatch: true, }, - { - description: "Immich images", - groupName: "Immich", - matchPackageNames: [ - "ghcr.io/immich-app/immich-server", - "ghcr.io/immich-app/immich-web", - "ghcr.io/immich-app/immich-machine-learning", - ], - matchDatasources: ["docker"], - group: { - commitMessageTopic: "{{{groupName}}} group", - }, - separateMinorPatch: true, - }, { description: "Rook-Ceph image and chart", groupName: "Rook Ceph", @@ -51,10 +37,26 @@ separateMinorPatch: true, }, { - description: "External Snapshotter charts", - groupName: "External Snapshotter", - matchPackageNames: ["snapshot-controller", "snapshot-validation-webhook"], - matchDatasources: ["helm"], + description: "Actions Runner Controller charts", + groupName: "ARC", + matchPackageNames: [ + "actions-runner-controller-charts/gha-runner-scale-set-controller", + "actions-runner-controller-charts/gha-runner-scale-set", + ], + matchDatasources: ["helm", "docker"], + group: { + commitMessageTopic: "{{{groupName}}} group", + }, + separateMinorPatch: false, + }, + { + description: "Talos", + groupName: "Talos", + matchPackageNames: [ + "ghcr.io/siderolabs/installer", + "ghcr.io/siderolabs/talosctl", + ], + matchDatasources: ["docker"], group: { commitMessageTopic: "{{{groupName}}} group", }, @@ -82,5 +84,29 @@ }, separateMinorPatch: false, }, + { + description: "Maker Management Platform", + groupName: "maker-management-platform", + matchPackageNames: [ + "ghcr.io/maker-management-platform/mmp-ui", + "ghcr.io/maker-management-platform/agent", + ], + matchDatasources: ["docker"], + versioning: "semver", + group: { + commitMessageTopic: "{{{groupName}}} group", + }, + separateMinorPatch: true, + }, + { + "description": "Dragonfly operator", + "groupName": "Dragonfly Operator", + "matchPackagePatterns": ["dragonfly(?:db)?.operator"], + "matchDatasources": ["docker", "github-releases"], + "group": { + "commitMessageTopic": "{{{groupName}}} group" + }, + "separateMinorPatch": true + }, ], -} +} \ No newline at end of file diff --git a/.github/renovate/versioning.json5 b/.github/renovate/versioning.json5 new file mode 100644 index 000000000..f64980f38 --- /dev/null +++ b/.github/renovate/versioning.json5 @@ -0,0 +1,51 @@ +{ + $schema: "https://docs.renovatebot.com/renovate-schema.json", + packageRules: [ + { + description: "Loose versioning for non-semver packages", + matchDatasources: ["docker"], + matchPackageNames: [ + "ghcr.io/onedr0p/plex", + "ghcr.io/onedr0p/qbittorrent", + "ghcr.io/xirixiz/dsmr-reader-docker", + ], + versioning: "loose", + }, + { + description: "PEP440 versioning for radicale", + matchDatasources: ["docker"], + matchPackageNames: ["tomsquest/docker-radicale"], + versioning: "pep440", + }, + { + description: "Custom versioning for http-https-echo", + matchDatasources: ["docker"], + matchPackageNames: ["ghcr.io/mendhak/http-https-echo"], + versioning: "regex:^(?\\d+)$", + }, + { + description: "Custom versioning for Minio", + matchDatasources: ["docker"], + versioning: "regex:^RELEASE\\.(?\\d+)-(?\\d+)-(?\\d+)T.*Z(-(?.*))?$", + matchPackageNames: ["quay.io/minio/minio"], + }, + { + description: "Custom versioning for Scrypted", + matchDatasources: ["docker"], + versioning: "regex:^(?(?\\d{2})-(?.*?)-(?.*?))-v(?\\d+)\\.(?\\d+)\\.(?\\d+)$", + matchPackageNames: ["ghcr.io/koush/scrypted"], + }, + { + description: "Custom versioning for miniflux", + matchDatasources: ["docker"], + versioning: "regex:^(?\\d+)\\.(?\\d+)\\.(?\\d+)-(?)$", + matchPackageNames: ["ghcr.io/miniflux/miniflux"], + }, + { + description: "Custom versioning for music-assistant server", + matchDatasources: ["docker"], + versioning: "regex:^(?\\d+)\\.(?\\d+)\\.(?\\d+)b(?