Compare commits
No commits in common. "pgi-add-workflow" and "main" have entirely different histories.
pgi-add-wo
...
main
2 changed files with 74 additions and 79 deletions
|
|
@ -1,79 +0,0 @@
|
||||||
---
|
|
||||||
name: ArgoCD Diff
|
|
||||||
on:
|
|
||||||
workflow_dispatch:
|
|
||||||
workflow_call:
|
|
||||||
pull_request:
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
argocd-diff-preview:
|
|
||||||
runs-on: docker
|
|
||||||
container:
|
|
||||||
options: --volume /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
env:
|
|
||||||
PR_NUMBER: ${{ forge.event.pull_request.number }}
|
|
||||||
GITHUB_TOKEN: ${{ secrets.FORGEJO_TOKEN }}
|
|
||||||
steps:
|
|
||||||
- uses: https://github.com/actions/checkout@v6
|
|
||||||
with:
|
|
||||||
path: pull-request
|
|
||||||
|
|
||||||
- uses: https://github.com/actions/checkout@v6
|
|
||||||
with:
|
|
||||||
ref: main
|
|
||||||
path: main
|
|
||||||
|
|
||||||
- name: Install Docker CLI
|
|
||||||
run: |
|
|
||||||
if command -v apt-get &>/dev/null; then
|
|
||||||
apt-get update -qq && apt-get install -y --no-install-recommends docker.io
|
|
||||||
elif command -v apk &>/dev/null; then
|
|
||||||
apk add --no-cache docker-cli
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Generate Diff
|
|
||||||
run: |
|
|
||||||
CONTAINER_ID=$(docker inspect --format='{{.Id}}' "$HOSTNAME")
|
|
||||||
docker cp "$CONTAINER_ID:$(pwd)/main" /tmp/argocd-main
|
|
||||||
docker cp "$CONTAINER_ID:$(pwd)/pull-request" /tmp/argocd-pr
|
|
||||||
mkdir -p output
|
|
||||||
docker run --rm \
|
|
||||||
--network=host \
|
|
||||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
-v /tmp/argocd-main:/base-branch \
|
|
||||||
-v /tmp/argocd-pr:/target-branch \
|
|
||||||
-v /tmp/argocd-output:/output \
|
|
||||||
-e TARGET_BRANCH=refs/pull/$PR_NUMBER/merge \
|
|
||||||
-e REPO=${{ forge.repository }} \
|
|
||||||
dagandersen/argocd-diff-preview:v0.2.8
|
|
||||||
|
|
||||||
- name: Add comment
|
|
||||||
id: comment
|
|
||||||
run: |
|
|
||||||
DIFF_BODY=$(cat output/diff.md)
|
|
||||||
payload="{\"body\": $DIFF_BODY}"
|
|
||||||
|
|
||||||
existing_comment=$(curl -s \
|
|
||||||
-H "Authorization: token ${{ secrets.FORGEJO_TOKEN }}" \
|
|
||||||
"${{ forge.api_url }}/repos/${{ forge.repository }}/issues/$PR_NUMBER/comments")
|
|
||||||
comment_id=$(echo "$existing_comment" | jq -r \
|
|
||||||
'.[] | select(.body | test("${{ forge.workflow }}")) | .id' | head -n 1)
|
|
||||||
|
|
||||||
|
|
||||||
if [ -n "${comment_id}" ] && [ "${comment_id}" != "null" ]; then
|
|
||||||
echo "Found comment with id ${comment_id}, updating..." && \
|
|
||||||
curl -s -X PATCH \
|
|
||||||
-H "Authorization: token ${{ secrets.FORGEJO_TOKEN }}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
"${{ forge.api_url }}/repos/${{ forge.repository }}/issues/comments/${comment_id}" \
|
|
||||||
-d "$payload"
|
|
||||||
else
|
|
||||||
echo "Creating new comment..." && \
|
|
||||||
curl -s -X POST \
|
|
||||||
-H "Authorization: token ${{ secrets.FORGEJO_TOKEN }}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
"${{ forge.api_url }}/repos/${{ forge.repository }}/issues/$PR_NUMBER/comments" \
|
|
||||||
-d "$payload"
|
|
||||||
fi
|
|
||||||
|
|
@ -266,3 +266,77 @@ server:
|
||||||
- groups
|
- groups
|
||||||
rbac:
|
rbac:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
|
# -- Array of extra K8s manifests to deploy
|
||||||
|
extraObjects:
|
||||||
|
- apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: admin-user
|
||||||
|
namespace: argo-workflows
|
||||||
|
annotations:
|
||||||
|
workflows.argoproj.io/rbac-rule: "'ArgoCD Admins' in groups"
|
||||||
|
workflows.argoproj.io/rbac-rule-precedence: "1"
|
||||||
|
- apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: read-only
|
||||||
|
namespace: argo-workflows
|
||||||
|
annotations:
|
||||||
|
workflows.argoproj.io/rbac-rule: "true"
|
||||||
|
workflows.argoproj.io/rbac-rule-precedence: "0"
|
||||||
|
- apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: argo-workflows-admin-user
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: admin-user
|
||||||
|
namespace: argo-workflows
|
||||||
|
roleRef:
|
||||||
|
kind: ClusterRole
|
||||||
|
name: argo-workflows-admin
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
- apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: argo-workflows-read-only
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: read-only
|
||||||
|
namespace: argo-workflows
|
||||||
|
roleRef:
|
||||||
|
kind: ClusterRole
|
||||||
|
name: argo-workflows-view
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
- apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: argo-workflows-server-sso
|
||||||
|
namespace: argo-workflows
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- serviceaccounts
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- serviceaccounts/token
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: argo-workflows-server-sso
|
||||||
|
namespace: argo-workflows
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: argo-workflows-server
|
||||||
|
namespace: argo-workflows
|
||||||
|
roleRef:
|
||||||
|
kind: Role
|
||||||
|
name: argo-workflows-server-sso
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue