From dbfecdc0a9e48f5250a824fecae4e9b3f2a677ac Mon Sep 17 00:00:00 2001 From: Ognjen Ribicic Date: Fri, 12 Jun 2026 09:45:23 +0200 Subject: [PATCH 1/4] EML-000: add support for gitops branch --- action.yml | 6 ++++++ scripts/lib/gitops-functions.sh | 5 +++-- scripts/update-gitops.sh | 4 +++- tests/lib-gitops-functions.bats | 1 + tests/update-gitops.bats | 1 + 5 files changed, 14 insertions(+), 3 deletions(-) diff --git a/action.yml b/action.yml index 53fa5b9..872a221 100644 --- a/action.yml +++ b/action.yml @@ -70,6 +70,10 @@ inputs: description: 'GitHub Repository for GitOps' required: true default: 'mops' + gitops-repository-branch: + description: 'GitHub Repository Branch for GitOps' + required: true + default: 'main' gitops-user: description: 'GitHub User for GitOps' required: true @@ -184,6 +188,7 @@ runs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: ${{ inputs.gitops-organization }}/${{ inputs.gitops-repository }} + ref: ${{ inputs.gitops-repository-branch }} token: ${{ inputs.gitops-token }} path: .github/${{ inputs.gitops-repository }} @@ -202,6 +207,7 @@ runs: INPUT_GITOPS_TOKEN: ${{ inputs.gitops-token }} INPUT_GITOPS_ORGANIZATION: ${{ inputs.gitops-organization }} INPUT_GITOPS_REPOSITORY: ${{ inputs.gitops-repository }} + INPUT_GITOPS_REPOSITORY_BRANCH: ${{ inputs.gitops-repository-branch }} INPUT_GITOPS_DEV: ${{ inputs.gitops-dev }} INPUT_GITOPS_STAGE: ${{ inputs.gitops-stage }} INPUT_GITOPS_PROD: ${{ inputs.gitops-prod }} diff --git a/scripts/lib/gitops-functions.sh b/scripts/lib/gitops-functions.sh index 2b4f64b..9666d02 100755 --- a/scripts/lib/gitops-functions.sh +++ b/scripts/lib/gitops-functions.sh @@ -6,11 +6,12 @@ # INPUT_DOCKER_REGISTRY, INPUT_DOCKER_IMAGE, INPUT_TAG, INPUT_PUSH, # INPUT_GITOPS_USER, INPUT_GITOPS_TOKEN, # INPUT_GITOPS_ORGANIZATION, INPUT_GITOPS_REPOSITORY, +# INPUT_GITOPS_REPOSITORY_BRANCH, # GITHUB_REPOSITORY, GITHUB_SHA, IMAGE push_to_gitops_repo() { - git pull --rebase "https://${INPUT_GITOPS_USER}:${INPUT_GITOPS_TOKEN}@github.com/${INPUT_GITOPS_ORGANIZATION}/${INPUT_GITOPS_REPOSITORY}.git" - git push "https://${INPUT_GITOPS_USER}:${INPUT_GITOPS_TOKEN}@github.com/${INPUT_GITOPS_ORGANIZATION}/${INPUT_GITOPS_REPOSITORY}.git" + git pull --rebase "https://${INPUT_GITOPS_USER}:${INPUT_GITOPS_TOKEN}@github.com/${INPUT_GITOPS_ORGANIZATION}/${INPUT_GITOPS_REPOSITORY}.git ${INPUT_GITOPS_REPOSITORY_BRANCH}" + git push "https://${INPUT_GITOPS_USER}:${INPUT_GITOPS_TOKEN}@github.com/${INPUT_GITOPS_ORGANIZATION}/${INPUT_GITOPS_REPOSITORY}.git ${INPUT_GITOPS_REPOSITORY_BRANCH}:${INPUT_GITOPS_REPOSITORY_BRANCH}" } commit_changes() { diff --git a/scripts/update-gitops.sh b/scripts/update-gitops.sh index f9037c7..56a71e4 100755 --- a/scripts/update-gitops.sh +++ b/scripts/update-gitops.sh @@ -6,7 +6,8 @@ # Required env vars: GITHUB_REF, GITHUB_SHA, GITHUB_REPOSITORY, # INPUT_DOCKER_REGISTRY, INPUT_DOCKER_IMAGE, INPUT_TAG, INPUT_PUSH, # INPUT_GITOPS_USER, INPUT_GITOPS_EMAIL, -# INPUT_GITOPS_TOKEN, INPUT_GITOPS_ORGANIZATION, INPUT_GITOPS_REPOSITORY +# INPUT_GITOPS_TOKEN, INPUT_GITOPS_ORGANIZATION, INPUT_GITOPS_REPOSITORY, +# INPUT_GITOPS_REPOSITORY_BRANCH # Optional env vars: INPUT_GITOPS_DEV, INPUT_GITOPS_STAGE, INPUT_GITOPS_PROD SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" @@ -24,6 +25,7 @@ require_env INPUT_GITOPS_EMAIL require_env INPUT_GITOPS_TOKEN require_env INPUT_GITOPS_ORGANIZATION require_env INPUT_GITOPS_REPOSITORY +require_env INPUT_GITOPS_REPOSITORY_BRANCH # Used by gitops-functions.sh (process_file_updates -> update_file) # shellcheck disable=SC2034 diff --git a/tests/lib-gitops-functions.bats b/tests/lib-gitops-functions.bats index 635cbba..ec77a31 100644 --- a/tests/lib-gitops-functions.bats +++ b/tests/lib-gitops-functions.bats @@ -17,6 +17,7 @@ setup() { export INPUT_GITOPS_TOKEN="fake-token" export INPUT_GITOPS_ORGANIZATION="Staffbase" export INPUT_GITOPS_REPOSITORY="mops" + export INPUT_GITOPS_REPOSITORY_BRANCH="main" export IMAGE="registry.staffbase.com/my-service:main-abcdef12" # Create mock yq diff --git a/tests/update-gitops.bats b/tests/update-gitops.bats index 8f135df..bd99e47 100644 --- a/tests/update-gitops.bats +++ b/tests/update-gitops.bats @@ -17,6 +17,7 @@ setup() { export INPUT_GITOPS_TOKEN="fake-token" export INPUT_GITOPS_ORGANIZATION="Staffbase" export INPUT_GITOPS_REPOSITORY="mops" + export INPUT_GITOPS_REPOSITORY_BRANCH="main" export INPUT_GITOPS_DEV="" export INPUT_GITOPS_STAGE="" export INPUT_GITOPS_PROD="" From 49e76aced6e8d7518523eef1ffc1dcc7f28bea87 Mon Sep 17 00:00:00 2001 From: Ognjen Ribicic Date: Fri, 12 Jun 2026 10:40:00 +0200 Subject: [PATCH 2/4] EML-000: add support for gitops branch --- tests/update-gitops.bats | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/update-gitops.bats b/tests/update-gitops.bats index bd99e47..267e19d 100644 --- a/tests/update-gitops.bats +++ b/tests/update-gitops.bats @@ -114,6 +114,19 @@ teardown() { ! grep -q 'git commit' "${TEST_TEMP_DIR}/git_calls.log" 2>/dev/null || true } +# --- Simulate on gitops branch --- + +@test "updates DEV update on DEV devops branch" { + export GITHUB_REF="refs/heads/dev" + export INPUT_GITOPS_REPOSITORY_BRANCH="dev" + export INPUT_GITOPS_DEV="kubernetes/namespaces/svc/dev/de1/deploy.yaml spec.image" + run "$SCRIPT" + + assert_success + assert_output --partial "Run update for DEV" + grep -q "${INPUT_GITOPS_REPOSITORY_BRANCH}" "${TEST_TEMP_DIR}/git_calls.log" 2>/dev/null || true +} + # --- No files configured --- @test "does nothing when no gitops files are configured" { From 7a1a573990a7daf46717e5b8dbc4d6ea29d1f7d6 Mon Sep 17 00:00:00 2001 From: Ognjen Ribicic Date: Fri, 12 Jun 2026 10:54:52 +0200 Subject: [PATCH 3/4] EML-000: add support for gitops dev branch --- README.md | 6 +++--- action.yml | 6 ------ scripts/lib/gitops-functions.sh | 7 ++++--- scripts/update-gitops.sh | 12 +++++++++--- tests/lib-gitops-functions.bats | 2 +- tests/update-gitops.bats | 30 +++++++++++++++++++++++++----- 6 files changed, 42 