107 lines
3.7 KiB
YAML
107 lines
3.7 KiB
YAML
name: Dry Run
|
|
|
|
on:
|
|
pull_request:
|
|
paths:
|
|
- "state/*.json"
|
|
|
|
jobs:
|
|
detect:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
envs: ${{ steps.changed.outputs.envs }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Detect changed environments
|
|
id: changed
|
|
run: |
|
|
FILES=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} -- 'state/*.json')
|
|
ENVS="[]"
|
|
for f in $FILES; do
|
|
ENV=$(basename "$f" .json)
|
|
ENVS=$(echo "$ENVS" | jq -c ". + [\"$ENV\"]")
|
|
done
|
|
echo "envs=$ENVS" >> "$GITHUB_OUTPUT"
|
|
echo "Changed environments: $ENVS"
|
|
|
|
dry-run:
|
|
needs: detect
|
|
runs-on: ubuntu-latest
|
|
if: needs.detect.outputs.envs != '[]'
|
|
strategy:
|
|
matrix:
|
|
env: ${{ fromJson(needs.detect.outputs.envs) }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Resolve environment secrets
|
|
id: env
|
|
run: |
|
|
ENV_UPPER=$(echo "${{ matrix.env }}" | tr '[:lower:]-' '[:upper:]_')
|
|
echo "token_key=${ENV_UPPER}_RECONCILER_TOKEN" >> "$GITHUB_OUTPUT"
|
|
echo "url_key=${ENV_UPPER}_RECONCILER_URL" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Run dry-run reconcile
|
|
id: plan
|
|
env:
|
|
RECONCILER_TOKEN: ${{ secrets[steps.env.outputs.token_key] }}
|
|
RECONCILER_URL: ${{ secrets[steps.env.outputs.url_key] }}
|
|
run: |
|
|
if [ -z "$RECONCILER_URL" ] || [ -z "$RECONCILER_TOKEN" ]; then
|
|
echo "No secrets configured for environment '${{ matrix.env }}' — skipping"
|
|
echo "response={}" >> "$GITHUB_OUTPUT"
|
|
exit 0
|
|
fi
|
|
RESPONSE=$(curl -sf \
|
|
-X POST \
|
|
-H "Authorization: Bearer ${RECONCILER_TOKEN}" \
|
|
-H "Content-Type: application/json" \
|
|
-d @state/${{ matrix.env }}.json \
|
|
"${RECONCILER_URL}/reconcile?dry_run=true")
|
|
echo "response<<EOF" >> "$GITHUB_OUTPUT"
|
|
echo "$RESPONSE" >> "$GITHUB_OUTPUT"
|
|
echo "EOF" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Format plan as markdown
|
|
id: format
|
|
if: steps.plan.outputs.response != '{}'
|
|
run: |
|
|
cat <<'SCRIPT' > format.py
|
|
import json, sys
|
|
data = json.loads(sys.stdin.read())
|
|
ops = data.get("operations", [])
|
|
summary = data.get("summary", {})
|
|
env = sys.argv[1]
|
|
lines = [f"## Reconciliation Plan: `{env}`\n"]
|
|
if not ops:
|
|
lines.append("No changes detected.\n")
|
|
else:
|
|
lines.append("| Operation | Name |")
|
|
lines.append("|-----------|------|")
|
|
for op in ops:
|
|
lines.append(f"| `{op['type']}` | {op['name']} |")
|
|
lines.append("")
|
|
s = summary
|
|
lines.append(f"**Summary:** {s.get('created',0)} create, {s.get('updated',0)} update, {s.get('deleted',0)} delete")
|
|
print("\n".join(lines))
|
|
SCRIPT
|
|
COMMENT=$(echo '${{ steps.plan.outputs.response }}' | python3 format.py "${{ matrix.env }}")
|
|
echo "comment<<EOF" >> "$GITHUB_OUTPUT"
|
|
echo "$COMMENT" >> "$GITHUB_OUTPUT"
|
|
echo "EOF" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Post PR comment
|
|
if: steps.plan.outputs.response != '{}'
|
|
env:
|
|
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
|
run: |
|
|
curl -sf \
|
|
-X POST \
|
|
-H "Authorization: token ${GITEA_TOKEN}" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"body\": $(echo '${{ steps.format.outputs.comment }}' | jq -Rs .)}" \
|
|
"${{ secrets.GITEA_URL }}/api/v1/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments"
|