chore: bump version [skip ci]

Makefile

@@ -3,7 +3,6 @@ ACTIONS := \
 	node \
 	git/create_tag \
 	helm/diff \
-	helm/set_deployment_image \
 	helm/template \
 	helm/upgrade \
 	infisical/fetch-secret \

README.md

@@ -21,9 +21,8 @@ Reusable composite actions for Gitea CI/CD pipelines.
 | Action | Description |
 |---|---|
 | [helm/diff](helm/diff/README.md) | Diff a Helm chart against a running deployment |
-| [helm/set_deployment_image](helm/set_deployment_image/README.md) | Set the image for a Kubernetes deployment via Helm |
 | [helm/template](helm/template/README.md) | Render a Helm chart for a deployment |
-| [helm/upgrade](helm/upgrade/README.md) | Log in to an OCI registry and run `helm upgrade` for the chart in the current directory |
+| [helm/upgrade](helm/upgrade/README.md) | Log in to an OCI registry, update chart dependencies, and run `helm upgrade` |
 
 ### Infisical
 

VERSION

@@ -1 +1 @@
-1.1.0
+1.4.0

git/README.md

@@ -0,0 +1,7 @@
+# git
+
+Composite actions for Git operations.
+
+| action | description |
+| --- | --- |
+| [create_tag](create_tag/README.md) | Creates and pushes a git tag in the current repository |

helm/README.md

@@ -0,0 +1,9 @@
+# helm
+
+Composite actions for managing Helm chart deployments.
+
+| action | description |
+| --- | --- |
+| [diff](diff/README.md) | Diff a Helm chart for a deployment in a Kubernetes cluster |
+| [template](template/README.md) | Template a Helm chart for a deployment in a Kubernetes cluster |
+| [upgrade](upgrade/README.md) | Login to an OCI registry, update chart dependencies, and run helm upgrade |

helm/diff/README.md

@@ -18,6 +18,7 @@ Diff a Helm chart for a deployment in a Kubernetes cluster
 | `CONTAINER_NAME` | <p>The container component to update</p> | `true` | `""` |
 | `VALUES_FILE` | <p>The values file to use</p> | `false` | `./helm/values.yaml` |
 | `CHART_PATH` | <p>Path to the Helm chart</p> | `false` | `./helm` |
+| `TAG_KEY` | <p>Helm --set key for the image tag (e.g. deploy.api.tag)</p> | `true` | `""` |
 <!-- action-docs-inputs source="action.yml" -->
 
 <!-- action-docs-runs source="action.yml" -->

helm/diff/action.yml

@@ -22,6 +22,9 @@ inputs:
   CHART_PATH:
     description: "Path to the Helm chart"
     default: "./helm"
+  TAG_KEY:
+    description: "Helm --set key for the image tag (e.g. deploy.api.tag)"
+    required: true
 
 runs:
   using: composite
@@ -33,6 +36,6 @@ runs:
     - name: Helm Diff
       shell: sh
       run: |
-        CMD="helm diff upgrade ${{ inputs.DEPLOYMENT_NAME }} ${{ inputs.CHART_PATH }} -n ${{ inputs.DEPLOYMENT_NAMESPACE }} --values ${{ inputs.VALUES_FILE }} --set deploy.${{ inputs.CONTAINER_NAME }}.tag=${{ inputs.IMAGE_TAG }} --set image.repository=${{ inputs.IMAGE_PATH }} --context 5"
+        CMD="helm diff upgrade ${{ inputs.DEPLOYMENT_NAME }} ${{ inputs.CHART_PATH }} -n ${{ inputs.DEPLOYMENT_NAMESPACE }} --values ${{ inputs.VALUES_FILE }} --set ${TAG_KEY}=${{ inputs.IMAGE_TAG }} --set image.repository=${{ inputs.IMAGE_PATH }} --context 5"
         echo "Running: $CMD"
         eval "$CMD"

helm/set_deployment_image/README.md

@@ -1,27 +0,0 @@
-# Helm Upgrade Deployment Image
-
-<!-- action-docs-description source="action.yml" -->
-## Description
-
-Set the image for a deployment in a Kubernetes
-<!-- action-docs-description source="action.yml" -->
-
-<!-- action-docs-inputs source="action.yml" -->
-## Inputs
-
-| name | description | required | default |
-| --- | --- | --- | --- |
-| `DEPLOYMENT_NAME` | <p>The Kubernetes Deployment to update</p> | `true` | `""` |
-| `DEPLOYMENT_NAMESPACE` | <p>The Kubernetes namespace of the Deployment</p> | `true` | `""` |
-| `IMAGE_PATH` | <p>The registry path to the image</p> | `true` | `""` |
-| `IMAGE_TAG` | <p>The image tag to deploy</p> | `true` | `""` |
-| `CONTAINER_NAME` | <p>The container component to update</p> | `true` | `""` |
-| `VALUES_FILE` | <p>The values file to use</p> | `false` | `./helm/values.yaml` |
-| `CHART_PATH` | <p>Path to the Helm chart</p> | `false` | `./helm` |
-<!-- action-docs-inputs source="action.yml" -->
-
-<!-- action-docs-runs source="action.yml" -->
-## Runs
-
-This action is a `composite` action.
-<!-- action-docs-runs source="action.yml" -->

helm/set_deployment_image/action.yml

@@ -1,34 +0,0 @@
-name: Helm Upgrade Deployment Image
-description: Set the image for a deployment in a Kubernetes
-inputs:
-  DEPLOYMENT_NAME:
-    description: "The Kubernetes Deployment to update"
-    required: true
-  DEPLOYMENT_NAMESPACE:
-    description: "The Kubernetes namespace of the Deployment"
-    required: true
-  IMAGE_PATH:
-    description: "The registry path to the image"
-    required: true
-  IMAGE_TAG:
-    description: "The image tag to deploy"
-    required: true
-  CONTAINER_NAME:
-    description: "The container component to update"
-    required: true
-  VALUES_FILE:
-    description: "The values file to use"
-    default: "./helm/values.yaml"
-  CHART_PATH:
-    description: "Path to the Helm chart"
-    default: "./helm"
-
-runs:
-  using: composite
-  steps:
-    - name: Helm Set Image
-      shell: sh
-      run: |
-        CMD="helm upgrade ${{ inputs.DEPLOYMENT_NAME }} ${{ inputs.CHART_PATH }} -n ${{ inputs.DEPLOYMENT_NAMESPACE }} --values ${{ inputs.VALUES_FILE }} --set deploy.${{ inputs.CONTAINER_NAME }}.tag=${{ inputs.IMAGE_TAG }} --set image.repository=${{ inputs.IMAGE_PATH }}"
-        echo "Running: $CMD"
-        eval "$CMD"

helm/template/README.md

@@ -18,6 +18,7 @@ Template a Helm chart for a deployment in a Kubernetes cluster
 | `CONTAINER_NAME` | <p>The container component to update</p> | `true` | `""` |
 | `VALUES_FILE` | <p>The values file to use</p> | `false` | `./helm/values.yaml` |
 | `CHART_PATH` | <p>Path to the Helm chart</p> | `false` | `./helm` |
+| `TAG_KEY` | <p>Helm --set key for the image tag (e.g. deploy.api.tag)</p> | `true` | `""` |
 <!-- action-docs-inputs source="action.yml" -->
 
 <!-- action-docs-runs source="action.yml" -->

helm/template/action.yml

@@ -22,6 +22,9 @@ inputs:
   CHART_PATH:
     description: "Path to the Helm chart"
     default: "./helm"
+  TAG_KEY:
+    description: "Helm --set key for the image tag (e.g. deploy.api.tag)"
+    required: true
 