\\d+)$", + matchPackageNames: ["ghcr.io/music-assistant/server"], + }, + ], +} \ No newline at end of file diff --git a/.github/workflows/build-terraform-oci.yaml b/.github/workflows/build-terraform-oci.yaml index 7240b2426..8ee22e7af 100644 --- a/.github/workflows/build-terraform-oci.yaml +++ b/.github/workflows/build-terraform-oci.yaml @@ -20,6 +20,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Get changed files id: changed-files @@ -51,9 +53,6 @@ jobs: publish: runs-on: ubuntu-latest - permissions: - contents: read - packages: write needs: - changed-files if: ${{ needs.changed-files.outputs.matrix != '[]' }} diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml new file mode 100644 index 000000000..23a2e7dbb --- /dev/null +++ b/.github/workflows/flux-diff.yaml @@ -0,0 +1,129 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: "Flux Diff" + +on: + pull_request: + branches: + - main + paths: + - kubernetes/** + +concurrency: + group: ${{ github.workflow }}-${{ github.event.number || github.ref }} + cancel-in-progress: true + +jobs: + changed-clusters: + name: Changed Clusters + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.changed-clusters.outputs.all_changed_and_modified_files }} + steps: + - name: Checkout Default Branch + uses: actions/checkout@v4 + with: + fetch-depth: 0 + repository: ${{ github.event.pull_request.head.repo.full_name }} + + - name: Get Changed Clusters + id: changed-clusters + uses: tj-actions/changed-files@v44 + with: + files: kubernetes/** + dir_names: true + dir_names_max_depth: 2 + json: true + escape_json: false + + - name: List All Changed Clusters + run: echo "${{ steps.changed-clusters.outputs.all_changed_and_modified_files }}" + + flux-diff: + name: Flux Diff + runs-on: ubuntu-latest + needs: + - changed-clusters + permissions: + pull-requests: write + strategy: + matrix: + paths: ${{ fromJSON(needs.changed-clusters.outputs.matrix) }} + resources: + - helmrelease + - kustomization + max-parallel: 4 + fail-fast: false + steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + if: ${{ github.event.pull_request.head.repo.full_name == github.repository }} + id: app-token + with: + app-id: ${{ secrets.KIREQUE_APP_ID }} + private-key: ${{ secrets.KIREQUE_APP_PRIVATE_KEY }} + + - name: Checkout + uses: actions/checkout@v4 + with: + token: "${{ steps.app-token.outputs.token }}" + path: pull + + - name: Checkout Default Branch + uses: actions/checkout@v4 + with: + token: "${{ steps.app-token.outputs.token }}" + ref: "${{ github.event.repository.default_branch }}" + path: default + + - name: Diff Resources + uses: docker://ghcr.io/allenporter/flux-local:v5.1.0 + with: + args: >- + diff ${{ matrix.resources }} + --unified 6 + --path /github/workspace/pull/${{ matrix.paths }}/flux + --path-orig /github/workspace/default/${{ matrix.paths }}/flux + --strip-attrs "helm.sh/chart,checksum/config,app.kubernetes.io/version,chart" + --limit-bytes 10000 + --all-namespaces + --sources "home-ops-kubernetes" + --output-file diff.patch + + - name: Generate Diff + id: diff + run: | + cat diff.patch; + { + echo 'diff<> "$GITHUB_OUTPUT"; + { + echo "### Diff" + echo '```diff' + cat diff.patch + echo '```' + } >> "$GITHUB_STEP_SUMMARY" + + - if: ${{ steps.diff.outputs.diff != '' }} + name: Add comment + uses: mshick/add-pr-comment@v2 + with: + repo-token: "${{ steps.app-token.outputs.token }}" + message-id: "${{ github.event.pull_request.number }}/${{ matrix.paths }}/${{ matrix.resources }}" + message-failure: Diff was not successful + message: | + ```diff + ${{ steps.diff.outputs.diff }} + + flux-diff-success: + needs: + - flux-diff + if: ${{ always() }} + name: Flux Diff successful + runs-on: ubuntu-latest + steps: + - name: Check matrix status + if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} + run: exit 1 \ No newline at end of file diff --git a/.github/workflows/flux-hr-image-test.yaml b/.github/workflows/flux-hr-image-test.yaml new file mode 100644 index 000000000..564d793cf --- /dev/null +++ b/.github/workflows/flux-hr-image-test.yaml @@ -0,0 +1,142 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: "Flux Helm Release Image Test" + +on: + pull_request: + branches: + - main + paths: + - kubernetes/** + +concurrency: + group: ${{ github.workflow }}-${{ github.event.number || github.ref }} + cancel-in-progress: true + +jobs: + changed-clusters: + name: Changed Clusters + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.changed-clusters.outputs.all_changed_and_modified_files }} + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + repository: ${{ github.event.pull_request.head.repo.full_name }} + + - name: Get Changed Clusters + id: changed-clusters + uses: tj-actions/changed-files@v44 + with: + files: kubernetes/** + dir_names: true + dir_names_max_depth: 2 + json: true + escape_json: false + + - name: List All Changed Clusters + run: echo "${{ steps.changed-clusters.outputs.all_changed_and_modified_files }}" + + extract-images: + name: Extract Images + runs-on: ubuntu-latest + needs: + - changed-clusters + permissions: + pull-requests: write + strategy: + matrix: + paths: ${{ fromJSON(needs.changed-clusters.outputs.matrix) }} + max-parallel: 4 + fail-fast: false + outputs: + matrix: ${{ steps.extract-images.outputs.images }} + steps: + - name: Setup Homebrew + uses: Homebrew/actions/setup-homebrew@master + + - name: Setup Workflow Tools + shell: bash + run: brew install jo yq + + - name: Checkout Default Branch + uses: actions/checkout@v4 + with: + ref: "${{ github.event.repository.default_branch }}" + path: default + + - name: Checkout Pull Request Branch + uses: actions/checkout@v4 + with: + path: pull + + - name: Gather Images in Default Branch + uses: docker://ghcr.io/allenporter/flux-local:v5.1.0 + with: + args: >- + get cluster + --path /github/workspace/default/${{ matrix.paths }}/flux + --enable-images + --output yaml + --output-file default.yaml + + - name: Gather Images in Pull Request Branch + uses: docker://ghcr.io/allenporter/flux-local:v5.1.0 + with: + args: >- + get cluster + --path /github/workspace/pull/${{ matrix.paths }}/flux + --enable-images + --output yaml + --output-file pull.yaml + + - name: Filter Default Branch Results + shell: bash + run: | + yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \ + default.yaml > default.txt + + - name: Filter Pull Request Branch Results + shell: bash + run: | + yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \ + pull.yaml > pull.txt + + - name: Compare Default and Pull Request Images + id: extract-images + shell: bash + run: | + IFS=$'\n' read -r -d '' -a diff < <( (grep -vf default.txt pull.txt || true) && printf '\0' ) + images=$(jo -a "${diff[@]}") + echo "images=${images}" >> "$GITHUB_OUTPUT" + echo "${images}" + echo "### Images" >> "$GITHUB_STEP_SUMMARY" + echo "${images}" | jq -r 'to_entries[] | "* \(.value)"' >> "$GITHUB_STEP_SUMMARY" + + test-images: + if: ${{ needs.extract-images.outputs.matrix != '[]' }} + name: Test images + runs-on: ubuntu-latest + needs: + - extract-images + strategy: + matrix: + images: ${{ fromJSON(needs.extract-images.outputs.matrix) }} + max-parallel: 4 + fail-fast: false + steps: + - name: Test Images + run: docker pull ${{ matrix.images }} + + test-images-success: + if: ${{ always() }} + needs: + - test-images + name: Test Images Successful + runs-on: ubuntu-latest + steps: + - if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} + name: Check matrix status + run: exit 1 \ No newline at end of file diff --git a/.github/workflows/flux-ks-sync.yaml b/.github/workflows/flux-ks-sync.yaml new file mode 100644 index 000000000..9277e5967 --- /dev/null +++ b/.github/workflows/flux-ks-sync.yaml @@ -0,0 +1,50 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: "Flux Kustomization Sync" + +on: + workflow_dispatch: + push: + branches: + - main + paths: + - .github/workflows/flux-ks-sync.yaml + - kubernetes/main/** + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + sync: + name: Flux Kustomization Sync + runs-on: + - arc-runner-set-home-ops + environment: production + strategy: + matrix: + cluster: + - main + steps: + - name: Install Flux + uses: fluxcd/flux2/action@main + with: + version: "latest" + + - name: Write kubeconfig + id: kubeconfig + uses: timheuer/base64-to-file@v1 + with: + encodedString: "${{ secrets.KUBECONFIG }}" + fileName: kubeconfig + + - name: Sync Kustomization + env: + KUBECONFIG: "${{ steps.kubeconfig.outputs.filePath }}" + shell: bash + run: | + flux \ + --context "flux@${{ matrix.cluster }}" \ + --namespace flux-system \ + reconcile ks cluster \ + --with-source \ No newline at end of file diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 279025e4c..adb57d7f0 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -31,7 +31,7 @@ jobs: private-key: ${{ secrets.KIREQUE_APP_PRIVATE_KEY }} - name: MegaLinter - uses: oxsecurity/megalinter@v7.11.1 + uses: oxsecurity/megalinter/flavors/terraform@v7.11.1 env: GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}" PRINT_ALPACA: false @@ -44,7 +44,6 @@ jobs: "ACTION_ACTIONLINT", "ANSIBLE_ANSIBLE_LINT", "COPYPASTE_JSCPD", - "KUBERNETES_KUBEVAL", "MARKDOWN_MARKDOWNLINT", "PYTHON_FLAKE8", "PYTHON_PYLINT", @@ -58,13 +57,11 @@ jobs: ',' ) }} + ACTION_ACTIONLINT_CONFIG_FILE: .ci/actionlint/actionlint.yml COPYPASTE_JSCPD_CONFIG_FILE: .ci/jscpd/jscpd.json - KUBERNETES_DIRECTORY: k8s - KUBERNETES_KUBEVAL_ARGUMENTS: --ignore-missing-schemas - KUBERNETES_KUBEVAL_FILTER_REGEX_INCLUDE: "(kubernetes)" - MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .github/linters/markdownlint.config.yaml - MARKDOWN_MARKDOWNLINT_RULES_PATH: .github/ - PYTHON_FLAKE8_CONFIG_FILE: .github/linters/.flake8 + MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .ci/markdownlint/markdownlint.config.yaml + MARKDOWN_MARKDOWNLINT_RULES_PATH: .ci/markdownlint/ + PYTHON_FLAKE8_CONFIG_FILE: .ci/flake8/.flake8 YAML_YAMLLINT_CONFIG_FILE: .ci/yamllint/.yamllint.yaml YAML_PRETTIER_CONFIG_FILE: .ci/prettier/.prettierrc.yaml YAML_PRETTIER_ARGUMENTS: --ignore-path .ci/prettier/.prettierignore \ No newline at end of file diff --git a/.github/workflows/meta-label-size.yaml b/.github/workflows/meta-label-size.yaml deleted file mode 100644 index 8a68757da..000000000 --- a/.github/workflows/meta-label-size.yaml +++ /dev/null @@ -1,34 +0,0 @@ ---- -name: Meta - Label Size - -on: # yamllint disable-line rule:truthy - pull_request: - branches: - - main - -jobs: - label-size: - name: Label Size - runs-on: ubuntu-latest - steps: - - name: Generate Token - uses: tibdex/github-app-token@v2 - id: generate-token - with: - app_id: ${{ secrets.KIREQUE_APP_ID }} - private_key: ${{ secrets.KIREQUE_APP_PRIVATE_KEY }} - - - name: Label Size - uses: pascalgn/size-label-action@v0.5.2 - env: - GITHUB_TOKEN: "${{ steps.generate-token.outputs.token }}" - with: - sizes: > - { - "0": "XS", - "20": "S", - "50": "M", - "200": "L", - "800": "XL", - "2000": "XXL" - } diff --git a/.github/workflows/meta-labeler.yaml b/.github/workflows/meta-labeler.yaml index 5c859ad96..b822fa6fe 100644 --- a/.github/workflows/meta-labeler.yaml +++ b/.github/workflows/meta-labeler.yaml @@ -2,7 +2,7 @@ # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: Meta - Labeler -on: # yamllint disable-line rule:truthy +on: pull_request: branches: - main @@ -14,14 +14,14 @@ jobs: if: ${{ github.event.pull_request.head.repo.full_name == github.repository }} steps: - name: Generate Token - uses: tibdex/github-app-token@v2 - id: generate-token + uses: actions/create-github-app-token@v1 + id: app-token with: - app_id: ${{ secrets.KIREQUE_APP_ID }} - private_key: ${{ secrets.KIREQUE_APP_PRIVATE_KEY }} + app-id: ${{ secrets.KIREQUE_APP_ID }} + private-key: ${{ secrets.KIREQUE_APP_PRIVATE_KEY }} - name: Labeler uses: actions/labeler@v5 with: - repo-token: "${{ steps.generate-token.outputs.token }}" - configuration-path: .github/labeler.yaml + repo-token: "${{ steps.app-token.outputs.token }}" + configuration-path: .github/labeler.yaml \ No newline at end of file