rm #3949

Summary
Jobs
- build
- diff
- lint
- failed
Run details
- Usage
- Workflow file

Workflow file for this run

	name: k8s CI

	on:
	pull_request:
	paths:
	- "k8s/**"
	- ".github/workflows/k8s.yaml"
	push:
	paths:
	- "k8s/**"
	- ".github/workflows/k8s.yaml"
	workflow_dispatch:
	jobs:
	build:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	ref: ${{ github.event.pull_request.base.ref }}

	- run: "mkdir -p ./k8s/tmp/cluster-kustomize"
	shell: bash

	- run: 'echo -en "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\nresources:\n" > ./k8s/tmp/cluster-kustomize/kustomization.yaml'
	shell: bash

	- run: 'ls ./k8s/apps/ \| while read line; do echo " - ../../apps/$line" >> ./k8s/tmp/cluster-kustomize/kustomization.yaml ; done'
	shell: bash

	- uses: azure/k8s-bake@v3
	with:
	renderEngine: "kustomize"
	kustomizationPath: "./k8s/tmp/cluster-kustomize/"
	kubectl-version: "latest"
	id: base_bake

	- run: "mv ${{ steps.base_bake.outputs.manifestsBundle }} /tmp/manifests-base.yaml"

	- uses: actions/checkout@v4

	- run: "ls ./k8s/"
	shell: bash

	- run: "mkdir -p ./k8s/tmp/cluster-kustomize"
	shell: bash

	- run: 'echo -en "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\nresources:\n" > ./k8s/tmp/cluster-kustomize/kustomization.yaml'
	shell: bash

	- run: 'ls ./k8s/apps/ \| while read line; do echo " - ../../apps/$line" >> ./k8s/tmp/cluster-kustomize/kustomization.yaml ; done'
	shell: bash

	- uses: azure/k8s-bake@v3
	with:
	renderEngine: "kustomize"
	kustomizationPath: ./k8s/tmp/cluster-kustomize/
	kubectl-version: "latest"
	id: base_changed

	- run: "mv ${{ steps.base_changed.outputs.manifestsBundle }} /tmp/manifests-head.yaml"

	# Helm Diff
	- name: install dependencies
	run: \|
	# Install yq
	sudo wget https://github.com/mikefarah/yq/releases/download/v4.43.1/yq_linux_amd64 -O /usr/bin/yq
	sudo chmod +x /usr/bin/yq

	# install helm
	curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 \| sudo bash

	- name: HelmReleaseとHelmRepoを抽出
	run: \|
	cat /tmp/manifests-head.yaml \|yq -j '. \| select(.kind == "HelmRelease") \| sort_keys(.metadata.name .metadata.namespace)' > /tmp/helmreleases-head.json
	cat /tmp/manifests-head.yaml \|yq '. \| select(.kind == "HelmRepository") \| sort_keys(.metadata.name .metadata.namespace)' > /tmp/helmrepository-head.yaml

	cat /tmp/manifests-base.yaml \|yq -j '. \| select(.kind == "HelmRelease") \| sort_keys(.metadata.name .metadata.namespace)' > /tmp/helmreleases-base.json
	cat /tmp/manifests-base.yaml \|yq '. \| select(.kind == "HelmRepository") \| sort_keys(.metadata.name .metadata.namespace)' > /tmp/helmrepository-base.yaml

	- name: helm repo add
	run: \|
	# helm repo add head-<.metadata.name-.metadata.namespace> <.spec.url>
	cat /tmp/helmrepository-head.yaml \| yq -r '"head-" + .metadata.name + "-" + .metadata.namespace + " " + .spec.url' \| while read line; do
	helm repo add $line
	done

	# helm repo add base-<.metadata.name-.metadata.namespace> <.spec.url>
	cat /tmp/helmrepository-base.yaml \| yq -r '"base-" + .metadata.name + "-" + .metadata.namespace + " " + .spec.url' \| while read line; do
	helm repo add $line
	done

