initial commit. Fork of https://github.com/karancode/kustomize-github-action

Dockerfile

@@ -0,0 +1,5 @@
+FROM alpine:3
+RUN apk add --update --no-cache bash ca-certificates curl git jq openssh
+RUN ["bin/sh", "-c", "mkdir -p /src"]
+COPY ["src", "/src/"]
+ENTRYPOINT ["/src/entrypoint.sh"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Karan Thanvi
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,61 @@
+# kustomize-github-action
+Kustomize GitHub Actions allow you to execute Kustomize Build command within GitHub Actions.
+
+The output of the actions can be viewed from the Actions tab in the main repository view. If the actions are executed on a pull request event, a comment may be posted on the pull request.
+
+Kustomize GitHub Actions is a single GitHub Action that can be executed on different overlays directories depending on the content of the GitHub Actions YAML file.
+
+
+## Success Criteria
+An exit code of `0` is considered a successful execution.
+
+## Usage
+The most common usage is to run `kustomize build` on an overlays directory, where one overlays directory represents k8s configs for one environment. A comment will be posted to the pull request depending on the output of the Kustomize build command being executed. This workflow can be configured by adding the following content to the GitHub Actions workflow YAML file.
+```yaml
+name: 'Kustomize GitHub Actions'
+on:
+  - pull_request
+jobs:
+  kustomize:
+    name: 'Kustomize'
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@master
+      - name: 'Kustomize Build'
+        uses: karancode/kustomize-github-action@master
+        with:
+          kustomize_version: '3.0.0'
+          kustomize_build_dir: '.'
+          kustomize_comment: true
+          kustomize_output_file: "gitops/rendered.yaml"
+          kustomize_build_options: "--load_restrictor none"
+          enable_alpha_plugins: true
+        env:
+          GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_ACCESS_TOKEN }}
+```
+This was a simplified example showing the basic features of these Kustomize GitHub Action. More examples, coming soon!
+
+# Inputs
+
+Inputs configure Kustomize GitHub Actions to perform build action.
+
+* `kustomize_version` - (Required) The Kustomize version to use for `kustomize build`.
+* `kustomize_install` - (Optional) Whether or not to install kustomize.
+* `kustomize_build_dir` - (Optional) The directory to run `kustomize build` on (assumes that the directory contains a kustomization yaml file). Defaults to `.`.
+* `kustomize_comment` - (Optional) Whether or not to comment on GitHub pull requests. Defaults to `false`.
+* `kustomize_output_file` - (Optional) Path to to file to write the kustomize build output to.
+* `kustomize_build_options` - (Optional) Provide build options to kustomize build.
+* `enable_alpha_plugins` - (Optional) Enable Kustomize plugins. Defaults to `false`.
+
+## Outputs
+
+Outputs are used to pass information to subsequent GitHub Actions steps.
+
+* `kustomize_build_output` - The Kustomize build outputs.
+
+## Secrets
+
+Secrets are similar to inputs except that they are encrypted and only used by GitHub Actions. It's a convenient way to keep sensitive data out of the GitHub Actions workflow YAML file.
+
+* `GITHUB_ACCESS_TOKEN` - (Optional) The GitHub API token used to post comments to pull requests. Not required if the `kustomize_comment` input is set to `false`.

action.yml

@@ -0,0 +1,46 @@
+# action.yaml
+name: 'Kustomize Github Action'
+author: 'karancode <karanthanvi0@gmail.com>'
+description: 'Github action for kustomize - manily to perform kustomize build for the k8s config yamls'
+branding:
+  icon: 'anchor'
+  color: 'blue'
+inputs:
+  kustomize_version:
+    description: 'Kustomize version'
+    required: true
+    default: '3.0.0'
+  kustomize_install:
+    description: "whether to install kustomize or use already installed"
+    required: false
+    default: '1'
+  kustomize_build_dir:
+    description: 'Directory to do kustomize build on'
+    required: false
+    default: '.'
+  kustomize_comment:
+    description: 'Comment kustomize output'
+    required: false
+    default: '0'
+  kustomize_output_file:
+    description: 'Path to file to write the kustomize build output to'
+    required: false
+    default: ''
+  kustomize_build_options:
+    description: 'Provide build options to kustomize build'
+    required: false
+    default: ''
+  enable_alpha_plugins:
+    description: 'Enable Kustomize plugins'
+    required: false
+    default: '0'
+  token:
+    description: 'GitHub Token for Authentication to Github API (mainly for limit avoidance)'
+    required: false
+    default: ''
+outputs:
+  kustomize_build_output:
+    description: 'Output of kustomize build'
+runs:
+  using: 'docker'
+  image: 'Dockerfile'

