dextek/.github/workflows/flate.yaml at main · krezh/dextek · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: Flate

on:
  pull_request:
    branches: ["main"]

concurrency:
  group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  changed-clusters:
    name: Flate - Filter
    runs-on: ubuntu-latest
    outputs:
      changed-clusters: ${{ steps.changed-clusters.outputs.changed_files }}
    steps:
      - name: Get Changed Clusters
        id: changed-clusters
        uses: bjw-s-labs/action-changed-files@a9a36fb08ce06db9b02fbd8026cc2c0945eb9841 # v0.6.0
        with:
          patterns: clusters/!(shared)/**
          include_only_directories: true
          max_depth: 2

  diff:
    if: ${{ needs.changed-clusters.outputs.changed-clusters != '[]' }}
    needs: changed-clusters
    name: Flate - Diff
    environment: prod
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
    strategy:
      matrix:
        cluster: ${{ fromJSON(needs.changed-clusters.outputs.changed-clusters) }}
        resource: ["helmrelease", "kustomization"]
      fail-fast: false
    steps:
      - name: Checkout Pull Request Branch
        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
        with:
          persist-credentials: false
          path: pull

      - name: Checkout Default Branch
        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
        with:
          persist-credentials: false
          ref: ${{ github.event.repository.default_branch }}
          path: default

      - name: Setup Mise
        uses: jdx/mise-action@dba19683ed58901619b14f395a24841710cb4925 # v4.1.0
        with:
          cache: false
          tool_versions: |
            github:home-operations/flate latest

      - name: Run flate diff
        env:
          RESOURCE: ${{ matrix.resource }}
          CLUSTER: ${{ matrix.cluster }}
        run: |
          flate diff "$RESOURCE" \
            --path ./pull/"${CLUSTER}" \
            --path-orig ./default/"${CLUSTER}" \
            > diff.patch

      - name: Generate Diff
        id: diff
        run: |-
          echo 'diff<<EOF' >> $GITHUB_OUTPUT
          cat diff.patch >> $GITHUB_OUTPUT
          echo 'EOF' >> $GITHUB_OUTPUT

      - if: ${{ steps.diff.outputs.diff != '' }}
        name: Generate Token
        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
        id: app-token
        with:
          client-id: ${{ secrets.BOT_APP_ID }}
          private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }}

      - if: ${{ steps.diff.outputs.diff != '' }}
        name: Add Comment
        continue-on-error: true
        uses: marocchino/sticky-pull-request-comment@0ea0beb66eb9baf113663a64ec522f60e49231c0 # v3.0.4
        with:
          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
          header: ${{ github.event.pull_request.number }}/${{ matrix.cluster }}/${{ matrix.resource }}
          message: |
            ```diff
            ${{ steps.diff.outputs.diff }}
            ```

  success:
    if: ${{ !cancelled() }}
    needs: ["diff"]
    name: Flate - Success
    runs-on: ubuntu-latest
    steps:
      - name: Any jobs failed?
        if: ${{ contains(needs.*.result, 'failure') }}
        run: exit 1

      - name: All jobs passed or skipped?
        if: ${{ !(contains(needs.*.result, 'failure')) }}
        run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}"