diff --git a/.github/gitops-action-rc/action.yml b/.github/gitops-action-rc/action.yml index cbe6575..caeb94f 100644 --- a/.github/gitops-action-rc/action.yml +++ b/.github/gitops-action-rc/action.yml @@ -11,8 +11,8 @@ inputs: dry-run-only: description: 'Whether to only run the fleetctl gitops commands in dry-run mode.' default: 'false' - delete-other-teams: - description: 'Whether to delete other teams in Fleet which are not part of the gitops config.' + delete-other-fleets: + description: 'Whether to delete other fleets in Fleet which are not part of the gitops config.' default: 'true' runs: @@ -44,5 +44,5 @@ runs: working-directory: ${{ inputs.working-directory }} env: FLEET_DRY_RUN_ONLY: ${{ inputs.dry-run-only }} - FLEET_DELETE_OTHER_TEAMS: ${{ inputs.delete-other-teams }} - run: ./gitops.sh + FLEET_DELETE_OTHER_FLEETS: ${{ inputs.delete-other-fleets }} + run: ./gitops-rc.sh diff --git a/gitops-rc.sh b/gitops-rc.sh new file mode 100644 index 0000000..220520f --- /dev/null +++ b/gitops-rc.sh @@ -0,0 +1,59 @@ +#!/usr/bin/env bash + +# -e: Immediately exit if any command has a non-zero exit status. +# -x: Print all executed commands to the terminal. +# -u: Exit if an undefined variable is used. +# -o pipefail: Exit if any command in a pipeline fails. +set -exuo pipefail + +FLEET_GITOPS_DIR="${FLEET_GITOPS_DIR:-.}" +FLEET_GLOBAL_FILE="${FLEET_GLOBAL_FILE:-$FLEET_GITOPS_DIR/default.yml}" +FLEETCTL="${FLEETCTL:-fleetctl}" +FLEET_DRY_RUN_ONLY="${FLEET_DRY_RUN_ONLY:-false}" +FLEET_DELETE_OTHER_FLEETS="${FLEET_DELETE_OTHER_FLEETS:-true}" + +# Check for existence of the global file in case the script is used +# on repositories with fleet only yamls. +if [ -f "$FLEET_GLOBAL_FILE" ]; then + # Validate that global file contains org_settings + grep -Exq "^org_settings:.*" "$FLEET_GLOBAL_FILE" +else + FLEET_DELETE_OTHER_FLEETS=false +fi + +# If you are using secrets to manage SSO metadata for Fleet SSO login or MDM SSO login, uncomment the below: + +# FLEET_SSO_METADATA=$( sed '2,$s/^/ /' <<< "${FLEET_MDM_SSO_METADATA}") +# FLEET_MDM_SSO_METADATA=$( sed '2,$s/^/ /' <<< "${FLEET_MDM_SSO_METADATA}") + +# Copy/pasting raw SSO metadata into GitHub secrets will result in malformed yaml. +# Adds spaces to all but the first line of metadata keeps the multiline string in bounds. + +if compgen -G "$FLEET_GITOPS_DIR"/fleets/*.yml > /dev/null; then + # Validate that every fleet has a unique name. + # This is a limited check that assumes all fleet files contain the phrase: `name: ` + ! perl -nle 'print $1 if /^name:\s*(.+)$/' "$FLEET_GITOPS_DIR"/fleets/*.yml | sort | uniq -d | grep . -cq +fi + +args=() +if [ -f "$FLEET_GLOBAL_FILE" ]; then + args=(-f "$FLEET_GLOBAL_FILE") +fi + +for fleet_file in "$FLEET_GITOPS_DIR"/fleets/*.yml; do + if [ -f "$fleet_file" ]; then + args+=(-f "$fleet_file") + fi +done +if [ "$FLEET_DELETE_OTHER_FLEETS" = true ]; then + args+=(--delete-other-fleets) +fi + +# Dry run +$FLEETCTL gitops "${args[@]}" --dry-run +if [ "$FLEET_DRY_RUN_ONLY" = true ]; then + exit 0 +fi + +# Real run +$FLEETCTL gitops "${args[@]}"