abstrask
diff --git a/‎.github/workflows/test.yaml
Lines changed: 59 additions & 0 deletions b/‎.github/workflows/test.yaml
Lines changed: 59 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 17 additions & 12 deletions b/‎README.md
Lines changed: 17 additions & 12 deletions
diff --git a/‎action.yml
Lines changed: 3 additions & 1 deletion b/‎action.yml
Lines changed: 3 additions & 1 deletion
diff --git a/‎example-workflow.yaml
Lines changed: 2 additions & 2 deletions b/‎example-workflow.yaml
Lines changed: 2 additions & 2 deletions
diff --git a/‎flux-helm-diff.sh
Lines changed: 73 additions & 27 deletions b/‎flux-helm-diff.sh
Lines changed: 73 additions & 27 deletions
diff --git a/‎test/base/infrastructure/base/dcgm-exporter/helm.yaml
Lines changed: 0 additions & 51 deletions b/‎test/base/infrastructure/base/dcgm-exporter/helm.yaml
Lines changed: 0 additions & 51 deletions
@@ -0,0 +1,59 @@
+# https://github.com/recoord/flux-infrastructure/blob/dev/.github/workflows/update-crds.yml
+# https://github.com/recoord/core-devops-engine-k8s-manifests/blob/main/.github/workflows/diff.yml
+
+name: Test Helm diff
+on:
+  - pull_request_target
+jobs:
+  helm_diff:
+    name: Diff changed Helm templates
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      - id: dependencies
+        name: Install dependencies
+        uses: alexellis/arkade-get@master
+        with:
+          helm: latest
+          yq: latest
+
+      - id: checkout_base
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.base_ref }}
+          path: base
+
+      - id: checkout_head
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref }}
+          path: head
+
+      - name: Get all Helm files
+        id: all_files_helm
+        run: |
+          helm_files=($(find ./head/test/head -type f -name 'helm.yaml' | sed "s|^./head/test/head/||" | sort))
+          echo HELM_FILES="${helm_files[@]}" >> $GITHUB_OUTPUT
+          ls -lR
+
+      - id: helm_diff
+        name: Helm diff
+        run: ../head/flux-helm-diff.sh
+        working-directory: ./base
+        env:
+          TEST: "1"
+          HELM_FILES: ${{ steps.all_files_helm.outputs.HELM_FILES }}
+        shell: bash
+
+      - id: pr_comment
+        name: Add PR comment
+        uses: mshick/add-pr-comment@v2
+        if: contains(fromJSON('["pull_request_target"]'), github.event_name)
+        with:
+          message-id: diff
+          refresh-message-position: true
+          message: |
+            ${{ steps.helm_diff.outputs.markdown }}
@@ -1,7 +1,5 @@
 # Flux Helm chart diff action
 
-![](https://github.com/abstrask/actions-playground/actions/workflows/helm-diff.yaml/badge.svg)
-
 A composite GitHub Action for use with PR workflows in repos with [Flux Helm manifests](https://fluxcd.io/flux/use-cases/helm/).
 
 It extracts the repo URL, chart name and version and values, and renders the supplied list of templates before and after PR, and produce a diff report in markdown format.
@@ -44,7 +42,7 @@ In `diff_markdown` the output for each file will either be:
   name: Flux Helm diff
   uses: abstrask/flux-helm-diff@main
   with:
-    helm_files: ${{ steps.changed_files_helm.outputs.modified_files }}
+    helm_files: ${{ steps.changed_files_helm.outputs.all_changed_files }}
 ```
 
 ### Full Example
@@ -71,7 +69,7 @@ jobs:
     outputs:
       helm: ${{ steps.filter.outputs.helm }}
     steps:
-      - id: checkout_base
+      - id: checkout_head
         uses: actions/checkout@v4
         with:
           ref: ${{ github.head_ref }}
@@ -143,7 +141,7 @@ Render templates and generate diff report:
         name: Helm diff
         uses: abstrask/actions-playground@main
         with:
-          helm_files: ${{ steps.changed_files_helm.outputs.modified_files }}
+          helm_files: ${{ steps.changed_files_helm.outputs.all_changed_files }}
 
 ```
 
@@ -253,13 +251,20 @@ No changes
 (abbreviated)
 ```
 
-### infrastructure/base/weave-gitops/helm.yaml
-```
-Error: looks like "oci://ghcr.io/weaveworks/charts" is not a valid chart repository or cannot be reached: object required
-```
-
-## Testing Locally
+## Testing
 
