From c5882759809fd8dac5c57da517d8a35d4c5a9313 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 09:48:16 +0000 Subject: [PATCH 01/60] f --- .github/workflows/helm.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/workflows/helm.yaml diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml new file mode 100644 index 00000000..966fcf73 --- /dev/null +++ b/.github/workflows/helm.yaml @@ -0,0 +1,26 @@ +name: "Helm Chart Validation" + +on: + pull_request: + +concurrency: + group: ${{ github.head_ref }}-pr-validate + cancel-in-progress: true + +env: + KUBERNETES_DIR: ./embed/generic/kubernetes + +jobs: + kubeconform: + name: Kubeconform + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - name: Setup Homebrew + uses: Homebrew/actions/setup-homebrew@master + - name: Setup Workflow Tools + run: brew install fluxcd/tap/flux kubeconform kustomize + - name: Run kubeconform + shell: bash + run: bash ./.github/scripts/kubeconform.sh ${{ env.KUBERNETES_DIR }} From 4934fc0a962d5166aede72afaa3ec9301126fc65 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 09:49:48 +0000 Subject: [PATCH 02/60] Add kubeconform script --- .github/scripts/kubeconform.sh | 40 ++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 .github/scripts/kubeconform.sh diff --git a/.github/scripts/kubeconform.sh b/.github/scripts/kubeconform.sh new file mode 100644 index 00000000..c5a2bf77 --- /dev/null +++ b/.github/scripts/kubeconform.sh @@ -0,0 +1,40 @@ +#!/usr/bin/env bash +set -o errexit +set -o pipefail + +KUBERNETES_DIR=$1 + +[[ -z "${KUBERNETES_DIR}" ]] && echo "Kubernetes location not specified" && exit 1 + +kustomize_args=("--load-restrictor=LoadRestrictionsNone") +kustomize_config="kustomization.yaml" +kubeconform_args=( + "-strict" + "-ignore-missing-schemas" + "-skip" + "Secret,ConfigMap,tuppr.home-operations.com/v1alpha1/TalosUpgrade,tuppr.home-operations.com/v1alpha1/KubernetesUpgrade" + "-schema-location" + "default" + "-schema-location" + "https://kubernetes-schemas.pages.dev/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json" + "-verbose" +) + +echo "=== Validating standalone manifests in ${KUBERNETES_DIR} ===" +find "${KUBERNETES_DIR}" -maxdepth 1 -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; +do + kubeconform "${kubeconform_args[@]}" "${file}" + if [[ ${PIPESTATUS[0]} != 0 ]]; then + exit 1 + fi +done + +echo "=== Validating kustomizations in ${KUBERNETES_DIR}/ ===" +find "${KUBERNETES_DIR}" -type f -name $kustomize_config -print0 | while IFS= read -r -d $'\0' file; +do + echo "=== Validating kustomizations in ${file/%$kustomize_config} ===" + kustomize build "${file/%$kustomize_config}" "${kustomize_args[@]}" | kubeconform "${kubeconform_args[@]}" + if [[ ${PIPESTATUS[0]} != 0 ]]; then + exit 1 + fi +done \ No newline at end of file From 7ef1e69a4175c6dfcf18cc5de409f85634bdcfb7 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 09:53:00 +0000 Subject: [PATCH 03/60] add flux diff --- .github/workflows/helm.yaml | 68 +++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 966fcf73..e8a94729 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -14,6 +14,8 @@ jobs: kubeconform: name: Kubeconform runs-on: ubuntu-latest + permissions: + contents: read steps: - name: Checkout uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 @@ -24,3 +26,69 @@ jobs: - name: Run kubeconform shell: bash run: bash ./.github/scripts/kubeconform.sh ${{ env.KUBERNETES_DIR }} + + diff: + name: Flux Diff + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + strategy: + matrix: + resources: ["helmrelease", "kustomization"] + max-parallel: 4 + fail-fast: false + steps: + - name: Checkout + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + with: + path: pull + - name: Checkout Default Branch + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + with: + ref: "${{ github.event.repository.default_branch }}" + path: default + - name: Diff Resources + uses: docker://ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 + with: + args: >- + diff ${{ matrix.resources }} + --unified 6 + --path /github/workspace/pull/ + --path-orig /github/workspace/default/ + --strip-attrs "helm.sh/chart,checksum/config,checksum/redis,checksum/secrets,app.kubernetes.io/version,chart,app" + --limit-bytes 10000 + --all-namespaces + --sources "cluster" + --output-file diff.patch + - name: Generate Diff + id: diff + run: | + echo 'diff<> $GITHUB_OUTPUT + cat diff.patch >> $GITHUB_OUTPUT + echo 'EOF' >> $GITHUB_OUTPUT + + echo '## Flux ${{ matrix.resources }} diff' >> $GITHUB_STEP_SUMMARY + echo '```diff' >> $GITHUB_STEP_SUMMARY + cat diff.patch >> $GITHUB_STEP_SUMMARY + echo '```' >> $GITHUB_STEP_SUMMARY + - if: ${{ steps.diff.outputs.diff != '' }} + name: Generate Token + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + id: app-token + with: + app-id: ${{ secrets.BOT_APP_ID }} + private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }} + - if: ${{ steps.diff.outputs.diff != '' }} + name: Add Comment + continue-on-error: true + uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2 + with: + repo-token: "${{ steps.app-token.outputs.token }}" + message-id: "${{ github.event.pull_request.number }}/kubernetes/${{ matrix.resources }}" + header: ${{ github.event.pull_request.number }}/kubernetes/${{ matrix.resource }} + message-failure: Diff was not successful + message: | + ```diff + ${{ steps.diff.outputs.diff }} + ``` From 136f413b8389b0479413e819b2c7411fd18a2b9b Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 09:58:49 +0000 Subject: [PATCH 04/60] test --- .github/scripts/kubeconform.sh | 4 +++- .github/workflows/helm.yaml | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/scripts/kubeconform.sh b/.github/scripts/kubeconform.sh index c5a2bf77..ac2e213b 100644 --- a/.github/scripts/kubeconform.sh +++ b/.github/scripts/kubeconform.sh @@ -11,8 +11,10 @@ kustomize_config="kustomization.yaml" kubeconform_args=( "-strict" "-ignore-missing-schemas" + "-ignore-filename-pattern" + "deploykey.secret.yaml" "-skip" - "Secret,ConfigMap,tuppr.home-operations.com/v1alpha1/TalosUpgrade,tuppr.home-operations.com/v1alpha1/KubernetesUpgrade" + "Secret,ConfigMap" "-schema-location" "default" "-schema-location" diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index e8a94729..dc4f876d 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -54,8 +54,8 @@ jobs: args: >- diff ${{ matrix.resources }} --unified 6 - --path /github/workspace/pull/ - --path-orig /github/workspace/default/ + --path /github/workspace/pull/embed/generic/kubernetes + --path-orig /github/workspace/default/embed/generic/kubernetes --strip-attrs "helm.sh/chart,checksum/config,checksum/redis,checksum/secrets,app.kubernetes.io/version,chart,app" --limit-bytes 10000 --all-namespaces From 7956f8b45f577f949688c8aa18035aa5efdbf07a Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:04:56 +0000 Subject: [PATCH 05/60] kustomize --- .github/scripts/kubeconform.sh | 2 -- .github/workflows/helm.yaml | 17 +++++++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/.github/scripts/kubeconform.sh b/.github/scripts/kubeconform.sh index ac2e213b..a0e9132c 100644 --- a/.github/scripts/kubeconform.sh +++ b/.github/scripts/kubeconform.sh @@ -11,8 +11,6 @@ kustomize_config="kustomization.yaml" kubeconform_args=( "-strict" "-ignore-missing-schemas" - "-ignore-filename-pattern" - "deploykey.secret.yaml" "-skip" "Secret,ConfigMap" "-schema-location" diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index dc4f876d..225cf953 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -23,6 +23,23 @@ jobs: uses: Homebrew/actions/setup-homebrew@master - name: Setup Workflow Tools run: brew install fluxcd/tap/flux kubeconform kustomize + - name: Create dummy deploykey secret (CI only) + shell: bash + run: | + SECRET_PATH="embed/generic/kubernetes/flux-system/flux/deploykey.secret.yaml" + + if [[ ! -f "$SECRET_PATH" ]]; then + echo "Creating dummy deploykey.secret.yaml for kubeconform" + mkdir -p "$(dirname "$SECRET_PATH")" + cat < "$SECRET_PATH" + apiVersion: v1 + kind: Secret + metadata: + name: deploykey + type: Opaque + data: {} + EOF + fi - name: Run kubeconform shell: bash run: bash ./.github/scripts/kubeconform.sh ${{ env.KUBERNETES_DIR }} From 3020d0fc5c672c3801d0060ada779322763a92ab Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:07:12 +0000 Subject: [PATCH 06/60] test --- .github/workflows/helm.yaml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 225cf953..6d167be4 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -31,14 +31,7 @@ jobs: if [[ ! -f "$SECRET_PATH" ]]; then echo "Creating dummy deploykey.secret.yaml for kubeconform" mkdir -p "$(dirname "$SECRET_PATH")" - cat < "$SECRET_PATH" - apiVersion: v1 - kind: Secret - metadata: - name: deploykey - type: Opaque - data: {} - EOF + touch "$SECRET_PATH" fi - name: Run kubeconform shell: bash From 5d5afaec21372a186e352083c0d4fdf1b50c0c0d Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:10:11 +0000 Subject: [PATCH 07/60] f --- .github/workflows/helm.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 6d167be4..d5bbdc00 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -33,6 +33,24 @@ jobs: mkdir -p "$(dirname "$SECRET_PATH")" touch "$SECRET_PATH" fi + - name: Ensure ConfigMap placeholder exists (CI only) + shell: bash + run: | + CONFIG_PATH="embed/generic/kubernetes/flux-system/flux/cluster-config.yaml" + + if [[ ! -f "$CONFIG_PATH" ]]; then + echo "Creating placeholder ConfigMap for kubeconform" + mkdir -p "$(dirname "$CONFIG_PATH")" + cat < "$CONFIG_PATH" +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-config + namespace: flux-system +data: +REPLACEWITHENV +EOF + fi - name: Run kubeconform shell: bash run: bash ./.github/scripts/kubeconform.sh ${{ env.KUBERNETES_DIR }} From 667f1f1fddacb1a717dc7921101cb575c6b7a6ba Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:11:33 +0000 Subject: [PATCH 08/60] f --- .github/workflows/helm.yaml | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index d5bbdc00..b8c6b3f3 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -33,24 +33,17 @@ jobs: mkdir -p "$(dirname "$SECRET_PATH")" touch "$SECRET_PATH" fi - - name: Ensure ConfigMap placeholder exists (CI only) + - name: Inject ConfigMap data for CI shell: bash run: | CONFIG_PATH="embed/generic/kubernetes/flux-system/flux/cluster-config.yaml" - if [[ ! -f "$CONFIG_PATH" ]]; then - echo "Creating placeholder ConfigMap for kubeconform" - mkdir -p "$(dirname "$CONFIG_PATH")" - cat < "$CONFIG_PATH" -apiVersion: v1 -kind: ConfigMap -metadata: - name: cluster-config - namespace: flux-system -data: -REPLACEWITHENV -EOF - fi + if [[ -f "$CONFIG_PATH" ]]; then + echo "Replacing REPLACEWITHENV in cluster-config.yaml" + + # Example: replace with dummy key-values for CI + sed -i "s|REPLACEWITHENV|dummyKey=dummyValue|" "$CONFIG_PATH" + fi - name: Run kubeconform shell: bash run: bash ./.github/scripts/kubeconform.sh ${{ env.KUBERNETES_DIR }} From a52ee45714daeeb78405a3db83a8038152fe793e Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:12:47 +0000 Subject: [PATCH 09/60] f --- .github/workflows/helm.