diff --git a/.github/workflows/basic.yml b/.github/workflows/basic.yml
deleted file mode 100644
index f02c3234..00000000
--- a/.github/workflows/basic.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-name: Basic CI
-
-on: push
-
-jobs:
- basic_checks:
- runs-on: ubuntu-latest
- steps:
- - name: Checkout
- uses: actions/checkout@v4
- - name: YAMLLint
- uses: docker://gsoci.azurecr.io/giantswarm/yamllint:1.37.1
- with:
- args: .
diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml
index 29ac1a54..8e6c857c 100644
--- a/.github/workflows/validate.yaml
+++ b/.github/workflows/validate.yaml
@@ -5,197 +5,12 @@ on:
push:
branches: [HEAD_BRANCH, main]
-env:
- kubeconform_ver: "0.4.13"
- dyff_ver: "1.7.1"
- clusterctl_ver: "1.2.0"
- apptestctl_ver: "0.18.0"
- kind_ver: "0.12.0"
- GITOPS_FLUX_APP_VERSION: "1.10.0"
- GITOPS_INIT_NAMESPACES: "default,org-org-name"
- GITOPS_IGNORED_OBJECTS: "org-org-name/clusters-mapi-out-of-band-no-flux-direct"
+permissions:
+ contents: read
+ pull-requests: write
jobs:
- check-pre-commit:
- runs-on: ubuntu-latest
- steps:
- - run: sudo snap install shfmt
- - uses: actions/checkout@v3
- - uses: actions/setup-python@v3
- - name: cache pre-commit environment
- uses: actions/cache@v4
- with:
- path: ~/.cache/pre-commit
- key: ${{ runner.os }}-pre-commit-gitops-validate-${{ hashFiles('.pre-commit-config.yaml') }}
- - uses: pre-commit/action@v3.0.1
validate:
- needs: check-pre-commit
- runs-on: ubuntu-latest
- steps:
- - run: sudo apt-get install -y yamllint
- - run: curl -s https://fluxcd.io/install.sh | sudo bash
- - uses: giantswarm/install-binary-action@v1
- with:
- binary: kubeconform
- download_url: "https://github.com/yannh/kubeconform/releases/download/v${version}/kubeconform-linux-amd64.tar.gz"
- smoke_test: "${binary} -v"
- tarball_binary_path: "${binary}"
- version: ${{ env.kubeconform_ver }}
- - name: cache validation tools
- uses: actions/cache@v4
- with:
- path: ~/.cache/pre-commit
- key: ${{ runner.os }}-pre-commit-gitops-validate-${{ hashFiles('.pre-commit-config.yaml') }}
- - uses: actions/checkout@v3
- - name: run validation
- uses: mathiasvr/command-output@v1
- id: validate
- with:
- run: "./tools/test-all-ff validate"
- - name: Find validation comment
- uses: peter-evans/find-comment@v2
- # We always want to look up the comment for the result of the previous `validation` step result message (whether current validation failed or not)
- # See: https://docs.github.com/en/actions/learn-github-actions/expressions#always
- if: always() && github.ref_name != 'main'
- continue-on-error: true
- id: fc
- with:
- issue-number: ${{ github.event.pull_request.number }}
- comment-author: "github-actions[bot]"
- body-includes: Validation output log
- - name: Delete old comment
- uses: winterjung/comment@fda92dbcb5e7e79cccd55ecb107a8a3d7802a469 # v1.1.0
- # We always want to delete the comment for the result of the previous `validation` step result message (whether current validation failed or not)
- # See: https://docs.github.com/en/actions/learn-github-actions/expressions#always
- if: always() && github.ref_name != 'main'
- continue-on-error: true
- with:
- type: delete
- comment_id: ${{ steps.fc.outputs.comment-id }}
- token: ${{ secrets.GITHUB_TOKEN }}
- - name: Create or update validation comment
- uses: peter-evans/create-or-update-comment@v2
- # We always want to comment back the result of the current `validation` step (whether it failed or not)
- # See: https://docs.github.com/en/actions/learn-github-actions/expressions#always
- if: always() && github.ref_name != 'main'
- with:
- issue-number: ${{ github.event.pull_request.number }}
- body: |
-
- Validation output log
-
-
- ```
- ${{ steps.validate.outputs.stdout }}
- ```
-
-
-
- get-diff:
- runs-on: ubuntu-latest
- needs: validate
- if: github.event_name == 'pull_request'
- steps:
- - run: sudo apt-get install -y yamllint
- - run: curl -s https://fluxcd.io/install.sh | sudo bash
- - name: install dyff
- uses: giantswarm/install-binary-action@v1
- with:
- binary: dyff
- download_url: "https://github.com/homeport/dyff/releases/download/v${version}/dyff_${version}_linux_amd64.tar.gz"
- smoke_test: "${binary} version"
- tarball_binary_path: "${binary}"
- version: ${{ env.dyff_ver }}
- - run: which dyff
- - uses: giantswarm/install-binary-action@v1
- with:
- binary: kubeconform
- download_url: "https://github.com/yannh/kubeconform/releases/download/v${version}/kubeconform-linux-amd64.tar.gz"
- smoke_test: "${binary} -v"
- tarball_binary_path: "${binary}"
- version: ${{ env.kubeconform_ver }}
- - run: which kubeconform
- - run: ls -la /opt/hostedtoolcache
- - uses: actions/checkout@v3
- - name: template all for the new branch
- run: ./tools/test-all-ff template > /tmp/new.yaml
- - uses: actions/checkout@v3
- with:
- ref: 'main'
- path: 'old'
- - name: template all for the old branch
- run: cd old/ && ../tools/test-all-ff template > /tmp/old.yaml && cd ..
