From 16ee5bbcafc829d7a2aac5bf4f7d362ff60fa0a8 Mon Sep 17 00:00:00 2001 From: Kirill Plis Date: Wed, 3 Sep 2025 10:53:24 +0200 Subject: [PATCH 1/7] chore: cleanup plconfig and chart migration stuff --- .../build-and-push-image-to-ecr.yaml | 9 +- .github/workflows/build-image.yaml | 139 +----------------- .github/workflows/deployment.yaml | 101 ------------- .github/workflows/kubernetes.yaml | 31 +--- 4 files changed, 5 insertions(+), 275 deletions(-) diff --git a/.github/workflows/build-and-push-image-to-ecr.yaml b/.github/workflows/build-and-push-image-to-ecr.yaml index d3c72cb..3856b33 100644 --- a/.github/workflows/build-and-push-image-to-ecr.yaml +++ b/.github/workflows/build-and-push-image-to-ecr.yaml @@ -25,11 +25,6 @@ on: description: If provided, downloads a previously uploaded artifact (has to be in the same workflow). Both artifactPath and artifactName have to be passed. default: "" type: string - secrets: - AWS_ACCESS_KEY_ID: - required: true - AWS_SECRET_ACCESS_KEY: - required: true jobs: build-and-push-image-to-ecr: @@ -46,9 +41,9 @@ jobs: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v2 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: eu-central-1 + role-to-assume: + role-session-name: GitHub_to_AWS_via_FederatedOIDC - name: Create ECR repository if it doesn't exist run: | aws ecr describe-repositories --repository-names ${{ inputs.APPLICATION_NAME }} || \ diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml index c85429e..05b4b8d 100644 --- a/.github/workflows/build-image.yaml +++ b/.github/workflows/build-image.yaml @@ -37,11 +37,6 @@ on: description: The username for the container registry default: parcellab-dev-bot type: string - repository_kind: - required: false - description: The kind of repository (github or ecr) - default: "github" - type: string enableContainerScan: required: false description: Apply the container scan @@ -63,70 +58,8 @@ env: IMAGE_SCAN_TRIVY_TIMEOUT: 10m jobs: - build-github-single: - if: inputs.repository_kind == 'github' && inputs.imageTargets == '' - environment: ${{ github.event.deployment.payload.env }} - runs-on: ${{ inputs.runner }} - steps: - - name: Checkout current git repository - uses: actions/checkout@v4 - - if: inputs.preScript != '' - name: Run script before the docker image is built - run: | - echo "Run '${{ inputs.preScript }}'" - ${{ inputs.preScript }} - env: - NPM_GITHUB_TOKEN: ${{ secrets.npmGithubReadToken }} - - if: inputs.artifactPath != '' && inputs.artifactName != '' - name: Download artifact - uses: actions/download-artifact@v4 - with: - name: ${{ inputs.artifactName }} - path: ${{ inputs.artifactPath }} - - name: Login to Container Registry - uses: docker/login-action@v3 - with: - registry: ${{ inputs.registryHostname }} - username: ${{ inputs.registryUsername }} - password: ${{ secrets.repoAccessToken }} - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Build image - uses: docker/build-push-action@v6 - with: - build-args: | - GITHUB_SHA=${{ github.sha }} - VERSION=${{ inputs.version }} - APP_NAME=${{ github.event.deployment.payload.name }} - ENVIRONMENT=${{ github.event.deployment.payload.env }} - NPM_GITHUB_TOKEN=${{ secrets.npmGithubReadToken }} - cache-from: type=registry,ref=${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }} - cache-to: type=inline - context: ${{ github.event.deployment.payload.container.context }} - load: true - file: ${{ github.event.deployment.payload.container.file }} - platforms: linux/amd64 - tags: | - ${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }}:latest - ${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }}:${{ inputs.version }} - ${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }}:${{ github.sha }} - - name: Scan for