Merge branch 'main' of ssh://gitea.pixelparasol.com:4122/pixel-parasol-public/gitea-actions

VERSION

@@ -1 +1 @@
-1.7.0
+1.10.0

docker/README.md

@@ -20,6 +20,7 @@ Build a Docker image and push it to the Gitea container registry
 | `ARTIFACT_NAME` | <p>Name of the build artifact to download</p> | `false` | `dist` |
 | `ARTIFACT_PATH` | <p>Destination path for the downloaded artifact</p> | `false` | `dist` |
 | `TAG_LATEST` | <p>Also tag and push the image as latest</p> | `false` | `false` |
+| `TAG_PREFIX` | <p>Optional prefix to prepend to IMAGE_TAG (e.g. 'dev' produces 'dev-&lt;tag&gt;'). Does not affect the latest tag.</p> | `false` | `""` |
 | `WORKING_DIRECTORY` | <p>Working directory for the Docker build</p> | `false` | `.` |
 <!-- action-docs-inputs source="action.yml" -->
 

docker/action.yml

@@ -28,6 +28,9 @@ inputs:
   TAG_LATEST:
     description: "Also tag and push the image as latest"
     default: "false"
+  TAG_PREFIX:
+    description: "Optional prefix to prepend to IMAGE_TAG (e.g. 'dev' produces 'dev-<tag>'). Does not affect the latest tag."
+    default: ""
   WORKING_DIRECTORY:
     description: "Working directory for the Docker build"
     default: "."
@@ -51,7 +54,11 @@ runs:
     - name: Docker Build and Push
       shell: sh
       run: |
-        TAGS="-t ${{ inputs.IMAGE_PATH }}:${{ inputs.IMAGE_TAG }}"
+        TAG="${{ inputs.IMAGE_TAG }}"
+        if [ -n "${{ inputs.TAG_PREFIX }}" ]; then
+          TAG="${{ inputs.TAG_PREFIX }}-${TAG}"
+        fi
+        TAGS="-t ${{ inputs.IMAGE_PATH }}:${TAG}"
         if [ "${{ inputs.TAG_LATEST }}" = "true" ]; then
           TAGS="$TAGS -t ${{ inputs.IMAGE_PATH }}:latest"
         fi

helm/diff/README.md

@@ -11,14 +11,16 @@ Diff a Helm chart for a deployment in a Kubernetes cluster
 
 | name | description | required | default |
 | --- | --- | --- | --- |
-| `DEPLOYMENT_NAME` | <p>The Kubernetes Deployment to update</p> | `true` | `""` |
+| `DEPLOYMENT_NAME` | <p>The Helm release name</p> | `true` | `""` |
-| `DEPLOYMENT_NAMESPACE` | <p>The Kubernetes namespace of the Deployment</p> | `true` | `""` |
+| `DEPLOYMENT_NAMESPACE` | <p>The Kubernetes namespace (defaults to DEPLOYMENT_NAME)</p> | `false` | `""` |
-| `IMAGE_PATH` | <p>The registry path to the image</p> | `true` | `""` |
+| `REGISTRY` | <p>OCI registry hostname for helm dependency login</p> | `true` | `""` |
-| `IMAGE_TAG` | <p>The image tag to deploy</p> | `true` | `""` |
+| `REGISTRY_USERNAME` | <p>Username for OCI registry login</p> | `true` | `""` |
-| `CONTAINER_NAME` | <p>The container component to update</p> | `true` | `""` |
+| `REGISTRY_TOKEN` | <p>Token for OCI registry login</p> | `true` | `""` |
-| `VALUES_FILE` | <p>The values file to use</p> | `false` | `./helm/values.yaml` |
 | `CHART_PATH` | <p>Path to the Helm chart</p> | `false` | `./helm` |
-| `TAG_KEY` | <p>Helm --set key for the image tag (e.g. deploy.api.tag)</p> | `true` | `""` |
+| `VALUES_FILE` | <p>The values file to use</p> | `false` | `./helm/values.yaml` |
+| `IMAGE_PATH` | <p>The registry path to the image (optional)</p> | `false` | `""` |
+| `IMAGE_TAG` | <p>The image tag to deploy (optional)</p> | `false` | `""` |
+| `TAG_KEY` | <p>Helm --set key for the image tag (e.g. deploy.api.tag)</p> | `false` | `""` |
 <!-- action-docs-inputs source="action.yml" -->
 