- - name: save the diff
- uses: mathiasvr/command-output@v1
- id: diff
- with:
- run: 'dyff between -s -i -b -g /tmp/old.yaml /tmp/new.yaml && echo "No diff detected" || if [[ $? -eq 255 ]]; then echo "Diff error"; fi;'
- - name: Find diff comment
- uses: peter-evans/find-comment@v2
- continue-on-error: true
- id: fc
- with:
- issue-number: ${{ github.event.pull_request.number }}
- comment-author: 'github-actions[bot]'
- body-includes: Rendered manifest diff output log
- - name: Delete old comment
- uses: winterjung/comment@fda92dbcb5e7e79cccd55ecb107a8a3d7802a469 # v1.1.0
- continue-on-error: true
- with:
- type: delete
- comment_id: ${{ steps.fc.outputs.comment-id }}
- token: ${{ secrets.GITHUB_TOKEN }}
- - name: Create or update validation comment
- uses: peter-evans/create-or-update-comment@v2
- with:
- issue-number: ${{ github.event.pull_request.number }}
- body: |
-
- Rendered manifest diff output log
-
-
- ```
- ${{ steps.diff.outputs.stdout }}
- ```
-
-
-
- test_on_kind:
- runs-on: ubuntu-latest
- needs: validate
- steps:
- - uses: actions/checkout@v3
- - name: install apptestctl
- uses: giantswarm/install-binary-action@v1
- with:
- binary: apptestctl
- download_url: "https://github.com/giantswarm/apptestctl/releases/download/v${version}/apptestctl-v${version}-linux-amd64.tar.gz"
- smoke_test: "${binary} version"
- tarball_binary_path: "apptestctl-v${version}-linux-amd64/${binary}"
- version: ${{ env.apptestctl_ver }}
- - name: install clusterctl
- run: curl -sSL https://github.com/kubernetes-sigs/cluster-api/releases/download/v${{ env.clusterctl_ver }}/clusterctl-linux-amd64 -o /usr/local/bin/clusterctl && chmod +x /usr/local/bin/clusterctl && clusterctl version
- - name: Create k8s Kind Cluster
- uses: helm/kind-action@v1.3.0
- with:
- version: "v${{ env.kind_ver }}"
- - name: extract kind kube.config
- run: kind get kubeconfig --name 'chart-testing' > /tmp/kube.config
- - name: Set up Python 3.9
- uses: actions/setup-python@v4
- with:
- python-version: "3.9"
- - name: Install pipenv
- run: |
- python -m pip install --upgrade pipenv
- - name: install pipenv environment
- run: cd tests/ats && pipenv install --deploy
- - name: run tests
- run: cd tests/ats && pipenv run pytest .
- env:
- KUBECONFIG: /tmp/kube.config
- GITOPS_FLUX_APP_VERSION: "${{ env.GITOPS_FLUX_APP_VERSION }}"
- GITOPS_INIT_NAMESPACES: "${{ env.GITOPS_INIT_NAMESPACES }}"
- GITOPS_REPO_BRANCH: "${{ github.head_ref || github.ref_name }}"
- GITOPS_REPO_URL: "${{ github.server_url }}/${{ github.repository }}"
- GITOPS_MASTER_GPG_KEY: "${{ secrets.GITOPS_MASTER_GPG_KEY }}"
+ uses: giantswarm/github-workflows/.github/workflows/gitops-validate.yaml@main
+ secrets:
+ GITOPS_MASTER_GPG_KEY: ${{ secrets.GITOPS_MASTER_GPG_KEY }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1341e4ad..bd6254cf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,13 @@ following [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
### Changed
+- CI: replaced the hand-maintained `validate.yaml` and `basic.yml` with a thin
+ caller to the new reusable
+ `giantswarm/github-workflows/.github/workflows/gitops-validate.yaml`. Behaviour
+ is unchanged (pre-commit, `./tools/test-all-ff validate`, rendered-manifest diff,
+ and the `tests/ats` kind e2e); the GitHub Actions pins are now maintained
+ centrally and on current releases, clearing the Node 20 / `set-output`
+ deprecation warnings.
- Bump `dyff_ver` from `1.5.4` to `1.7.1` in the existing rendered-manifest
diff job (`validate.yaml`), to standardize on the version used by the new
`yaml-diff` workflow.