Skip to content

Commit 6c4915d

Browse files
benbzbenbz
committed
CI: allow dyff job to work on forks.
1 parent eed8623 commit 6c4915d

4 files changed

Lines changed: 225 additions & 190 deletions

File tree

.github/workflows/build-test.yml

Lines changed: 0 additions & 190 deletions
Original file line numberDiff line numberDiff line change
@@ -91,193 +91,3 @@ jobs:
9191
for checkov_values in charts/matrix-stack/ci/*checkov*values.yaml; do
9292
scripts/checkov.sh "$checkov_values"
9393
done
94-
95-
template-dyff:
96-
runs-on: ubuntu-latest
97-
permissions:
98-
contents: read
99-
pull-requests: write # required to post a comment to a pull request
100-
steps:
101-
- name: Checkout PR
102-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
103-
with:
104-
fetch-depth: 0
105-
106-
# helm template doesn't reliably order manifests within the same kind, so use yq to do it for us
107-
- name: Generate manifests for PR
108-
id: generate-manifests
109-
run: |
110-
mkdir -p "$RUNNER_TEMP/new"
111-
for values in charts/matrix-stack/ci/*values.yaml; do
112-
echo "Generating new templates with $values";
113-
mkdir -p "$RUNNER_TEMP/new/$(basename "$values" ".yaml")"
114-
helm template \
115-
-n ess-ci \
116-
-a monitoring.coreos.com/v1/ServiceMonitor \
117-
-f "$values" charts/matrix-stack | \
118-
yq ea '[.] | .[] | splitDoc' | \
119-
yq -s "\"$RUNNER_TEMP/new/$(basename "$values" ".yaml")/\""' + ([.kind, .metadata.name] | join("-") | downcase) + ".yaml"'
120-
done
121-
echo "output_dir=$RUNNER_TEMP/new" | tee -a "$GITHUB_OUTPUT"
122-
123-
# We want the most recent common ancestor between the target & PR branches rather than the target branch itself
124-
# There could have been more commits to the target branch since the PR branch was created and we don't want to see
125-
# those changes in the dyff, only what this branch is doing.
126-
- name: Determine most recent common ancestor of target and PR branches
127-
id: merge-base
128-
run: |
129-
echo "merge-base=$(git merge-base ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }})" | tee -a "$GITHUB_OUTPUT"
130-
131-
- name: Checkout target
132-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
133-
with:
134-
ref: ${{ steps.merge-base.outputs.merge-base }}
135-
136-
- name: Generate manifests for base
137-
run: |
138-
mkdir -p "$RUNNER_TEMP/old"
139-
for values in charts/matrix-stack/ci/*values.yaml; do
140-
echo "Generating old templates with $values";
141-
mkdir -p "$RUNNER_TEMP/old/$(basename "$values" ".yaml")"
142-
helm template \
143-
-n ess-ci \
144-
-a monitoring.coreos.com/v1/ServiceMonitor \
145-
-f "$values" charts/matrix-stack | \
146-
yq ea '[.] | .[] | splitDoc' | \
147-
yq -s "\"$RUNNER_TEMP/old/$(basename "$values" ".yaml")/\""' + ([.kind, .metadata.name] | join("-") | downcase) + ".yaml"'
148-
done
149-
150-
- name: Install dyff with asdf
151-
uses: asdf-vm/actions/install@1902764435ca0dd2f3388eea723a4f92a4eb8302 # v4
152-
with:
153-
tool_versions: |
154-
dyff 1.10.1
155-
156-
- name: Upload new manifests
157-
id: upload-new
158-
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
159-
with:
160-
name: new-manifests
161-
path: ${{ steps.generate-manifests.outputs.output_dir }}
162-
retention-days: 1
163-
164-
- name: dyff old and new manifests
165-
id: dyff
166-
shell: bash
167-
env:
168-
ARTIFACT_URL: ${{ steps.upload-new.outputs.artifact-url }}
169-
run: |
170-
echo "output_dir=$RUNNER_TEMP" | tee -a "$GITHUB_OUTPUT"
171-
values_directories=$(find "$RUNNER_TEMP/old" "$RUNNER_TEMP/new" -maxdepth 1 -type d | sed -E 's|'"$RUNNER_TEMP"'/(old\|new)||' | sed -E 's|^/||' | sort | uniq)
172-
header="# dyff of changes in rendered templates of CI manifests\n\n"
173-
comment_body=""
174-
while read -r values_dir; do
175-
if [ -z "$values_dir" ]; then
176-
continue
177-
fi
178-
179-
templates_files=$(find "$RUNNER_TEMP/old" "$RUNNER_TEMP/new" -maxdepth 2 -name '*.yaml' | grep "$values_dir" | sed -E 's|'"$RUNNER_TEMP"'/(old\|new)/||' | sort | uniq)
180-
comment_templates_body=""
181-
182-
while read -r templates_file; do
183-
current_file="$(basename "$templates_file")"
184-
if [[ "$current_file" == ".yaml" ]] && [ ! -s "$template_file" ]; then
