From 47d1d3a5118d9ea891e988c610cd157014ca331f Mon Sep 17 00:00:00 2001 From: Lucas Weatherhog <31103312+weatherhog@users.noreply.github.com> Date: Tue, 30 Jun 2026 16:42:18 +0200 Subject: [PATCH 1/2] test: value change alongside a *.enc.yaml change Changes a real ConfigMap value AND touches a SOPS-encrypted *.enc.yaml in the same PR. The yaml-diff bot should diff only the ConfigMap and silently exclude the .enc.yaml. Throwaway test PR for roadmap#4121. --- .../mapi/apps/ingress-nginx-from-template/secret.enc.yaml | 2 +- .../out-of-band/configmaps/configmap.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/management-clusters/MC_NAME/organizations/ORG_NAME/workload-clusters/WC_NAME_OUT_OF_BAND_FLUX_APP/mapi/apps/ingress-nginx-from-template/secret.enc.yaml b/management-clusters/MC_NAME/organizations/ORG_NAME/workload-clusters/WC_NAME_OUT_OF_BAND_FLUX_APP/mapi/apps/ingress-nginx-from-template/secret.enc.yaml index 0fbed7da..68f7e4e3 100644 --- a/management-clusters/MC_NAME/organizations/ORG_NAME/workload-clusters/WC_NAME_OUT_OF_BAND_FLUX_APP/mapi/apps/ingress-nginx-from-template/secret.enc.yaml +++ b/management-clusters/MC_NAME/organizations/ORG_NAME/workload-clusters/WC_NAME_OUT_OF_BAND_FLUX_APP/mapi/apps/ingress-nginx-from-template/secret.enc.yaml @@ -11,7 +11,7 @@ sops: gcp_kms: [] azure_kv: [] hc_vault: [] - lastmodified: '2022-08-10T12:18:52Z' + lastmodified: '2026-06-30T14:40:00Z' mac: ENC[AES256_GCM,data:MlelYpvTgNDJ51+lruKpE5WZsQIJ2Tg66suRu4Cio5RK4JSjrsY/LQLv+HtbhzGKCjWkdw/Or2nfOeRCbrj0KQhKKrFiSRi7wR2+mNolvRbZ5dnsnbNSx5rGetnxearGyuSpMt35rFybI9RnnI878Sg8D1mjzrtmIn2hb8V37do=,iv:TiMKmgwf6GIqwS8Gv//lauhHx0FaL0BcFW06un50dwQ=,tag:gW1UW1+HfbhfOUoKSzVhtA==,type:str] pgp: - created_at: '2022-08-10T12:18:52Z' diff --git a/management-clusters/MC_NAME/organizations/ORG_NAME/workload-clusters/WC_NAME_OUT_OF_BAND_FLUX_APP/out-of-band/configmaps/configmap.yaml b/management-clusters/MC_NAME/organizations/ORG_NAME/workload-clusters/WC_NAME_OUT_OF_BAND_FLUX_APP/out-of-band/configmaps/configmap.yaml index 6c1e991e..7d4ed0d2 100644 --- a/management-clusters/MC_NAME/organizations/ORG_NAME/workload-clusters/WC_NAME_OUT_OF_BAND_FLUX_APP/out-of-band/configmaps/configmap.yaml +++ b/management-clusters/MC_NAME/organizations/ORG_NAME/workload-clusters/WC_NAME_OUT_OF_BAND_FLUX_APP/out-of-band/configmaps/configmap.yaml @@ -5,7 +5,7 @@ data: Variable substitution still possible here. I am the ${cluster_name} cluster! I belong to the ${organization} org! - Encryption is possible here as well, but I am not encrypted atm. + Encryption is possible here as well, but I am not encrypted yet. kind: ConfigMap metadata: name: secret-to-be-created-directly-in-WC From 88b27c4a8799607486fe359679ca7c63d60744ce Mon Sep 17 00:00:00 2001 From: Lucas Weatherhog <31103312+weatherhog@users.noreply.github.com> Date: Tue, 30 Jun 2026 16:52:54 +0200 Subject: [PATCH 2/2] test: point yaml-diff caller at fix branch to verify SOPS exclusion Temporary: references the github-workflows fix/yaml-diff-enc-exclusion branch to confirm *.enc.yaml is now excluded. Throwaway test PR. --- .github/workflows/yaml-diff.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/yaml-diff.yaml b/.github/workflows/yaml-diff.yaml index 4aa72a4f..cddc0026 100644 --- a/.github/workflows/yaml-diff.yaml +++ b/.github/workflows/yaml-diff.yaml @@ -9,4 +9,4 @@ permissions: jobs: yaml-diff: - uses: giantswarm/github-workflows/.github/workflows/yaml-diff.yaml@main + uses: giantswarm/github-workflows/.github/workflows/yaml-diff.yaml@fix/yaml-diff-enc-exclusion