Feature/gitops (#37)

Co-authored-by: moilanik <niko.moilanen@tietoevry.com>
Reviewed-on: #37

scripts/dispatch-workflow.sh

@@ -17,6 +17,11 @@ POLL_INTERVAL="${DISPATCH_POLL_INTERVAL:-10}"
 [ -z "$GITEA_API_URL" ] && echo "ERROR: gitea_api_url argument is required" >&2 && exit 1
 [ -z "$GITEA_TOKEN" ] && echo "ERROR: gitea_token argument is required" >&2 && exit 1
 
+# Generate unique dispatch_id for display_title matching
+# Can be overridden via DISPATCH_ID env var (for tests)
+DISPATCH_ID="${DISPATCH_ID:-$(xxd -l 4 -p /dev/urandom 2>/dev/null || openssl rand -hex 4 2>/dev/null || od -An -N4 -tx1 /dev/urandom | tr -d ' \n')}"
+INPUTS_JSON=$(echo "$INPUTS_JSON" | jq --arg id "$DISPATCH_ID" '. + {dispatch_id: $id}')
+
 DISPATCH_URL="$GITEA_API_URL/api/v1/repos/$TARGET_REPO/actions/workflows/$WORKFLOW_FILE/dispatches"
 DISPATCH_BODY=$(jq -nc --arg ref "$REF" --argjson inputs "$INPUTS_JSON" '{ref: $ref, inputs: $inputs}')
 
@@ -32,19 +37,30 @@ if [ "$DISPATCH_CODE" != "201" ]; then
   exit 1
 fi
 
-RUNS_URL="$GITEA_API_URL/api/v1/repos/$TARGET_REPO/actions/runs?status=running"
-RUNS_RESP=$(curl -s --connect-timeout 5 --max-time 10 \
-  -H "Authorization: token $GITEA_TOKEN" "$RUNS_URL")
-
-RUN_ID=$(echo "$RUNS_RESP" | jq -r '.workflow_runs[0].id // empty')
-if [ -z "$RUN_ID" ] || [ "$RUN_ID" = "null" ]; then
-  echo "ERROR: Could not find dispatched workflow run" >&2
-  exit 1
-fi
-
+# Poll: find dispatched run by display_title matching
+RUN_ID=""
 TIMEOUT_SECONDS=$(awk "BEGIN {printf \"%.3f\", $TIMEOUT_MINUTES * 60}")
 START_TIME=$(date +%s)
 
+while [ -z "$RUN_ID" ]; do
+  NOW=$(date +%s)
+  ELAPSED=$((NOW - START_TIME))
+  if awk -v e="$ELAPSED" -v t="$TIMEOUT_SECONDS" 'BEGIN { exit !(e >= t) }'; then
+    echo "ERROR: Timeout after ${TIMEOUT_MINUTES} minutes — run not found" >&2
+    exit 124
+  fi
+
+  RUNS_RESP=$(curl -s --connect-timeout 5 --max-time 10 \
+    "$GITEA_API_URL/api/v1/repos/$TARGET_REPO/actions/runs?event=workflow_dispatch&limit=10" \
+    -H "Authorization: token $GITEA_TOKEN")
+
+  RUN_ID=$(echo "$RUNS_RESP" | jq -r --arg id "$DISPATCH_ID" \
+    '[.workflow_runs[] | select(.display_title | contains($id))] | .[0].id // empty')
+
+  [ -z "$RUN_ID" ] && sleep "$POLL_INTERVAL"
+done
+
+# Poll: wait for run to complete
 while true; do
   NOW=$(date +%s)
   ELAPSED=$((NOW - START_TIME))
@@ -61,6 +77,12 @@ while true; do
   if [ "$STATUS" = "completed" ]; then
     CONCLUSION=$(echo "$RUN_RESP" | jq -r '.conclusion // "failure"')
     if [ "$CONCLUSION" = "success" ]; then
+      GITOPS_COMMIT=""
+      BRANCH_RESP=$(curl -s --connect-timeout 5 --max-time 10 \
+        "$GITEA_API_URL/api/v1/repos/$TARGET_REPO/branches/$REF" \
+        -H "Authorization: token $GITEA_TOKEN") || true
+      GITOPS_COMMIT=$(echo "$BRANCH_RESP" | jq -r '.commit.id // empty')
+      echo "GITOPS_COMMIT=$GITOPS_COMMIT"
       exit 0
     fi
     echo "ERROR: Workflow completed with conclusion: $CONCLUSION" >&2

