@@ -94,3 +94,107 @@ jobs:
9494 for checkov_values in charts/matrix-stack/ci/*checkov*values.yaml; do
9595 scripts/checkov.sh "$checkov_values"
9696 done
97+
98+ template-dyff :
99+ runs-on : ubuntu-latest
100+ permissions :
101+ contents : read
102+ pull-requests : write # required to post a comment to a pull request
103+ steps :
104+
105+ - name : Checkout PR
106+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
107+ with :
108+ ref : ${{ github.event.pull_request.head.sha }}
109+
110+ # helm template doesn't reliably order manifests within the same kind, so use yq to do it for us
111+ - name : Generate manifests for PR
112+ run : |
113+ mkdir -p /tmp/{old,new}
114+ for values in charts/matrix-stack/ci/*values.yaml; do
115+ echo "Generating new templates with $values";
116+ helm template \
117+ -a monitoring.coreos.com/v1/ServiceMonitor \
118+ -f "$values" charts/matrix-stack | \
119+ yq ea '[.] | sort_by(.kind, .metadata.name) | .[] | splitDoc' > "/tmp/new/$(basename "$values")"
120+ done
121+
122+ name : Checkout target
123+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
124+ with :
125+ ref : ${{ github.event.pull_request.base.sha }}
126+
127+ - name : Generate manifests for base
128+ run : |
129+ for values in charts/matrix-stack/ci/*values.yaml; do
130+ echo "Generating old templates with $values";
131+ helm template \
132+ -a monitoring.coreos.com/v1/ServiceMonitor \
133+ -f "$values" charts/matrix-stack | \
134+ yq ea '[.] | sort_by(.kind, .metadata.name) | .[] | splitDoc' > "/tmp/old/$(basename "$values")"
135+ done
136+
137+ name : Install dyff with asdf
138+ uses : asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
139+ with :
140+ # Until v4 is released or we get spam about bash vs go implementations
141+ # https://github.com/asdf-vm/actions/issues/587
142+ asdf_branch : v0.15.0
143+ tool_versions : |
144+ dyff 1.10.1
145+
146+ name : dyff old and new manifests
147+ id : dyff
148+ run : |
149+ templates_files=$(find /tmp/old /tmp/new -maxdepth 1 -name '*values.yaml' | sed -E 's|/tmp/(old\|new)/||' | sort | uniq)
150+
151+ comment_body=""
152+ while read -r templates_file; do
153+ if [ ! -f "/tmp/old/$templates_file" ]; then
154+ comment_body+="**$templates_file** (added)\n\n"
155+ continue
156+ fi
157+
158+ if [ ! -f "/tmp/new/$templates_file" ]; then
159+ comment_body+="**$templates_file** (removed)\n\n"
160+ continue
161+ fi
162+
163+ exit_code=0
164+ dyff_detail=$(dyff between --set-exit-code --omit-header --output=github "/tmp/old/$templates_file" "/tmp/new/$templates_file") || exit_code=$?
165+ if [ $exit_code -ne 0 ]; then
166+ comment_body+="<details><summary><b>$templates_file</b> (changed)</summary>\n"
167+ comment_body+='\n```diff\n'
168+ comment_body+=$dyff_detail
169+ comment_body+='\n```\n</details>\n\n'
170+ fi
171+ done <<< "$templates_files"
172+
173+ if [ -z "$comment_body" ]; then
174+ echo "changes=no" >> "$GITHUB_OUTPUT"
175+ comment_body="No changes in rendered templates"
176+ else
177+ echo "changes=yes" >> "$GITHUB_OUTPUT"
178+ fi
179+
180+ echo "$comment_body"
181+ { echo 'body<<EOF'; echo -e "$comment_body"; echo 'EOF'; } >> "$GITHUB_OUTPUT"
182+
183+ name : Find dyff comment
184+ uses : peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3
185+ id : find-dyff-comment
186+ with :
187+ issue-number : ${{ github.event.pull_request.number }}
188+ comment-author : ' github-actions[bot]'
189+ body-includes : ' dyff of changes in rendered templates'
190+
191+ - name : Create or update comment
192+ uses : peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4
193+ with :
194+ comment-id : ${{ steps.find-dyff-comment.outputs.comment-id }}
195+ issue-number : ${{ github.event.pull_request.number }}
196+ body : |
197+ # dyff of changes in rendered templates of CI manifests
198+
199+ ${{ steps.dyff.outputs.body }}
200+ edit-mode : replace
0 commit comments