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index c9c605f..ed879de 100644 --- a/README.md +++ b/README.md @@ -10,9 +10,9 @@ When you want to use this GitHub Action your GitHub repository should have a `de should use tags for releases. -- For the `dev` branch we will change the files specified under `gitops-dev`. -- For the `master` / `main` branch we will change the files specified under `gitops-stage`. -- For a new tag the files under `gitops-prod` will be used. +- For the `dev` branch we will change the files specified under `gitops-dev`. These changes are committed to the `dev` branch of the GitOps repository. +- For the `master` / `main` branch we will change the files specified under `gitops-stage`. These changes are committed to the default branch (`main`) of the GitOps repository. +- For a new tag the files under `gitops-prod` will be used. These changes are committed to the default branch (`main`) of the GitOps repository. This GitOps setup should be the default for all your repositories. However, if you have a special case, you can leave `gitops-dev`, `gitops-stage` and `gitops-prod` undefined, then those steps will be skipped. diff --git a/action.yml b/action.yml index 872a221..53fa5b9 100644 --- a/action.yml +++ b/action.yml @@ -70,10 +70,6 @@ inputs: description: 'GitHub Repository for GitOps' required: true default: 'mops' - gitops-repository-branch: - description: 'GitHub Repository Branch for GitOps' - required: true - default: 'main' gitops-user: description: 'GitHub User for GitOps' required: true @@ -188,7 +184,6 @@ runs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: ${{ inputs.gitops-organization }}/${{ inputs.gitops-repository }} - ref: ${{ inputs.gitops-repository-branch }} token: ${{ inputs.gitops-token }} path: .github/${{ inputs.gitops-repository }} @@ -207,7 +202,6 @@ runs: INPUT_GITOPS_TOKEN: ${{ inputs.gitops-token }} INPUT_GITOPS_ORGANIZATION: ${{ inputs.gitops-organization }} INPUT_GITOPS_REPOSITORY: ${{ inputs.gitops-repository }} - INPUT_GITOPS_REPOSITORY_BRANCH: ${{ inputs.gitops-repository-branch }} INPUT_GITOPS_DEV: ${{ inputs.gitops-dev }} INPUT_GITOPS_STAGE: ${{ inputs.gitops-stage }} INPUT_GITOPS_PROD: ${{ inputs.gitops-prod }} diff --git a/scripts/lib/gitops-functions.sh b/scripts/lib/gitops-functions.sh index 9666d02..74b2c5e 100755 --- a/scripts/lib/gitops-functions.sh +++ b/scripts/lib/gitops-functions.sh @@ -6,12 +6,13 @@ # INPUT_DOCKER_REGISTRY, INPUT_DOCKER_IMAGE, INPUT_TAG, INPUT_PUSH, # INPUT_GITOPS_USER, INPUT_GITOPS_TOKEN, # INPUT_GITOPS_ORGANIZATION, INPUT_GITOPS_REPOSITORY, -# INPUT_GITOPS_REPOSITORY_BRANCH, +# GITOPS_BRANCH (target branch on the GitOps repo, e.g. main / dev), # GITHUB_REPOSITORY, GITHUB_SHA, IMAGE push_to_gitops_repo() { - git pull --rebase "https://${INPUT_GITOPS_USER}:${INPUT_GITOPS_TOKEN}@github.com/${INPUT_GITOPS_ORGANIZATION}/${INPUT_GITOPS_REPOSITORY}.git ${INPUT_GITOPS_REPOSITORY_BRANCH}" - git push "https://${INPUT_GITOPS_USER}:${INPUT_GITOPS_TOKEN}@github.com/${INPUT_GITOPS_ORGANIZATION}/${INPUT_GITOPS_REPOSITORY}.git ${INPUT_GITOPS_REPOSITORY_BRANCH}:${INPUT_GITOPS_REPOSITORY_BRANCH}" + local branch="${GITOPS_BRANCH:-main}" + git pull --rebase "https://${INPUT_GITOPS_USER}:${INPUT_GITOPS_TOKEN}@github.com/${INPUT_GITOPS_ORGANIZATION}/${INPUT_GITOPS_REPOSITORY}.git" "${branch}" + git push "https://${INPUT_GITOPS_USER}:${INPUT_GITOPS_TOKEN}@github.com/${INPUT_GITOPS_ORGANIZATION}/${INPUT_GITOPS_REPOSITORY}.git" "HEAD:${branch}" } commit_changes() { diff --git a/scripts/update-gitops.sh b/scripts/update-gitops.sh index 56a71e4..d564dbd 100755 --- a/scripts/update-gitops.sh +++ b/scripts/update-gitops.sh @@ -6,8 +6,7 @@ # Required env vars: GITHUB_REF, GITHUB_SHA, GITHUB_REPOSITORY, # INPUT_DOCKER_REGISTRY, INPUT_DOCKER_IMAGE, INPUT_TAG, INPUT_PUSH, # INPUT_GITOPS_USER, INPUT_GITOPS_EMAIL, -# INPUT_GITOPS_TOKEN, INPUT_GITOPS_ORGANIZATION, INPUT_GITOPS_REPOSITORY, -# INPUT_GITOPS_REPOSITORY_BRANCH +# INPUT_GITOPS_TOKEN, INPUT_GITOPS_ORGANIZATION, INPUT_GITOPS_REPOSITORY # Optional env vars: INPUT_GITOPS_DEV, INPUT_GITOPS_STAGE, INPUT_GITOPS_PROD SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" @@ -25,12 +24,16 @@ require_env INPUT_GITOPS_EMAIL require_env INPUT_GITOPS_TOKEN require_env INPUT_GITOPS_ORGANIZATION require_env INPUT_GITOPS_REPOSITORY -require_env INPUT_GITOPS_REPOSITORY_BRANCH # Used by gitops-functions.sh (process_file_updates -> update_file) # shellcheck disable=SC2034 IMAGE="${INPUT_DOCKER_REGISTRY}/${INPUT_DOCKER_IMAGE}:${INPUT_TAG}" +# Branch on the GitOps repo to commit & push to. +# Defaults to "main"; DEV updates target the "dev" branch. +# shellcheck disable=SC2034 +GITOPS_BRANCH="main" + # Configure git user git config --global user.email "${INPUT_GITOPS_EMAIL}" && git config --global user.name "${INPUT_GITOPS_USER}" @@ -40,6 +43,9 @@ if [[ ( $GITHUB_REF == refs/heads/master || $GITHUB_REF == refs/heads/main ) && elif [[ $GITHUB_REF == refs/heads/dev && -n "${INPUT_GITOPS_DEV:-}" ]]; then log_info "Run update for DEV" + GITOPS_BRANCH="dev" + git fetch origin dev + git checkout -B dev origin/dev process_file_updates "$INPUT_GITOPS_DEV" "true" elif [[ $GITHUB_REF == refs/tags/* && -n "${INPUT_GITOPS_PROD:-}" ]]; then diff --git a/tests/lib-gitops-functions.bats b/tests/lib-gitops-functions.bats index ec77a31..ccbe523 100644 --- a/tests/lib-gitops-functions.bats +++ b/tests/lib-gitops-functions.bats @@ -17,7 +17,7 @@ setup() { export INPUT_GITOPS_TOKEN="fake-token" export INPUT_GITOPS_ORGANIZATION="Staffbase" export INPUT_GITOPS_REPOSITORY="mops" - export INPUT_GITOPS_REPOSITORY_BRANCH="main" + export GITOPS_BRANCH="main" export IMAGE="registry.staffbase.com/my-service:main-abcdef12" # Create mock yq diff --git a/tests/update-gitops.bats b/tests/update-gitops.bats index 267e19d..20c0a96 100644 --- a/tests/update-gitops.bats +++ b/tests/update-gitops.bats @@ -17,7 +17,6 @@ setup() { export INPUT_GITOPS_TOKEN="fake-token" export INPUT_GITOPS_ORGANIZATION="Staffbase" export