diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index 09c8bf744..399993bf0 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -29,47 +29,60 @@ jobs: app-id: "${{ secrets.BOT_APP_ID }}" private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - - name: Checkout + - name: Checkout Pull Request Branch uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" - ref: "${{ github.event.repository.default_branch }}" - path: default + path: pull - - name: Checkout Pull Request Branch + - name: Checkout Default Branch uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" - path: pull + ref: "${{ github.event.repository.default_branch }}" + path: default - - name: Diff Resources - uses: docker://ghcr.io/allenporter/flux-local:v6.1.1 + - name: Setup Workflow Tools + uses: jdx/mise-action@v2 + env: + GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}" with: - args: >- - diff ${{ matrix.resources }} - --unified 6 - --path-orig /github/workspace/default/kubernetes/flux - --path /github/workspace/pull/kubernetes/flux - --strip-attrs "helm.sh/chart,checksum/config,app.kubernetes.io/version,chart" - --limit-bytes 10000 - --all-namespaces - --sources "${{ github.event.repository.name }}" - --output-file diff.patch + mise_toml: |- + [tools] + python = "3.12" + "aqua:astral-sh/uv" = "latest" + "aqua:fluxcd/flux2" = "latest" + "aqua:helm/helm" = "latest" + "aqua:kubernetes-sigs/kustomize" = "latest" + "pipx:flux-local" = "latest" + + - name: Diff Resources + shell: bash + run: | + flux-local diff ${{ matrix.resources }} \ + --unified 6 \ + --path ${{ github.workspace }}/pull/kubernetes/flux \ + --path-orig ${{ github.workspace }}/default/kubernetes/flux \ + --strip-attrs "helm.sh/chart,checksum/config,app.kubernetes.io/version,chart" \ + --limit-bytes 10000 \ + --all-namespaces \ + --sources "k8s-gitops" \ + --output-file diff.patch - name: Generate Diff id: diff run: | cat diff.patch; { - echo 'diff<> "$GITHUB_OUTPUT"; { - echo "### Diff" - echo '```diff' - cat diff.patch - echo '```' + echo "### Diff" + echo '```diff' + cat diff.patch + echo '```' } >> "$GITHUB_STEP_SUMMARY" - if: ${{ steps.diff.outputs.diff != '' }} diff --git a/.github/workflows/helm-repository-sync.yaml b/.github/workflows/helm-repository-sync.yaml index e0ccbb361..0cb9bc1b8 100644 --- a/.github/workflows/helm-repository-sync.yaml +++ b/.github/workflows/helm-repository-sync.yaml @@ -20,12 +20,6 @@ jobs: name: Helm Repository Sync runs-on: ["gha-runner-scale-set"] steps: - - name: Setup Homebrew - uses: Homebrew/actions/setup-homebrew@master - - - name: Setup Workflow Tools - run: brew install fluxcd/tap/flux yq - - name: Generate Token uses: actions/create-github-app-token@v1 id: app-token @@ -39,8 +33,18 @@ jobs: token: "${{ steps.app-token.outputs.token }}" fetch-depth: 0 + - name: Setup Workflow Tools + uses: jdx/mise-action@v2 + env: + GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}" + with: + mise_toml: |- + [tools] + "aqua:fluxcd/flux2" = "latest" + "aqua:mikefarah/yq" = "latest" + - if: ${{ github.event.inputs.helmRepoNamespace == '' && github.event.inputs.helmRepoName == '' }} - name: Get changed files + name: Get Changed Files id: changed-files uses: tj-actions/changed-files@v45 with: diff --git a/.github/workflows/pre-pull-images.yaml b/.github/workflows/pre-pull-images.yaml index d9f302459..f5d2aa3ce 100644 --- a/.github/workflows/pre-pull-images.yaml +++ b/.github/workflows/pre-pull-images.yaml @@ -11,20 +11,12 @@ concurrency: cancel-in-progress: true jobs: - extract-images: - name: Extract Images + default-images: + name: Default Images runs-on: ubuntu-latest - permissions: - pull-requests: write outputs: - matrix: ${{ steps.extract-images.outputs.images }} + images: ${{ steps.extract-images.outputs.images }} steps: - - name: Setup Homebrew - uses: Homebrew/actions/setup-homebrew@master - - - name: Setup Workflow Tools - run: brew install jo yq - - name: Generate Token uses: actions/create-github-app-token@v1 id: app-token @@ -32,60 +24,113 @@ jobs: app-id: "${{ secrets.BOT_APP_ID }}" private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - - name: Checkout Default Branch + - name: Checkout uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" ref: "${{ github.event.repository.default_branch }}" - path: default - - name: Checkout Pull Request Branch + - name: Setup Workflow Tools + uses: jdx/mise-action@v2 + env: + GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}" + with: + mise_toml: &mise_toml |- + [tools] + python = "3.12" + "aqua:astral-sh/uv" = "latest" + "aqua:fluxcd/flux2" = "latest" + "aqua:helm/helm" = "latest" + "aqua:kubernetes-sigs/kustomize" = "latest" + "aqua:mikefarah/yq" = "latest" + "pipx:flux-local" = "latest" + + - name: Gather Images + shell: bash + run: | + flux-local get cluster \ + --path ${{ github.workspace }}/kubernetes/flux \ + --enable-images \ + --output yaml \ + --output-file images.yaml + + - name: Filter Images + shell: bash + run: | + yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \ + images.yaml > images.txt + + - name: Extract Images + id: extract-images + shell: bash + run: | + images=$(jq --compact-output --raw-input --null-input '[inputs]' images.txt) + echo "images=${images}" >> $GITHUB_OUTPUT + + pull-request-images: + name: Pull Request Images + runs-on: ubuntu-latest + outputs: + images: ${{ steps.extract-images.outputs.images }} + steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Checkout uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" - path: pull - - name: Gather Images in Default Branch - uses: docker://ghcr.io/allenporter/flux-local:v6.1.1 - with: - args: >- - get cluster - --path /github/workspace/default/kubernetes/flux - --enable-images - --output yaml - --output-file default.yaml - - - name: Gather Images in Pull Request Branch - uses: docker://ghcr.io/allenporter/flux-local:v6.1.1 + - name: Setup Workflow Tools + uses: jdx/mise-action@v2 + env: + GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}" with: - args: >- - get cluster - --path /github/workspace/pull/kubernetes/flux - --enable-images - --output yaml - --output-file pull.yaml - - - name: Filter Default Branch Results + mise_toml: *mise_toml + + - name: Gather Images shell: bash run: | - yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \ - default.yaml > default.txt + flux-local get cluster \ + --path ${{ github.workspace }}/kubernetes/flux \ + --enable-images \ + --output yaml \ + --output-file images.yaml - - name: Filter Pull Request Branch Results + - name: Filter Images shell: bash run: | yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \ - pull.yaml > pull.txt + images.yaml > images.txt + + - name: Extract Images + id: extract-images + shell: bash + run: | + images=$(jq --compact-output --raw-input --null-input '[inputs]' images.txt) + echo "images=${images}" >> $GITHUB_OUTPUT + extract-images: + name: Extract Images + runs-on: ubuntu-latest + needs: ["default-images", "pull-request-images"] + outputs: + matrix: ${{ steps.extract-images.outputs.images }} + steps: - name: Compare Default and Pull Request Images id: extract-images shell: bash run: | - images=$(jo -a $(grep -vf default.txt pull.txt)) + images=$(jq --compact-output --null-input \ + --argjson f1 '${{ needs.default-images.outputs.images }}' \ + --argjson f2 '${{ needs.pull-request-images.outputs.images }}' \ + '$f2 - $f1' \ + ) echo "images=${images}" >> $GITHUB_OUTPUT - echo "${images}" - echo "### Images" >> $GITHUB_STEP_SUMMARY - echo "${images}" | jq --raw-output 'to_entries[] | "* \(.value)"' >> $GITHUB_STEP_SUMMARY pre-pull-images: if: ${{ needs.extract-images.outputs.matrix != '[]' }} @@ -98,11 +143,21 @@ jobs: max-parallel: 4 fail-fast: false steps: - - name: Setup Homebrew - uses: Homebrew/actions/setup-homebrew@master + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - name: Setup Workflow Tools - run: brew install siderolabs/tap/talosctl + uses: jdx/mise-action@v2 + env: + GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}" + with: + mise_toml: | + [tools] + "aqua:siderolabs/talos" = "latest" - name: Pre-pull Image run: talosctl -n $NODE_IP image pull ${{ matrix.images }} diff --git a/kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml b/kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml index dfa44bd85..c75df1b2c 100644 --- a/kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml +++ b/kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml @@ -8,7 +8,7 @@ spec: chart: spec: chart: rook-ceph - version: v1.15.7 + version: v1.16.0 sourceRef: kind: HelmRepository name: rook-ceph diff --git a/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml b/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml index 49d42882b..a695833e2 100644 --- a/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml +++ b/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: rook-ceph-cluster - version: v1.15.7 + version: v1.16.0 sourceRef: kind: HelmRepository name: rook-ceph