diff --git a/.github/workflows/basic.yml b/.github/workflows/basic.yml deleted file mode 100644 index f02c3234..00000000 --- a/.github/workflows/basic.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: Basic CI - -on: push - -jobs: - basic_checks: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: YAMLLint - uses: docker://gsoci.azurecr.io/giantswarm/yamllint:1.37.1 - with: - args: . diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml index 29ac1a54..8e6c857c 100644 --- a/.github/workflows/validate.yaml +++ b/.github/workflows/validate.yaml @@ -5,197 +5,12 @@ on: push: branches: [HEAD_BRANCH, main] -env: - kubeconform_ver: "0.4.13" - dyff_ver: "1.7.1" - clusterctl_ver: "1.2.0" - apptestctl_ver: "0.18.0" - kind_ver: "0.12.0" - GITOPS_FLUX_APP_VERSION: "1.10.0" - GITOPS_INIT_NAMESPACES: "default,org-org-name" - GITOPS_IGNORED_OBJECTS: "org-org-name/clusters-mapi-out-of-band-no-flux-direct" +permissions: + contents: read + pull-requests: write jobs: - check-pre-commit: - runs-on: ubuntu-latest - steps: - - run: sudo snap install shfmt - - uses: actions/checkout@v3 - - uses: actions/setup-python@v3 - - name: cache pre-commit environment - uses: actions/cache@v4 - with: - path: ~/.cache/pre-commit - key: ${{ runner.os }}-pre-commit-gitops-validate-${{ hashFiles('.pre-commit-config.yaml') }} - - uses: pre-commit/action@v3.0.1 validate: - needs: check-pre-commit - runs-on: ubuntu-latest - steps: - - run: sudo apt-get install -y yamllint - - run: curl -s https://fluxcd.io/install.sh | sudo bash - - uses: giantswarm/install-binary-action@v1 - with: - binary: kubeconform - download_url: "https://github.com/yannh/kubeconform/releases/download/v${version}/kubeconform-linux-amd64.tar.gz" - smoke_test: "${binary} -v" - tarball_binary_path: "${binary}" - version: ${{ env.kubeconform_ver }} - - name: cache validation tools - uses: actions/cache@v4 - with: - path: ~/.cache/pre-commit - key: ${{ runner.os }}-pre-commit-gitops-validate-${{ hashFiles('.pre-commit-config.yaml') }} - - uses: actions/checkout@v3 - - name: run validation - uses: mathiasvr/command-output@v1 - id: validate - with: - run: "./tools/test-all-ff validate" - - name: Find validation comment - uses: peter-evans/find-comment@v2 - # We always want to look up the comment for the result of the previous `validation` step result message (whether current validation failed or not) - # See: https://docs.github.com/en/actions/learn-github-actions/expressions#always - if: always() && github.ref_name != 'main' - continue-on-error: true - id: fc - with: - issue-number: ${{ github.event.pull_request.number }} - comment-author: "github-actions[bot]" - body-includes: Validation output log - - name: Delete old comment - uses: winterjung/comment@fda92dbcb5e7e79cccd55ecb107a8a3d7802a469 # v1.1.0 - # We always want to delete the comment for the result of the previous `validation` step result message (whether current validation failed or not) - # See: https://docs.github.com/en/actions/learn-github-actions/expressions#always - if: always() && github.ref_name != 'main' - continue-on-error: true - with: - type: delete - comment_id: ${{ steps.fc.outputs.comment-id }} - token: ${{ secrets.GITHUB_TOKEN }} - - name: Create or update validation comment - uses: peter-evans/create-or-update-comment@v2 - # We always want to comment back the result of the current `validation` step (whether it failed or not) - # See: https://docs.github.com/en/actions/learn-github-actions/expressions#always - if: always() && github.ref_name != 'main' - with: - issue-number: ${{ github.event.pull_request.number }} - body: | -
- Validation output log - - - ``` - ${{ steps.validate.outputs.stdout }} - ``` - -
