-
Notifications
You must be signed in to change notification settings - Fork 14
101 lines (91 loc) · 4.62 KB
/
flux-localhost-build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
---
name: "Flux Localhost Build"
on:
workflow_dispatch:
inputs:
version:
description: Flux version to build
# renovate: datasource=docker depName=ghcr.io/fluxcd/flux-manifests
default: "2.2.3"
required: true
push:
branches: ["main"]
paths:
- kube/bootstrap/flux
- kube/clusters/*/flux/flux-install*.yaml
- .github/workflows/flux-localhost-build.yaml
env:
# renovate: datasource=docker depName=ghcr.io/fluxcd/flux-manifests
FLUX_VERSION: "2.2.3"
OUTFILE: "kube/bootstrap/flux/flux-install-localhost-manifests.yaml"
jobs:
flux-localhost-build:
name: Flux Localhost Build
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- name: "Setup variables" # Renovate can't edit the version in `env` block if there's other ${{}} stuff around
id: "vars"
shell: "bash"
run: |
echo "FLUX_VERSION=${{ github.event.inputs.version || env.FLUX_VERSION }}" >> "${GITHUB_ENV}"
echo "BRANCH=flux-localhost-build-${{ github.event.inputs.version || env.FLUX_VERSION }}" >> "${GITHUB_ENV}"
echo "MESSAGE=feat(bootstrap/flux)!: build Flux v${{ github.event.inputs.version || env.FLUX_VERSION }} localhost install manifests" >> "${GITHUB_ENV}"
- name: "Generate Short Lived OAuth App Token (ghs_*)"
uses: actions/create-github-app-token@c8f55efbd427e7465d6da1106e7979bc8aaee856 # v1.10.1
id: oauth-token
with:
app-id: "${{ secrets.BOT_APP_ID }}" # $BOT_APP_ID is found in GitHub App main settings page
private-key: "${{ secrets.BOT_JWT_PRIVATE_KEY }}" # $BOT_JWT_PRIVATE_KEY is generated in GitHub App main settings page, uses the X.509 private key format
- name: Setup Flux
uses: fluxcd/flux2/action@534684601ec8888beb0cc4f51117b59e97606c4d # v2.2.3
with:
version: "${{ env.FLUX_VERSION }}"
- name: Checkout
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
token: "${{ steps.oauth-token.outputs.token }}"
- name: Build Flux Install Manifests
shell: bash
env:
GH_TOKEN: "${{ steps.oauth-token.outputs.token }}"
run: |
git config push.autoSetupRemote true
git config user.name "${{ secrets.BOT_USERNAME }}[bot]"
git config user.email "${{ secrets.BOT_API_ID }}+${{ secrets.BOT_USERNAME }}[bot]@users.noreply.github.com" # get $BOT_API_ID from `curl -s 'https://api.github.com/users/$(BOT_USERNAME)%5Bbot%5D' | yq .id`
git checkout -b ${{ env.BRANCH }} main
git push origin ${{ env.BRANCH }} --force
mkdir -p /tmp/flux
flux pull artifact oci://ghcr.io/fluxcd/flux-manifests:v${{ env.FLUX_VERSION }} --output /tmp/flux/
flux build kustomization zzz-flux --path /tmp/flux --kustomization-file ./kube/clusters/biohazard/flux/flux-install-localhost.yaml --dry-run | tee ./${{ env.OUTFILE }}
# below is yoinked from https://gist.github.com/swinton/03e84635b45c78353b1f71e41007fc7c
- name: Commit Changes # with commit signing
shell: bash
env:
GH_TOKEN: "${{ steps.oauth-token.outputs.token }}"
GITHUB_TOKEN: "${{ steps.oauth-token.outputs.token }}"
FILE_TO_COMMIT: "${{ env.OUTFILE }}"
DESTINATION_BRANCH: "${{ env.BRANCH }}"
run: |
export MESSAGE="${{ env.MESSAGE }}"
export SHA=$( git rev-parse ${{ env.DESTINATION_BRANCH }}:${{ env.FILE_TO_COMMIT }} )
base64 -i -w0 ${{ env.FILE_TO_COMMIT }} > /tmp/base64data
if gh api --method PUT /repos/:owner/:repo/contents/${{ env.FILE_TO_COMMIT }} \
--field message="${MESSAGE}" \
--field content="@/tmp/base64data" \
--field encoding="base64" \
--field branch="${{ env.DESTINATION_BRANCH }}" \
--field sha="${SHA}" ; then
echo "Pushed signed commit to GitHub."
elif gh api --method PUT /repos/:owner/:repo/contents/${{ env.FILE_TO_COMMIT }} \
--field message="${MESSAGE}" \
--field content="@/tmp/base64data" \
--field encoding="base64" \
--field branch="${{ env.DESTINATION_BRANCH }}" ; then
echo "Pushed signed commit to GitHub."
else
echo "No changes to push or errored pushing."
fi
gh pr create --base main --head ${{ env.BRANCH }} --title "${{ env.MESSAGE }}" --body "Updates Flux install manifests, patched for use with localhost hostNetwork, to the ${{ env.FLUX_VERSION }} version." --reviewer ${{ github.repository_owner }}