scripts/gitops-dispatch.sh

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+: "${GITOPS_FILE:?}"
+: "${GITOPS_YQ_TPL:?}"
+: "${GITOPS_VERSION:?}"
+: "${GITOPS_SOURCE_REPO:?}"
+: "${GITOPS_SOURCE_COMMIT:?}"
+: "${GITOPS_REPO:?}"
+: "${GITOPS_WORKFLOW:?}"
+: "${GITEA_API_URL:?}"
+: "${GITEA_TOKEN:?}"
+
+TIMEOUT="${GITOPS_DISPATCH_TIMEOUT:-30}"
+
+INPUTS=$(jq -nc \
+  --arg file "$GITOPS_FILE" \
+  --arg yq_tpl "$GITOPS_YQ_TPL" \
+  --arg version "$GITOPS_VERSION" \
+  --arg source_repo "$GITOPS_SOURCE_REPO" \
+  --arg source_commit "$GITOPS_SOURCE_COMMIT" \
+  --arg git_tag_prefix "${GITOPS_TAG_PREFIX:-}" \
+  '{file: $file, yq_tpl: $yq_tpl, version: $version, source_repo: $source_repo, source_commit: $source_commit, git_tag_prefix: $git_tag_prefix}')
+
+DIR="$(cd "$(dirname "$0")" && pwd)"
+set +e
+OUTPUT=$(bash "$DIR/dispatch-workflow.sh" \
+  "$GITOPS_REPO" "$GITOPS_WORKFLOW" "main" \
+  "$INPUTS" "$GITEA_API_URL" "$GITEA_TOKEN" "$TIMEOUT" 2>&1)
+EXIT=$?
+set -e
+
+echo "$OUTPUT"
+
+STATUS="failure"
+GITOPS_SHA=""
+if [ "$EXIT" = "0" ]; then
+  STATUS="success"
+  GITOPS_SHA=$(echo "$OUTPUT" | grep '^GITOPS_COMMIT=' | cut -d= -f2)
+fi
+
+COMPONENT="${GITOPS_TAG_PREFIX:-${GITOPS_FILE}}"
+echo "GITOPS_SUMMARY=${COMPONENT}|${GITOPS_VERSION}|${STATUS}|${GITOPS_SHA}|${GITOPS_REPO}"
+exit "$EXIT"