 <!-- action-docs-runs source="action.yml" -->

helm/diff/action.yml

@@ -2,40 +2,79 @@ name: Helm Diff Deployment
 description: Diff a Helm chart for a deployment in a Kubernetes cluster
 inputs:
   DEPLOYMENT_NAME:
-    description: "The Kubernetes Deployment to update"
+    description: "The Helm release name"
     required: true
   DEPLOYMENT_NAMESPACE:
-    description: "The Kubernetes namespace of the Deployment"
+    description: "The Kubernetes namespace (defaults to DEPLOYMENT_NAME)"
+    default: ""
+  REGISTRY:
+    description: "OCI registry hostname for helm dependency login"
     required: true
-  IMAGE_PATH:
+  REGISTRY_USERNAME:
-    description: "The registry path to the image"
+    description: "Username for OCI registry login"
     required: true
-  IMAGE_TAG:
+  REGISTRY_TOKEN:
-    description: "The image tag to deploy"
+    description: "Token for OCI registry login"
     required: true
-  CONTAINER_NAME:
-    description: "The container component to update"
-    required: true
-  VALUES_FILE:
-    description: "The values file to use"
-    default: "./helm/values.yaml"
   CHART_PATH:
     description: "Path to the Helm chart"
     default: "./helm"
+  VALUES_FILE:
+    description: "The values file to use"
+    default: "./helm/values.yaml"
+  IMAGE_PATH:
+    description: "The registry path to the image (optional)"
+    default: ""
+  IMAGE_TAG:
+    description: "The image tag to deploy (optional)"
+    default: ""
   TAG_KEY:
     description: "Helm --set key for the image tag (e.g. deploy.api.tag)"
-    required: true
+    default: ""
 
 runs:
   using: composite
   steps:
+    - name: Helm OCI Login
+      shell: sh
+      env:
+        REGISTRY: ${{ inputs.REGISTRY }}
+        REGISTRY_USERNAME: ${{ inputs.REGISTRY_USERNAME }}
+        REGISTRY_TOKEN: ${{ inputs.REGISTRY_TOKEN }}
+      run: |
+        echo "$REGISTRY_TOKEN" | helm registry login "$REGISTRY" \
+          --username "$REGISTRY_USERNAME" \
+          --password-stdin
+
     - name: Install Helm Diff
       shell: sh
       run: |
         helm plugin list | grep -q diff || helm plugin install https://github.com/databus23/helm-diff
+
     - name: Helm Diff
       shell: sh
+      env:
+        DEPLOYMENT_NAME: ${{ inputs.DEPLOYMENT_NAME }}
+        DEPLOYMENT_NAMESPACE: ${{ inputs.DEPLOYMENT_NAMESPACE }}
+        CHART_PATH: ${{ inputs.CHART_PATH }}
+        VALUES_FILE: ${{ inputs.VALUES_FILE }}
+        IMAGE_PATH: ${{ inputs.IMAGE_PATH }}
+        IMAGE_TAG: ${{ inputs.IMAGE_TAG }}
+        TAG_KEY: ${{ inputs.TAG_KEY }}
       run: |
-        CMD="helm diff upgrade ${{ inputs.DEPLOYMENT_NAME }} ${{ inputs.CHART_PATH }} -n ${{ inputs.DEPLOYMENT_NAMESPACE }} --values ${{ inputs.VALUES_FILE }} --set ${TAG_KEY}=${{ inputs.IMAGE_TAG }} --set image.repository=${{ inputs.IMAGE_PATH }} --context 5"
+        NAMESPACE="$DEPLOYMENT_NAMESPACE"
-        echo "Running: $CMD"
+        if [ -z "$NAMESPACE" ]; then NAMESPACE="$DEPLOYMENT_NAME"; fi
-        eval "$CMD"
+        SET_FLAGS=""
+        if [ -n "$TAG_KEY" ] && [ -n "$IMAGE_TAG" ]; then
+          SET_FLAGS="$SET_FLAGS --set $TAG_KEY=$IMAGE_TAG"
+        fi
+        if [ -n "$IMAGE_PATH" ]; then
+          SET_FLAGS="$SET_FLAGS --set image.repository=$IMAGE_PATH"
+        fi
+        helm dependency update "$CHART_PATH"
+        helm diff upgrade "$DEPLOYMENT_NAME" "$CHART_PATH" -n "$NAMESPACE" --values "$VALUES_FILE" $SET_FLAGS --context 5
+
+    - name: Remove kubeconfig
+      if: always()
+      shell: sh
+      run: rm -f ~/.kube/config