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index b8c6b3f3..795ba04e 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -36,10 +36,10 @@ jobs: - name: Inject ConfigMap data for CI shell: bash run: | - CONFIG_PATH="embed/generic/kubernetes/flux-system/flux/cluster-config.yaml" + CONFIG_PATH="embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" if [[ -f "$CONFIG_PATH" ]]; then - echo "Replacing REPLACEWITHENV in cluster-config.yaml" + echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" # Example: replace with dummy key-values for CI sed -i "s|REPLACEWITHENV|dummyKey=dummyValue|" "$CONFIG_PATH" From 3cd5d94cc66513c3751dcf5fc254bf673212df3f Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:16:40 +0000 Subject: [PATCH 10/60] f --- .github/workflows/helm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 795ba04e..db9a208b 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -42,7 +42,7 @@ jobs: echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" # Example: replace with dummy key-values for CI - sed -i "s|REPLACEWITHENV|dummyKey=dummyValue|" "$CONFIG_PATH" + sed -i "s|REPLACEWITHENV|dummyKey:dummyValue|" "$CONFIG_PATH" fi - name: Run kubeconform shell: bash From 6b88070ed21f5587f65f2a2cb6c88b03a3196ae2 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:21:24 +0000 Subject: [PATCH 11/60] spaces --- .github/workflows/helm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index db9a208b..8f8923b0 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -42,7 +42,7 @@ jobs: echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" # Example: replace with dummy key-values for CI - sed -i "s|REPLACEWITHENV|dummyKey:dummyValue|" "$CONFIG_PATH" + sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" fi - name: Run kubeconform shell: bash From 4402a6cfe85d93f260e4d0a2b5929da59cbc9d97 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:24:27 +0000 Subject: [PATCH 12/60] f --- .github/scripts/kubeconform.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/kubeconform.sh b/.github/scripts/kubeconform.sh index a0e9132c..b0a35c87 100644 --- a/.github/scripts/kubeconform.sh +++ b/.github/scripts/kubeconform.sh @@ -7,7 +7,7 @@ KUBERNETES_DIR=$1 [[ -z "${KUBERNETES_DIR}" ]] && echo "Kubernetes location not specified" && exit 1 kustomize_args=("--load-restrictor=LoadRestrictionsNone") -kustomize_config="kustomization.yaml" +kustomize_config="kustomization.yaml, namespace.yaml" kubeconform_args=( "-strict" "-ignore-missing-schemas" From 63dad9924b495a469e9ec2d1ed756b4400d56476 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:27:21 +0000 Subject: [PATCH 13/60] test --- .github/scripts/kubeconform.sh | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/.github/scripts/kubeconform.sh b/.github/scripts/kubeconform.sh index b0a35c87..8b507d93 100644 --- a/.github/scripts/kubeconform.sh +++ b/.github/scripts/kubeconform.sh @@ -7,7 +7,7 @@ KUBERNETES_DIR=$1 [[ -z "${KUBERNETES_DIR}" ]] && echo "Kubernetes location not specified" && exit 1 kustomize_args=("--load-restrictor=LoadRestrictionsNone") -kustomize_config="kustomization.yaml, namespace.yaml" +kustomize_config="kustomization.yaml" kubeconform_args=( "-strict" "-ignore-missing-schemas" @@ -20,6 +20,9 @@ kubeconform_args=( "-verbose" ) +# Additional files to validate +extra_files=("namespace.yaml" "another-file.yaml") + echo "=== Validating standalone manifests in ${KUBERNETES_DIR} ===" find "${KUBERNETES_DIR}" -maxdepth 1 -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; do @@ -29,6 +32,21 @@ do fi done +# Validate extra files +for file in "${extra_files[@]}"; do + full_path="${KUBERNETES_DIR}/${file}" + if [[ -f "${full_path}" ]]; then + echo "=== Validating extra file ${full_path} ===" + kubeconform "${kubeconform_args[@]}" "${full_path}" + if [[ $? != 0 ]]; then + exit 1 + fi + else + echo "Warning: extra file ${full_path} not found" + fi +done + + echo "=== Validating kustomizations in ${KUBERNETES_DIR}/ ===" find "${KUBERNETES_DIR}" -type f -name $kustomize_config -print0 | while IFS= read -r -d $'\0' file; do From 11ae209dd50fbc10840fdc0e7d9861170b42a264 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:28:34 +0000 Subject: [PATCH 14/60] f --- .github/scripts/kubeconform.sh | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/.github/scripts/kubeconform.sh b/.github/scripts/kubeconform.sh index 8b507d93..6b86fc16 100644 --- a/.github/scripts/kubeconform.sh +++ b/.github/scripts/kubeconform.sh @@ -32,17 +32,13 @@ do fi done -# Validate extra files -for file in "${extra_files[@]}"; do - full_path="${KUBERNETES_DIR}/${file}" - if [[ -f "${full_path}" ]]; then - echo "=== Validating extra file ${full_path} ===" - kubeconform "${kubeconform_args[@]}" "${full_path}" - if [[ $? != 0 ]]; then - exit 1 - fi - else - echo "Warning: extra file ${full_path} not found" +echo "=== Validating all namespace.yaml files in ${KUBERNETES_DIR} ===" +find "${KUBERNETES_DIR}" -type f -name 'namespace.yaml' -print0 | while IFS= read -r -d $'\0' file; +do + echo "Validating ${file}" + kubeconform "${kubeconform_args[@]}" "${file}" + if [[ ${PIPESTATUS[0]} != 0 ]]; then + exit 1 fi done From 0b09ad7ac05eea859c4f5ca61c81d44f7779bfcf Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:30:00 +0000 Subject: [PATCH 15/60] helm-releases --- .github/scripts/kubeconform.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/scripts/kubeconform.sh b/.github/scripts/kubeconform.sh index 6b86fc16..7c4660f9 100644 --- a/.github/scripts/kubeconform.sh +++ b/.github/scripts/kubeconform.sh @@ -20,8 +20,6 @@ kubeconform_args=( "-verbose" ) -# Additional files to validate -extra_files=("namespace.yaml" "another-file.yaml") echo "=== Validating standalone manifests in ${KUBERNETES_DIR} ===" find "${KUBERNETES_DIR}" -maxdepth 1 -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; @@ -42,6 +40,16 @@ do fi done +echo "=== Validating all helm-release.yaml files in ${KUBERNETES_DIR} ===" +find "${KUBERNETES_DIR}" -type f -name 'helm-release.yaml' -print0 | while IFS= read -r -d $'\0' file; +do + echo "Validating ${file}" + kubeconform "${kubeconform_args[@]}" "${file}" + if [[ ${PIPESTATUS[0]} != 0 ]]; then + exit 1 + fi +done + echo "=== Validating kustomizations in ${KUBERNETES_DIR}/ ===" find "${KUBERNETES_DIR}" -type f -name $kustomize_config -print0 | while IFS= read -r -d $'\0' file; From 0c4f7c926e441930cbd6e29f5963955e293479b6 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:34:21 +0000 Subject: [PATCH 16/60] test --- .github/workflows/helm.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 8f8923b0..f9a91f91 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -69,6 +69,17 @@ jobs: with: ref: "${{ github.event.repository.default_branch }}" path: default + - name: Inject ConfigMap data for CI + shell: bash + run: | + CONFIG_PATH="embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" + + if [[ -f "$CONFIG_PATH" ]]; then + echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" + + # Example: replace with dummy key-values for CI + sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" + fi - name: Diff Resources uses: docker://ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 with: From efd808cf1a699ab73e7b4d03f32a0e8cd5e83e2a Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:36:30 +0000 Subject: [PATCH 17/60] test --- .github/workflows/helm.yaml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index f9a91f91..0234e54f 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -69,10 +69,21 @@ jobs: with: ref: "${{ github.event.repository.default_branch }}" path: default - - name: Inject ConfigMap data for CI + - name: Inject ConfigMap data for CI (pull) shell: bash run: | - CONFIG_PATH="embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" + CONFIG_PATH="/github/workspace/pull/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" + + if [[ -f "$CONFIG_PATH" ]]; then + echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" + + # Example: replace with dummy key-values for CI + sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" + fi + - name: Inject ConfigMap data for CI (origin) + shell: bash + run: | + CONFIG_PATH="/github/workspace/default/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" if [[ -f "$CONFIG_PATH" ]]; then echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" From 72313fe8e9732587b839376ae625954fb805bcaf Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:38:09 +0000 Subject: [PATCH 18/60] test --- .github/workflows/helm.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 0234e54f..78753093 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -80,6 +80,8 @@ jobs: # Example: replace with dummy key-values for CI sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" fi + echo "✅ File after modification:" + cat "$CONFIG_PATH" - name: Inject ConfigMap data for CI (origin) shell: bash run: | @@ -91,6 +93,8 @@ jobs: # Example: replace with dummy key-values for CI sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" fi + echo "✅ File after modification:" + cat "$CONFIG_PATH" - name: Diff Resources uses: docker://ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 with: From e36ae11f9e5e1fc016f7755c37e2704a9e17b776 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:39:02 +0000 Subject: [PATCH 19/60] f --- .github/workflows/helm.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 78753093..6a612c0e 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -72,7 +72,7 @@ jobs: - name: Inject ConfigMap data for CI (pull) shell: bash run: | - CONFIG_PATH="/github/workspace/pull/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" + CONFIG_PATH="embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" if [[ -f "$CONFIG_PATH" ]]; then echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" @@ -85,7 +85,7 @@ jobs: - name: Inject ConfigMap data for CI (origin) shell: bash run: | - CONFIG_PATH="/github/workspace/default/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" + CONFIG_PATH="embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" if [[ -f "$CONFIG_PATH" ]]; then echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" From 0dde87f55f0572484d3de3c43511ee740b4a35bc Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:40:07 +0000 Subject: [PATCH 20/60] f --- .../kubernetes/flux-system/flux/clustersettings.secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml b/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml index 034a556f..d0d54da2 100644 --- a/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml +++ b/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml @@ -4,4 +4,4 @@ metadata: name: cluster-config namespace: flux-system data: -REPLACEWITHENV + test: test From 9eb0810e692de4265e7e1226ef2d79386200c940 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:40:39 +0000 Subject: [PATCH 21/60] f --- .github/workflows/helm.yaml | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 6a612c0e..8f8923b0 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -69,32 +69,6 @@ jobs: with: ref: "${{ github.event.repository.default_branch }}" path: default - - name: Inject ConfigMap data for CI (pull) - shell: bash - run: | - CONFIG_PATH="embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" - - if [[ -f "$CONFIG_PATH" ]]; then - echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" - - # Example: replace with dummy key-values for CI - sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" - fi - echo "✅ File after modification:" - cat "$CONFIG_PATH" - - name: Inject ConfigMap data for CI (origin) - shell: bash - run: | - CONFIG_PATH="embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" - - if [[ -f "$CONFIG_PATH" ]]; then - echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" - - # Example: replace with dummy key-values for CI - sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" - fi - echo "✅ File after modification:" - cat "$CONFIG_PATH" - name: Diff Resources uses: docker://ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 with: From 4a5dfdbe1dc88878ccb6ede3ce7cb68d0f6dc903 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:41:59 +0000 Subject: [PATCH 22/60] f --- .../kubernetes/flux-system/flux/clustersettings.secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml b/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml index d0d54da2..034a556f 100644 --- a/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml +++ b/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml @@ -4,4 +4,4 @@ metadata: name: cluster-config namespace: flux-system data: - test: test +REPLACEWITHENV From 62eef0bef35f5eb1021cee7ff1dcbce20c5a9b7e Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:43:45 +0000 Subject: [PATCH 23/60] ahhh --- .github/workflows/helm.