 runs:
   using: composite
@@ -29,6 +32,6 @@ runs:
     - name: Helm Template
       shell: sh
       run: |
-        CMD="helm template ${{ inputs.DEPLOYMENT_NAME }} ${{ inputs.CHART_PATH }} -n ${{ inputs.DEPLOYMENT_NAMESPACE }} --values ${{ inputs.VALUES_FILE }} --set deploy.${{ inputs.CONTAINER_NAME }}.tag=${{ inputs.IMAGE_TAG }} --set image.repository=${{ inputs.IMAGE_PATH }}"
+        CMD="helm template ${{ inputs.DEPLOYMENT_NAME }} ${{ inputs.CHART_PATH }} -n ${{ inputs.DEPLOYMENT_NAMESPACE }} --values ${{ inputs.VALUES_FILE }} --set ${TAG_KEY}=${{ inputs.IMAGE_TAG }} --set image.repository=${{ inputs.IMAGE_PATH }}"
         echo "Running: $CMD"
         eval "$CMD"

helm/upgrade/README.md

@@ -3,7 +3,7 @@
 <!-- action-docs-description source="action.yml" -->
 ## Description
 
-Login to an OCI registry, update chart dependencies, and run helm upgrade for the chart in the current directory
+Login to an OCI registry, update chart dependencies, and run helm upgrade
 <!-- action-docs-description source="action.yml" -->
 
 <!-- action-docs-inputs source="action.yml" -->
@@ -11,12 +11,16 @@ Login to an OCI registry, update chart dependencies, and run helm upgrade for th
 
 | name | description | required | default |
 | --- | --- | --- | --- |
-| `DEPLOYMENT_NAME` | <p>The Helm release name and target namespace</p> | `true` | `""` |
+| `DEPLOYMENT_NAME` | <p>The Helm release name</p> | `true` | `""` |
+| `DEPLOYMENT_NAMESPACE` | <p>The Kubernetes namespace (defaults to DEPLOYMENT_NAME)</p> | `false` | `""` |
 | `REGISTRY` | <p>OCI registry hostname for helm dependency login</p> | `true` | `""` |
 | `REGISTRY_USERNAME` | <p>Username for OCI registry login</p> | `true` | `""` |
 | `REGISTRY_TOKEN` | <p>Token for OCI registry login</p> | `true` | `""` |
 | `CHART_PATH` | <p>Path to the Helm chart</p> | `false` | `./helm` |
 | `VALUES_FILE` | <p>The values file to use</p> | `false` | `./helm/values.yaml` |
+| `IMAGE_PATH` | <p>The registry path to the image (optional)</p> | `false` | `""` |
+| `IMAGE_TAG` | <p>The image tag to deploy (optional)</p> | `false` | `""` |
+| `TAG_KEY` | <p>Helm --set key for the image tag (e.g. deploy.api.tag)</p> | `false` | `""` |
 <!-- action-docs-inputs source="action.yml" -->
 
 <!-- action-docs-runs source="action.yml" -->

helm/upgrade/action.yml

@@ -1,9 +1,12 @@
 name: Helm Upgrade
-description: Login to an OCI registry, update chart dependencies, and run helm upgrade for the chart in the current directory
+description: Login to an OCI registry, update chart dependencies, and run helm upgrade
 inputs:
   DEPLOYMENT_NAME:
-    description: "The Helm release name and target namespace"
+    description: "The Helm release name"
     required: true
+  DEPLOYMENT_NAMESPACE:
+    description: "The Kubernetes namespace (defaults to DEPLOYMENT_NAME)"
+    default: ""
   REGISTRY:
     description: "OCI registry hostname for helm dependency login"
     required: true
@@ -19,6 +22,15 @@ inputs:
   VALUES_FILE:
     description: "The values file to use"
     default: "./helm/values.yaml"
+  IMAGE_PATH:
+    description: "The registry path to the image (optional)"
+    default: ""
+  IMAGE_TAG:
+    description: "The image tag to deploy (optional)"
+    default: ""
+  TAG_KEY:
+    description: "Helm --set key for the image tag (e.g. deploy.api.tag)"
+    default: ""
 
