diff --git a/.ci/flake.nix b/.ci/flake.nix deleted file mode 100644 index 2a8309e924e..00000000000 --- a/.ci/flake.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - description = "CI Nix Flake"; - - inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; - flake-utils.url = "github:numtide/flake-utils"; - }; - - - outputs = - { self - , nixpkgs - , flake-utils - }: - # System-specific logic - flake-utils.lib.eachDefaultSystem - (system: # Non-system-specific logic - let - pkgs = import nixpkgs { inherit system; }; - in - { - devShells = { - default = pkgs.mkShell - { - buildInputs = (with pkgs; [ - fluxcd - jo - ]); - }; - }; - }); -} diff --git a/.github/workflows/build-terraform-oci.yaml b/.github/workflows/build-terraform-oci.yaml index 9395ce6787c..96aa00d0e14 100644 --- a/.github/workflows/build-terraform-oci.yaml +++ b/.github/workflows/build-terraform-oci.yaml @@ -1,33 +1,29 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: "Terraform: Build OCI artifacts" -on: # yamllint disable-line rule:truthy +on: workflow_dispatch: push: branches: - main paths: - - "infrastructure/terraform/**" + - .github/workflows/build-terraform-oci.yaml + - infrastructure/terraform/** jobs: changed-files: name: Generate matrix for building images - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest outputs: matrix: ${{ steps.set-matrix.outputs.matrix }} steps: - name: Checkout uses: actions/checkout@v4 - - name: Install Nix - uses: cachix/install-nix-action@v24 - with: - github_access_token: ${{ secrets.GITHUB_TOKEN }} - - - name: Switch to Nix devShell - uses: nicknovitski/nix-develop@v1.1.0 - with: - arguments: "./.ci" + - name: Install System Tools + shell: bash + run: sudo apt-get -qq update && sudo apt-get -qq install --no-install-recommends -y jo - name: Get changed files id: changed-files @@ -53,21 +49,31 @@ jobs: fi publish: - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest needs: - changed-files strategy: matrix: ${{ fromJSON(needs.changed-files.outputs.matrix) }} steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ secrets.BJWS_APP_ID }} + private-key: ${{ secrets.BJWS_APP_PRIVATE_KEY }} - - name: Set up Homebrew - uses: Homebrew/actions/setup-homebrew@master + - name: Checkout + uses: actions/checkout@v4 + with: + token: ${{ steps.app-token.outputs.token }} - - name: Setup Tools - run: | - brew install fluxcd/tap/flux + - uses: jdx/rtx-action@v1 + with: + install: true + cache: true + rtx_toml: | + [tools] + flux2 = "latest" - name: Login to GitHub Container Registry uses: docker/login-action@v3 @@ -76,14 +82,18 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Generate tag + id: generate-tag + shell: bash + run: echo "tag=ghcr.io/${{ github.repository_owner }}/terraform/$(basename ${{ matrix.project }}):$(git rev-parse --short HEAD)" >> "${GITHUB_OUTPUT}" + - name: Publish OCI run: | - flux push artifact "oci://ghcr.io/bjw-s/terraform/$(basename ${{ matrix.project }}):$(git rev-parse --short HEAD)" \ + flux push artifact "oci://${{ steps.generate-tag.outputs.tag }}" \ --path="./${{ matrix.project }}" \ --source="$(git config --get remote.origin.url)" \ --revision="$(git branch --show-current)/$(git rev-parse HEAD)" - name: Tag OCI run: | - flux tag artifact "oci://ghcr.io/bjw-s/terraform/$(basename ${{ matrix.project }}):$(git rev-parse --short HEAD)" \ - --tag main + flux tag artifact "oci://${{ steps.generate-tag.outputs.tag }}" --tag main diff --git a/.github/workflows/docs-publish.yaml b/.github/workflows/docs-publish.yaml index 126cd2a9004..c9c6b3bb982 100644 --- a/.github/workflows/docs-publish.yaml +++ b/.github/workflows/docs-publish.