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 8f8923b0..de9f6cb7 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -69,6 +69,17 @@ jobs: with: ref: "${{ github.event.repository.default_branch }}" path: default + - name: Inject ConfigMap data for CI (pull) + shell: bash + run: | + CONFIG_PATH="/github/workspace/pull/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" + + if [[ -f "$CONFIG_PATH" ]]; then + echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" + + # Example: replace with dummy key-values for CI + sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" + fi - name: Diff Resources uses: docker://ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 with: From 5df846be33a310e84ed76324c258eb592f203b82 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:44:39 +0000 Subject: [PATCH 24/60] f --- .github/workflows/helm.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index de9f6cb7..d0f6fcf5 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -77,8 +77,13 @@ jobs: if [[ -f "$CONFIG_PATH" ]]; then echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" - # Example: replace with dummy key-values for CI + # Replace placeholder with dummy key-values for CI sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" + + echo "✅ File after modification:" + cat "$CONFIG_PATH" + else + echo "⚠️ File not found: $CONFIG_PATH" fi - name: Diff Resources uses: docker://ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 From 286fbef7b32fbfdcc368bfd2a3ef63548ebb77e9 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:46:34 +0000 Subject: [PATCH 25/60] f --- .github/workflows/helm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index d0f6fcf5..823cd6e1 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -72,7 +72,7 @@ jobs: - name: Inject ConfigMap data for CI (pull) shell: bash run: | - CONFIG_PATH="/github/workspace/pull/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" + CONFIG_PATH="pull/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" if [[ -f "$CONFIG_PATH" ]]; then echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" From f7432e949176931adf8b2612de57275ffbddf7a3 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:47:22 +0000 Subject: [PATCH 26/60] f --- .github/workflows/helm.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 823cd6e1..ba09a570 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -74,6 +74,22 @@ jobs: run: | CONFIG_PATH="pull/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" + if [[ -f "$CONFIG_PATH" ]]; then + echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" + + # Replace placeholder with dummy key-values for CI + sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" + + echo "✅ File after modification:" + cat "$CONFIG_PATH" + else + echo "⚠️ File not found: $CONFIG_PATH" + fi + - name: Inject ConfigMap data for CI (default) + shell: bash + run: | + CONFIG_PATH="default/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" + if [[ -f "$CONFIG_PATH" ]]; then echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" From 1f87ba7dc141e0ed6ee7602ff50acc9128e1b7a0 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:47:52 +0000 Subject: [PATCH 27/60] f --- .github/workflows/helm.yaml | 41 +++++++++++-------------------------- 1 file changed, 12 insertions(+), 29 deletions(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index ba09a570..ce6ee260 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -69,38 +69,21 @@ jobs: with: ref: "${{ github.event.repository.default_branch }}" path: default - - name: Inject ConfigMap data for CI (pull) - shell: bash - run: | - CONFIG_PATH="pull/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" - - if [[ -f "$CONFIG_PATH" ]]; then - echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" - - # Replace placeholder with dummy key-values for CI - sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" - - echo "✅ File after modification:" - cat "$CONFIG_PATH" - else - echo "⚠️ File not found: $CONFIG_PATH" - fi - - name: Inject ConfigMap data for CI (default) + - name: Inject ConfigMap data for CI shell: bash run: | - CONFIG_PATH="default/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" - - if [[ -f "$CONFIG_PATH" ]]; then - echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" - - # Replace placeholder with dummy key-values for CI - sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" + for branch in pull default; do + CONFIG_PATH="$branch/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" - echo "✅ File after modification:" - cat "$CONFIG_PATH" - else - echo "⚠️ File not found: $CONFIG_PATH" - fi + if [[ -f "$CONFIG_PATH" ]]; then + echo "Replacing REPLACEWITHENV in $branch branch" + sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" + echo "✅ File after modification ($branch):" + cat "$CONFIG_PATH" + else + echo "⚠️ File not found: $CONFIG_PATH" + fi + done - name: Diff Resources uses: docker://ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 with: From bb8af56d2df94601d98698e561d838b243d8d2de Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:51:40 +0000 Subject: [PATCH 28/60] f --- .github/workflows/helm.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index ce6ee260..da61427c 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -69,6 +69,21 @@ jobs: with: ref: "${{ github.event.repository.default_branch }}" path: default + - name: Adjust flux-entry path for CI + shell: bash + run: | + for branch in pull default; do + ENTRY_PATH="$branch/embed/generic/kubernetes/flux-entry.yaml" + + if [[ -f "$ENTRY_PATH" ]]; then + echo "Updating flux-entry path in $branch branch" + sed -i "s|path: ./clusters/REPLACEWITHCLUSTERNAME/kubernetes|path: ./embed/generic/kubernetes|" "$ENTRY_PATH" + echo "✅ File after modification ($branch):" + cat "$ENTRY_PATH" + else + echo "⚠️ File not found: $ENTRY_PATH" + fi + done - name: Inject ConfigMap data for CI shell: bash run: | From 07504d4da8752bb093b1c8e77c23f2de64ef4718 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:55:30 +0000 Subject: [PATCH 29/60] test --- .github/workflows/helm.yaml | 110 +++++++++++++++--------------------- 1 file changed, 44 insertions(+), 66 deletions(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index da61427c..76e2d278 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -48,96 +48,74 @@ jobs: shell: bash run: bash ./.github/scripts/kubeconform.sh ${{ env.KUBERNETES_DIR }} - diff: - name: Flux Diff + helm-diff: runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write strategy: matrix: - resources: ["helmrelease", "kustomization"] - max-parallel: 4 - fail-fast: false + resources: ['helm-release.yaml'] # can expand if multiple resources + steps: - - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 - with: - path: pull - - name: Checkout Default Branch - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Helm + uses: azure/setup-helm@v3 with: - ref: "${{ github.event.repository.default_branch }}" - path: default - - name: Adjust flux-entry path for CI - shell: bash + version: v3.12.0 + + - name: Install yq run: | - for branch in pull default; do - ENTRY_PATH="$branch/embed/generic/kubernetes/flux-entry.yaml" - - if [[ -f "$ENTRY_PATH" ]]; then - echo "Updating flux-entry path in $branch branch" - sed -i "s|path: ./clusters/REPLACEWITHCLUSTERNAME/kubernetes|path: ./embed/generic/kubernetes|" "$ENTRY_PATH" - echo "✅ File after modification ($branch):" - cat "$ENTRY_PATH" - else - echo "⚠️ File not found: $ENTRY_PATH" - fi - done - - name: Inject ConfigMap data for CI - shell: bash + sudo wget https://github.com/mikefarah/yq/releases/download/v4.45.1/yq_linux_amd64 -O /usr/bin/yq + sudo chmod +x /usr/bin/yq + + - name: Render PR Helm release + id: render-pr run: | - for branch in pull default; do - CONFIG_PATH="$branch/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" - - if [[ -f "$CONFIG_PATH" ]]; then - echo "Replacing REPLACEWITHENV in $branch branch" - sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" - echo "✅ File after modification ($branch):" - cat "$CONFIG_PATH" - else - echo "⚠️ File not found: $CONFIG_PATH" - fi - done - - name: Diff Resources - uses: docker://ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 - with: - args: >- - diff ${{ matrix.resources }} - --unified 6 - --path /github/workspace/pull/embed/generic/kubernetes - --path-orig /github/workspace/default/embed/generic/kubernetes - --strip-attrs "helm.sh/chart,checksum/config,checksum/redis,checksum/secrets,app.kubernetes.io/version,chart,app" - --limit-bytes 10000 - --all-namespaces - --sources "cluster" - --output-file diff.patch + mkdir -p rendered-pr + helm template myrelease . > rendered-pr/helm-release.yaml + + - name: Render main branch Helm release + id: render-main + run: | + git fetch origin main + git checkout origin/main -- . + mkdir -p rendered-main + helm template myrelease . > rendered-main/helm-release.yaml + - name: Generate Diff id: diff run: | + diff -uNr rendered-main rendered-pr > diff.patch || true + + # Save diff to GitHub output echo 'diff<> $GITHUB_OUTPUT cat diff.patch >> $GITHUB_OUTPUT echo 'EOF' >> $GITHUB_OUTPUT - echo '## Flux ${{ matrix.resources }} diff' >> $GITHUB_STEP_SUMMARY - echo '```diff' >> $GITHUB_STEP_SUMMARY - cat diff.patch >> $GITHUB_STEP_SUMMARY - echo '```' >> $GITHUB_STEP_SUMMARY + # Add diff to step summary for GitHub UI + if [ -s diff.patch ]; then + echo '## Flux ${{ matrix.resources }} diff' >> $GITHUB_STEP_SUMMARY + echo '```diff' >> $GITHUB_STEP_SUMMARY + cat diff.patch >> $GITHUB_STEP_SUMMARY + echo '```' >> $GITHUB_STEP_SUMMARY + fi + - if: ${{ steps.diff.outputs.diff != '' }} - name: Generate Token - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + name: Generate GitHub App Token + uses: actions/create-github-app-token@v2.2.1 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }} + - if: ${{ steps.diff.outputs.diff != '' }} - name: Add Comment + name: Add PR Comment continue-on-error: true - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2 + uses: mshick/add-pr-comment@v2 with: repo-token: "${{ steps.app-token.outputs.token }}" message-id: "${{ github.event.pull_request.number }}/kubernetes/${{ matrix.resources }}" - header: ${{ github.event.pull_request.number }}/kubernetes/${{ matrix.resource }} + header: ${{ github.event.pull_request.number }}/kubernetes/${{ matrix.resources }} message-failure: Diff was not successful message: | ```diff From bac4879834778d8c40209f361ee56a27598db01b Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:57:16 +0000 Subject: [PATCH 30/60] annoying --- .github/workflows/helm.yaml | 110 +++++++++++++++++++++--------------- 1 file changed, 66 insertions(+), 44 deletions(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 