 ```bash
-GITHUB_OUTPUT=debug.out test=1 ./flux-helm-diff.sh helm1.yaml infrastructure/base/weave-gitops/helm.yaml infrastructure/base/nvidia-device-plugin/helm.yaml; cat debug.out
+helm_files=($(find ./test/head -type f -name 'helm.yaml' | sed "s|^./test/head/||" | sort))
+GITHUB_OUTPUT=debug.out HELM_FILES="${helm_files[@]}" TEST=1 ./flux-helm-diff.sh; cat debug.out
 ```
+
+### Testing files
+
+| Name                    | Scenario tested                                                              | Expected output                                 |
+| ----------------------- | ---------------------------------------------------------------------------- | ----------------------------------------------- |
+| `dcgm-exporter`         | Chart added in `head` that doesn't exist in `base`                           | Diff shows entire rendered template as added    |
+| `metaflow`              | Very non-standard way of publishing charts (not sure if should be supported) | TBD                                             |
+| `nvidia-device-plugin`  | HelmRepository (using `https`), minor chart version bump                     | Diff (with potentially breaking `nodeAffinity`) |
+| `weave-gitops-helm2oci` | Repository type changed from HelmRepository (type `oci`) to OCIRepository    | No changes                                      |
+| `weave-gitops-helmrepo` | HelmRepository with type `oci`                                               | Diff                                            |
+| `weave-gitops-ocirepo`  | OCIRepository                                                                | Diff                                            |
@@ -29,5 +29,7 @@ runs:
 
     - id: diff
       name: Helm diff
-      run: flux-helm-diff.sh ${{ inputs.helm_files }}
+      run: flux-helm-diff.sh
+      env:
+        HELM_FILES: ${{ inputs.helm_files }}
       shell: bash
@@ -12,7 +12,7 @@ jobs:
     outputs:
       helm: ${{ steps.filter.outputs.helm }}
     steps:
-      - id: checkout_base
+      - id: checkout_head
         uses: actions/checkout@v4
         with:
           ref: ${{ github.head_ref }}
@@ -64,7 +64,7 @@ jobs:
         name: Helm diff
         uses: abstrask/flux-helm-diff@main
         with:
-          helm_files: ${{ steps.changed_files_helm.outputs.modified_files }}
+          helm_files: ${{ steps.changed_files_helm.outputs.all_changed_files }}
 
       - id: pr_comment
         name: Add PR comment
 
@@ -1,43 +1,78 @@
 #!/bin/bash
+set -eu -o pipefail
 
-if [ "${#}" == "0" ]; then
+helm_files=(${HELM_FILES[@]})
+if [ "${#helm_files[@]}" == "0" ]; then
     echo "No Helm files specified, nothing to do"
     exit
 fi
-helm_files=( "${@}" )
-echo "Helm files to render: ${helm_files[*]}"
+echo "${#helm_files[@]} Helm file(s) to render: ${helm_files[*]}"
 
 helm_template() {
-    if [ -z "${2}" ]; then
+    set -eu -o pipefail
+    if [ -z "${1}" ]; then
         echo "Error: Need file name to template" >&2
-        return 1
+        return 2
     fi
 
+    # 'head' or 'base' ref - used for logging output
+    ref="${1%%/*}"
+
     # Set test = <something> to run against Helm teplates under test/
-    if [ -z "${test}" ]; then
-        helm_file="${2}"
+    if [ -z "${TEST:-}" ]; then
+        helm_file="${1}"
     else
-        helm_file="test/${2}"
+        helm_file="test/${1}"
     fi
 
     if [ ! -f "${helm_file}" ]; then
-        echo "Error: File \"${helm_file}\" not found, skipping diff"
-        echo "Error: File \"${helm_file}\" not found, skipping diff" >&2
+        # echo "Warn: File \"${helm_file}\" not found, skipping"
+        echo "File \"${helm_file}\" not found, skipping" >&2
         return 1
     fi
 
+    # Determine repo type - HelmRepository or OCIRepository
+    # https://fluxcd.io/flux/components/source/helmrepositories/
+    # https://fluxcd.io/flux/components/source/ocirepositories/
+    # https://fluxcd.io/flux/components/source/gitrepositories/
+    if [[ "HelmRepository" == "$(yq '. | select(.kind == "HelmRelease").spec.chart.spec.sourceRef.kind' "${helm_file}")" ]]; then
+        repo_type=helm
+        repo_name=$(yq '. | select(.kind == "HelmRelease").spec.chart.spec.sourceRef.name' "${helm_file}")
+        chart=$(yq '. | select(.kind == "HelmRelease").spec.chart.spec.chart' "${helm_file}")
+        url=$(yq '. | select(.kind == "HelmRepository").spec.url' "${helm_file}")
+        version=$(yq '. | select(.kind == "HelmRelease").spec.chart.spec.version' "${helm_file}")
+        if [[ "${url}" = "oci://"* ]]; then