 runs:
   using: composite
@@ -33,9 +45,18 @@ runs:
     - name: Helm Upgrade
       shell: sh
       run: |
+        NAMESPACE="${{ inputs.DEPLOYMENT_NAMESPACE }}"
+        if [ -z "$NAMESPACE" ]; then NAMESPACE="${{ inputs.DEPLOYMENT_NAME }}"; fi
+        SET_FLAGS=""
+        if [ -n "${{ inputs.TAG_KEY }}" ] && [ -n "${{ inputs.IMAGE_TAG }}" ]; then
+          SET_FLAGS="$SET_FLAGS --set ${{ inputs.TAG_KEY }}=${{ inputs.IMAGE_TAG }}"
+        fi
+        if [ -n "${{ inputs.IMAGE_PATH }}" ]; then
+          SET_FLAGS="$SET_FLAGS --set image.repository=${{ inputs.IMAGE_PATH }}"
+        fi
         helm dependency update ${{ inputs.CHART_PATH }}
-        echo "Running: helm upgrade ${{ inputs.DEPLOYMENT_NAME }} ${{ inputs.CHART_PATH }} -n ${{ inputs.DEPLOYMENT_NAME }} --values ${{ inputs.VALUES_FILE }}"
+        echo "Running: helm upgrade ${{ inputs.DEPLOYMENT_NAME }} ${{ inputs.CHART_PATH }} -n ${NAMESPACE} --values ${{ inputs.VALUES_FILE }}${SET_FLAGS}"
-        helm upgrade ${{ inputs.DEPLOYMENT_NAME }} ${{ inputs.CHART_PATH }} -n ${{ inputs.DEPLOYMENT_NAME }} --values ${{ inputs.VALUES_FILE }}
+        helm upgrade ${{ inputs.DEPLOYMENT_NAME }} ${{ inputs.CHART_PATH }} -n ${NAMESPACE} --values ${{ inputs.VALUES_FILE }} $SET_FLAGS
 
     - name: Remove kubeconfig
       if: always()

infisical/README.md

@@ -0,0 +1,7 @@
+# infisical
+
+Composite actions for Infisical secret management.
+
+| action | description |
+| --- | --- |
+| [fetch-secret](fetch-secret/README.md) | Fetches a single secret value from Infisical using a machine identity token |

infra/README.md

@@ -0,0 +1,7 @@
+# infra
+
+Composite actions for infrastructure management.
+
+| action | description |
+| --- | --- |
+| [update_version](update_version/README.md) | Updates the service tag in the stat-tackler-infra releases/versions.yaml |

kubectl/README.md

@@ -0,0 +1,7 @@
+# kubectl
+
+Composite actions for kubectl configuration.
+
+| action | description |
+| --- | --- |
+| [configure](configure/README.md) | Configure kubectl for use with Kubernetes |

kubectl/configure/action.yml

@@ -16,18 +16,13 @@ runs:
   steps:
     - name: Configure kubectl
       shell: sh
+      env:
+        K8S_CONFIG: ${{ inputs.K8S_CONFIG }}
       run: |
-        echo "Remove existing kubeconfig"
+        echo "Configuring kubectl for context=${{ inputs.K8S_CONTEXT }} namespace=${{ inputs.K8S_NAMESPACE }}"
         rm -f ~/.kube/config
-
-        echo "Re-creating .kube directory"
         mkdir -p ~/.kube
-
+        printf '%s' "$K8S_CONFIG" > ~/.kube/config
-        echo "Set kubeconfig"
-        echo "${{ inputs.K8S_CONFIG }}" > ~/.kube/config
-
-        echo "Set kubeconfig context"
         kubectl config set-context ${{ inputs.K8S_CONTEXT }} --cluster=${{ inputs.K8S_CONTEXT }} --namespace=${{ inputs.K8S_NAMESPACE }}
-
-        echo "Use kubeconfig context ${{ inputs.K8S_CONTEXT }}"
         kubectl config use-context ${{ inputs.K8S_CONTEXT }}
+        echo "kubectl configured successfully"

test/README.md

@@ -0,0 +1,7 @@
+# test
+
+Composite actions for running tests.
+
+| action | description |
+| --- | --- |
+| [npm](npm/README.md) | Install dependencies and run npm tests |

trivy/README.md

@@ -0,0 +1,8 @@
+# trivy
+
+Composite actions for Trivy vulnerability scanning.
+
+| action | description |
+| --- | --- |
+| [image_scan](image_scan/README.md) | Scan a container image with Trivy |
+| [namespace_scan](namespace_scan/README.md) | Scan a Kubernetes namespace for vulnerabilities |