76e2d278..da61427c 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -48,74 +48,96 @@ jobs: shell: bash run: bash ./.github/scripts/kubeconform.sh ${{ env.KUBERNETES_DIR }} - helm-diff: + diff: + name: Flux Diff runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write strategy: matrix: - resources: ['helm-release.yaml'] # can expand if multiple resources - + resources: ["helmrelease", "kustomization"] + max-parallel: 4 + fail-fast: false steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Set up Helm - uses: azure/setup-helm@v3 + - name: Checkout + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: - version: v3.12.0 - - - name: Install yq - run: | - sudo wget https://github.com/mikefarah/yq/releases/download/v4.45.1/yq_linux_amd64 -O /usr/bin/yq - sudo chmod +x /usr/bin/yq - - - name: Render PR Helm release - id: render-pr + path: pull + - name: Checkout Default Branch + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + with: + ref: "${{ github.event.repository.default_branch }}" + path: default + - name: Adjust flux-entry path for CI + shell: bash run: | - mkdir -p rendered-pr - helm template myrelease . > rendered-pr/helm-release.yaml - - - name: Render main branch Helm release - id: render-main + for branch in pull default; do + ENTRY_PATH="$branch/embed/generic/kubernetes/flux-entry.yaml" + + if [[ -f "$ENTRY_PATH" ]]; then + echo "Updating flux-entry path in $branch branch" + sed -i "s|path: ./clusters/REPLACEWITHCLUSTERNAME/kubernetes|path: ./embed/generic/kubernetes|" "$ENTRY_PATH" + echo "✅ File after modification ($branch):" + cat "$ENTRY_PATH" + else + echo "⚠️ File not found: $ENTRY_PATH" + fi + done + - name: Inject ConfigMap data for CI + shell: bash run: | - git fetch origin main - git checkout origin/main -- . - mkdir -p rendered-main - helm template myrelease . > rendered-main/helm-release.yaml - + for branch in pull default; do + CONFIG_PATH="$branch/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" + + if [[ -f "$CONFIG_PATH" ]]; then + echo "Replacing REPLACEWITHENV in $branch branch" + sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" + echo "✅ File after modification ($branch):" + cat "$CONFIG_PATH" + else + echo "⚠️ File not found: $CONFIG_PATH" + fi + done + - name: Diff Resources + uses: docker://ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 + with: + args: >- + diff ${{ matrix.resources }} + --unified 6 + --path /github/workspace/pull/embed/generic/kubernetes + --path-orig /github/workspace/default/embed/generic/kubernetes + --strip-attrs "helm.sh/chart,checksum/config,checksum/redis,checksum/secrets,app.kubernetes.io/version,chart,app" + --limit-bytes 10000 + --all-namespaces + --sources "cluster" + --output-file diff.patch - name: Generate Diff id: diff run: | - diff -uNr rendered-main rendered-pr > diff.patch || true - - # Save diff to GitHub output echo 'diff<> $GITHUB_OUTPUT cat diff.patch >> $GITHUB_OUTPUT echo 'EOF' >> $GITHUB_OUTPUT - # Add diff to step summary for GitHub UI - if [ -s diff.patch ]; then - echo '## Flux ${{ matrix.resources }} diff' >> $GITHUB_STEP_SUMMARY - echo '```diff' >> $GITHUB_STEP_SUMMARY - cat diff.patch >> $GITHUB_STEP_SUMMARY - echo '```' >> $GITHUB_STEP_SUMMARY - fi - + echo '## Flux ${{ matrix.resources }} diff' >> $GITHUB_STEP_SUMMARY + echo '```diff' >> $GITHUB_STEP_SUMMARY + cat diff.patch >> $GITHUB_STEP_SUMMARY + echo '```' >> $GITHUB_STEP_SUMMARY - if: ${{ steps.diff.outputs.diff != '' }} - name: Generate GitHub App Token - uses: actions/create-github-app-token@v2.2.1 + name: Generate Token + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 id: app-token with: app-id: ${{ secrets.BOT_APP_ID }} private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }} - - if: ${{ steps.diff.outputs.diff != '' }} - name: Add PR Comment + name: Add Comment continue-on-error: true - uses: mshick/add-pr-comment@v2 + uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2 with: repo-token: "${{ steps.app-token.outputs.token }}" message-id: "${{ github.event.pull_request.number }}/kubernetes/${{ matrix.resources }}" - header: ${{ github.event.pull_request.number }}/kubernetes/${{ matrix.resources }} + header: ${{ github.event.pull_request.number }}/kubernetes/${{ matrix.resource }} message-failure: Diff was not successful message: | ```diff From 177c87834ad4d8da8f56e672b7c6f74e0f70496c Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:58:50 +0000 Subject: [PATCH 31/60] f --- .github/workflows/helm.yaml | 95 +++---------------------------------- 1 file changed, 7 insertions(+), 88 deletions(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index da61427c..17563acd 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -48,98 +48,17 @@ jobs: shell: bash run: bash ./.github/scripts/kubeconform.sh ${{ env.KUBERNETES_DIR }} - diff: - name: Flux Diff + flux-local: + name: Flux Local - Test runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - strategy: - matrix: - resources: ["helmrelease", "kustomization"] - max-parallel: 4 - fail-fast: false steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 - with: - path: pull - - name: Checkout Default Branch - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 - with: - ref: "${{ github.event.repository.default_branch }}" - path: default - - name: Adjust flux-entry path for CI - shell: bash - run: | - for branch in pull default; do - ENTRY_PATH="$branch/embed/generic/kubernetes/flux-entry.yaml" - - if [[ -f "$ENTRY_PATH" ]]; then - echo "Updating flux-entry path in $branch branch" - sed -i "s|path: ./clusters/REPLACEWITHCLUSTERNAME/kubernetes|path: ./embed/generic/kubernetes|" "$ENTRY_PATH" - echo "✅ File after modification ($branch):" - cat "$ENTRY_PATH" - else - echo "⚠️ File not found: $ENTRY_PATH" - fi - done - - name: Inject ConfigMap data for CI - shell: bash - run: | - for branch in pull default; do - CONFIG_PATH="$branch/embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" - - if [[ -f "$CONFIG_PATH" ]]; then - echo "Replacing REPLACEWITHENV in $branch branch" - sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" - echo "✅ File after modification ($branch):" - cat "$CONFIG_PATH" - else - echo "⚠️ File not found: $CONFIG_PATH" - fi - done - - name: Diff Resources + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Run flux-local test uses: docker://ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 with: args: >- - diff ${{ matrix.resources }} - --unified 6 - --path /github/workspace/pull/embed/generic/kubernetes - --path-orig /github/workspace/default/embed/generic/kubernetes - --strip-attrs "helm.sh/chart,checksum/config,checksum/redis,checksum/secrets,app.kubernetes.io/version,chart,app" - --limit-bytes 10000 + test --all-namespaces - --sources "cluster" - --output-file diff.patch - - name: Generate Diff - id: diff - run: | - echo 'diff<> $GITHUB_OUTPUT - cat diff.patch >> $GITHUB_OUTPUT - echo 'EOF' >> $GITHUB_OUTPUT - - echo '## Flux ${{ matrix.resources }} diff' >> $GITHUB_STEP_SUMMARY - echo '```diff' >> $GITHUB_STEP_SUMMARY - cat diff.patch >> $GITHUB_STEP_SUMMARY - echo '```' >> $GITHUB_STEP_SUMMARY - - if: ${{ steps.diff.outputs.diff != '' }} - name: Generate Token - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 - id: app-token - with: - app-id: ${{ secrets.BOT_APP_ID }} - private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }} - - if: ${{ steps.diff.outputs.diff != '' }} - name: Add Comment - continue-on-error: true - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2 - with: - repo-token: "${{ steps.app-token.outputs.token }}" - message-id: "${{ github.event.pull_request.number }}/kubernetes/${{ matrix.resources }}" - header: ${{ github.event.pull_request.number }}/kubernetes/${{ matrix.resource }} - message-failure: Diff was not successful - message: | - ```diff - ${{ steps.diff.outputs.diff }} - ``` + --enable-helm + --verbose From 6a4a718c1414820fc8479df5630f2b5c232944f4 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 10:59:36 +0000 Subject: [PATCH 32/60] f --- .github/workflows/helm.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 17563acd..48209b59 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -54,6 +54,17 @@ jobs: steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Inject ConfigMap data for CI + shell: bash + run: | + CONFIG_PATH="embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" + + if [[ -f "$CONFIG_PATH" ]]; then + echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" + + # Example: replace with dummy key-values for CI + sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" + fi - name: Run flux-local test uses: docker://ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 with: From cd598848d72c89da7ac522e765cb66e01ee1b78e Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:02:22 +0000 Subject: [PATCH 33/60] more testing --- .github/workflows/helm.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 48209b59..46ede604 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -71,5 +71,6 @@ jobs: args: >- test --all-namespaces + --path ${{ env.KUBERNETES_DIR }} --enable-helm --verbose From 5c59e1b5626899fa299ab6e3e0634ef67add3a06 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:03:09 +0000 Subject: [PATCH 34/60] f --- .github/workflows/helm.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 46ede604..2cfb2883 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -51,6 +51,8 @@ jobs: flux-local: name: Flux Local - Test runs-on: ubuntu-latest + permissions: + contents: read steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 From d6fbb1ced208115129d8f8d03a352cca0bd004d9 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:05:10 +0000 Subject: [PATCH 35/60] test --- .github/workflows/helm.yaml | 37 ++++++++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 2cfb2883..121b9b2e 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -67,12 +67,31 @@ jobs: # Example: replace with dummy key-values for CI sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" fi - - name: Run flux-local test - uses: docker://ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 - with: - args: >- - test - --all-namespaces - --path ${{ env.KUBERNETES_DIR }} - --enable-helm - --verbose + - name: Run flux-local on each HelmRelease + shell: bash + run: | + BASE_DIR="embed/generic/kubernetes" + + # Find all HelmRelease YAMLs recursively + find "$BASE_DIR" -type f -iname "*helmrelease.yaml" | while read hrfile; do + echo "Running flux-local diff on $hrfile" + + docker run --rm \ + -v "$PWD":/github/workspace \ + -w /github/workspace \ + ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 \ + diff helmrelease \ + --unified 6 \ + --path "$hrfile" \ + --strip-attrs "helm.sh/chart,checksum/config,checksum/redis,checksum/secrets,app.kubernetes.io/version,chart,app" \ + --limit-bytes 10000 \ + --all-namespaces \ + --sources "cluster" \ + --output-file "${hrfile}.patch" + + # Optional: print the diff + if [[ -f "${hrfile}.patch" ]]; then + echo "✅ Diff for $hrfile:" + cat "${hrfile}.patch" + fi + done From 71dd928e56211e2999d6904b4adf9b50836cd139 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:06:21 +0000 Subject: [PATCH 36/60] f --- .github/workflows/helm.