	- name: helm template
	run: \|
	length=$(cat /tmp/helmreleases-head.json \| jq -s length)
	for i in $( seq 0 $(($length - 1)) ); do
	cat /tmp/helmreleases-head.json \| jq -rs ".[$i] \| .spec.values" \| tee values.json >> /dev/null
	command=$(cat /tmp/helmreleases-head.json \| jq -rs "\"helm template \" + .[$i].metadata.name + \" --namespace \" + .[$i].metadata.namespace + \" head-\" + .[$i].spec.chart.spec.sourceRef.name + \"-\" + .[$i].metadata.namespace + \"/\" + .[$i].spec.chart.spec.chart + \" --version \" + .[$i].spec.chart.spec.version + \" -f values.json\"")
	eval $command \| yq "sort_keys(..)" >> /tmp/manifests-head.yaml
	done

	length=$(cat /tmp/helmreleases-base.json \| jq -s length)
	for i in $( seq 0 $(($length - 1)) ); do
	cat /tmp/helmreleases-base.json \| jq -rs ".[$i] \| .spec.values" \| tee values.json >> /dev/null
	command=$(cat /tmp/helmreleases-base.json \| jq -rs "\"helm template \" + .[$i].metadata.name + \" --namespace \" + .[$i].metadata.namespace + \" base-\" + .[$i].spec.chart.spec.sourceRef.name + \"-\" + .[$i].metadata.namespace + \"/\" + .[$i].spec.chart.spec.chart + \" --version \" + .[$i].spec.chart.spec.version + \" -f values.json\"")
	eval $command \| yq "sort_keys(..)" >> /tmp/manifests-base.yaml
	done

	- name: Upload file status_job02.txt as an artifact
	uses: actions/upload-artifact@v4
	with:
	if-no-files-found: error
	name: manifests
	path: \|
	/tmp/manifests-base.yaml
	/tmp/manifests-head.yaml

	diff:
	runs-on: ubuntu-latest
	needs: build
	if: github.event_name == 'pull_request'
	steps:
	- uses: actions/download-artifact@v4
	with:
	name: manifests

	- name: rm labels
	run: \|
	sed -r -e "s/^\shelm\.sh\/chart:\s+.+$//g" -e "s/^\sapp\.kubernetes\.io\/version\:\s+.+$//g" -i manifests-head.yaml
	sed -r -e "s/^\shelm\.sh\/chart:\s+.+$//g" -e "s/^\sapp\.kubernetes\.io\/version\:\s+.+$//g" -i manifests-base.yaml

	- name: install dyff
	run: \|
	wget https://github.com/homeport/dyff/releases/download/v1.8.0/dyff_1.8.0_linux_amd64.tar.gz
	tar -xvf dyff_1.8.0_linux_amd64.tar.gz
	chmod +x dyff

	- name: Build markdown comment with manifest diff
	run: \|
	echo "# Manifest diff

	<details>
	<summary>Click to expand</summary>

	\`\`\`diff
	$(diff -u manifests-base.yaml manifests-head.yaml)
	\`\`\`
	</details>" \| tee /tmp/diff.md

	# PRへのコメントだけど、issue commentのAPIを使うらしい
	- name: Comment manifest diff to GitHub PR
	continue-on-error: true
	run: \|
	cat /tmp/diff.md \| jq -Rs '{ "body": . }' \| curl --fail \
	-X POST -H 'Accept: application/vnd.github.v3+json' \
	--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
	https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.number }}/comments \
	-d @-

	- name: Build markdown comment with manifest dyff
	run: \|
	echo "# Manifest dyff

	<details>
	<summary>Click to expand</summary>

	\`\`\`diff
	$(./dyff between manifests-base.yaml manifests-head.yaml)
	\`\`\`

	</details>" \| tee /tmp/dyff.md

	# PRへのコメントだけど、issue commentのAPIを使うらしい
	- name: Comment manifest diff to GitHub PR
	continue-on-error: true
	run: \|
	cat /tmp/dyff.md \| jq -Rs '{ "body": . }' \| curl --fail \
	-X POST -H 'Accept: application/vnd.github.v3+json' \
	--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
	https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.number }}/comments \
	-d @-

	lint:
	runs-on: ubuntu-latest
	needs: build
	steps:
	- uses: actions/download-artifact@v4
	with:
	name: manifests

	- name: Lint manifest with kubeconform
	uses: docker://ghcr.io/yannh/kubeconform:latest
	with:
	args: "-ignore-missing-schemas -strict -summary manifests-head.yaml"

	failed:
	runs-on: ubuntu-latest
	needs: lint
	if: failure()
	steps:
	- name: Send GitHub Action trigger data to Slack workflow
	id: slack
	uses: slackapi/[email protected]
	with:
	payload: \|
	{
	"text": "Workflow ${{ github.workflow }} failed",
	"blocks": [
	{
	"type": "section",
	"text": {
	"type": "mrkdwn",
	"text": "Workflow ${{ github.workflow }} failed"
	}
	},
	{
	"type": "section",
	"block_id": "section789",
	"fields": [
	{
	"type": "mrkdwn",
	"text": "error: ${{ job.status }}"
	}
	]
	}
	]
	}
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

rm #3949

Workflow file

rm #3949

Jobs

Run details

Workflow file for this run