185-
continue
186-
fi
187-
188-
if [ ! -f "$RUNNER_TEMP/old/$templates_file" ]; then
189-
api_version=$(yq '.apiVersion' "$RUNNER_TEMP/new/$templates_file")
190-
kind=$(yq '.kind' "$RUNNER_TEMP/new/$templates_file")
191-
name=$(yq '.metadata.name' "$RUNNER_TEMP/new/$templates_file")
192-
namespace=$(yq '.metadata.namespace' "$RUNNER_TEMP/new/$templates_file")
193-
metadata=$(yq '.metadata' "$RUNNER_TEMP/new/$templates_file")
194-
comment_templates_body+="@@ $current_file @@\n"
195-
comment_templates_body+="# $api_version/$kind/$namespace/$name\n"
196-
comment_templates_body+="! + one file added - the full content of the file is available in ${ARTIFACT_URL}\n"
197-
comment_templates_body+="+ apiVersion: $api_version\n"
198-
comment_templates_body+="+ kind: $kind\n"
199-
comment_templates_body+="+ metadata:\n"
200-
while IFS= read -r line; do
201-
comment_templates_body+="+ $line\n"
202-
done <<< "$metadata"
203-
comment_templates_body+="\n\n"
204-
continue
205-
fi
206-
207-
if [ ! -f "$RUNNER_TEMP/new/$templates_file" ]; then
208-
api_version=$(yq '.apiVersion' "$RUNNER_TEMP/old/$templates_file" )
209-
kind=$(yq '.kind' "$RUNNER_TEMP/old/$templates_file")
210-
name=$(yq '.metadata.name' "$RUNNER_TEMP/old/$templates_file")
211-
namespace=$(yq '.metadata.namespace' "$RUNNER_TEMP/old/$templates_file")
212-
metadata=$(yq '.metadata' "$RUNNER_TEMP/old/$templates_file")
213-
comment_templates_body+="@@ $current_file @@\n"
214-
comment_templates_body+="# $api_version/$kind/$namespace/$name\n"
215-
comment_templates_body+="! - one file removed\n"
216-
comment_templates_body+="- apiVersion: $api_version\n"
217-
comment_templates_body+="- kind: $kind\n"
218-
comment_templates_body+="- metadata:\n"
219-
while IFS= read -r line; do
220-
comment_templates_body+="- $line\n"
221-
done <<< "$metadata"
222-
comment_templates_body+="\n\n"
223-
continue
224-
fi
225-
226-
exit_code=0
227-
dyff_detail=$(dyff between --set-exit-code --omit-header --output=github "$RUNNER_TEMP/old/$templates_file" "$RUNNER_TEMP/new/$templates_file" 2>&1) || exit_code=$?
228-
if [ $exit_code -ne 0 ]; then
229-
if [[ "$dyff_detail" == *"failed to compare input files"* ]]; then
230-
echo "failed with file $templates_file"
231-
exit 1
232-
fi
233-
234-
api_version=$(yq '.apiVersion' "$RUNNER_TEMP/new/$templates_file")
235-
kind=$(yq '.kind' "$RUNNER_TEMP/new/$templates_file")
236-
name=$(yq '.metadata.name' "$RUNNER_TEMP/new/$templates_file")
237-
namespace=$(yq '.metadata.namespace' "$RUNNER_TEMP/new/$templates_file")
238-
resource_metadata="# $api_version/$kind/$namespace/$name"
239-
comment_templates_body+=$(sed -e "1d" -e "/^@@/a$resource_metadata" <<< "$dyff_detail")
240-
comment_templates_body+="\n\n\n"
241-
fi
242-
done <<< "$templates_files"
243-
244-
if [[ -n "$comment_templates_body" ]]; then
245-
comment_body+="<details><summary><b>$values_dir.yaml</b></summary>\n"
246-
comment_body+='\n```diff\n'
247-
comment_body+="$comment_templates_body"
248-
comment_body+='```\n'
249-
comment_body+="\n</details>\n"
250-
fi
251-
252-
done <<< "$values_directories"
253-
254-
if [ -z "$comment_body" ]; then
255-
comment_body="No changes in rendered templates"
256-
fi
257-
258-
echo -e "$header$comment_body" | tee "$RUNNER_TEMP/dyff-output.md"
259-
260-
- name: Upload generated manifests
261-
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
262-
with:
263-
name: dyff-templates
264-
path: ${{ steps.dyff.outputs.output_dir }}
265-
retention-days: 1
266-
267-
- name: Find dyff comment
268-
if: github.event.pull_request.number != ''
269-
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3
270-
id: find-dyff-comment
271-
with:
272-
issue-number: ${{ github.event.pull_request.number }}
273-
comment-author: 'github-actions[bot]'
274-
body-includes: 'dyff of changes in rendered templates'
275-
276-
- name: Create or update comment
277-
if: github.event.pull_request.number != ''
278-
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4
279-
with:
280-
comment-id: ${{ steps.find-dyff-comment.outputs.comment-id }}
281-
issue-number: ${{ github.event.pull_request.number }}
282-
body-path: ${{ runner.temp }}/dyff-output.md
283-
edit-mode: replace