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 121b9b2e..7a55306c 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -87,7 +87,8 @@ jobs: --limit-bytes 10000 \ --all-namespaces \ --sources "cluster" \ - --output-file "${hrfile}.patch" + --output-file "${hrfile}.patch" \ + --verbose # Optional: print the diff if [[ -f "${hrfile}.patch" ]]; then From 8dc5a0f92984f72a385c89087ec310cd97bf1788 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:07:03 +0000 Subject: [PATCH 37/60] f --- .github/workflows/helm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 7a55306c..1f0d457b 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -73,7 +73,7 @@ jobs: BASE_DIR="embed/generic/kubernetes" # Find all HelmRelease YAMLs recursively - find "$BASE_DIR" -type f -iname "*helmrelease.yaml" | while read hrfile; do + find "$BASE_DIR" -type f -iname "*helm-release.yaml" | while read hrfile; do echo "Running flux-local diff on $hrfile" docker run --rm \ From 940985c6d06f72273efb4d593491afbaf1aa1efd Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:07:48 +0000 Subject: [PATCH 38/60] f --- .github/workflows/helm.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 1f0d457b..8dffa695 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -87,8 +87,7 @@ jobs: --limit-bytes 10000 \ --all-namespaces \ --sources "cluster" \ - --output-file "${hrfile}.patch" \ - --verbose + --output-file "${hrfile}.patch" # Optional: print the diff if [[ -f "${hrfile}.patch" ]]; then From 71059323225551d1cf68d6150603e73c44b16c83 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:12:07 +0000 Subject: [PATCH 39/60] test --- .github/workflows/helm.yaml | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 8dffa695..213aa91d 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -56,6 +56,15 @@ jobs: steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Install flux-local + shell: bash + run: | + FLUX_LOCAL_VERSION="v8.1.0" + ARCHIVE="flux-local_linux_amd64.tar.gz" + + curl -sSL "https://github.com/allenporter/flux-local/releases/download/${FLUX_LOCAL_VERSION}/${ARCHIVE}" -o /tmp/flux-local.tar.gz + tar -xzf /tmp/flux-local.tar.gz -C /tmp + sudo install /tmp/flux-local /usr/local/bin/flux-local - name: Inject ConfigMap data for CI shell: bash run: | @@ -76,18 +85,14 @@ jobs: find "$BASE_DIR" -type f -iname "*helm-release.yaml" | while read hrfile; do echo "Running flux-local diff on $hrfile" - docker run --rm \ - -v "$PWD":/github/workspace \ - -w /github/workspace \ - ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 \ - diff helmrelease \ - --unified 6 \ - --path "$hrfile" \ - --strip-attrs "helm.sh/chart,checksum/config,checksum/redis,checksum/secrets,app.kubernetes.io/version,chart,app" \ - --limit-bytes 10000 \ - --all-namespaces \ - --sources "cluster" \ - --output-file "${hrfile}.patch" + flux-local diff helmrelease \ + --unified 6 \ + --path "$hrfile" \ + --strip-attrs "helm.sh/chart,checksum/config,checksum/redis,checksum/secrets,app.kubernetes.io/version,chart,app" \ + --limit-bytes 10000 \ + --all-namespaces \ + --sources "cluster" \ + --output-file "${hrfile}.patch" # Optional: print the diff if [[ -f "${hrfile}.patch" ]]; then From b871306e81d803c48bcd43982eb0675a73498345 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:12:55 +0000 Subject: [PATCH 40/60] f --- .github/workflows/helm.yaml | 29 ++++++++++++----------------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 213aa91d..8dffa695 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -56,15 +56,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - name: Install flux-local - shell: bash - run: | - FLUX_LOCAL_VERSION="v8.1.0" - ARCHIVE="flux-local_linux_amd64.tar.gz" - - curl -sSL "https://github.com/allenporter/flux-local/releases/download/${FLUX_LOCAL_VERSION}/${ARCHIVE}" -o /tmp/flux-local.tar.gz - tar -xzf /tmp/flux-local.tar.gz -C /tmp - sudo install /tmp/flux-local /usr/local/bin/flux-local - name: Inject ConfigMap data for CI shell: bash run: | @@ -85,14 +76,18 @@ jobs: find "$BASE_DIR" -type f -iname "*helm-release.yaml" | while read hrfile; do echo "Running flux-local diff on $hrfile" - flux-local diff helmrelease \ - --unified 6 \ - --path "$hrfile" \ - --strip-attrs "helm.sh/chart,checksum/config,checksum/redis,checksum/secrets,app.kubernetes.io/version,chart,app" \ - --limit-bytes 10000 \ - --all-namespaces \ - --sources "cluster" \ - --output-file "${hrfile}.patch" + docker run --rm \ + -v "$PWD":/github/workspace \ + -w /github/workspace \ + ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 \ + diff helmrelease \ + --unified 6 \ + --path "$hrfile" \ + --strip-attrs "helm.sh/chart,checksum/config,checksum/redis,checksum/secrets,app.kubernetes.io/version,chart,app" \ + --limit-bytes 10000 \ + --all-namespaces \ + --sources "cluster" \ + --output-file "${hrfile}.patch" # Optional: print the diff if [[ -f "${hrfile}.patch" ]]; then From 485e0f3a31d4d2dc2092d19ae3b73c7c0a0057d7 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:15:21 +0000 Subject: [PATCH 41/60] test --- .github/workflows/helm.yaml | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 8dffa695..e096060f 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -76,13 +76,34 @@ jobs: find "$BASE_DIR" -type f -iname "*helm-release.yaml" | while read hrfile; do echo "Running flux-local diff on $hrfile" + name=$(awk ' + /^metadata:/ {inmeta=1; next} + inmeta && /^[^ ]/ {exit} + inmeta && $1=="name:" {print $2; exit} + ' "$hrfile" | tr -d '"') + + namespace=$(awk ' + /^metadata:/ {inmeta=1; next} + inmeta && /^[^ ]/ {exit} + inmeta && $1=="namespace:" {print $2; exit} + ' "$hrfile" | tr -d '"') + + if [[ -z "$name" ]]; then + echo "⚠️ Could not detect HelmRelease name in $hrfile" + continue + fi + + if [[ -z "$namespace" ]]; then + namespace="default" + fi + docker run --rm \ -v "$PWD":/github/workspace \ -w /github/workspace \ ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 \ - diff helmrelease \ + diff helmrelease "$name" -n "$namespace" \ --unified 6 \ - --path "$hrfile" \ + --path "$BASE_DIR" \ --strip-attrs "helm.sh/chart,checksum/config,checksum/redis,checksum/secrets,app.kubernetes.io/version,chart,app" \ --limit-bytes 10000 \ --all-namespaces \ From b97119cb5e4f4da75200bbbd94a1557dace31dd4 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:19:56 +0000 Subject: [PATCH 42/60] test it --- .github/workflows/flux-diff.yaml | 76 +++++++++++++++++++ .github/workflows/helm.yaml | 118 ----------------------------- .github/workflows/kubeconform.yaml | 49 ++++++++++++ 3 files changed, 125 insertions(+), 118 deletions(-) create mode 100644 .github/workflows/flux-diff.yaml delete mode 100644 .github/workflows/helm.yaml create mode 100644 .github/workflows/kubeconform.yaml diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml new file mode 100644 index 00000000..07137385 --- /dev/null +++ b/.github/workflows/flux-diff.yaml @@ -0,0 +1,76 @@ +name: Flux Helm Diff + +on: + pull_request: + paths: + - '**/helm-release.yaml' + +jobs: + flux-diff: + runs-on: ubuntu-latest + concurrency: + group: flux-diff-${{ github.event.pull_request.number }} + cancel-in-progress: true + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set changed helm releases + id: changed + run: | + # Get all helm-release.yaml files changed in this PR + files=$(git diff --name-only ${{ github.event.before }} ${{ github.sha }} | grep 'helm-release.yaml' || true) + echo "changed_files=$files" >> $GITHUB_OUTPUT + + - name: Run Flux Local Diff + if: ${{ steps.changed.outputs.changed_files != '' }} + id: flux + uses: docker://ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 + with: + entrypoint: /bin/sh + args: | + -c ' + for file in ${{ steps.changed.outputs.changed_files }}; do + flux diff -f "$file" > diff.patch || true + cat diff.patch + done + ' + env: + GITHUB_SHA: ${{ github.sha }} + + - name: Generate Diff Output + if: ${{ steps.changed.outputs.changed_files != '' }} + id: diff + run: | + if [ -f diff.patch ] && [ -s diff.patch ]; then + echo "diff<> $GITHUB_OUTPUT + cat diff.patch >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + + echo "## Flux diff" >> $GITHUB_STEP_SUMMARY + echo '```diff' >> $GITHUB_STEP_SUMMARY + cat diff.patch >> $GITHUB_STEP_SUMMARY + echo '```' >> $GITHUB_STEP_SUMMARY + fi + + - if: ${{ steps.diff.outputs.diff != '' }} + name: Generate Token + uses: actions/create-github-app-token@v2.2.1 + id: app-token + with: + app-id: ${{ secrets.BOT_APP_ID }} + private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }} + + - if: ${{ steps.diff.outputs.diff != '' }} + name: Add PR Comment + continue-on-error: true + uses: mshick/add-pr-comment@v2 + with: + repo-token: "${{ steps.app-token.outputs.token }}" + message-id: "${{ github.event.pull_request.number }}/kubernetes/flux-diff" + header: "${{ github.event.pull_request.number }}/kubernetes/flux-diff" + message-failure: Diff was not successful + message: | + ```diff + ${{ steps.diff.outputs.diff }} + ``` \ No newline at end of file diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml deleted file mode 100644 index e096060f..00000000 --- a/.github/workflows/helm.yaml +++ /dev/null @@ -1,118 +0,0 @@ -name: "Helm Chart Validation" - -on: - pull_request: - -concurrency: - group: ${{ github.head_ref }}-pr-validate - cancel-in-progress: true - -env: - KUBERNETES_DIR: ./embed/generic/kubernetes - -jobs: - kubeconform: - name: Kubeconform - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 - - name: Setup Homebrew - uses: Homebrew/actions/setup-homebrew@master - - name: Setup Workflow Tools - run: brew install fluxcd/tap/flux kubeconform kustomize - - name: Create dummy deploykey secret (CI only) - shell: bash - run: | - SECRET_PATH="embed/generic/kubernetes/flux-system/flux/deploykey.secret.yaml" - - if [[ ! -f "$SECRET_PATH" ]]; then - echo "Creating dummy deploykey.secret.yaml for kubeconform" - mkdir -p "$(dirname "$SECRET_PATH")" - touch "$SECRET_PATH" - fi - - name: Inject ConfigMap data for CI - shell: bash - run: | - CONFIG_PATH="embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" - - if [[ -f "$CONFIG_PATH" ]]; then - echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" - - # Example: replace with dummy key-values for CI - sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" - fi - - name: Run kubeconform - shell: bash - run: bash ./.github/scripts/kubeconform.sh ${{ env.KUBERNETES_DIR }} - - flux-local: - name: Flux Local - Test - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - name: Inject ConfigMap data for CI - shell: bash - run: | - CONFIG_PATH="embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" - - if [[ -f "$CONFIG_PATH" ]]; then - echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" - - # Example: replace with dummy key-values for CI - sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" - fi - - name: Run flux-local on each HelmRelease - shell: bash - run: | - BASE_DIR="embed/generic/kubernetes" - - # Find all HelmRelease YAMLs recursively - find "$BASE_DIR" -type f -iname "*helm-release.yaml" | while read hrfile; do - echo "Running flux-local diff on $hrfile" - - name=$(awk ' - /^metadata:/ {inmeta=1; next} - inmeta && /^[^ ]/ {exit} - inmeta && $1=="name:" {print $2; exit} - ' "$hrfile" | tr -d '"') - - namespace=$(awk ' - /^metadata:/ {inmeta=1; next} - inmeta && /^[^ ]/ {exit} - inmeta && $1=="namespace:" {print $2; exit} - ' "$hrfile" | tr -d '"') - - if [[ -z "$name" ]]; then - echo "⚠️ Could not detect HelmRelease name in $hrfile" - continue - fi - - if [[ -z "$namespace" ]]; then - namespace="default" - fi - - docker run --rm \ - -v "$PWD":/github/workspace \ - -w /github/workspace \ - ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 \ - diff helmrelease "$name" -n "$namespace" \ - --unified 6 \ - --path "$BASE_DIR" \ - --strip-attrs "helm.sh/chart,checksum/config,checksum/redis,checksum/secrets,app.kubernetes.io/version,chart,app" \ - --limit-bytes 10000 \ - --all-namespaces \ - --sources "cluster" \ - --output-file "${hrfile}.patch" - - # Optional: print the diff - if [[ -f "${hrfile}.patch" ]]; then - echo "✅ Diff for $hrfile:" - cat "${hrfile}.patch" - fi - done diff --git a/.github/workflows/kubeconform.yaml b/.github/workflows/kubeconform.yaml new file mode 100644 index 00000000..396fb343 --- /dev/null +++ b/.github/workflows/kubeconform.yaml @@ -0,0 +1,49 @@ +name: "Kubeconform" + +on: + pull_request: + +concurrency: + group: ${{ github.head_ref }}-pr-validate + cancel-in-progress: true + +env: + KUBERNETES_DIR: ./embed/generic/kubernetes + +jobs: + kubeconform: + name: Kubeconform + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - name: Checkout + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - name: Setup Homebrew + uses: Homebrew/actions/setup-homebrew@master + - name: Setup Workflow Tools + run: brew install fluxcd/tap/flux kubeconform kustomize + - name: Create dummy deploykey secret (CI only) + shell: bash + run: | + SECRET_PATH="embed/generic/kubernetes/flux-system/flux/deploykey.secret.yaml" + + if [[ ! -f "$SECRET_PATH" ]]; then + echo "Creating dummy deploykey.secret.yaml for kubeconform" + mkdir -p "$(dirname "$SECRET_PATH")" + touch "$SECRET_PATH" + fi + - name: Inject ConfigMap data for CI + shell: bash + run: | + CONFIG_PATH="embed/generic/kubernetes/flux-system/flux/clustersettings.secret.yaml" + + if [[ -f "$CONFIG_PATH" ]]; then + echo "Replacing REPLACEWITHENV in clustersettings.secret.yaml" + + # Example: replace with dummy key-values for CI + sed -i "s|REPLACEWITHENV| dummyKey: dummyValue|" "$CONFIG_PATH" + fi + - name: Run kubeconform + shell: bash + run: bash ./.github/scripts/kubeconform.sh ${{ env.KUBERNETES_DIR }} \ No newline at end of file From 32f299c035f47888e25ac1a207c1f9716f5d4fb4 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:21:35 +0000 Subject: [PATCH 43/60] f --- .github/workflows/flux-diff.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index 07137385..fbc54f55 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -8,6 +8,8 @@ on: jobs: flux-diff: runs-on: ubuntu-latest + permissions: + contents: read concurrency: group: flux-diff-${{ github.event.pull_request.number }} cancel-in-progress: true From cd0f9171aa9ad91e81d21ac1a0b9935f5d15a30e Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:22:13 +0000 Subject: [PATCH 44/60] just for testing --- .../kubernetes/apps/kubernetes-dashboard/app/helm-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/embed/generic/kubernetes/apps/kubernetes-dashboard/app/helm-release.yaml b/embed/generic/kubernetes/apps/kubernetes-dashboard/app/helm-release.yaml index c2b2c809..333a2dc5 100644 --- a/embed/generic/kubernetes/apps/kubernetes-dashboard/app/helm-release.yaml +++ b/embed/generic/kubernetes/apps/kubernetes-dashboard/app/helm-release.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: kubernetes-dashboard - version: 3.2.22 + version: 3.2.21 sourceRef: kind: HelmRepository name: truecharts From 32c7a446e5e3370884f03302c124b03a07ccffd0 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:23:36 +0000 Subject: [PATCH 45/60] f --- .github/workflows/flux-diff.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index fbc54f55..6b4db49a 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -2,8 +2,6 @@ name: Flux Helm Diff on: pull_request: - paths: - - '**/helm-release.yaml' jobs: flux-diff: @@ -24,6 +22,10 @@ jobs: files=$(git diff --name-only ${{ github.event.before }} ${{ github.sha }} | grep 'helm-release.yaml' || true) echo "changed_files=$files" >> $GITHUB_OUTPUT + - name: No HelmRelease changes + if: ${{ steps.changed.outputs.changed_files == '' }} + run: echo "No helm-release.yaml changes detected. Skipping flux-local diff." + - name: Run Flux Local Diff if: ${{ steps.changed.outputs.changed_files != '' }} id: flux From 2357d400e9ed81bc06da3ecf7be53b153d629ebf Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:24:20 +0000 Subject: [PATCH 46/60] test --- .github/workflows/flux-diff.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index 6b4db49a..fec9a292 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -19,7 +19,7 @@ jobs: id: changed run: | # Get all helm-release.yaml files changed in this PR - files=$(git diff --name-only ${{ github.event.before }} ${{ github.sha }} | grep 'helm-release.yaml' || true) + files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep 'helm-release.yaml' || true) echo "changed_files=$files" >> $GITHUB_OUTPUT - name: No HelmRelease changes From 0683cf7405616e4b4e1ce00b8448334ebf5c42b0 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:25:05 +0000 Subject: [PATCH 47/60] test --- .github/workflows/flux-diff.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index fec9a292..842c4864 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -14,6 +14,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + fetch-depth: 0 - name: Set changed helm releases id: changed From 4dfc917e2a52506fea7600524d7305646559d5a6 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:26:05 +0000 Subject: [PATCH 48/60] f --- .github/workflows/flux-diff.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index 842c4864..3ed68a42 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -34,13 +34,12 @@ jobs: uses: docker://ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 with: entrypoint: /bin/sh - args: | - -c ' + args: |- + -c for file in ${{ steps.changed.outputs.changed_files }}; do flux diff -f "$file" > diff.patch || true cat diff.patch done - ' env: GITHUB_SHA: ${{ github.sha }} From 405bb4a4ef18db715499a63f3a04230d7bad40d4 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:27:10 +0000 Subject: [PATCH 49/60] f --- .github/workflows/flux-diff.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index 3ed68a42..7fc1fb62 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -34,12 +34,8 @@ jobs: uses: docker://ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 with: entrypoint: /bin/sh - args: |- - -c - for file in ${{ steps.changed.outputs.changed_files }}; do - flux diff -f "$file" > diff.patch || true - cat diff.patch - done + args: >- + -c "for file in ${{ steps.changed.outputs.changed_files }}; do flux diff -f \"$file\" > diff.patch || true; cat diff.patch; done" env: GITHUB_SHA: ${{ github.sha }} From 9340e81b145eeb52754b8ac75aedc464982847a9 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:29:40 +0000 Subject: [PATCH 50/60] test --- .github/workflows/flux-diff.yaml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index 7fc1fb62..08b91944 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -24,7 +24,7 @@ jobs: files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep 'helm-release.yaml' || true) echo "changed_files=$files" >> $GITHUB_OUTPUT - - name: No HelmRelease changes + - name: Check if there are helm-release.yaml changes if: ${{ steps.changed.outputs.changed_files == '' }} run: echo "No helm-release.yaml changes detected. Skipping flux-local diff." @@ -35,7 +35,21 @@ jobs: with: entrypoint: /bin/sh args: >- - -c "for file in ${{ steps.changed.outputs.changed_files }}; do flux diff -f \"$file\" > diff.patch || true; cat diff.patch; done" + -c ": > diff.patch; + for file in ${{ steps.changed.outputs.changed_files }}; do + name=$(awk '/^metadata:/ {inmeta=1; next} inmeta && /^[^ ]/ {exit} inmeta && $1==\"name:\" {print $2; exit}' \"$file\"); + namespace=$(awk '/^metadata:/ {inmeta=1; next} inmeta && /^[^ ]/ {exit} inmeta && $1==\"namespace:\" {print $2; exit}' \"$file\"); + if [ -z \"$name\" ]; then + echo \"⚠️ Could not detect name in $file\"; + continue; + fi; + if [ -z \"$namespace\" ]; then + namespace=default; + fi; + echo \"Diffing $namespace/$name from $file\"; + flux-local diff helmrelease \"$name\" -n \"$namespace\" --path embed/generic/kubernetes >> diff.patch || true; + done; + cat diff.patch" env: GITHUB_SHA: ${{ github.sha }} From eda4fbb47f3de33d6b105fe2b0877f20343cb8f1 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:31:34 +0000 Subject: [PATCH 51/60] test --- .github/workflows/flux-diff.yaml | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index 08b91944..fcc65aeb 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -34,22 +34,12 @@ jobs: uses: docker://ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 with: entrypoint: /bin/sh - args: >- - -c ": > diff.patch; + args: |- + -c for file in ${{ steps.changed.outputs.changed_files }}; do - name=$(awk '/^metadata:/ {inmeta=1; next} inmeta && /^[^ ]/ {exit} inmeta && $1==\"name:\" {print $2; exit}' \"$file\"); - namespace=$(awk '/^metadata:/ {inmeta=1; next} inmeta && /^[^ ]/ {exit} inmeta && $1==\"namespace:\" {print $2; exit}' \"$file\"); - if [ -z \"$name\" ]; then - echo \"⚠️ Could not detect name in $file\"; - continue; - fi; - if [ -z \"$namespace\" ]; then - namespace=default; - fi; - echo \"Diffing $namespace/$name from $file\"; - flux-local diff helmrelease \"$name\" -n \"$namespace\" --path embed/generic/kubernetes >> diff.patch || true; - done; - cat diff.patch" + diff -f "$file" > diff.patch || true + cat diff.patch + done env: GITHUB_SHA: ${{ github.sha }} From 87eaf80bdbf12e3466386b2e28a1cc8bed649217 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:34:57 +0000 Subject: [PATCH 52/60] test --- .github/workflows/flux-diff.yaml | 167 +++++++++++++++++++++---------- 1 file changed, 113 insertions(+), 54 deletions(-) diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index fcc65aeb..3180eafb 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -6,76 +6,135 @@ on: jobs: flux-diff: runs-on: ubuntu-latest - permissions: - contents: read - concurrency: - group: flux-diff-${{ github.event.pull_request.number }} - cancel-in-progress: true steps: - - name: Checkout repository + - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Set changed helm releases + - name: Check for helm-release.yaml changes id: changed run: | - # Get all helm-release.yaml files changed in this PR - files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep 'helm-release.yaml' || true) - echo "changed_files=$files" >> $GITHUB_OUTPUT + # Get changed files + changed_files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -E 'helm-release\.yaml$' || true) + + if [ -n "$changed_files" ]; then + echo "changed_files=$changed_files" >> $GITHUB_OUTPUT + echo "changed=true" >> $GITHUB_OUTPUT + else + echo "changed=false" >> $GITHUB_OUTPUT + fi - - name: Check if there are helm-release.yaml changes - if: ${{ steps.changed.outputs.changed_files == '' }} - run: echo "No helm-release.yaml changes detected. Skipping flux-local diff." + - name: Set up flux-local + if: steps.changed.outputs.changed == 'true' + uses: docker/setup-buildx-action@v3 - - name: Run Flux Local Diff - if: ${{ steps.changed.outputs.changed_files != '' }} - id: flux - uses: docker://ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261 - with: - entrypoint: /bin/sh - args: |- - -c - for file in ${{ steps.changed.outputs.changed_files }}; do - diff -f "$file" > diff.patch || true - cat diff.patch - done - env: - GITHUB_SHA: ${{ github.sha }} + - name: Run flux-local diff + if: steps.changed.outputs.changed == 'true' + id: flux-diff + run: | + # Create temp directory for outputs + mkdir -p /tmp/flux-diff + + # Run flux-local for each changed helm-release.yaml file + echo "Running flux-local diff for changed files:" + echo "${{ steps.changed.outputs.changed_files }}" + + # Convert