helm/template/README.md

@@ -11,14 +11,16 @@ Template a Helm chart for a deployment in a Kubernetes cluster
 
 | name | description | required | default |
 | --- | --- | --- | --- |
-| `DEPLOYMENT_NAME` | <p>The Kubernetes Deployment to update</p> | `true` | `""` |
+| `DEPLOYMENT_NAME` | <p>The Helm release name</p> | `true` | `""` |
-| `DEPLOYMENT_NAMESPACE` | <p>The Kubernetes namespace of the Deployment</p> | `true` | `""` |
+| `DEPLOYMENT_NAMESPACE` | <p>The Kubernetes namespace (defaults to DEPLOYMENT_NAME)</p> | `false` | `""` |
-| `IMAGE_PATH` | <p>The registry path to the image</p> | `true` | `""` |
+| `REGISTRY` | <p>OCI registry hostname for helm dependency login</p> | `true` | `""` |
-| `IMAGE_TAG` | <p>The image tag to deploy</p> | `true` | `""` |
+| `REGISTRY_USERNAME` | <p>Username for OCI registry login</p> | `true` | `""` |
-| `CONTAINER_NAME` | <p>The container component to update</p> | `true` | `""` |
+| `REGISTRY_TOKEN` | <p>Token for OCI registry login</p> | `true` | `""` |
-| `VALUES_FILE` | <p>The values file to use</p> | `false` | `./helm/values.yaml` |
 | `CHART_PATH` | <p>Path to the Helm chart</p> | `false` | `./helm` |
-| `TAG_KEY` | <p>Helm --set key for the image tag (e.g. deploy.api.tag)</p> | `true` | `""` |
+| `VALUES_FILE` | <p>The values file to use</p> | `false` | `./helm/values.yaml` |
+| `IMAGE_PATH` | <p>The registry path to the image (optional)</p> | `false` | `""` |
+| `IMAGE_TAG` | <p>The image tag to deploy (optional)</p> | `false` | `""` |
+| `TAG_KEY` | <p>Helm --set key for the image tag (e.g. deploy.api.tag)</p> | `false` | `""` |
 <!-- action-docs-inputs source="action.yml" -->
 
 <!-- action-docs-runs source="action.yml" -->

helm/template/action.yml

@@ -2,36 +2,74 @@ name: Helm Template Deployment
 description: Template a Helm chart for a deployment in a Kubernetes cluster
 inputs:
   DEPLOYMENT_NAME:
-    description: "The Kubernetes Deployment to update"
+    description: "The Helm release name"
     required: true
   DEPLOYMENT_NAMESPACE:
-    description: "The Kubernetes namespace of the Deployment"
+    description: "The Kubernetes namespace (defaults to DEPLOYMENT_NAME)"
+    default: ""
+  REGISTRY:
+    description: "OCI registry hostname for helm dependency login"
     required: true
-  IMAGE_PATH:
+  REGISTRY_USERNAME:
-    description: "The registry path to the image"
+    description: "Username for OCI registry login"
     required: true
-  IMAGE_TAG:
+  REGISTRY_TOKEN:
-    description: "The image tag to deploy"
+    description: "Token for OCI registry login"
     required: true
-  CONTAINER_NAME:
-    description: "The container component to update"
-    required: true
-  VALUES_FILE:
-    description: "The values file to use"
-    default: "./helm/values.yaml"
   CHART_PATH:
     description: "Path to the Helm chart"
     default: "./helm"
+  VALUES_FILE:
+    description: "The values file to use"
+    default: "./helm/values.yaml"
+  IMAGE_PATH:
+    description: "The registry path to the image (optional)"
+    default: ""
+  IMAGE_TAG:
+    description: "The image tag to deploy (optional)"
+    default: ""
   TAG_KEY:
     description: "Helm --set key for the image tag (e.g. deploy.api.tag)"
-    required: true
+    default: ""
 