.github/workflows/templates-dyff-comment.yml

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
# Copyright 2025 New Vector Ltd
2+
#
3+
# SPDX-License-Identifier: AGPL-3.0-only
4+
name: dyff of rendered templates - comment
5+
6+
on:
7+
workflow_run:
8+
workflows: ["dyff of rendered templates"]
9+
types:
10+
- completed
11+
12+
jobs:
13+
comment:
14+
runs-on: ubuntu-latest
15+
if: github.event.workflow_run.conclusion == 'success'
16+
steps:
17+
- name: Download dyff of templates
18+
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
19+
with:
20+
github-token: ${{ secrets.GITHUB_TOKEN }}
21+
name: dyff-templates
22+
run-id: ${{ github.event.workflow_run.id }}
23+
24+
- name: Unpack artifact
25+
id: artifacts
26+
run: |
27+
unzip dyff-templates -d "${{ runner.temp }}"
28+
# This is already formatted as pr-number=<pr number>
29+
cat "${{ runner.temp }}/pr-number.txt" >> "$GITHUB_OUTPUT"
30+
31+
- name: Find dyff comment
32+
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3
33+
id: find-dyff-comment
34+
with:
35+
issue-number: ${{ steps.artifacts.outputs.pr-number }}
36+
comment-author: 'github-actions[bot]'
37+
body-includes: 'dyff of changes in rendered templates'
38+
39+
- name: Create or update comment
40+
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4
41+
with:
42+
comment-id: ${{ steps.artifacts.outputs.pr-number }}
43+
issue-number: ${{ github.event.pull_request.number }}
44+
body-path: ${{ runner.temp }}/dyff-output.md
45+
edit-mode: replace

0 commit comments

Comments
 (0)