changed files to array and process each + IFS=$'\n' read -d '' -r -a files <<< "${{ steps.changed.outputs.changed_files }}" + all_diff="" + + for file in "${files[@]}"; do + if [ -f "$file" ]; then + echo "Processing: $file" + + # Run flux-local diff for this file + docker run --rm \ + -v $(pwd):/workdir \ + -w /workdir \ + ghcr.io/allenporter/flux-local flux-local diff \ + --kustomization-file "$file" \ + --output diff \ + --output-file /tmp/flux-diff/$(basename "$file").patch 2>/dev/null || true + + # Check if diff file was created and has content + diff_file="/tmp/flux-diff/$(basename "$file").patch" + if [ -f "$diff_file" ] && [ -s "$diff_file" ]; then + echo "=== Diff for $file ===" >> /tmp/flux-diff/all.patch + cat "$diff_file" >> /tmp/flux-diff/all.patch + echo -e "\n" >> /tmp/flux-diff/all.patch + fi + fi + done - name: Generate Diff Output - if: ${{ steps.changed.outputs.changed_files != '' }} - id: diff + if: steps.changed.outputs.changed == 'true' + id: diff-output run: | - if [ -f diff.patch ] && [ -s diff.patch ]; then + if [ -f /tmp/flux-diff/all.patch ] && [ -s /tmp/flux-diff/all.patch ]; then + # Output diff for use in subsequent steps echo "diff<> $GITHUB_OUTPUT - cat diff.patch >> $GITHUB_OUTPUT + cat /tmp/flux-diff/all.patch >> $GITHUB_OUTPUT echo "EOF" >> $GITHUB_OUTPUT - - echo "## Flux diff" >> $GITHUB_STEP_SUMMARY + + # Add to job summary + echo "## Flux Diff Results" >> $GITHUB_STEP_SUMMARY + echo "### Changed Helm Releases:" >> $GITHUB_STEP_SUMMARY + + IFS=$'\n' read -d '' -r -a files <<< "${{ steps.changed.outputs.changed_files }}" + for file in "${files[@]}"; do + echo "- \`$file\`" >> $GITHUB_STEP_SUMMARY + done + + echo "" >> $GITHUB_STEP_SUMMARY echo '```diff' >> $GITHUB_STEP_SUMMARY - cat diff.patch >> $GITHUB_STEP_SUMMARY + cat /tmp/flux-diff/all.patch >> $GITHUB_STEP_SUMMARY echo '```' >> $GITHUB_STEP_SUMMARY + + echo "has_diff=true" >> $GITHUB_OUTPUT + else + echo "No differences found in helm releases" >> $GITHUB_STEP_SUMMARY + echo "has_diff=false" >> $GITHUB_OUTPUT fi - - if: ${{ steps.diff.outputs.diff != '' }} - name: Generate Token - uses: actions/create-github-app-token@v2.2.1 - id: app-token - with: - app-id: ${{ secrets.BOT_APP_ID }} - private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }} - - - if: ${{ steps.diff.outputs.diff != '' }} - name: Add PR Comment - continue-on-error: true - uses: mshick/add-pr-comment@v2 + - name: Add PR Comment + if: steps.diff-output.outputs.has_diff == 'true' + uses: actions/github-script@v7 with: - repo-token: "${{ steps.app-token.outputs.token }}" - message-id: "${{ github.event.pull_request.number }}/kubernetes/flux-diff" - header: "${{ github.event.pull_request.number }}/kubernetes/flux-diff" - message-failure: Diff was not successful - message: | - ```diff - ${{ steps.diff.outputs.diff }} - ``` \ No newline at end of file + script: | + const diff = `${{ steps.diff-output.outputs.diff }}`; + const changedFiles = `${{ steps.changed.outputs.changed_files }}`.split('\n').filter(Boolean); + + const header = `## Flux Diff Results`; + const changedFilesList = changedFiles.map(file => `- \`${file}\``).join('\n'); + const diffSection = `\`\`\`diff\n${diff}\n\`\`\``; + + const body = `${header}\n\n### Changed Helm Releases:\n${changedFilesList}\n\n${diffSection}`; + + // Create or update comment + const { data: comments } = await github.rest.issues.listComments({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + }); + + const existingComment = comments.find(comment => + comment.user.type === 'Bot' && + comment.body.includes('Flux Diff Results') + ); + + if (existingComment) { + await github.rest.issues.updateComment({ + owner: context.repo.owner, + repo: context.repo.repo, + comment_id: existingComment.id, + body: body + }); + } else { + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + body: body + }); + } \ No newline at end of file From aac2893d92710ee69cdc47a79c85cab1f57ae869 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:37:27 +0000 Subject: [PATCH 53/60] f --- .github/workflows/flux-diff.yaml | 116 +++++++++++++++++++++++++------ 1 file changed, 94 insertions(+), 22 deletions(-) diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index 3180eafb..80e2d3f1 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -3,6 +3,10 @@ name: Flux Helm Diff on: pull_request: +permissions: + contents: read + pull-requests: write + jobs: flux-diff: runs-on: ubuntu-latest @@ -21,13 +25,28 @@ jobs: if [ -n "$changed_files" ]; then echo "changed_files=$changed_files" >> $GITHUB_OUTPUT echo "changed=true" >> $GITHUB_OUTPUT + echo "Found changed files:" + echo "$changed_files" else echo "changed=false" >> $GITHUB_OUTPUT + echo "No helm-release.yaml files changed" fi - - name: Set up flux-local + - name: Debug file structure if: steps.changed.outputs.changed == 'true' - uses: docker/setup-buildx-action@v3 + run: | + echo "Current directory structure:" + find . -name "*.yaml" -type f | head -20 + echo "" + echo "Checking if changed files exist:" + IFS=$'\n' read -d '' -r -a files <<< "${{ steps.changed.outputs.changed_files }}" + for file in "${files[@]}"; do + if [ -f "$file" ]; then + echo "✓ $file exists" + else + echo "✗ $file does not exist" + fi + done - name: Run flux-local diff if: steps.changed.outputs.changed == 'true' @@ -36,39 +55,72 @@ jobs: # Create temp directory for outputs mkdir -p /tmp/flux-diff - # Run flux-local for each changed helm-release.yaml file - echo "Running flux-local diff for changed files:" - echo "${{ steps.changed.outputs.changed_files }}" - - # Convert changed files to array and process each + # Convert changed files to array IFS=$'\n' read -d '' -r -a files <<< "${{ steps.changed.outputs.changed_files }}" all_diff="" + any_diff_found=false for file in "${files[@]}"; do if [ -f "$file" ]; then - echo "Processing: $file" + echo "=== Processing: $file ===" + + # Get directory containing the helm-release.yaml + dir=$(dirname "$file") + + # Try different flux-local approaches + echo "Attempting flux-local diff in directory: $dir" + + # Approach 1: Try with --path option + docker run --rm \ + -v $(pwd):/workdir \ + -w /workdir \ + ghcr.io/allenporter/flux-local flux-local diff \ + --path "$dir" \ + --output diff 2>&1 | tee /tmp/flux-diff/$(basename "$file").log || true + + # Approach 2: Try with kustomization.yaml in the same directory + if [ -f "$dir/kustomization.yaml" ]; then + echo "Found kustomization.yaml, trying with it:" + docker run --rm \ + -v $(pwd):/workdir \ + -w /workdir \ + ghcr.io/allenporter/flux-local flux-local diff \ + --kustomization-file "$dir/kustomization.yaml" \ + --output diff 2>&1 | tee -a /tmp/flux-diff/$(basename "$file").log || true + fi - # Run flux-local diff for this file + # Approach 3: Direct helm-release diff + echo "Trying direct helm-release.yaml diff:" docker run --rm \ -v $(pwd):/workdir \ -w /workdir \ ghcr.io/allenporter/flux-local flux-local diff \ - --kustomization-file "$file" \ - --output diff \ - --output-file /tmp/flux-diff/$(basename "$file").patch 2>/dev/null || true + --helm-release-file "$file" \ + --output diff 2>&1 | tee -a /tmp/flux-diff/$(basename "$file").log || true - # Check if diff file was created and has content - diff_file="/tmp/flux-diff/$(basename "$file").patch" - if [ -f "$diff_file" ] && [ -s "$diff_file" ]; then + # Check if any diff was captured in the log + if grep -q "^[+-]" /tmp/flux-diff/$(basename "$file").log || grep -q "^diff" /tmp/flux-diff/$(basename "$file").log; then + echo "Found diff for $file" echo "=== Diff for $file ===" >> /tmp/flux-diff/all.patch - cat "$diff_file" >> /tmp/flux-diff/all.patch + grep -A 1000 "^[+-]\|^diff\|^---\|^+++" /tmp/flux-diff/$(basename "$file").log >> /tmp/flux-diff/all.patch || cat /tmp/flux-diff/$(basename "$file").log >> /tmp/flux-diff/all.patch echo -e "\n" >> /tmp/flux-diff/all.patch + any_diff_found=true + else + echo "No diff found for $file" + echo "Log output was:" + cat /tmp/flux-diff/$(basename "$file").log fi fi done + + if [ "$any_diff_found" = true ]; then + echo "has_diff=true" >> $GITHUB_OUTPUT + else + echo "has_diff=false" >> $GITHUB_OUTPUT + fi - name: Generate Diff Output - if: steps.changed.outputs.changed == 'true' + if: steps.flux-diff.outputs.has_diff == 'true' id: diff-output run: | if [ -f /tmp/flux-diff/all.patch ] && [ -s /tmp/flux-diff/all.patch ]; then @@ -91,14 +143,15 @@ jobs: cat /tmp/flux-diff/all.patch >> $GITHUB_STEP_SUMMARY echo '```' >> $GITHUB_STEP_SUMMARY - echo "has_diff=true" >> $GITHUB_OUTPUT + echo "diff_generated=true" >> $GITHUB_OUTPUT else - echo "No differences found in helm releases" >> $GITHUB_STEP_SUMMARY - echo "has_diff=false" >> $GITHUB_OUTPUT + echo "## Flux Diff Results" >> $GITHUB_STEP_SUMMARY + echo "No differences detected in helm releases." >> $GITHUB_STEP_SUMMARY + echo "diff_generated=false" >> $GITHUB_OUTPUT fi - name: Add PR Comment - if: steps.diff-output.outputs.has_diff == 'true' + if: steps.diff-output.outputs.diff_generated == 'true' uses: actions/github-script@v7 with: script: | @@ -137,4 +190,23 @@ jobs: issue_number: context.issue.number, body: body }); - } \ No newline at end of file + } + + - name: Show debug info on failure + if: failure() && steps.changed.outputs.changed == 'true' + run: | + echo "=== Debug Information ===" + echo "Changed files:" + echo "${{ steps.changed.outputs.changed_files }}" + + if [ -d /tmp/flux-diff ]; then + echo "=== Log files ===" + ls -la /tmp/flux-diff/ + + for log in /tmp/flux-diff/*.log; do + if [ -f "$log" ]; then + echo "=== Contents of $(basename $log) ===" + cat "$log" + fi + done + fi \ No newline at end of file From a290c9c2b313302dec7bab0b9989100677a1ed23 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:39:42 +0000 Subject: [PATCH 54/60] f --- .github/workflows/flux-diff.yaml | 112 +++++++------------------------ 1 file changed, 23 insertions(+), 89 deletions(-) diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index 80e2d3f1..4a6a9b05 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -6,7 +6,7 @@ on: permissions: contents: read pull-requests: write - + jobs: flux-diff: runs-on: ubuntu-latest @@ -25,28 +25,13 @@ jobs: if [ -n "$changed_files" ]; then echo "changed_files=$changed_files" >> $GITHUB_OUTPUT echo "changed=true" >> $GITHUB_OUTPUT - echo "Found changed files:" - echo "$changed_files" else echo "changed=false" >> $GITHUB_OUTPUT - echo "No helm-release.yaml files changed" fi - - name: Debug file structure + - name: Set up flux-local if: steps.changed.outputs.changed == 'true' - run: | - echo "Current directory structure:" - find . -name "*.yaml" -type f | head -20 - echo "" - echo "Checking if changed files exist:" - IFS=$'\n' read -d '' -r -a files <<< "${{ steps.changed.outputs.changed_files }}" - for file in "${files[@]}"; do - if [ -f "$file" ]; then - echo "✓ $file exists" - else - echo "✗ $file does not exist" - fi - done + uses: docker/setup-buildx-action@v3 - name: Run flux-local diff if: steps.changed.outputs.changed == 'true' @@ -55,72 +40,41 @@ jobs: # Create temp directory for outputs mkdir -p /tmp/flux-diff - # Convert changed files to array + # Run flux-local for each changed helm-release.yaml file + echo "Running flux-local diff for changed files:" + echo "${{ steps.changed.outputs.changed_files }}" + + # Convert changed files to array and process each IFS=$'\n' read -d '' -r -a files <<< "${{ steps.changed.outputs.changed_files }}" all_diff="" - any_diff_found=false + + # Get directory containing the helm-release.yaml + dir=$(dirname "$file") for file in "${files[@]}"; do if [ -f "$file" ]; then - echo "=== Processing: $file ===" - - # Get directory containing the helm-release.yaml - dir=$(dirname "$file") - - # Try different flux-local approaches - echo "Attempting flux-local diff in directory: $dir" + echo "Processing: $file" - # Approach 1: Try with --path option + # Run flux-local diff for this file docker run --rm \ -v $(pwd):/workdir \ -w /workdir \ ghcr.io/allenporter/flux-local flux-local diff \ --path "$dir" \ --output diff 2>&1 | tee /tmp/flux-diff/$(basename "$file").log || true - - # Approach 2: Try with kustomization.yaml in the same directory - if [ -f "$dir/kustomization.yaml" ]; then - echo "Found kustomization.yaml, trying with it:" - docker run --rm \ - -v $(pwd):/workdir \ - -w /workdir \ - ghcr.io/allenporter/flux-local flux-local diff \ - --kustomization-file "$dir/kustomization.yaml" \ - --output diff 2>&1 | tee -a /tmp/flux-diff/$(basename "$file").log || true - fi - - # Approach 3: Direct helm-release diff - echo "Trying direct helm-release.yaml diff:" - docker run --rm \ - -v $(pwd):/workdir \ - -w /workdir \ - ghcr.io/allenporter/flux-local flux-local diff \ - --helm-release-file "$file" \ - --output diff 2>&1 | tee -a /tmp/flux-diff/$(basename "$file").log || true - # Check if any diff was captured in the log - if grep -q "^[+-]" /tmp/flux-diff/$(basename "$file").log || grep -q "^diff" /tmp/flux-diff/$(basename "$file").log; then - echo "Found diff for $file" + # Check if diff file was created and has content + diff_file="/tmp/flux-diff/$(basename "$file").patch" + if [ -f "$diff_file" ] && [ -s "$diff_file" ]; then echo "=== Diff for $file ===" >> /tmp/flux-diff/all.patch - grep -A 1000 "^[+-]\|^diff\|^---\|^+++" /tmp/flux-diff/$(basename "$file").log >> /tmp/flux-diff/all.patch || cat /tmp/flux-diff/$(basename "$file").log >> /tmp/flux-diff/all.patch + cat "$diff_file" >> /tmp/flux-diff/all.patch echo -e "\n" >> /tmp/flux-diff/all.patch - any_diff_found=true - else - echo "No diff found for $file" - echo "Log output was:" - cat /tmp/flux-diff/$(basename "$file").log fi fi done - - if [ "$any_diff_found" = true ]; then - echo "has_diff=true" >> $GITHUB_OUTPUT - else - echo "has_diff=false" >> $GITHUB_OUTPUT - fi - name: Generate Diff Output - if: steps.flux-diff.outputs.has_diff == 'true' + if: steps.changed.outputs.changed == 'true' id: diff-output run: | if [ -f /tmp/flux-diff/all.patch ] && [ -s /tmp/flux-diff/all.patch ]; then @@ -143,15 +97,14 @@ jobs: cat /tmp/flux-diff/all.patch >> $GITHUB_STEP_SUMMARY echo '```' >> $GITHUB_STEP_SUMMARY - echo "diff_generated=true" >> $GITHUB_OUTPUT + echo "has_diff=true" >> $GITHUB_OUTPUT else - echo "## Flux Diff Results" >> $GITHUB_STEP_SUMMARY - echo "No differences detected in helm releases." >> $GITHUB_STEP_SUMMARY - echo "diff_generated=false" >> $GITHUB_OUTPUT + echo "No differences found in helm releases" >> $GITHUB_STEP_SUMMARY + echo "has_diff=false" >> $GITHUB_OUTPUT fi - name: Add PR Comment - if: steps.diff-output.outputs.diff_generated == 'true' + if: steps.diff-output.outputs.has_diff == 'true' uses: actions/github-script@v7 with: script: | @@ -190,23 +143,4 @@ jobs: issue_number: context.issue.number, body: body }); - } - - - name: Show debug info on failure - if: failure() && steps.changed.outputs.changed == 'true' - run: | - echo "=== Debug Information ===" - echo "Changed files:" - echo "${{ steps.changed.outputs.changed_files }}" - - if [ -d /tmp/flux-diff ]; then - echo "=== Log files ===" - ls -la /tmp/flux-diff/ - - for log in /tmp/flux-diff/*.log; do - if [ -f "$log" ]; then - echo "=== Contents of $(basename $log) ===" - cat "$log" - fi - done - fi \ No newline at end of file + } \ No newline at end of file From 5bea155ccb9bb43af302f02e408100bfd01c027c Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:43:44 +0000 Subject: [PATCH 55/60] test --- .github/workflows/flux-diff.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index 4a6a9b05..5c9d05b7 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -45,15 +45,15 @@ jobs: echo "${{ steps.changed.outputs.changed_files }}" # Convert changed files to array and process each - IFS=$'\n' read -d '' -r -a files <<< "${{ steps.changed.outputs.changed_files }}" + IFS=$'\n' read -r -a files <<< "${{ steps.changed.outputs.changed_files }}" all_diff="" - - # Get directory containing the helm-release.yaml - dir=$(dirname "$file") for file in "${files[@]}"; do if [ -f "$file" ]; then echo "Processing: $file" + + # Get directory containing the helm-release.yaml + dir=$(dirname "$file") # Run flux-local diff for this file docker run --rm \ From d45257ea3cf666c992a5842da383a97f0995e0e8 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:44:46 +0000 Subject: [PATCH 56/60] f --- .github/workflows/flux-diff.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index 5c9d05b7..dfc3b53e 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -59,7 +59,7 @@ jobs: docker run --rm \ -v $(pwd):/workdir \ -w /workdir \ - ghcr.io/allenporter/flux-local flux-local diff \ + ghcr.io/allenporter/flux-local diff \ --path "$dir" \ --output diff 2>&1 | tee /tmp/flux-diff/$(basename "$file").log || true From c1092b91d2a05d4acc5c19b18c8e9be93c5aeaeb Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:46:04 +0000 Subject: [PATCH 57/60] f --- .github/workflows/flux-diff.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index dfc3b53e..1bc03fe2 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -59,7 +59,7 @@ jobs: docker run --rm \ -v $(pwd):/workdir \ -w /workdir \ - ghcr.io/allenporter/flux-local diff \ + ghcr.io/allenporter/flux-local diff hr \ --path "$dir" \ --output diff 2>&1 | tee /tmp/flux-diff/$(basename "$file").log || true From d76f02e0256b5db12270915be4b49933171e294e Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:47:13 +0000 Subject: [PATCH 58/60] f --- .github/workflows/flux-diff.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index 1bc03fe2..1f384177 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -60,6 +60,7 @@ jobs: -v $(pwd):/workdir \ -w /workdir \ ghcr.io/allenporter/flux-local diff hr \ + --all-namespaces \ --path "$dir" \ --output diff 2>&1 | tee /tmp/flux-diff/$(basename "$file").log || true From b7786c884ab8a29721cb29b998a3e754ef4f6192 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:49:20 +0000 Subject: [PATCH 59/60] lets just skip that. --- .github/workflows/flux-diff.yaml | 147 ------------------------------- 1 file changed, 147 deletions(-) delete mode 100644 .github/workflows/flux-diff.yaml diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml deleted file mode 100644 index 1f384177..00000000 --- a/.github/workflows/flux-diff.yaml +++ /dev/null @@ -1,147 +0,0 @@ -name: Flux Helm Diff - -on: - pull_request: - -permissions: - contents: read - pull-requests: write - -jobs: - flux-diff: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Check for helm-release.yaml changes - id: changed - run: | - # Get changed files - changed_files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -E 'helm-release\.yaml$' || true) - - if [ -n "$changed_files" ]; then - echo "changed_files=$changed_files" >> $GITHUB_OUTPUT - echo "changed=true" >> $GITHUB_OUTPUT - else - echo "changed=false" >> $GITHUB_OUTPUT - fi - - - name: Set up flux-local - if: steps.changed.outputs.changed == 'true' - uses: docker/setup-buildx-action@v3 - - - name: Run flux-local diff - if: steps.changed.outputs.changed == 'true' - id: flux-diff - run: | - # Create temp directory for outputs - mkdir -p /tmp/flux-diff - - # Run flux-local for each changed helm-release.yaml file - echo "Running flux-local diff for changed files:" - echo "${{ steps.changed.outputs.changed_files }}" - - # Convert changed files to array and process each - IFS=$'\n' read -r -a files <<< "${{ steps.changed.outputs.changed_files }}" - all_diff="" - - for file in "${files[@]}"; do - if [ -f "$file" ]; then - echo "Processing: $file" - - # Get directory containing the helm-release.yaml - dir=$(dirname "$file") - - # Run flux-local diff for this file - docker run --rm \ - -v $(pwd):/workdir \ - -w /workdir \ - ghcr.io/allenporter/flux-local diff hr \ - --all-namespaces \ - --path "$dir" \ - --output diff 2>&1 | tee /tmp/flux-diff/$(basename "$file").log || true - - # Check if diff file was created and has content - diff_file="/tmp/flux-diff/$(basename "$file").patch" - if [ -f "$diff_file" ] && [ -s "$diff_file" ]; then - echo "=== Diff for $file ===" >> /tmp/flux-diff/all.patch - cat "$diff_file" >> /tmp/flux-diff/all.patch - echo -e "\n" >> /tmp/flux-diff/all.patch - fi - fi - done - - - name: Generate Diff Output - if: steps.changed.outputs.changed == 'true' - id: diff-output - run: | - if [ -f /tmp/flux-diff/all.patch ] && [ -s /tmp/flux-diff/all.patch ]; then - # Output diff for use in subsequent steps - echo "diff<> $GITHUB_OUTPUT - cat /tmp/flux-diff/all.patch >> $GITHUB_OUTPUT - echo "EOF" >> $GITHUB_OUTPUT - - # Add to job summary - echo "## Flux Diff Results" >> $GITHUB_STEP_SUMMARY - echo "### Changed Helm Releases:" >> $GITHUB_STEP_SUMMARY - - IFS=$'\n' read -d '' -r -a files <<< "${{ steps.changed.outputs.changed_files }}" - for file in "${files[@]}"; do - echo "- \`$file\`" >> $GITHUB_STEP_SUMMARY - done - - echo "" >> $GITHUB_STEP_SUMMARY - echo '```diff' >> $GITHUB_STEP_SUMMARY - cat /tmp/flux-diff/all.patch >> $GITHUB_STEP_SUMMARY - echo '```' >> $GITHUB_STEP_SUMMARY - - echo "has_diff=true" >> $GITHUB_OUTPUT - else - echo "No differences found in helm releases" >> $GITHUB_STEP_SUMMARY - echo "has_diff=false" >> $GITHUB_OUTPUT - fi - - - name: Add PR Comment - if: steps.diff-output.outputs.has_diff == 'true' - uses: actions/github-script@v7 - with: - script: | - const diff = `${{ steps.diff-output.outputs.diff }}`; - const changedFiles = `${{ steps.changed.outputs.changed_files }}`.split('\n').filter(Boolean); - - const header = `## Flux Diff Results`; - const changedFilesList = changedFiles.map(file => `- \`${file}\``).join('\n'); - const diffSection = `\`\`\`diff\n${diff}\n\`\`\``; - - const body = `${header}\n\n### Changed Helm Releases:\n${changedFilesList}\n\n${diffSection}`; - - // Create or update comment - const { data: comments } = await github.rest.issues.listComments({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number, - }); - - const existingComment = comments.find(comment => - comment.user.type === 'Bot' && - comment.body.includes('Flux Diff Results') - ); - - if (existingComment) { - await github.rest.issues.updateComment({ - owner: context.repo.owner, - repo: context.repo.repo, - comment_id: existingComment.id, - body: body - }); - } else { - await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number, - body: body - }); - } \ No newline at end of file From 0a45e590628fdf0899d44ab9cc9945875de68e68 Mon Sep 17 00:00:00 2001 From: Alfi0812 Date: Fri, 30 Jan 2026 11:53:48 +0000 Subject: [PATCH 60/60] f --- .../kubernetes/apps/kubernetes-dashboard/app/helm-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/embed/generic/kubernetes/apps/kubernetes-dashboard/app/helm-release.yaml b/embed/generic/kubernetes/apps/kubernetes-dashboard/app/helm-release.yaml index 333a2dc5..c2b2c809 100644 --- a/embed/generic/kubernetes/apps/kubernetes-dashboard/app/helm-release.yaml +++ b/embed/generic/kubernetes/apps/kubernetes-dashboard/app/helm-release.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: kubernetes-dashboard - version: 3.2.21 + version: 3.2.22 sourceRef: kind: HelmRepository name: truecharts