scripts/gitops-update.sh

@@ -0,0 +1,114 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+_gitops_fail() {
+  local MSG="${1:-GitOps update failed}"
+  echo "[ERROR] ${MSG}" >&2
+
+  if [ -n "${GITOPS_REPO:-}" ] && [ -n "${GITOPS_SHA:-}" ] && \
+     [ -n "${SOURCE_REPO:-}" ] && [ -n "${SOURCE_COMMIT:-}" ] && \
+     [ -n "${GITEA_API_URL:-}" ] && [ -n "${GITEA_TOKEN:-}" ]; then
+    local env repo context
+    env=$(dirname "${INPUT_FILE}")
+    repo=$(basename "${SOURCE_REPO}")
+    context="${repo} ${GITHUB_RUN_ID:-unknown}"
+    [ -n "${GIT_TAG_PREFIX:-}" ] && context="${repo}/${GIT_TAG_PREFIX} ${GITHUB_RUN_ID:-unknown}"
+
+    local SOURCE_URL="${GITEA_API_URL}/${SOURCE_REPO}/commit/${SOURCE_COMMIT}"
+    ROOT_REPO="${GITOPS_REPO}" ROOT_COMMIT="${GITOPS_SHA}" \
+      GITEA_API_URL="${GITEA_API_URL}" GITEA_TOKEN="${GITEA_TOKEN}" \
+      bash "${SCRIPT_DIR}/report-status.sh" failure "Install to ${env} ${VERSION}" \
+      "${context}" "" "${SOURCE_URL}" 2>/dev/null || true
+  fi
+
+  exit 1
+}
+
+_gitops_validate() {
+  [ -n "${INPUT_FILE:-}" ] || _gitops_fail "INPUT_FILE is required"
+  [ -n "${YQ_TPL:-}" ] || _gitops_fail "YQ_TPL is required"
+  [ -n "${VERSION:-}" ] || _gitops_fail "VERSION is required"
+  [ -n "${SOURCE_REPO:-}" ] || _gitops_fail "SOURCE_REPO is required"
+  [ -n "${SOURCE_COMMIT:-}" ] || _gitops_fail "SOURCE_COMMIT is required"
+  [ -n "${GITOPS_REPO:-}" ] || _gitops_fail "GITOPS_REPO is required"
+  [ -n "${GITEA_TOKEN:-}" ] || _gitops_fail "GITEA_TOKEN is required"
+  [ -n "${GITEA_API_URL:-}" ] || _gitops_fail "GITEA_API_URL is required"
+}
+
+_gitops_success() {
+  local env repo context
+  env=$(dirname "${INPUT_FILE}")
+  repo=$(basename "${SOURCE_REPO}")
+  context="${repo} ${GITHUB_RUN_ID:-unknown}"
+  [ -n "${GIT_TAG_PREFIX:-}" ] && context="${repo}/${GIT_TAG_PREFIX} ${GITHUB_RUN_ID:-unknown}"
+
+  local SOURCE_URL="${GITEA_API_URL}/${SOURCE_REPO}/commit/${SOURCE_COMMIT}"
+
+  ROOT_REPO="${GITOPS_REPO}" ROOT_COMMIT="${GITOPS_SHA}" \
+    GITEA_API_URL="${GITEA_API_URL}" GITEA_TOKEN="${GITEA_TOKEN}" \
+    bash "${SCRIPT_DIR}/report-status.sh" success \
+    "Install to ${env} ${VERSION}" \
+    "${context}" "" "${SOURCE_URL}"
+}
+
+_gitops_nochange() {
+  local env repo context
+  env=$(dirname "${INPUT_FILE}")
+  repo=$(basename "${SOURCE_REPO}")
+  context="${repo} ${GITHUB_RUN_ID:-unknown}"
+  [ -n "${GIT_TAG_PREFIX:-}" ] && context="${repo}/${GIT_TAG_PREFIX} ${GITHUB_RUN_ID:-unknown}"
+
+  local SOURCE_URL="${GITEA_API_URL}/${SOURCE_REPO}/commit/${SOURCE_COMMIT}"
+
+  ROOT_REPO="${GITOPS_REPO}" ROOT_COMMIT="${GITOPS_SHA}" \
+    GITEA_API_URL="${GITEA_API_URL}" GITEA_TOKEN="${GITEA_TOKEN}" \
+    bash "${SCRIPT_DIR}/report-status.sh" success \
+    "Install to ${env} ${VERSION} — no change" \
+    "${context}" "" "${SOURCE_URL}"
+}
+
+_gitops_substitute() {
+  echo "$1" | sed "s/{{VERSION}}/$2/g"
+}
+
+_gitops_update() {
+  local CLONE_DIR="${GITOPS_TARGET_DIR:-$(mktemp -d)}"
+
+  if [ -n "${GITOPS_CLONE_URL:-}" ]; then
+    git clone "${GITOPS_CLONE_URL}" "${CLONE_DIR}" || _gitops_fail "Failed to clone GitOps repo"
+  else
+    git clone "${CLONE_URL}" "${CLONE_DIR}" || _gitops_fail "Failed to clone GitOps repo"
+  fi
+
+  cd "${CLONE_DIR}" || _gitops_fail "Failed to enter clone directory"
+  yq eval -i "${YQ_EXPR}" "${INPUT_FILE}" || _gitops_fail "Failed to update ${INPUT_FILE}"
+  git add "${INPUT_FILE}" || _gitops_fail "Failed to stage ${INPUT_FILE}"
+
+  if git diff --cached --quiet; then
+    echo "No changes — ${INPUT_FILE} already at ${VERSION}"
+    GITOPS_SHA="$(git rev-parse HEAD)"
+    _gitops_nochange
+    exit 0
+  fi
+
+  git -c user.name="gitea-ci-bot" \
+      -c user.email="ci@keskikuja.site" \
+      commit -m "[skip ci] gitops: update version to ${VERSION}" || _gitops_fail "Failed to commit"
+  GITOPS_SHA="$(git rev-parse HEAD)"
+  git push || _gitops_fail "Failed to push"
+
+  _gitops_success
+}
+
+_gitops_validate
+
+YQ_EXPR=$(_gitops_substitute "${YQ_TPL}" "${VERSION}")
+
+GITEA_HOST=$(echo "${GITEA_API_URL}" | sed 's|https://||' | sed 's|http://||')
+CLONE_URL="${GITOPS_CLONE_URL:-https://${GITEA_TOKEN}@${GITEA_HOST}/${GITOPS_REPO}.git}"
+
+if [ "${BASH_SOURCE[0]}" = "${0}" ]; then
+  _gitops_update
+fi