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: "Docs: Release to GitHub pages" on: @@ -7,28 +8,27 @@ on: branches: - main paths: - - ".github/workflows/docs-publish.yaml" - - "docs/**" + - .github/workflows/docs-publish.yaml + - docs/** jobs: release-docs: name: Release documentation - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest concurrency: group: ${{ github.workflow }}-${{ github.ref }} steps: - - name: "Generate Short Lived OAuth App Token (ghs_*)" - uses: actions/create-github-app-token@v1.6.2 + - name: Generate Token + uses: actions/create-github-app-token@v1 id: app-token with: - app-id: "${{ secrets.BJWS_APP_ID }}" - private-key: "${{ secrets.BJWS_APP_PRIVATE_KEY }}" + app-id: ${{ secrets.BJWS_APP_ID }} + private-key: ${{ secrets.BJWS_APP_PRIVATE_KEY }} - name: Checkout main branch - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + uses: actions/checkout@v4 with: token: ${{ steps.app-token.outputs.token }} - fetch-depth: 0 - name: Build docs uses: docker://ghcr.io/bjw-s/mdbook:0.4.36@sha256:d86edc42a0d22e38f3d59d6cf517a9d93a7dbe8ec3ec80a114dfd7a99d9354cd diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index 7616bd2c626..2e4545968bd 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: "Flux Diff" on: @@ -7,20 +8,57 @@ on: - main paths: - .github/workflows/flux-diff.yaml - - kubernetes/**.yaml + - kubernetes/** + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true jobs: + changed-files: + name: Get Changed Files + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.changed-files.outputs.all_changed_and_modified_files }} + steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ secrets.BJWS_APP_ID }} + private-key: ${{ secrets.BJWS_APP_PRIVATE_KEY }} + + - name: Checkout + uses: actions/checkout@v4 + with: + token: "${{ steps.app-token.outputs.token }}" + fetch-depth: 0 + + - name: Get changed files + id: changed-files + uses: tj-actions/changed-files@v40 + with: + files: kubernetes/** + dir_names: true + dir_names_max_depth: 2 + json: true + quotepath: false + escape_json: false + + - name: List all changed files + run: echo "${{ steps.changed-files.outputs.all_changed_and_modified_files }}" + flux-diff: name: Flux Diff runs-on: ubuntu-latest + needs: + - changed-files permissions: pull-requests: write strategy: matrix: - path: - - kubernetes/main - - kubernetes/nas - resource: + paths: ${{ fromJSON(needs.changed-files.outputs.matrix) }} + resources: - helmrelease - kustomization steps: @@ -31,22 +69,45 @@ jobs: app-id: ${{ secrets.BJWS_APP_ID }} private-key: ${{ secrets.BJWS_APP_PRIVATE_KEY }} + - uses: jdx/rtx-action@v1 + with: + install: true + cache: true + rtx_toml: | + [tools] + flux2 = "latest" + - name: Diff Resources uses: allenporter/flux-local/action/diff@3.2.0 id: diff with: sources: home-ops-kubernetes - path: "${{ matrix.path }}" - resource: "${{ matrix.resource }}" + path: "${{ matrix.paths }}" + resource: "${{ matrix.resources }}" - if: ${{ steps.diff.outputs.diff != '' }} name: Add comment uses: mshick/add-pr-comment@v2.8.1 with: repo-token: "${{ steps.app-token.outputs.token }}" - message-id: "${{ github.event.pull_request.number }}/${{ matrix.path }}/${{ matrix.resource }}" + message-id: "${{ github.event.pull_request.number }}/${{ matrix.paths }}/${{ matrix.resources }}" message-failure: Diff was not successful message: | ```diff ${{ steps.diff.outputs.diff }} ``` + + flux-diff-success: + needs: + - flux-diff + if: ${{ always() }} + name: Flux Diff successful + runs-on: ubuntu-latest + steps: + - name: Check matrix status + if: >- + ${{ + contains(needs.*.result, 'failure') + || contains(needs.