Add Flux sync manifests #147
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: inject-sidecar | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
jobs: | |
inject-istio: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- uses: chrisdickinson/setup-yq@latest | |
with: | |
yq-version: v4.25.1 | |
- name: get istio controlplane version | |
id: get-istio-version | |
run: | | |
ISTIO_VERSION=$(yq eval '.data.version' ./clusters/my-cluster/istio-version.yaml) | |
echo "ISTIO_VERSION=$ISTIO_VERSION" >> $GITHUB_ENV | |
- name: get istioctl uri | |
id: get-istioctl | |
uses: istio/[email protected] | |
with: | |
version: ${{ env.ISTIO_VERSION }} | |
- uses: azure/[email protected] | |
id: install | |
- name: Get Istioctl | |
run: | | |
istioctl version --remote=false | |
- uses: "actions/setup-python@v2" | |
with: | |
python-version: "3.8" | |
- name: Inject Sidecar | |
id: inject | |
run: | | |
# hydrate isto manifest into configmap files | |
URI=$(cat istio/system/istio.yaml | yq e '. | select(.kind == "HelmRepository" and .metadata.name =="istio") | .spec.url' -) | |
cat istio/system/istio.yaml | yq e '. | select(.kind == "HelmRelease" and .metadata.name =="istiod") | .spec.values' - > values.yaml | |
VERSION=$(cat clusters/my-cluster/istio-version.yaml | yq e '.data.version' -) | |
helm repo add istio $URI | |
helm template -n istio-system -f values.yaml --version $VERSION istiod istio/istiod | yq e '.| select(.kind == "ConfigMap" and .metadata.name == "istio-sidecar-injector") | .data.config' - > injector.yaml | |
helm template -n istio-system -f values.yaml --version $VERSION istiod istio/istiod | yq e '.| select(.kind == "ConfigMap" and .metadata.name == "istio") | .data.mesh' - > mesh.yaml | |
helm template -n istio-system -f values.yaml --version $VERSION istiod istio/istiod | yq e '.| select(.kind == "ConfigMap" and .metadata.name == "istio-sidecar-injector") | .data.values' - > inj-values.yaml | |
python -m pip install jsonpatch | |
inject() { | |
NAME="${1%.*}" | |
echo "name =$NAME" | |
EXTENSION="${1##*.}" | |
echo "ext =$EXTENSION" | |
istioctl kube-inject \ | |
--injectConfigFile injector.yaml \ | |
--meshConfigFile mesh.yaml \ | |
--valuesFile inj-values.yaml \ | |
-f $1 -o $NAME.gen.$EXTENSION | |
# injected yaml ends with '---', so remove before converting to json | |
yq -N eval '.' $NAME.gen.$EXTENSION | yq -N -o json eval > $NAME.gen.json | |
yq eval -o=json $NAME.$EXTENSION > $NAME.json | |
python ./.github/workflows/jsondiff.py "$(pwd)""${NAME#.}".json "$(pwd)"/$NAME.gen.json > $NAME.patch.json | |
yq eval -P $NAME.patch.json > $NAME.patch.$EXTENSION | |
rm $NAME.gen.$EXTENSION | |
rm $NAME.json | |
rm $NAME.gen.json | |
rm $NAME.patch.json | |
} | |
export -f inject | |
find . -not -path "*/istio-$ISTIO_VERSION/*" \ | |
-not -path "*/.git*/*" -not -path "*/clusters/*" -name "*.yaml" \ | |
-not -path "*/istio/operator/manifests.yaml" -name "*deployment.yaml" \ | |
-print0 | xargs -0 -I{} bash -c "inject {}" | |
rm inj-values.yaml injector.yaml values.yaml mesh.yaml | |
if [[ $(git diff --stat) != '' ]]; then | |
echo ::set-output name=version::${ISTIO_VERSION} | |
fi | |
- name: Create Pull Request | |
uses: peter-evans/create-pull-request@v3 | |
if: steps.inject.outputs.version | |
with: | |
token: ${{ secrets.GH_ADMIN_TOKEN }} | |
committer: github-actions[bot] <github-actions[bot]@users.noreply.github.com> | |
author: github-actions[bot] <github-actions[bot]@users.noreply.github.com> | |
commit-message: Update Sidecars to ${{ env.ISTIO_VERSION }} | |
title: Update Istio sidecar ${{ env.ISTIO_VERSION }} | |
body: | | |
Istio sidecar v${{ env.ISTIO_VERSION }} | |
branch: update-sidecar-${{ env.ISTIO_VERSION }} |