+            url="${url}/${chart}" # Syntax for chart repos is different from OCI repos (as HelmRepo kind)
+        fi
+    elif [[ "OCIRepository" == "$(yq '. | select(.kind == "HelmRelease").spec.chartRef.kind' "${helm_file}")" ]]; then
+        repo_type=oci
+        repo_name=$(yq '. | select(.kind == "HelmRelease").spec.chartRef.name' "${helm_file}")
+        chart="${repo_name}"
+        url=$(yq '. | select(.kind == "OCIRepository").spec.url' "${helm_file}")
+        version=$(yq '. | select(.kind == "OCIRepository").spec.ref.tag' "${helm_file}")
+    else
+        echo "Unable to determine repo type, skipping"
+        echo "Unable to determine repo type, skipping" >&2
+        return 2
+    fi
+
     # Extracting chart properties
     name=$(yq '. | select(.kind == "HelmRelease").metadata.name' "${helm_file}")
     namespace=$(yq '. | select(.kind == "HelmRelease").metadata.namespace' "${helm_file}")
-    version=$(yq '. | select(.kind == "HelmRelease") | .spec.chart.spec.version' "${helm_file}")
-    url=$(yq '. | select(.kind == "HelmRepository") | .spec.url' "${helm_file}")
-    chart=$(yq '. | select(.kind == "HelmRelease") | .spec.chart.spec.chart' "${helm_file}")
     values=$(yq '. | select(.kind == "HelmRelease").spec.values' "${helm_file}")
-    echo "Chart version ${1}: $version ($chart from $url)" >&2
 
-    # Syntax for chart repos is different from OCI repos
+    # Let's see what information we got out about the chart...
+    echo "${ref} repo type:         ${repo_type}" >&2
+    echo "${ref} repo name:         ${repo_name}" >&2
+    echo "${ref} repo/chart URL:    ${url}" >&2
+    echo "${ref} chart name:        ${chart}" >&2
+    echo "${ref} chart version:     ${version}" >&2
+    echo "${ref} release name:      ${name}" >&2
+    echo "${ref} release namespace: ${namespace}" >&2
+
+    # Syntax for chart repos is different from OCI repos (as HelmRepo kind)
     if [[ "${url}" = "oci://"* ]]; then
-        chart_args=("${url}/${chart}") # treat as array, to avoid adding single-quotes
+        chart_args=("${url}") # treat as array, to avoid adding single-quotes
     else
         chart_args=("${chart}" --repo "${url}")
     fi
@@ -46,19 +81,16 @@ helm_template() {
     template_out=$(helm template "${name}" ${chart_args[@]} --version "${version}" -n "${namespace}" -f <(echo "${values}")  2>&1) || {
         echo "$template_out"
         echo "$template_out" >&2
-        return 1
+        return 2
     }
 
     # Cleanup template, removing comments, output
     template_clean=$(yq -P 'sort_keys(..) comments=""' <(echo "${template_out}"))
     echo "$template_clean"
-
-    # Debug info
-    echo "Line count ${1}: values ($(echo "${values}" | wc -l)), template ($(echo "${template_out}" | wc -l)), template_clean ($(echo "${template_clean}" | wc -l))" >&2
 }
 
 EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
-echo "markdown<<$EOF" >> "$GITHUB_OUTPUT"
+echo "markdown<<$EOF" > "$GITHUB_OUTPUT"
 echo "## Flux Helm diffs" >> "$GITHUB_OUTPUT"
 
 any_failed=0
@@ -70,26 +102,38 @@ for helm_file in "${helm_files[@]}"; do
 
     # Template before
     return_code=0
-    before_out=$(helm_template before "base/${helm_file}") || return_code=1
-    if [ $return_code -ne 0 ]; then
+    base_out=$(helm_template "base/${helm_file}") || return_code=$?
+    if [ $return_code -eq 2 ]; then # Ignore files skipped
         {
             echo '```'
-            echo "${before_out}"
+            echo "Error rendering base ref:"
+            echo "${base_out}"
             echo '```'
         } >> "$GITHUB_OUTPUT"
         any_failed=1
         continue
     fi
 
     # Template after
-    after_out=$(helm_template after "head/${helm_file}") || true
+    return_code=0
+    head_out=$(helm_template "head/${helm_file}") || return_code=$?
+    if [ $return_code -ne 0 ]; then
+        {
+            echo '```'
+            echo "Error rendering head ref:"
+            echo "${head_out}"
+            echo '```'
+        } >> "$GITHUB_OUTPUT"
+        any_failed=1
+        continue
+    fi
 
     # Template diff
-    diff_out=$(diff --unified=5 <(echo "${before_out}") <(echo "${after_out}")) || true
+    diff_out=$(diff --unified=5 <(echo "${base_out}") <(echo "${head_out}")) || true
     echo "Diff has $(echo "$diff_out" | wc -l) line(s)"
     [ -z "${diff_out}" ] && diff_out="No changes"
     {
-        echo '```'
+        echo '```diff'
         echo "${diff_out}"
         echo '```'
     } >> "$GITHUB_OUTPUT"
@@ -99,3 +143,5 @@ done
     echo "$EOF"
     echo "any_failed=$any_failed"
 } >> "$GITHUB_OUTPUT"
+
+echo -e "\nAll done"