 runs:
   using: composite
   steps:
+    - name: Helm OCI Login
+      shell: sh
+      env:
+        REGISTRY: ${{ inputs.REGISTRY }}
+        REGISTRY_USERNAME: ${{ inputs.REGISTRY_USERNAME }}
+        REGISTRY_TOKEN: ${{ inputs.REGISTRY_TOKEN }}
+      run: |
+        echo "$REGISTRY_TOKEN" | helm registry login "$REGISTRY" \
+          --username "$REGISTRY_USERNAME" \
+          --password-stdin
+
     - name: Helm Template
       shell: sh
+      env:
+        DEPLOYMENT_NAME: ${{ inputs.DEPLOYMENT_NAME }}
+        DEPLOYMENT_NAMESPACE: ${{ inputs.DEPLOYMENT_NAMESPACE }}
+        CHART_PATH: ${{ inputs.CHART_PATH }}
+        VALUES_FILE: ${{ inputs.VALUES_FILE }}
+        IMAGE_PATH: ${{ inputs.IMAGE_PATH }}
+        IMAGE_TAG: ${{ inputs.IMAGE_TAG }}
+        TAG_KEY: ${{ inputs.TAG_KEY }}
       run: |
-        CMD="helm template ${{ inputs.DEPLOYMENT_NAME }} ${{ inputs.CHART_PATH }} -n ${{ inputs.DEPLOYMENT_NAMESPACE }} --values ${{ inputs.VALUES_FILE }} --set ${TAG_KEY}=${{ inputs.IMAGE_TAG }} --set image.repository=${{ inputs.IMAGE_PATH }}"
+        NAMESPACE="$DEPLOYMENT_NAMESPACE"
-        echo "Running: $CMD"
+        if [ -z "$NAMESPACE" ]; then NAMESPACE="$DEPLOYMENT_NAME"; fi
-        eval "$CMD"
+        SET_FLAGS=""
+        if [ -n "$TAG_KEY" ] && [ -n "$IMAGE_TAG" ]; then
+          SET_FLAGS="$SET_FLAGS --set $TAG_KEY=$IMAGE_TAG"
+        fi
+        if [ -n "$IMAGE_PATH" ]; then
+          SET_FLAGS="$SET_FLAGS --set image.repository=$IMAGE_PATH"
+        fi
+        helm dependency update "$CHART_PATH"
+        helm template "$DEPLOYMENT_NAME" "$CHART_PATH" -n "$NAMESPACE" --values "$VALUES_FILE" $SET_FLAGS
+
+    - name: Remove kubeconfig
+      if: always()
+      shell: sh
+      run: rm -f ~/.kube/config

helm/upgrade/action.yml

@@ -37,26 +37,37 @@ runs:
   steps:
     - name: Helm OCI Login
       shell: sh
+      env:
+        REGISTRY: ${{ inputs.REGISTRY }}
+        REGISTRY_USERNAME: ${{ inputs.REGISTRY_USERNAME }}
+        REGISTRY_TOKEN: ${{ inputs.REGISTRY_TOKEN }}
       run: |
-        echo "${{ inputs.REGISTRY_TOKEN }}" | helm registry login ${{ inputs.REGISTRY }} \
+        echo "$REGISTRY_TOKEN" | helm registry login "$REGISTRY" \
-          --username ${{ inputs.REGISTRY_USERNAME }} \
+          --username "$REGISTRY_USERNAME" \
           --password-stdin
 
