Skip to content

fix(ci): Add kubeconform testing #10

fix(ci): Add kubeconform testing

fix(ci): Add kubeconform testing #10

Workflow file for this run

name: Flux Helm Diff
on:
pull_request:
permissions:
contents: read
pull-requests: write
jobs:
flux-diff:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Check for helm-release.yaml changes
id: changed
run: |
# Get changed files
changed_files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -E 'helm-release\.yaml$' || true)
if [ -n "$changed_files" ]; then
echo "changed_files=$changed_files" >> $GITHUB_OUTPUT
echo "changed=true" >> $GITHUB_OUTPUT
echo "Found changed files:"
echo "$changed_files"
else
echo "changed=false" >> $GITHUB_OUTPUT
echo "No helm-release.yaml files changed"
fi
- name: Debug file structure
if: steps.changed.outputs.changed == 'true'
run: |
echo "Current directory structure:"
find . -name "*.yaml" -type f | head -20
echo ""
echo "Checking if changed files exist:"
IFS=$'\n' read -d '' -r -a files <<< "${{ steps.changed.outputs.changed_files }}"
for file in "${files[@]}"; do
if [ -f "$file" ]; then
echo "✓ $file exists"
else
echo "✗ $file does not exist"
fi
done
- name: Run flux-local diff
if: steps.changed.outputs.changed == 'true'
id: flux-diff
run: |
# Create temp directory for outputs
mkdir -p /tmp/flux-diff
# Convert changed files to array
IFS=$'\n' read -d '' -r -a files <<< "${{ steps.changed.outputs.changed_files }}"
all_diff=""
any_diff_found=false
for file in "${files[@]}"; do
if [ -f "$file" ]; then
echo "=== Processing: $file ==="
# Get directory containing the helm-release.yaml
dir=$(dirname "$file")
# Try different flux-local approaches
echo "Attempting flux-local diff in directory: $dir"
# Approach 1: Try with --path option
docker run --rm \
-v $(pwd):/workdir \
-w /workdir \
ghcr.io/allenporter/flux-local flux-local diff \
--path "$dir" \
--output diff 2>&1 | tee /tmp/flux-diff/$(basename "$file").log || true
# Approach 2: Try with kustomization.yaml in the same directory
if [ -f "$dir/kustomization.yaml" ]; then
echo "Found kustomization.yaml, trying with it:"
docker run --rm \
-v $(pwd):/workdir \
-w /workdir \
ghcr.io/allenporter/flux-local flux-local diff \
--kustomization-file "$dir/kustomization.yaml" \
--output diff 2>&1 | tee -a /tmp/flux-diff/$(basename "$file").log || true
fi
# Approach 3: Direct helm-release diff
echo "Trying direct helm-release.yaml diff:"
docker run --rm \
-v $(pwd):/workdir \
-w /workdir \
ghcr.io/allenporter/flux-local flux-local diff \
--helm-release-file "$file" \
--output diff 2>&1 | tee -a /tmp/flux-diff/$(basename "$file").log || true
# Check if any diff was captured in the log
if grep -q "^[+-]" /tmp/flux-diff/$(basename "$file").log || grep -q "^diff" /tmp/flux-diff/$(basename "$file").log; then
echo "Found diff for $file"
echo "=== Diff for $file ===" >> /tmp/flux-diff/all.patch
grep -A 1000 "^[+-]\|^diff\|^---\|^+++" /tmp/flux-diff/$(basename "$file").log >> /tmp/flux-diff/all.patch || cat /tmp/flux-diff/$(basename "$file").log >> /tmp/flux-diff/all.patch
echo -e "\n" >> /tmp/flux-diff/all.patch
any_diff_found=true
else
echo "No diff found for $file"
echo "Log output was:"
cat /tmp/flux-diff/$(basename "$file").log
fi
fi
done
if [ "$any_diff_found" = true ]; then
echo "has_diff=true" >> $GITHUB_OUTPUT
else
echo "has_diff=false" >> $GITHUB_OUTPUT
fi
- name: Generate Diff Output
if: steps.flux-diff.outputs.has_diff == 'true'
id: diff-output
run: |
if [ -f /tmp/flux-diff/all.patch ] && [ -s /tmp/flux-diff/all.patch ]; then
# Output diff for use in subsequent steps
echo "diff<<EOF" >> $GITHUB_OUTPUT
cat /tmp/flux-diff/all.patch >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
# Add to job summary
echo "## Flux Diff Results" >> $GITHUB_STEP_SUMMARY
echo "### Changed Helm Releases:" >> $GITHUB_STEP_SUMMARY
IFS=$'\n' read -d '' -r -a files <<< "${{ steps.changed.outputs.changed_files }}"
for file in "${files[@]}"; do
echo "- \`$file\`" >> $GITHUB_STEP_SUMMARY
done
echo "" >> $GITHUB_STEP_SUMMARY
echo '```diff' >> $GITHUB_STEP_SUMMARY
cat /tmp/flux-diff/all.patch >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "diff_generated=true" >> $GITHUB_OUTPUT
else
echo "## Flux Diff Results" >> $GITHUB_STEP_SUMMARY
echo "No differences detected in helm releases." >> $GITHUB_STEP_SUMMARY
echo "diff_generated=false" >> $GITHUB_OUTPUT
fi
- name: Add PR Comment
if: steps.diff-output.outputs.diff_generated == 'true'
uses: actions/github-script@v7
with:
script: |
const diff = `${{ steps.diff-output.outputs.diff }}`;
const changedFiles = `${{ steps.changed.outputs.changed_files }}`.split('\n').filter(Boolean);
const header = `## Flux Diff Results`;
const changedFilesList = changedFiles.map(file => `- \`${file}\``).join('\n');
const diffSection = `\`\`\`diff\n${diff}\n\`\`\``;
const body = `${header}\n\n### Changed Helm Releases:\n${changedFilesList}\n\n${diffSection}`;
// Create or update comment
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
});
const existingComment = comments.find(comment =>
comment.user.type === 'Bot' &&
comment.body.includes('Flux Diff Results')
);
if (existingComment) {
await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: existingComment.id,
body: body
});
} else {
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: body
});
}
- name: Show debug info on failure
if: failure() && steps.changed.outputs.changed == 'true'
run: |
echo "=== Debug Information ==="
echo "Changed files:"
echo "${{ steps.changed.outputs.changed_files }}"
if [ -d /tmp/flux-diff ]; then
echo "=== Log files ==="
ls -la /tmp/flux-diff/
for log in /tmp/flux-diff/*.log; do
if [ -f "$log" ]; then
echo "=== Contents of $(basename $log) ==="
cat "$log"
fi
done
fi