vulnerabilities - if: inputs.enableContainerScan - uses: crazy-max/ghaction-container-scan@v3 - with: - image: ${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }}:latest - dockerfile: Containerfile - severity: ${{ env.IMAGE_SCAN_SEVERITY }} - severity_threshold: ${{ env.IMAGE_SCAN_SEVERITY_THRESHOLD }} - annotations: ${{ env.IMAGE_SCAN_ANNOTATIONS }} - env: - TRIVY_TIMEOUT: ${{ env.IMAGE_SCAN_TRIVY_TIMEOUT }} - - name: Push image to GitHub - run: | - docker push -a ${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }} - build-ecr-single: - if: inputs.repository_kind == 'ecr' && inputs.imageTargets == '' + if: inputs.imageTargets == '' environment: ${{ github.event.deployment.payload.env }} runs-on: ${{ inputs.runner }} steps: @@ -148,7 +81,6 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - name: Configure AWS credentials - if: inputs.repository_kind == 'ecr' uses: aws-actions/configure-aws-credentials@v2 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -194,78 +126,11 @@ jobs: env: TRIVY_TIMEOUT: ${{ env.IMAGE_SCAN_TRIVY_TIMEOUT }} - name: Push image to ECR - if: inputs.repository_kind == 'ecr' run: | docker push -a ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }} - build-github-matrix: - if: inputs.repository_kind == 'github' && inputs.imageTargets != '' - environment: ${{ github.event.deployment.payload.env }} - runs-on: ${{ inputs.runner }} - strategy: - matrix: - containerfile_targets: ${{ fromJson(inputs.imageTargets) }} - steps: - - name: Checkout current git repository - uses: actions/checkout@v4 - - if: inputs.preScript != '' - name: Run script before the docker image is built - run: | - echo "Run '${{ inputs.preScript }}'" - ${{ inputs.preScript }} - env: - NPM_GITHUB_TOKEN: ${{ secrets.npmGithubReadToken }} - - if: inputs.artifactPath != '' && inputs.artifactName != '' - name: Download artifact - uses: actions/download-artifact@v4 - with: - name: ${{ inputs.artifactName }} - path: ${{ inputs.artifactPath }} - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Login to Container Registry - uses: docker/login-action@v3 - with: - registry: ${{ inputs.registryHostname }} - username: ${{ inputs.registryUsername }} - password: ${{ secrets.repoAccessToken }} - - name: Build ${{ matrix.containerfile_targets }} image - uses: docker/build-push-action@v6 - with: - build-args: | - GITHUB_SHA=${{ github.sha }} - VERSION=${{ inputs.version }} - APP_NAME=${{ github.event.deployment.payload.name }} - ENVIRONMENT=${{ github.event.deployment.payload.env }} - NPM_GITHUB_TOKEN=${{ secrets.npmGithubReadToken }} - cache-from: type=registry,ref=${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }} - cache-to: type=inline - context: ${{ github.event.deployment.payload.container.context }} - load: true - file: ${{ github.event.deployment.payload.container.file }} - platforms: linux/amd64 - tags: | - ${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }}:latest - ${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }}:${{ inputs.version }} - ${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }}:${{ github.sha }} - target: ${{ matrix.containerfile_targets }} - - name: Scan for vulnerabilities - uses: crazy-max/ghaction-container-scan@v3 - if: inputs.enableContainerScan - with: - image: ${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }}:latest - dockerfile: Containerfile - severity: ${{ env.IMAGE_SCAN_SEVERITY }} - severity_threshold: ${{ env.IMAGE_SCAN_SEVERITY_THRESHOLD }} - annotations: ${{ env.IMAGE_SCAN_ANNOTATIONS }} - env: - TRIVY_TIMEOUT: ${{ env.IMAGE_SCAN_TRIVY_TIMEOUT }} - - name: Push ${{ matrix.containerfile_targets }} image to ECR - run: | - docker push -a ${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }} - build-ecr-matrix: - if: inputs.repository_kind == 'ecr' && inputs.imageTargets != '' + if: inputs.imageTargets != '' environment: ${{ github.event.deployment.payload.env }} runs-on: ${{ inputs.runner }} strategy: diff --git a/.github/workflows/deployment.yaml b/.github/workflows/deployment.yaml index a476d39..2b216f6 100644 --- a/.github/workflows/deployment.yaml +++ b/.github/workflows/deployment.yaml @@ -9,16 +9,6 @@ on: required: true description: The author of the change that triggers the deployment type: string - chartInAppRepo: - required: false - description: Specify if chart is migrated into the application's repository - default: false - type: boolean - configurationFilepath: - required: false - description: The path to the application configuration file - default: ./plconfig.yaml - type: string containerContext: required: false default: . @@ -65,97 +55,7 @@ on: required: true description: The Github token to perform operations cross-repo (not secrets.GITHUB_TOKEN!) jobs: - read_schema_version: - runs-on: ${{ inputs.runner }} - if: inputs.chartInAppRepo == false - outputs: - version: ${{ steps.version.outputs.result }} - steps: - - name: Checkout current git repository - uses: actions/checkout@v3 - - name: Load schema version - id: version - uses: mikefarah/yq@v4.30.8 - with: - cmd: yq ".schemaVersion" ${{ inputs.configurationFilepath }} - detect_declarations: - runs-on: ${{ inputs.runner }} - needs: [read_schema_version] - if: needs.read_schema_version.outputs.version == 'v2' - outputs: - has-kubernetes: ${{ steps.has-kubernetes.outputs.result }} - steps: - - name: Checkout current git repository - uses: actions/checkout@v3 - - name: Detect kubernetes deployment - id: has-kubernetes - uses: mikefarah/yq@v4.30.8 - with: - cmd: yq '.deployment | has("kubernetes")' ${{ inputs.configurationFilepath }} kubernetes: - runs-on: ${{ inputs.runner }} - needs: [detect_declarations] - if: needs.detect_declarations.outputs.has-kubernetes == 'true' - steps: - - name: Checkout current git repository - uses: actions/checkout@v3 - - name: Load plconfig values - id: values - uses: mikefarah/yq@v4.30.8 - with: - cmd: yq "." ${{ inputs.configurationFilepath }} -o=json -I=0 - - name: Load k8s deployment variables - id: k8s - run: | - # shellcheck disable=SC2129,SC2086 - echo "namespace=${{ fromJSON(steps.values.outputs.result).deployment.kubernetes.namespace }}" >> $GITHUB_OUTPUT - # shellcheck disable=SC2086 - echo "version-key=${{ fromJSON(steps.values.outputs.result).deployment.kubernetes.versionKey }}" >> $GITHUB_OUTPUT - # shellcheck disable=SC2086 - echo "container-context=${{ fromJSON(steps.values.outputs.result).deployment.kubernetes.container.context || '.' }}" >> $GITHUB_OUTPUT - # shellcheck disable=SC2086 - echo "container-file=${{ fromJSON(steps.values.outputs.result).deployment.kubernetes.container.file || 'Containerfile' }}" >> $GITHUB_OUTPUT - if [[ "${{ inputs.env }}" == 'prod' ]] - then - URL="https://${{ inputs.appName }}.parcellab.dev" - STATUS_URL="https://argocd.${{ inputs.env }}.parcellab.dev/applications/${{ inputs.appName }}" - else - URL="https://${{ inputs.appName }}.${{ inputs.env }}.parcellab.dev" - STATUS_URL="https://argocd.