INPUT_GITOPS_REPOSITORY="mops" - export INPUT_GITOPS_REPOSITORY_BRANCH="main" export INPUT_GITOPS_DEV="" export INPUT_GITOPS_STAGE="" export INPUT_GITOPS_PROD="" @@ -114,17 +113,38 @@ teardown() { ! grep -q 'git commit' "${TEST_TEMP_DIR}/git_calls.log" 2>/dev/null || true } -# --- Simulate on gitops branch --- +# --- GitOps target branch --- -@test "updates DEV update on DEV devops branch" { +@test "DEV update fetches and pushes to dev branch on gitops repo" { export GITHUB_REF="refs/heads/dev" - export INPUT_GITOPS_REPOSITORY_BRANCH="dev" export INPUT_GITOPS_DEV="kubernetes/namespaces/svc/dev/de1/deploy.yaml spec.image" run "$SCRIPT" assert_success assert_output --partial "Run update for DEV" - grep -q "${INPUT_GITOPS_REPOSITORY_BRANCH}" "${TEST_TEMP_DIR}/git_calls.log" 2>/dev/null || true + grep -q "git fetch origin dev" "${TEST_TEMP_DIR}/git_calls.log" + grep -q "git checkout -B dev origin/dev" "${TEST_TEMP_DIR}/git_calls.log" + grep -q "git pull --rebase .* dev$" "${TEST_TEMP_DIR}/git_calls.log" + grep -q "git push .* HEAD:dev" "${TEST_TEMP_DIR}/git_calls.log" +} + +@test "STAGE update pushes to main branch on gitops repo" { + export GITHUB_REF="refs/heads/main" + export INPUT_GITOPS_STAGE="kubernetes/namespaces/svc/stage/de1/deploy.yaml spec.image" + run "$SCRIPT" + + assert_success + grep -q "git push .* HEAD:main" "${TEST_TEMP_DIR}/git_calls.log" + ! grep -q "git checkout -B dev" "${TEST_TEMP_DIR}/git_calls.log" +} + +@test "PROD update pushes to main branch on gitops repo" { + export GITHUB_REF="refs/tags/v1.0.0" + export INPUT_GITOPS_PROD="kubernetes/namespaces/svc/prod/de1/deploy.yaml spec.image" + run "$SCRIPT" + + assert_success + grep -q "git push .* HEAD:main" "${TEST_TEMP_DIR}/git_calls.log" } # --- No files configured --- From fd1266e1e65c05028b405815d5bd64b963588691 Mon Sep 17 00:00:00 2001 From: Ognjen Ribicic Date: Fri, 12 Jun 2026 10:59:45 +0200 Subject: [PATCH 4/4] EML-000: fix shellcheck --- scripts/update-gitops.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/update-gitops.sh b/scripts/update-gitops.sh index d564dbd..07805d4 100755 --- a/scripts/update-gitops.sh +++ b/scripts/update-gitops.sh @@ -31,8 +31,8 @@ IMAGE="${INPUT_DOCKER_REGISTRY}/${INPUT_DOCKER_IMAGE}:${INPUT_TAG}" # Branch on the GitOps repo to commit & push to. # Defaults to "main"; DEV updates target the "dev" branch. -# shellcheck disable=SC2034 -GITOPS_BRANCH="main" +# Consumed by push_to_gitops_repo() in lib/gitops-functions.sh. +export GITOPS_BRANCH="main" # Configure git user git config --global user.email "${INPUT_GITOPS_EMAIL}" && git config --global user.name "${INPUT_GITOPS_USER}" @@ -43,7 +43,7 @@ if [[ ( $GITHUB_REF == refs/heads/master || $GITHUB_REF == refs/heads/main ) && elif [[ $GITHUB_REF == refs/heads/dev && -n "${INPUT_GITOPS_DEV:-}" ]]; then log_info "Run update for DEV" - GITOPS_BRANCH="dev" + export GITOPS_BRANCH="dev" git fetch origin dev git checkout -B dev origin/dev process_file_updates "$INPUT_GITOPS_DEV" "true"