From f1be3874bbc2b3ef8dc1993992a846ec133d82ee Mon Sep 17 00:00:00 2001 From: Prox Date: Fri, 6 Mar 2026 18:00:08 +0200 Subject: [PATCH] updated dry-run.yml and reconcile jobs --- .gitea/workflows/dry-run.yml | 58 ++++++++++++++++++---------------- .gitea/workflows/reconcile.yml | 21 ++++++------ 2 files changed, 41 insertions(+), 38 deletions(-) diff --git a/.gitea/workflows/dry-run.yml b/.gitea/workflows/dry-run.yml index ac87d1f..e1a1a63 100644 --- a/.gitea/workflows/dry-run.yml +++ b/.gitea/workflows/dry-run.yml @@ -19,11 +19,12 @@ jobs: id: changed run: | FILES=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} -- 'state/*.json') - ENVS="[]" - for f in $FILES; do - ENV=$(basename "$f" .json) - ENVS=$(echo "$ENVS" | jq -c ". + [\"$ENV\"]") - done + ENVS=$(python3 -c " + import os, json + files = '''$FILES'''.strip().split('\n') + envs = [os.path.basename(f).replace('.json','') for f in files if f.strip()] + print(json.dumps(envs)) + ") echo "envs=$ENVS" >> "$GITHUB_OUTPUT" echo "Changed environments: $ENVS" @@ -65,16 +66,24 @@ jobs: echo "$RESPONSE" >> "$GITHUB_OUTPUT" echo "EOF" >> "$GITHUB_OUTPUT" - - name: Format plan as markdown - id: format + - name: Format and post PR comment if: steps.plan.outputs.response != '{}' + env: + GIT_TOKEN: ${{ secrets.GIT_TOKEN }} + GIT_URL: ${{ secrets.GIT_URL }} + RESPONSE: ${{ steps.plan.outputs.response }} + ENV_NAME: ${{ matrix.env }} + REPO: ${{ github.repository }} + PR_NUMBER: ${{ github.event.pull_request.number }} run: | - cat <<'SCRIPT' > format.py - import json, sys - data = json.loads(sys.stdin.read()) + python3 <<'SCRIPT' + import json, os, urllib.request, urllib.parse + + data = json.loads(os.environ["RESPONSE"]) ops = data.get("operations", []) summary = data.get("summary", {}) - env = sys.argv[1] + env = os.environ["ENV_NAME"] + lines = [f"## Reconciliation Plan: `{env}`\n"] if not ops: lines.append("No changes detected.\n") @@ -86,21 +95,14 @@ jobs: lines.append("") s = summary lines.append(f"**Summary:** {s.get('created',0)} create, {s.get('updated',0)} update, {s.get('deleted',0)} delete") - print("\n".join(lines)) - SCRIPT - COMMENT=$(echo '${{ steps.plan.outputs.response }}' | python3 format.py "${{ matrix.env }}") - echo "comment<> "$GITHUB_OUTPUT" - echo "$COMMENT" >> "$GITHUB_OUTPUT" - echo "EOF" >> "$GITHUB_OUTPUT" - - name: Post PR comment - if: steps.plan.outputs.response != '{}' - env: - GIT_TOKEN: ${{ secrets.GIT_TOKEN }} - run: | - curl -sf \ - -X POST \ - -H "Authorization: token ${GIT_TOKEN}" \ - -H "Content-Type: application/json" \ - -d "{\"body\": $(echo '${{ steps.format.outputs.comment }}' | jq -Rs .)}" \ - "${{ secrets.GIT_URL }}/api/v1/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" + comment = "\n".join(lines) + url = f"{os.environ['GIT_URL']}/api/v1/repos/{os.environ['REPO']}/issues/{os.environ['PR_NUMBER']}/comments" + body = json.dumps({"body": comment}).encode() + req = urllib.request.Request(url, data=body, method="POST", headers={ + "Authorization": f"token {os.environ['GIT_TOKEN']}", + "Content-Type": "application/json", + }) + urllib.request.urlopen(req) + print(f"Posted comment to PR #{os.environ['PR_NUMBER']}") + SCRIPT diff --git a/.gitea/workflows/reconcile.yml b/.gitea/workflows/reconcile.yml index c4ccb8a..3c3003a 100644 --- a/.gitea/workflows/reconcile.yml +++ b/.gitea/workflows/reconcile.yml @@ -21,11 +21,12 @@ jobs: id: changed run: | FILES=$(git diff --name-only HEAD~1 HEAD -- 'state/*.json') - ENVS="[]" - for f in $FILES; do - ENV=$(basename "$f" .json) - ENVS=$(echo "$ENVS" | jq -c ". + [\"$ENV\"]") - done + ENVS=$(python3 -c " + import os, json + files = '''$FILES'''.strip().split('\n') + envs = [os.path.basename(f).replace('.json','') for f in files if f.strip()] + print(json.dumps(envs)) + ") echo "envs=$ENVS" >> "$GITHUB_OUTPUT" echo "Changed environments: $ENVS" @@ -80,10 +81,10 @@ jobs: echo "$RESPONSE" >> "$GITHUB_OUTPUT" echo "EOF" >> "$GITHUB_OUTPUT" - STATUS=$(echo "$RESPONSE" | jq -r '.status') + STATUS=$(python3 -c "import json,sys; print(json.loads(sys.stdin.read()).get('status','ok'))" <<< "$RESPONSE") if [ "$STATUS" = "error" ]; then echo "Reconcile failed for ${{ matrix.env }}" - echo "$RESPONSE" | jq . + python3 -m json.tool <<< "$RESPONSE" exit 1 fi @@ -91,14 +92,14 @@ jobs: if: success() env: AGE_PUBLIC_KEY: ${{ secrets[steps.env.outputs.age_key] }} + RESPONSE: ${{ steps.reconcile.outputs.response }} run: | - KEYS=$(echo '${{ steps.reconcile.outputs.response }}' | jq -r '.created_keys // empty') - if [ -n "$KEYS" ] && [ "$KEYS" != "{}" ] && [ "$KEYS" != "null" ] && [ -n "$AGE_PUBLIC_KEY" ]; then + KEYS=$(python3 -c "import json,os; d=json.loads(os.environ['RESPONSE']); k=d.get('created_keys'); print(json.dumps(k) if k and k != {} else '')") + if [ -n "$KEYS" ] && [ -n "$AGE_PUBLIC_KEY" ]; then echo "$KEYS" | age -r "$AGE_PUBLIC_KEY" -o setup-keys-${{ matrix.env }}.age echo "Setup keys for ${{ matrix.env }} encrypted" else echo "No new keys created for ${{ matrix.env }}" - exit 0 fi - name: Upload artifact