${{ inputs.env }}.parcellab.dev/applications/${{ inputs.appName }}" - fi - # shellcheck disable=SC2086 - echo "url=$URL" >> $GITHUB_OUTPUT - # shellcheck disable=SC2086 - echo "status-url=$STATUS_URL" >> $GITHUB_OUTPUT - - name: Create Github ${{ fromJSON(steps.values.outputs.result).name }} k8s deployment - uses: chrnorm/deployment-action@v2 - with: - auto-merge: false - environment: ${{ inputs.env }} - ref: ${{ inputs.ref }} - required-contexts: "" - payload: | - { - "author": ${{ toJSON(inputs.author) }}, - "description": ${{ toJSON(inputs.description) }}, - "env": ${{ toJSON(inputs.env) }}, - "name": ${{ toJSON(fromJSON(steps.values.outputs.result).name) }}, - "container": { - "context": ${{ toJSON(steps.k8s.outputs.container-context) }}, - "file": ${{ toJSON(steps.k8s.outputs.container-file) }} - }, - "kubernetes": { - "namespace": ${{ toJSON(steps.k8s.outputs.namespace) }}, - "versionKey": ${{ toJSON(steps.k8s.outputs.version-key) }} - }, - "schemaVersion": "v2", - "statusUrl": ${{ toJSON(steps.k8s.outputs.status-url) }}, - "url": ${{ toJSON(steps.k8s.outputs.url) }} - } - production-environment: "${{ inputs.env == 'prod' }}" - transient-environment: "${{ inputs.env == 'test' }}" - token: ${{ secrets.repoAccessToken }} - kubernetes-migrated-chart: runs-on: ${{ inputs.runner }} if: inputs.chartInAppRepo == true steps: @@ -197,7 +97,6 @@ jobs: "namespace": "${{ inputs.namespace }}", "versionKey": "${{ inputs.versionKey }}" }, - "schemaVersion": "v2", "statusUrl": ${{ toJSON(steps.k8s.outputs.status-url) }}, "url": ${{ toJSON(steps.k8s.outputs.url) }} } diff --git a/.github/workflows/kubernetes.yaml b/.github/workflows/kubernetes.yaml index 389e720..f0b863e 100644 --- a/.github/workflows/kubernetes.yaml +++ b/.github/workflows/kubernetes.yaml @@ -17,11 +17,6 @@ on: description: The email of the bot that will appear in the GitOps commit default: dev.bot@parcellab.com type: string - chartInAppRepo: - required: false - description: Specify if chart is migrated into the application's repository - default: false - type: boolean deploymentRepoPath: required: false description: The path within the deployment repository that holds all version files @@ -216,31 +211,7 @@ jobs: path: remote token: ${{ secrets.repoAccessToken }} ref: main - - if: github.event.deployment.payload.schemaVersion == 'v2' && github.event.deployment.payload.env != 'playground' && inputs.chartInAppRepo == false - name: Update ${{ github.event.deployment.payload.name }} version for ${{ github.event.deployment.environment }} values - uses: mikefarah/yq@v4.30.8 - with: - cmd: yq '(.${{ github.event.deployment.payload.kubernetes.versionKey }} = "${{ needs.initialize.outputs.version }}")' -i remote/${{ inputs.deploymentRepoPath }}/${{ github.event.deployment.payload.kubernetes.namespace }}/${{ github.event.deployment.payload.env }}/${{ github.event.deployment.payload.name }}/${{ inputs.versionFilePath }} - - - if: github.event.deployment.payload.schemaVersion == 'v2' && github.event.deployment.payload.env != 'playground' && inputs.chartInAppRepo == true && inputs.deploymentRepoValuesPath == '' - name: Deploy ${{ github.sha }} to ${{ github.event.deployment.environment }} values - uses: mikefarah/yq@v4.30.8 - with: - cmd: yq '(.${{ github.event.deployment.payload.kubernetes.versionKey }} = "${{ needs.initialize.outputs.version }}")' -i remote/${{ inputs.deploymentRepoPath }}/values.${{ github.event.deployment.payload.env }}.yaml - - - if: github.event.deployment.payload.schemaVersion == 'v2' && github.event.deployment.payload.env != 'playground' && inputs.chartInAppRepo == true && inputs.deploymentRepoValuesPath != '' - name: Deploy ${{ github.sha }} to ${{ github.event.deployment.environment }} values - uses: mikefarah/yq@v4.30.8 - with: - cmd: yq '(.${{ github.event.deployment.payload.kubernetes.versionKey }} = "${{ needs.initialize.outputs.version }}")' -i remote/${{ inputs.deploymentRepoValuesPath }} - - - if: github.event.deployment.payload.schemaVersion == 'v2' && github.event.deployment.payload.env == 'playground' && inputs.chartInAppRepo == false - name: Update ${{ github.event.deployment.payload.name }} version for ${{ github.event.deployment.environment }} values - uses: mikefarah/yq@v4.30.8 - with: - cmd: yq '(.