diff --git a/.github/workflows/renovate.yaml b/.github/disabled-workflows/renovate.yaml similarity index 100% rename from .github/workflows/renovate.yaml rename to .github/disabled-workflows/renovate.yaml diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml new file mode 100644 index 00000000..44228ed2 --- /dev/null +++ b/.github/workflows/flux-diff.yaml @@ -0,0 +1,49 @@ +--- +name: "Flux Diff" + +on: + pull_request: + branches: ["main"] + paths: ["kube/**.yaml"] + +jobs: + flux-diff: + name: Flux Diff + runs-on: ubuntu-latest + permissions: + pull-requests: write + strategy: + matrix: + path: ["kube"] + resource: ["helmrelease", "kustomization"] + steps: + - name: "Generate Short Lived OAuth App Token (ghs_*)" + uses: actions/create-github-app-token@e995b4e40ace2eb5bf13137d9abe242c98f3aab6 # v1.6.0 + id: oauth-token + with: + app-id: "${{ secrets.BOT_APP_ID }}" # $BOT_APP_ID is found in GitHub App main settings page + private-key: "${{ secrets.BOT_JWT_PRIVATE_KEY }}" # $BOT_JWT_PRIVATE_KEY is generated in GitHub App main settings page, uses the X.509 private key format + + - name: Setup Flux + uses: fluxcd/flux2/action@a18d4f345021182d6516bf3e8e00210567f46ab5 # v2.1.2 + + - name: Diff Resources + # uses: allenporter/flux-local/action/diff@19bfc6920e8964a479363bc230e6c329120ead02 # 3.2.0 + uses: allenporter/flux-local/action/diff@flux-build + id: diff + with: + sources: "flux-system" + path: "${{ matrix.path }}" + resource: "${{ matrix.resource }}" + + - if: ${{ steps.diff.outputs.diff != '' }} + name: Add comment + uses: mshick/add-pr-comment@7c0890544fb33b0bdd2e59467fbacb62e028a096 # v2.8.1 + with: + repo-token: "${{ steps.oauth-token.outputs.token }}" + message-id: "${{ github.event.pull_request.number }}/${{ matrix.path }}/${{ matrix.resource }}" + message-failure: Diff was not successful + message: | + ```diff + ${{ steps.diff.outputs.diff }} + ``` \ No newline at end of file