src/entrypoint.sh

@@ -0,0 +1,103 @@
+#!/bin/bash
+
+function parse_inputs {
+    # required inputs
+    if [ "${INPUT_KUSTOMIZE_VERSION}" != "" ]; then
+        kustomize_version=${INPUT_KUSTOMIZE_VERSION}
+    else
+        echo "Input kustomize_version cannot be empty."
+        exit 1
+    fi
+
+    # optional inputs
+    kustomize_build_dir="."
+    if [ "${INPUT_KUSTOMIZE_BUILD_DIR}" != "" ] || [ "${INPUT_KUSTOMIZE_BUILD_DIR}" != "." ]; then
+        kustomize_build_dir=${INPUT_KUSTOMIZE_BUILD_DIR}
+    fi
+
+    kustomize_comment=0
+    if [ "${INPUT_KUSTOMIZE_COMMENT}" == "1" ] || [ "${INPUT_KUSTOMIZE_COMMENT}" == "true" ]; then
+        kustomize_comment=1
+    fi
+
+    kustomize_install=1
+    if [ "${INPUT_KUSTOMIZE_INSTALL}" == "0" ] || [ "${INPUT_KUSTOMIZE_INSTALL}" == "false" ]; then
+        kustomize_install=0
+    fi
+
+    kustomize_output_file=""
+    if [ -n "${INPUT_KUSTOMIZE_OUTPUT_FILE}" ]; then
+      kustomize_output_file=${INPUT_KUSTOMIZE_OUTPUT_FILE}
+    fi
+
+    kustomize_build_options=""
+    if [ -n "${INPUT_KUSTOMIZE_BUILD_OPTIONS}" ]; then
+      kustomize_build_options=${INPUT_KUSTOMIZE_BUILD_OPTIONS}
+    fi
+
+    enable_alpha_plugins=""
+    if [ "${INPUT_ENABLE_ALPHA_PLUGINS}" == "1" ] || [ "${INPUT_ENABLE_ALPHA_PLUGINS}" == "true" ]; then
+       enable_alpha_plugins="--enable_alpha_plugins"
+    fi
+
+    with_token=""
+    if [ "${INPUT_TOKEN}" != "" ]; then
+       with_token=(-H "Authorization: token ${INPUT_TOKEN}")
+    fi
+}
+
+function install_kustomize {
+
+    echo "getting download url for kustomize ${kustomize_version}"
+
+    for i in {1..100}; do
+      url=$(curl --retry-all-errors --fail --retry 30 --retry-max-time 120 "${with_token[@]}" -s "https://api.github.com/repos/kubernetes-sigs/kustomize/releases?per_page=100&page=$i" | jq -r '.[].assets[] | select(.browser_download_url | test("kustomize(_|.)?(v)?'$kustomize_version'_linux_amd64"))  | .browser_download_url')
+      if [ ! -z $url ]; then
+        break
+      fi
+    done
+
+    if [ ! -z $url ]; then
+      echo "Download URL found in $url"
+    else
+      echo "Failed to find download URL for ${kustomize_version}"
+      exit 1
+    fi
+
+    echo "Downloading kustomize v${kustomize_version}"
+    if [[ "${url}" =~ .tar.gz$ ]]; then
+      curl --retry 30 --retry-max-time 120 -s -S -L ${url} | tar -xz -C /usr/bin
+    else
+      curl --retry 30 --retry-max-time 120 -s -S -L ${url} -o /usr/bin/kustomize
+    fi
+    if [ "${?}" -ne 0 ]; then
+        echo "Failed to download kustomize v${kustomize_version}."
+        exit 1
+    fi
+    echo "Successfully downloaded kustomize v${kustomize_version}."
+
+    echo "Allowing execute privilege to kustomize."
+    chmod +x /usr/bin/kustomize
+    if [ "${?}" -ne 0 ]; then
+        echo "Failed to update kustomize privilege."
+        exit 1
+    fi
+    echo "Successfully added execute privilege to kustomize."
+
+}
+
+function main {
+
+    scriptDir=$(dirname ${0})
+    source ${scriptDir}/kustomize_build.sh
+    parse_inputs
+
+    if  [ "${kustomize_install}" == "1" ]; then
+      install_kustomize
+    fi
+
+    kustomize_build
+
+}
+
+main "${*}"

src/kustomize_build.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+
+function kustomize_build {
+    # gather output
+    echo "build: info: kustomize build in directory ${kustomize_build_dir}."
+
+    build_output=$(kustomize build ${enable_alpha_plugins} ${kustomize_build_options} ${kustomize_build_dir} 2>&1)
+
+    build_exit_code=${?}
+
+    # exit code 0 - success
+    if [ ${build_exit_code} -eq 0 ];then
+        build_comment_status="Success"
+        echo "build: info: successfully executed kustomize build in ${kustomize_build_dir}."
+        echo "${build_output}"
+        echo
+    fi
+
+    # exit code !0 - failure
+    if [ ${build_exit_code} -ne 0 ]; then
+        build_comment_status="Failed"
+        echo "build: error: failed to execute kustomize build in ${kustomize_build_dir}."
+        echo "${build_output}"
+        echo
+    fi
+
+    # write output to file
+    if [ -n "${kustomize_output_file}" ]; then
+      # create parent directory if it doesn't exist
+      dir=$(dirname "${kustomize_output_file}")
+      if [ ! -d "${dir}" ]; then
+        mkdir -p "${dir}"
+      fi
+      echo "build: writing output to ${kustomize_output_file}"
+      cat > "${kustomize_output_file}" <<EOF
+${build_output}
+EOF
+    fi
+
+    # comment
+    if [ "${GITHUB_EVENT_NAME}" == "pull_request" ] && [ "${kustomize_comment}" == "1" ]; then
+        build_comment_wrapper="#### \`kustomize build\` ${build_comment_status}
+<details><summary>Show Output</summary>
+
+\`\`\`
+${build_output}
+ \`\`\`
+</details>
+
+*Workflow: \`${GITHUB_WORKFLOW}\`, Action: \`${GITHUB_ACTION}\`, Build Directory: \`${kustomize_build_dir}\`*"
+
+        echo "build: info: creating json"
+        build_payload=$(echo "${build_comment_wrapper}" | jq -R --slurp '{body: .}')
+        build_comment_url=$(cat ${GITHUB_EVENT_PATH} | jq -r .pull_request.comments_url)
+        echo "build: info: commenting on the pull request"
+        echo "${build_payload}" | curl -s -S -H "Authorization: token ${GITHUB_ACCESS_TOKEN}" --header "Content-Type: application/json" --data @- "${build_comment_url}" > /dev/null
+    fi
+
+    echo kustomize_build_output=${build_output} >> $GITHUB_OUTPUT
+    exit ${build_exit_code}
+}