${{ github.event.deployment.payload.kubernetes.versionKey }} = "${{ needs.initialize.outputs.version }}")' -i remote/${{ inputs.deploymentRepoPath }}/${{ github.event.deployment.payload.kubernetes.namespace }}/prod/${{ github.event.deployment.payload.name }}/values.playground.yaml - - if: github.event.deployment.payload.schemaVersion == 'v2' && github.event.deployment.payload.env == 'playground' && inputs.chartInAppRepo == true - name: Deploy ${{ github.sha }} to ${{ github.event.deployment.environment }} values + - name: Deploy ${{ github.sha }} to ${{ github.event.deployment.environment }} values uses: mikefarah/yq@v4.30.8 with: cmd: yq '(.${{ github.event.deployment.payload.kubernetes.versionKey }} = "${{ needs.initialize.outputs.version }}")' -i remote/${{ inputs.deploymentRepoPath }}/values.yaml From 72b512f532f8e0912bed75aaaccb9cde64d45fbc Mon Sep 17 00:00:00 2001 From: Kirill Plis Date: Wed, 3 Sep 2025 10:55:34 +0200 Subject: [PATCH 2/7] revert secrets deletion --- .github/workflows/build-and-push-image-to-ecr.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/build-and-push-image-to-ecr.yaml b/.github/workflows/build-and-push-image-to-ecr.yaml index 3856b33..dc7e5f1 100644 --- a/.github/workflows/build-and-push-image-to-ecr.yaml +++ b/.github/workflows/build-and-push-image-to-ecr.yaml @@ -25,6 +25,11 @@ on: description: If provided, downloads a previously uploaded artifact (has to be in the same workflow). Both artifactPath and artifactName have to be passed. default: "" type: string + secrets: + AWS_ACCESS_KEY_ID: + required: true + AWS_SECRET_ACCESS_KEY: + required: true jobs: build-and-push-image-to-ecr: From 8d1a741561bf6b50d8240d2a2542c7a45eb1a89f Mon Sep 17 00:00:00 2001 From: Kirill Plis Date: Wed, 3 Sep 2025 10:58:39 +0200 Subject: [PATCH 3/7] revert the job too --- .github/workflows/build-and-push-image-to-ecr.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-push-image-to-ecr.yaml b/.github/workflows/build-and-push-image-to-ecr.yaml index dc7e5f1..d3c72cb 100644 --- a/.github/workflows/build-and-push-image-to-ecr.yaml +++ b/.github/workflows/build-and-push-image-to-ecr.yaml @@ -46,9 +46,9 @@ jobs: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v2 with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: eu-central-1 - role-to-assume: - role-session-name: GitHub_to_AWS_via_FederatedOIDC - name: Create ECR repository if it doesn't exist run: | aws ecr describe-repositories --repository-names ${{ inputs.APPLICATION_NAME }} || \ From cd1a71ce921ca0f19aeb15e19a02a5862f50b9f9 Mon Sep 17 00:00:00 2001 From: Kirill Plis Date: Wed, 3 Sep 2025 11:01:49 +0200 Subject: [PATCH 4/7] clean up plconfig --- .github/workflows/kubernetes.yaml | 6 -- .github/workflows/plconfig.yaml | 141 ------------------------------ 2 files changed, 147 deletions(-) delete mode 100644 .github/workflows/plconfig.yaml diff --git a/.github/workflows/kubernetes.yaml b/.github/workflows/kubernetes.yaml index f0b863e..d517d33 100644 --- a/.github/workflows/kubernetes.yaml +++ b/.github/workflows/kubernetes.yaml @@ -57,11 +57,6 @@ on: description: The username for the container registry default: parcellab-dev-bot type: string - repository_kind: - required: false - description: The kind of repository (github or ecr) - default: "github" - type: string enableContainerScan: required: false description: Apply the container scan @@ -192,7 +187,6 @@ jobs: registryHostname: ${{ inputs.registryHostname }} registryOrg: ${{ inputs.registryOrg }} registryUsername: ${{ inputs.registryUsername }} - repository_kind: ${{ inputs.repository_kind }} enableContainerScan: ${{ inputs.enableContainerScan }} runner: ${{ inputs.runner }} version: ${{ needs.initialize.outputs.version }} diff --git