- - get-diff: - runs-on: ubuntu-latest - needs: validate - if: github.event_name == 'pull_request' - steps: - - run: sudo apt-get install -y yamllint - - run: curl -s https://fluxcd.io/install.sh | sudo bash - - name: install dyff - uses: giantswarm/install-binary-action@v1 - with: - binary: dyff - download_url: "https://github.com/homeport/dyff/releases/download/v${version}/dyff_${version}_linux_amd64.tar.gz" - smoke_test: "${binary} version" - tarball_binary_path: "${binary}" - version: ${{ env.dyff_ver }} - - run: which dyff - - uses: giantswarm/install-binary-action@v1 - with: - binary: kubeconform - download_url: "https://github.com/yannh/kubeconform/releases/download/v${version}/kubeconform-linux-amd64.tar.gz" - smoke_test: "${binary} -v" - tarball_binary_path: "${binary}" - version: ${{ env.kubeconform_ver }} - - run: which kubeconform - - run: ls -la /opt/hostedtoolcache - - uses: actions/checkout@v3 - - name: template all for the new branch - run: ./tools/test-all-ff template > /tmp/new.yaml - - uses: actions/checkout@v3 - with: - ref: 'main' - path: 'old' - - name: template all for the old branch - run: cd old/ && ../tools/test-all-ff template > /tmp/old.yaml && cd .. - - name: save the diff - uses: mathiasvr/command-output@v1 - id: diff - with: - run: 'dyff between -s -i -b -g /tmp/old.yaml /tmp/new.yaml && echo "No diff detected" || if [[ $? -eq 255 ]]; then echo "Diff error"; fi;' - - name: Find diff comment - uses: peter-evans/find-comment@v2 - continue-on-error: true - id: fc - with: - issue-number: ${{ github.event.pull_request.number }} - comment-author: 'github-actions[bot]' - body-includes: Rendered manifest diff output log - - name: Delete old comment - uses: winterjung/comment@fda92dbcb5e7e79cccd55ecb107a8a3d7802a469 # v1.1.0 - continue-on-error: true - with: - type: delete - comment_id: ${{ steps.fc.outputs.comment-id }} - token: ${{ secrets.GITHUB_TOKEN }} - - name: Create or update validation comment - uses: peter-evans/create-or-update-comment@v2 - with: - issue-number: ${{ github.event.pull_request.number }} - body: | -
- Rendered manifest diff output log - - - ``` - ${{ steps.diff.outputs.stdout }} - ``` - -
- - test_on_kind: - runs-on: ubuntu-latest - needs: validate - steps: - - uses: actions/checkout@v3 - - name: install apptestctl - uses: giantswarm/install-binary-action@v1 - with: - binary: apptestctl - download_url: "https://github.com/giantswarm/apptestctl/releases/download/v${version}/apptestctl-v${version}-linux-amd64.tar.gz" - smoke_test: "${binary} version" - tarball_binary_path: "apptestctl-v${version}-linux-amd64/${binary}" - version: ${{ env.apptestctl_ver }} - - name: install clusterctl - run: curl -sSL https://github.com/kubernetes-sigs/cluster-api/releases/download/v${{ env.clusterctl_ver }}/clusterctl-linux-amd64 -o /usr/local/bin/clusterctl && chmod +x /usr/local/bin/clusterctl && clusterctl version - - name: Create k8s Kind Cluster - uses: helm/kind-action@v1.3.0 - with: - version: "v${{ env.kind_ver }}" - - name: extract kind kube.config - run: kind get kubeconfig --name 'chart-testing' > /tmp/kube.config - - name: Set up Python 3.9 - uses: actions/setup-python@v4 - with: - python-version: "3.9" - - name: Install pipenv - run: | - python -m pip install --upgrade pipenv - - name: install pipenv environment - run: cd tests/ats && pipenv install --deploy - - name: run tests - run: cd tests/ats && pipenv run pytest . - env: - KUBECONFIG: /tmp/kube.config - GITOPS_FLUX_APP_VERSION: "${{ env.GITOPS_FLUX_APP_VERSION }}" - GITOPS_INIT_NAMESPACES: "${{ env.GITOPS_INIT_NAMESPACES }}" - GITOPS_REPO_BRANCH: "${{ github.head_ref || github.ref_name }}" - GITOPS_REPO_URL: "${{ github.server_url }}/${{ github.repository }}" - GITOPS_MASTER_GPG_KEY: "${{ secrets.GITOPS_MASTER_GPG_KEY }}" + uses: giantswarm/github-workflows/.github/workflows/gitops-validate.yaml@main + secrets: + GITOPS_MASTER_GPG_KEY: ${{ secrets.GITOPS_MASTER_GPG_KEY }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 1341e4ad..bd6254cf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,13 @@ following [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ### Changed +- CI: replaced the hand-maintained `validate.yaml` and `basic.yml` with a thin + caller to the new reusable + `giantswarm/github-workflows/.github/workflows/gitops-validate.yaml`. Behaviour + is unchanged (pre-commit, `./tools/test-all-ff validate`, rendered-manifest diff, + and the `tests/ats` kind e2e); the GitHub Actions pins are now maintained + centrally and on current releases, clearing the Node 20 / `set-output` + deprecation warnings. - Bump `dyff_ver` from `1.5.4` to `1.7.1` in the existing rendered-manifest diff job (`validate.yaml`), to standardize on the version used by the new `yaml-diff` workflow.