name: "Update GitOps image tag" description: "Checkout a GitOps repo, update image tag in a YAML file, commit and push" author: "lucasdpt" inputs: gitops-repo: description: "Nom du repo GitOps (ex: lucasdpt/infra-gitops)" required: true git-token: description: "Token avec droits de push sur le repo GitOps" required: true server-url: description: "URL du serveur Gitea/GitHub" required: false default: "https://github.com" gitops-path: description: "Chemin de checkout du repo GitOps" required: false default: "gitops" file: description: "Chemin du fichier YAML à mettre à jour (dans le repo GitOps)" required: true new-tag: description: "Nouveau tag d'image à appliquer" required: true mode: description: >- Mode de mise à jour: 'image' (juste l'image) ou 'helm' (image + spec.source.targetRevision) required: false default: "image" valuesKey: description: >- Clé contenant les valeurs Helm: 'values' (string YAML) ou 'valuesObject' (objet) required: false default: "valuesObject" branch: description: "Branche à push (ex: master/main)" required: false default: "master" git-user-name: description: "Nom de l'utilisateur git pour le commit" required: false default: "github-actions[bot]" git-user-email: description: "Email de l'utilisateur git pour le commit" required: false default: "github-actions[bot]@users.noreply.github.com" runs: using: "composite" steps: - name: Checkout GitOps repo uses: actions/checkout@v5 with: repository: ${{ inputs.gitops-repo }} token: ${{ inputs.git-token }} path: ${{ inputs.gitops-path }} github-server-url: ${{ inputs.server-url }} - name: Install yq shell: bash run: | set -euo pipefail YQ_VERSION=v4.34.1 wget "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" -O /usr/local/bin/yq chmod +x /usr/local/bin/yq - name: Update YAML file shell: bash env: NEW_TAG: ${{ inputs.new-tag }} MODE: ${{ inputs.mode }} VALUES_KEY: ${{ inputs.valuesKey }} FILE_REL: ${{ inputs.file }} GITOPS_PATH: ${{ inputs.gitops-path }} run: | set -euo pipefail cd "$GITOPS_PATH" echo "Updating $FILE_REL with tag=$NEW_TAG (mode=$MODE, valuesKey=$VALUES_KEY)" # --- Mise à jour de l'image (.spec.source.helm.values[Object].image.tag) --- if [ "$VALUES_KEY" = "values" ]; then echo "Using .spec.source.helm.values (string YAML)" /usr/local/bin/yq -i ' .spec.source.helm.values |= ( from_yaml | .image.tag = env(NEW_TAG) | to_yaml(style="literal") ) ' "$FILE_REL" elif [ "$VALUES_KEY" = "valuesObject" ]; then echo "Using .spec.source.helm.valuesObject (YAML object)" /usr/local/bin/yq -i ' .spec.source.helm.valuesObject.image.tag = env(NEW_TAG) ' "$FILE_REL" else echo "Unknown valuesKey: $VALUES_KEY (expected: values or valuesObject)" exit 1 fi # --- Si mode = helm, on met aussi à jour spec.source.targetRevision --- if [ "$MODE" = "helm" ]; then echo "Also updating .spec.source.targetRevision" /usr/local/bin/yq -i ' .spec.source.targetRevision = env(NEW_TAG) ' "$FILE_REL" fi echo "Resulting file:" cat "$FILE_REL" - name: Commit and push changes shell: bash env: BRANCH: ${{ inputs.branch }} GIT_USER_NAME: ${{ inputs.git-user-name }} GIT_USER_EMAIL: ${{ inputs.git-user-email }} FILE_REL: ${{ inputs.file }} GITOPS_PATH: ${{ inputs.gitops-path }} NEW_TAG: ${{ inputs.new-tag }} run: | set -euo pipefail cd "$GITOPS_PATH" git config --global user.name "$GIT_USER_NAME" git config --global user.email "$GIT_USER_EMAIL" git add "$FILE_REL" if git diff --cached --quiet; then echo "No changes to commit." exit 0 fi git commit -m "feat: update image tag to $NEW_TAG" git push origin "HEAD:${BRANCH}"