From eb35a09d5776d283344c21504d1d3eb7305a9e3d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nils=20M=C3=BCller?= <tyriis@users.noreply.github.com>
Date: Thu, 28 Dec 2023 00:40:17 +0100
Subject: [PATCH] ci(flux-diff): adjust workflow

---
 .github/workflows/flux-diff.yaml | 158 +++++++++++++++++++++++++++----
 1 file changed, 137 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml
index f6848cff1..39dcfef8f 100644
--- a/.github/workflows/flux-diff.yaml
+++ b/.github/workflows/flux-diff.yaml
@@ -1,56 +1,172 @@
 ---
-name: "Flux Diff"
+# name: "Flux Diff"
+
+# on:
+#   pull_request:
+#     branches: ["main"]
+#     paths: ["kubernetes/**.yaml"]
+
+# permissions:
+#   contents: read
+
+# jobs:
+#   flux-diff:
+#     name: Flux Diff
+#     runs-on: ubuntu-latest
+#     permissions:
+#       pull-requests: write
+#     strategy:
+#       matrix:
+#         path: ["kubernetes"]
+#         resource: ["helmrelease", "kustomization"]
+#     steps:
+#       - name: Harden Runner
+#         uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+#         with:
+#           egress-policy: audit
+
+#       - name: Generate Token
+#         uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+#         id: generate-token
+#         with:
+#           app_id: "${{ secrets.BOT_APP_ID }}"
+#           private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+
+#       - name: Setup Flux CLI
+#         uses: fluxcd/flux2/action@v2.2.2
+
+#       - name: Diff Resources
+#         uses: allenporter/flux-local/action/diff@c4c5ce19ed7aa792b4ead75776597a82242866c6 # 4.2.1
+#         id: diff
+#         with:
+#           sources: home-ops
+#           path: "${{ matrix.path }}"
+#           resource: "${{ matrix.resource }}"
+
+#       - if: ${{ steps.diff.outputs.diff != '' }}
+#         name: Add comment
+#         uses: mshick/add-pr-comment@7c0890544fb33b0bdd2e59467fbacb62e028a096 # v2.8.1
+#         with:
+#           repo-token: "${{ steps.generate-token.outputs.token }}"
+#           message-id: "${{ github.event.pull_request.number }}/${{ matrix.path }}/${{ matrix.resource }}"
+#           message-failure: Diff was not successful
+#           message: |
+#             ```diff
+#             ${{ steps.diff.outputs.diff }}
+#             ```
+
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Flux Diff
 
 on:
   pull_request:
-    branches: ["main"]
-    paths: ["kubernetes/**.yaml"]
+    branches:
+      - main
 
-permissions:
-  contents: read
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
 
 jobs:
+  changed-files:
+    name: Get Changed Files
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.changed-files.outputs.all_changed_and_modified_files }}
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        with:
+          egress-policy: audit
+
+      - name: Generate Token
+        uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2
+        id: app-token
+        with:
+          app-id: "${{ secrets.BOT_APP_ID }}"
+          private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          token: "${{ steps.app-token.outputs.token }}"
+          fetch-depth: 0
+
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@716b1e13042866565e00e85fd4ec490e186c4a2f # v41.0.1
+        with:
+          files: kubernetes/**
+          dir_names: true
+          dir_names_max_depth: 2
+          json: true
+          quotepath: false
+          escape_json: false
+
+      - name: List all changed files
+        run: echo "${{ steps.changed-files.outputs.all_changed_and_modified_files }}"
+
   flux-diff:
     name: Flux Diff
     runs-on: ubuntu-latest
+    needs:
+      - changed-files
     permissions:
       pull-requests: write
+    if: ${{ needs.changed-files.outputs.matrix != '[]' }}
     strategy:
       matrix:
-        path: ["kubernetes"]
-        resource: ["helmrelease", "kustomization"]
+        paths: ${{ fromJSON(needs.changed-files.outputs.matrix) }}
+        resources:
+          - helmrelease
+          - kustomization
     steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+      - name: Generate Token
+        uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2
+        id: app-token
         with:
-          egress-policy: audit
+          app-id: "${{ secrets.BOT_APP_ID }}"
+          private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
 
-      - name: Generate Token
-        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
-        id: generate-token
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
-          app_id: "${{ secrets.BOT_APP_ID }}"
-          private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+          token: ${{ steps.app-token.outputs.token }}
 
       - name: Setup Flux CLI
-        uses: fluxcd/flux2/action@v2.2.2
+        uses: fluxcd/flux2/action@5c5c15ea212b8f029a110f9975851d25c8272695 # v2.2.2
 
       - name: Diff Resources
         uses: allenporter/flux-local/action/diff@c4c5ce19ed7aa792b4ead75776597a82242866c6 # 4.2.1
         id: diff
         with:
-          sources: home-ops
-          path: "${{ matrix.path }}"
-          resource: "${{ matrix.resource }}"
+          sources: home-ops-kubernetes
+          path: "${{ matrix.paths }}"
+          resource: "${{ matrix.resources }}"
 
       - if: ${{ steps.diff.outputs.diff != '' }}
         name: Add comment
         uses: mshick/add-pr-comment@7c0890544fb33b0bdd2e59467fbacb62e028a096 # v2.8.1
         with:
-          repo-token: "${{ steps.generate-token.outputs.token }}"
-          message-id: "${{ github.event.pull_request.number }}/${{ matrix.path }}/${{ matrix.resource }}"
+          repo-token: "${{ steps.app-token.outputs.token }}"
+          message-id: "${{ github.event.pull_request.number }}/${{ matrix.paths }}/${{ matrix.resources }}"
           message-failure: Diff was not successful
           message: |
             ```diff
             ${{ steps.diff.outputs.diff }}
             ```
+
+  flux-diff-success:
+    needs:
+      - flux-diff
+    if: ${{ always() }}
+    name: Flux Diff successful
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check matrix status
+        if: >-
+          ${{
+                contains(needs.*.result, 'failure')
+            || contains(needs.*.result, 'cancelled')
+          }}
+        run: exit 1