     - name: Helm Upgrade
       shell: sh
+      env:
+        DEPLOYMENT_NAME: ${{ inputs.DEPLOYMENT_NAME }}
+        DEPLOYMENT_NAMESPACE: ${{ inputs.DEPLOYMENT_NAMESPACE }}
+        CHART_PATH: ${{ inputs.CHART_PATH }}
+        VALUES_FILE: ${{ inputs.VALUES_FILE }}
+        IMAGE_PATH: ${{ inputs.IMAGE_PATH }}
+        IMAGE_TAG: ${{ inputs.IMAGE_TAG }}
+        TAG_KEY: ${{ inputs.TAG_KEY }}
       run: |
-        NAMESPACE="${{ inputs.DEPLOYMENT_NAMESPACE }}"
+        NAMESPACE="$DEPLOYMENT_NAMESPACE"
-        if [ -z "$NAMESPACE" ]; then NAMESPACE="${{ inputs.DEPLOYMENT_NAME }}"; fi
+        if [ -z "$NAMESPACE" ]; then NAMESPACE="$DEPLOYMENT_NAME"; fi
         SET_FLAGS=""
-        if [ -n "${{ inputs.TAG_KEY }}" ] && [ -n "${{ inputs.IMAGE_TAG }}" ]; then
+        if [ -n "$TAG_KEY" ] && [ -n "$IMAGE_TAG" ]; then
-          SET_FLAGS="$SET_FLAGS --set ${{ inputs.TAG_KEY }}=${{ inputs.IMAGE_TAG }}"
+          SET_FLAGS="$SET_FLAGS --set $TAG_KEY=$IMAGE_TAG"
         fi
-        if [ -n "${{ inputs.IMAGE_PATH }}" ]; then
+        if [ -n "$IMAGE_PATH" ]; then
-          SET_FLAGS="$SET_FLAGS --set image.repository=${{ inputs.IMAGE_PATH }}"
+          SET_FLAGS="$SET_FLAGS --set image.repository=$IMAGE_PATH"
         fi
-        helm dependency update ${{ inputs.CHART_PATH }}
+        helm dependency update "$CHART_PATH"
-        echo "Running: helm upgrade ${{ inputs.DEPLOYMENT_NAME }} ${{ inputs.CHART_PATH }} -n ${NAMESPACE} --values ${{ inputs.VALUES_FILE }}${SET_FLAGS}"
+        helm upgrade "$DEPLOYMENT_NAME" "$CHART_PATH" -n "$NAMESPACE" --values "$VALUES_FILE" $SET_FLAGS
-        helm upgrade ${{ inputs.DEPLOYMENT_NAME }} ${{ inputs.CHART_PATH }} -n ${NAMESPACE} --values ${{ inputs.VALUES_FILE }} $SET_FLAGS
 
     - name: Remove kubeconfig
       if: always()

infisical/fetch-secret/action.yml

@@ -24,7 +24,7 @@ inputs:
     default: "/"
 outputs:
   value:
-    description: "The fetched secret value"
+    description: "The fetched secret value (base64-encoded)"
     value: ${{ steps.fetch.outputs.value }}
 
 runs:
@@ -61,10 +61,11 @@ runs:
           exit 1
         fi
 
-        echo "::add-mask::$VALUE"
+        B64=$(printf '%s' "$VALUE" | base64 | tr -d '\n')
+        echo "::add-mask::$B64"
 
         DELIMITER="INFISICAL_EOF_$$"
         echo "value<<${DELIMITER}" >> "$GITHUB_OUTPUT"
-        echo "$VALUE" >> "$GITHUB_OUTPUT"
+        printf '%s\n' "$B64" >> "$GITHUB_OUTPUT"
         echo "${DELIMITER}" >> "$GITHUB_OUTPUT"
         echo "Successfully fetched secret '${{ inputs.SECRET_NAME }}'"

kubectl/configure/action.yml

@@ -2,7 +2,7 @@ name: Configure Kubectl
 description: Configure kubectl for use with Kubernetes
 inputs:
   K8S_CONFIG:
-    description: "The RAW Kubernetes config"
+    description: "The base64-encoded Kubernetes config"
     required: true
   K8S_NAMESPACE:
     description: "The K8S namespace"
@@ -28,7 +28,7 @@ runs:
         echo "Configuring kubectl for context=${{ inputs.K8S_CONTEXT }} namespace=${{ inputs.K8S_NAMESPACE }}"
         rm -f ~/.kube/config
         mkdir -p ~/.kube
-        printf '%s' "$K8S_CONFIG" > ~/.kube/config
+        printf '%s' "$K8S_CONFIG" | base64 -d > ~/.kube/config
         kubectl config set-context ${{ inputs.K8S_CONTEXT }} --cluster=${{ inputs.K8S_CONTEXT }} --namespace=${{ inputs.K8S_NAMESPACE }}
         kubectl config use-context ${{ inputs.K8S_CONTEXT }}
         echo "kubectl configured successfully"