a/.github/workflows/plconfig.yaml b/.github/workflows/plconfig.yaml deleted file mode 100644 index 4378c7f..0000000 --- a/.github/workflows/plconfig.yaml +++ /dev/null @@ -1,141 +0,0 @@ -name: Reusable parcelLab Config -on: - workflow_call: - inputs: - botEmail: - required: false - description: The email of the bot that will appear in the GitOps commit - default: dev.bot@parcellab.com - type: string - botName: - required: false - description: The name of the bot that will appear in the GitOps commit - default: parcellab-dev-bot - type: string - configurationFilepath: - required: false - description: The path to the application configuration file - default: ./plconfig.yaml - type: string - deploymentRepoPath: - required: false - description: The path within the deployment repository that holds all version files - default: namespaces - type: string - deploymentRepoURL: - required: false - description: The repository within Github that holds the version file to deploy via GitOps - default: parcelLab/deployment - type: string - runner: - required: false - description: Runner type - default: ubuntu-latest - type: string - secrets: - repoAccessToken: - required: true - description: The Github token to perform operations cross-repo (not secrets.GITHUB_TOKEN!) -jobs: - read_schema_version: - runs-on: ${{ inputs.runner }} - outputs: - version: ${{ steps.version.outputs.result }} - steps: - - name: Checkout current git repository - uses: actions/checkout@v3 - - name: Load schema version - id: version - uses: mikefarah/yq@v4.30.8 - with: - cmd: yq ".schemaVersion" ${{ inputs.configurationFilepath }} - detect_declarations: - if: needs.read_schema_version.outputs.version == 'v2' - runs-on: ${{ inputs.runner }} - needs: [read_schema_version] - outputs: - has-kubernetes: ${{ steps.has-kubernetes.outputs.result }} - steps: - - name: Checkout current git repository - uses: actions/checkout@v3 - - name: Detect kubernetes deployment - id: has-kubernetes - uses: mikefarah/yq@v4.30.8 - with: - cmd: yq '.deployment | has("kubernetes")' ${{ inputs.configurationFilepath }} - kubernetes_matrix: - if: needs.detect_declarations.outputs.has-kubernetes == 'true' - runs-on: ${{ inputs.runner }} - needs: [detect_declarations] - outputs: - matrix: ${{ steps.envs.outputs.result }} - steps: - - name: Checkout current git repository - uses: actions/checkout@v3 - - name: Detect envs - id: envs - uses: mikefarah/yq@v4.30.8 - with: - cmd: yq '.deployment.kubernetes.env | keys' ${{ inputs.configurationFilepath }} -o=json -I=0 - kubernetes_env: - runs-on: ${{ inputs.runner }} - needs: [kubernetes_matrix] - strategy: - matrix: - env: ${{ fromJSON(needs.kubernetes_matrix.outputs.matrix) }} - max-parallel: 1 - steps: - - name: Checkout current git repository - uses: actions/checkout@v3 - - name: Checkout ${{ inputs.deploymentRepoURL }} git repository - uses: actions/checkout@v3 - with: - repository: ${{ inputs.deploymentRepoURL }} - path: remote - token: ${{ secrets.repoAccessToken }} - ref: main - - name: Load YAML values from file into JSON - id: json - uses: mikefarah/yq@v4.30.8 - with: - cmd: yq "." ${{ inputs.configurationFilepath }} -o=json -I=0 - - name: Load common vars - id: vars - run: | - # shellcheck disable=SC2086 - echo "namespace-path=remote/${{ inputs.deploymentRepoPath }}/${{ fromJSON(steps.json.outputs.result).deployment.kubernetes.namespace }}" >> $GITHUB_OUTPUT - # shellcheck disable=SC2086 - echo "do-not-edit=DO NOT EDIT. Auto generated from ${{ fromJSON(steps.json.outputs.result).name }} ${{ inputs.configurationFilepath }} (replaces values.yaml instead)" >> $GITHUB_OUTPUT - - name: Load external values for ${{ matrix.env }} - uses: mikefarah/yq@v4.30.8 - with: - cmd: >- - yq '.deployment.kubernetes.env.