*.result, 'cancelled') + }} + run: exit 1 diff --git a/.github/workflows/flux-hr-image-test.yaml b/.github/workflows/flux-hr-image-test.yaml index 9f12b4d276d..414c0f2862a 100644 --- a/.github/workflows/flux-hr-image-test.yaml +++ b/.github/workflows/flux-hr-image-test.yaml @@ -10,6 +10,10 @@ on: - .github/workflows/flux-hr-image-test.yaml - kubernetes/**/helmrelease.yaml +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + jobs: changed-files: name: Get Changed Files @@ -88,7 +92,6 @@ jobs: - name: Test Images from Helm Release run: docker pull ${{ matrix.images }} - # Summarize matrix https://github.community/t/status-check-for-a-matrix-jobs/127354/7 test-images-success: needs: - test-images diff --git a/.github/workflows/flux-ks-sync.yaml b/.github/workflows/flux-ks-sync.yaml index 5a1a3ce11af..548cfef8c71 100644 --- a/.github/workflows/flux-ks-sync.yaml +++ b/.github/workflows/flux-ks-sync.yaml @@ -12,6 +12,10 @@ on: - kubernetes/main/** - kubernetes/nas/** +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + jobs: sync: name: Flux Kustomization Sync @@ -36,20 +40,13 @@ jobs: with: token: "${{ steps.app-token.outputs.token }}" - - name: Install OS Deps - shell: bash - run: | - sudo apt-get update && sudo apt-get install -y curl git xz-utils - - - name: Install Nix - uses: cachix/install-nix-action@v24 - with: - github_access_token: "${{ steps.app-token.outputs.token }}" - - - name: Switch to Nix devShell - uses: nicknovitski/nix-develop@v1.1.0 + - uses: jdx/rtx-action@v1 with: - arguments: "./.ci" + install: true + cache: true + rtx_toml: | + [tools] + flux2 = "latest" - name: Write kubeconfig id: kubeconfig diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 00bd879f225..ae50f425700 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -1,7 +1,8 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: Lint -on: # yamllint disable-line rule:truthy +on: workflow_dispatch: pull_request: branches: @@ -17,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + uses: actions/checkout@v4 with: fetch-depth: 0 diff --git a/.github/workflows/meta-enforce-labels.yaml b/.github/workflows/meta-enforce-labels.yaml index 1e5c44e7c58..54dc371249e 100644 --- a/.github/workflows/meta-enforce-labels.yaml +++ b/.github/workflows/meta-enforce-labels.yaml @@ -1,9 +1,12 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: Meta - Enforce PR labels -on: # yamllint disable-line rule:truthy +on: pull_request: - types: [labeled, unlabeled, opened, edited, synchronize] + types: + - labeled + - unlabeled jobs: enforce-label: diff --git a/.github/workflows/meta-label-size.yaml b/.github/workflows/meta-label-size.yaml deleted file mode 100644 index 5a44f7c8a8a..00000000000 --- a/.github/workflows/meta-label-size.yaml +++ /dev/null @@ -1,34 +0,0 @@ ---- -name: Meta - Label Size - -on: # yamllint disable-line rule:truthy - pull_request: - branches: - - main - -jobs: - label-size: - name: Label Size - runs-on: ubuntu-latest - steps: - - name: Generate Token - uses: actions/create-github-app-token@v1 - id: app-token - with: - app-id: ${{ secrets.BJWS_APP_ID }} - private-key: ${{ secrets.BJWS_APP_PRIVATE_KEY }} - - - name: Label Size - uses: pascalgn/size-label-action@v0.5.0 - env: - GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}" - with: - sizes: > - { - "0": "XS", - "20": "S", - "50": "M", - "200": "L", - "800": "XL", - "2000": "XXL" - } diff --git a/.github/workflows/meta-labeler.yaml b/.github/workflows/meta-labeler.yaml index c01c074c369..a3e9341f1bf 100644 --- a/.github/workflows/meta-labeler.yaml +++ b/.github/workflows/meta-labeler.yaml @@ -1,7 +1,8 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: Meta - Labeler -on: # yamllint disable-line rule:truthy +on: pull_request: branches: - main