Skip to content

fix(helm): update external-secrets ( 0.10.4 → 0.10.5 ) [main] #363

fix(helm): update external-secrets ( 0.10.4 → 0.10.5 ) [main]

fix(helm): update external-secrets ( 0.10.4 → 0.10.5 ) [main] #363

---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: "Flux Image Test"
on:
pull_request:
branches: ["master"]
paths: ["kubernetes/**"]
concurrency:
group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
cancel-in-progress: true
jobs:
changed-clusters:
name: Changed Clusters
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.changed-clusters.outputs.all_changed_and_modified_files }}
steps:
- name: Generate Token
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1
id: app-token
with:
app-id: "${{ secrets.BOT_APP_ID }}"
private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
token: "${{ steps.app-token.outputs.token }}"
fetch-depth: 0
- name: Get Changed Clusters
id: changed-clusters
uses: tj-actions/changed-files@c3a1bb2c992d77180ae65be6ae6c166cf40f857c # v45
with:
files: kubernetes/**
dir_names: true
dir_names_max_depth: 2
matrix: true
- name: List All Changed Clusters
run: echo "${{ steps.changed-clusters.outputs.all_changed_and_modified_files }}"
extract-images:
name: Extract Images
runs-on: ubuntu-latest
needs: ["changed-clusters"]
permissions:
pull-requests: write
strategy:
matrix:
paths: ${{ fromJSON(needs.changed-clusters.outputs.matrix) }}
max-parallel: 4
fail-fast: false
outputs:
matrix: ${{ steps.extract-images.outputs.images }}
steps:
- name: Generate Token
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1
id: app-token
with:
app-id: "${{ secrets.BOT_APP_ID }}"
private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
- name: Setup Homebrew
uses: Homebrew/actions/setup-homebrew@master
- name: Setup Workflow Tools
shell: bash
run: brew install jo yq
- name: Checkout Default Branch
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
token: "${{ steps.app-token.outputs.token }}"
ref: "${{ github.event.repository.default_branch }}"
path: default
- name: Checkout Pull Request Branch
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
token: "${{ steps.app-token.outputs.token }}"
path: pull
- name: Gather Images in Default Branch
uses: docker://ghcr.io/allenporter/flux-local:v6.0.0
with:
args: >-
get cluster
--path /github/workspace/default/${{ matrix.paths }}/flux
--enable-images
--output yaml
--output-file default.yaml
- name: Gather Images in Pull Request Branch
uses: docker://ghcr.io/allenporter/flux-local:v6.0.0
with:
args: >-
get cluster
--path /github/workspace/pull/${{ matrix.paths }}/flux
--enable-images
--output yaml
--output-file pull.yaml
- name: Filter Default Branch Results
shell: bash
run: |
yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \
default.yaml > default.txt
- name: Filter Pull Request Branch Results
shell: bash
run: |
yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \
pull.yaml > pull.txt
- name: Compare Default and Pull Request Images
id: extract-images
shell: bash
run: |
images=$(jo -a $(grep -vf default.txt pull.txt))
echo "images=${images}" >> $GITHUB_OUTPUT
echo "${images}"
echo "### Images" >> $GITHUB_STEP_SUMMARY
echo "${images}" | jq -r 'to_entries[] | "* \(.value)"' >> $GITHUB_STEP_SUMMARY
test-images:
if: ${{ needs.extract-images.outputs.matrix != '[]' }}
name: Test images
runs-on: ubuntu-latest
needs: ["extract-images"]
strategy:
matrix:
images: ${{ fromJSON(needs.extract-images.outputs.matrix) }}
max-parallel: 4
fail-fast: false
steps:
- name: Inspect Image
run: docker buildx imagetools inspect ${{ matrix.images }}
# Summarize matrix https://github.community/t/status-check-for-a-matrix-jobs/127354/7
test-images-success:
if: ${{ always() }}
needs: ["test-images"]
name: Test Images Successful
runs-on: ubuntu-latest
steps:
- if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
name: Check matrix status
run: exit 1