${{ matrix.env }}.values | . head_comment="${{ steps.vars.outputs.do-not-edit }}"' ${{ inputs.configurationFilepath }} > ${{ steps.vars.outputs.namespace-path }}/${{ matrix.env }}/${{ fromJSON(steps.json.outputs.result).name }}/values-external.yaml && - yq '{ "dependencies": .deployment.kubernetes.env.${{ matrix.env }}.dependencies } * {"apiVersion": "v2", "name": "${{ fromJSON(steps.json.outputs.result).name }}", "description": "${{ fromJSON(steps.json.outputs.result).description }} (${{ matrix.env }})", "version": "0.0.0"}' ${{ inputs.configurationFilepath }} > ${{ steps.vars.outputs.namespace-path }}/${{ matrix.env }}/${{ fromJSON(steps.json.outputs.result).name }}/Chart.yaml - # Commit & Push to GitOps repo - - name: Commit deployment files for ${{ matrix.env }} - id: commit - run: | - cd remote - if [[ $(git status --porcelain --untracked-files=no | wc -l) -gt 0 ]]; then - # Untracked changes - git config --global user.email "${{ inputs.botEmail }}" - git config --global user.name "${{ inputs.botName }}" - git add . - git commit --allow-empty -m "chore(${{ fromJSON(steps.json.outputs.result).name }}): set parcelLab ${{ matrix.env }} config values" - # shellcheck disable=SC2086 - echo "has-changes=true" >> $GITHUB_OUTPUT - else - # No changes, ignore - # shellcheck disable=SC2086 - echo "has-changes=false" >> $GITHUB_OUTPUT - fi - - if: steps.commit.outputs.has-changes == 'true' - name: Push changes to main in ${{ inputs.deploymentRepoURL }} git repository for ${{ matrix.env }} - uses: ad-m/github-push-action@0fafdd62b84042d49ec0cb92d9cac7f7ce4ec79e - with: - repository: ${{ inputs.deploymentRepoURL }} - directory: remote - github_token: ${{ secrets.repoAccessToken }} - branch: main - force: true From 4d5d9dcbf8df2a02846b3a63a487e1539311e41d Mon Sep 17 00:00:00 2001 From: Kirill Plis Date: Wed, 3 Sep 2025 11:03:11 +0200 Subject: [PATCH 5/7] remove last chartInAppRepo --- .github/workflows/deployment.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/deployment.yaml b/.github/workflows/deployment.yaml index 2b216f6..e7e4606 100644 --- a/.github/workflows/deployment.yaml +++ b/.github/workflows/deployment.yaml @@ -57,7 +57,6 @@ on: jobs: kubernetes: runs-on: ${{ inputs.runner }} - if: inputs.chartInAppRepo == true steps: - name: Checkout current git repository uses: actions/checkout@v3 From 85e426276b73fdfd9cc92e0c56341a7dad1f8407 Mon Sep 17 00:00:00 2001 From: Kirill Plis Date: Wed, 3 Sep 2025 11:54:43 +0200 Subject: [PATCH 6/7] point build-image to the cleanup branch --- .github/workflows/kubernetes.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/kubernetes.yaml b/.github/workflows/kubernetes.yaml index d517d33..c791ec0 100644 --- a/.github/workflows/kubernetes.yaml +++ b/.github/workflows/kubernetes.yaml @@ -178,7 +178,7 @@ jobs: build: needs: [initialize] - uses: parcelLab/ci/.github/workflows/build-image.yaml@main + uses: parcelLab/ci/.github/workflows/build-image.yaml@cleanup with: artifactName: ${{ inputs.artifactName }} artifactPath: ${{ inputs.artifactPath }} From 7e4b705a973de676cb9968e7ef4a24b150674b5a Mon Sep 17 00:00:00 2001 From: Kirill Plis Date: Wed, 3 Sep 2025 11:58:20 +0200 Subject: [PATCH 7/7] point back to main --- .github/workflows/kubernetes.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/kubernetes.yaml b/.github/workflows/kubernetes.yaml index c791ec0..d517d33 100644 --- a/.github/workflows/kubernetes.yaml +++ b/.github/workflows/kubernetes.yaml @@ -178,7 +178,7 @@ jobs: build: needs: [initialize] - uses: parcelLab/ci/.github/workflows/build-image.yaml@cleanup + uses: parcelLab/ci/.github/workflows/build-image.yaml@main with: artifactName: ${{ inputs.artifactName }} artifactPath: ${{ inputs.artifactPath }}