Raj Singh

Customer Reliability Engineer
[email protected]

Author: rajsinghtech

.github/auto_merge.py

@@ -0,0 +1,35 @@
+import os
+from github import Github
+
+# Retrieve the GitHub token from the environment variable
+GITHUB_TOKEN = os.getenv("GITHUB_PAT")
+REPO_NAME = "gavinmcfall/home-ops"
+
+if not GITHUB_TOKEN:
+    raise ValueError("Please set the GITHUB_PAT environment variable.")
+
+def auto_merge_minor_patch_prs():
+    g = Github(GITHUB_TOKEN)
+    repo = g.get_repo(REPO_NAME)
+    
+    pr_count = 0
+    open_prs = repo.get_pulls(state="open", sort="created", direction="desc")
+    
+    for pr in open_prs:
+        print(f"Checking PR #{pr.number}: {pr.title}")
+        try:
+            comments = pr.get_issue_comments()
+            for comment in comments:
+                print(f"  Comment: {comment.body}")
+                if "minor" in comment.body.lower() or "patch" in comment.body.lower():
+                    print(f"Merging PR #{pr.number}: {pr.title}")
+                    pr.merge()
+                    pr_count += 1
+                    break
+        except Exception as e:
+            print(f"Error processing PR #{pr.number}: {e}")
+    
+    print(f"Processed {pr_count} PR(s).")
+
+if __name__ == "__main__":
+    auto_merge_minor_patch_prs()

.github/labeler.yaml

@@ -0,0 +1,14 @@
+---
+area/bootstrap:
+  - changed-files:
+      - any-glob-to-any-file: bootstrap/**/*
+area/github:
+  - changed-files:
+      - any-glob-to-any-file: .github/**/*
+area/kubernetes:
+  - changed-files:
+      - any-glob-to-any-file: kubernetes/**/*
+area/taskfile:
+  - changed-files:
+      - any-glob-to-any-file: .taskfiles/**/*
+      - any-glob-to-any-file: Taskfile*

.github/labels.yaml

@@ -0,0 +1,20 @@
+---
+# Area
+- { name: "area/bootstrap",          color: "0e8a16" }
+- { name: "area/github",             color: "0e8a16" }
+- { name: "area/kubernetes",         color: "0e8a16" }
+- { name: "area/taskfile",           color: "0e8a16" }
+# Distro
+- { name: "distro/talos",            color: "ffc300" }
+# Renovate
+- { name: "renovate/container",      color: "027fa0" }
+- { name: "renovate/github-action",  color: "027fa0" }
+- { name: "renovate/github-release", color: "027fa0" }
+- { name: "renovate/helm",           color: "027fa0" }
+# Semantic Type
+- { name: "type/patch",              color: "ffec19" }
+- { name: "type/minor",              color: "ff9800" }
+- { name: "type/major",              color: "f6412d" }
+- { name: "type/break",              color: "f6412d" }
+# Uncategorized
+- { name: "hold/upstream",           color: "ee0701" }

.github/release.yaml

@@ -0,0 +1,4 @@
+changelog:
+  exclude:
+    authors:
+      - renovate

.github/rennovate.json

@@ -0,0 +1,112 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended",
+    "docker:enableMajor",
+    ":disableRateLimiting",
+    ":dependencyDashboard",
+    ":semanticCommits",
+    ":automergeBranch"
+  ],
+  "dependencyDashboard": true,
+  "dependencyDashboardTitle": "Renovate Dashboard 🤖",
+  "suppressNotifications": ["prEditedNotification", "prIgnoreNotification"],
+  "rebaseWhen": "conflicted",
+  "schedule": ["every weekend"],
+  "ignorePaths": ["**/*.sops.*"],
+  "flux": {
+    "fileMatch": ["(^|/)kubernetes/.+\\.ya?ml(?:\\.j2)?$"]
+  },
+  "helm-values": {
+    "fileMatch": ["(^|/)kubernetes/.+\\.ya?ml(?:\\.j2)?$"]
+  },
+  "helmfile": {
+    "fileMatch": ["(^|/)helmfile\\.ya?ml(?:\\.j2)?$"]
+  },
+  "kubernetes": {
+    "fileMatch": ["(^|/)kubernetes/.+\\.ya?ml(?:\\.j2)?$"]
+  },
+  "kustomize": {
+    "fileMatch": ["(^|/)kustomization\\.ya?ml(?:\\.j2)?$"]
+  },
+  "pip_requirements": {
+    "fileMatch": ["(^|/)[\\w-]*requirements(-\\w+)?\\.(txt|pip)(?:\\.j2)?$"]
+  },
+  "commitMessageTopic": "{{depName}}",
+  "commitMessageExtra": "to {{newVersion}}",
+  "commitMessageSuffix": "",
+  "packageRules": [
+    {
+      "description": ["Auto merge Github Actions"],
+      "matchManagers": ["github-actions"],
+      "automerge": true,
+      "automergeType": "branch",
+      "ignoreTests": true,
+      "matchUpdateTypes": ["minor", "patch"]
+    },
+    {
+      "matchUpdateTypes": ["minor", "patch"],
+      "matchCurrentVersion": "!/^0/",
+      "automerge": true
+    },
+    {
+      "matchUpdateTypes": ["digest"],
+      "automerge": true
+    },
+    {
+      "description": ["Flux Group"],
+      "groupName": "Flux",
+      "matchPackagePatterns": ["fluxcd"],
+      "matchDatasources": ["docker", "github-tags"],
+      "versioning": "semver",
+      "group": {
+        "commitMessageTopic": "{{{groupName}}} group"
+      },
+      "separateMinorPatch": true
+    },
+    {
+      "description": ["Talos Group"],
+      "groupName": "Talos",
+      "matchPackagePatterns": [
+        "siderolabs/talosctl",
+        "siderolabs/installer"
+      ],
+      "matchDatasources": ["docker"],
+      "group": {
+        "commitMessageTopic": "{{{groupName}}} group"
+      },
+      "separateMinorPatch": true
+    },
+    {
+      "matchDatasources": ["helm"],
+      "commitMessageTopic": "chart {{depName}}"
+    },
+    {
+      "matchDatasources": ["docker"],
+      "commitMessageTopic": "image {{depName}}"
+    },
+    {
+      "matchDatasources": ["docker"],
+      "matchUpdateTypes": ["major"],
+      "commitMessagePrefix": "feat(container)!: "
+    },
+    {
+      "matchDatasources": ["docker"],
+      "matchUpdateTypes": ["minor"],
+      "semanticCommitType": "feat",
+      "semanticCommitScope": "container"
+    },
+    {
+      "matchDatasources": ["docker"],
+      "matchUpdateTypes": ["patch"],
+      "semanticCommitType": "fix",
+      "semanticCommitScope": "container"
+    },
+    {
+      "matchDatasources": ["docker"],
+      "matchUpdateTypes": ["digest"],
+      "semanticCommitType": "chore",
+      "semanticCommitScope": "container"
+    }
+  ]
+}

.github/renovate.json5

@@ -0,0 +1,44 @@
+---
+skip_tests: true
+
+boostrap_talos:
+  schematic_id: "376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba"
+bootstrap_node_network: 10.10.10.0/24
+bootstrap_node_default_gateway: 10.10.10.1
+bootstrap_node_inventory:
+  - name: k8s-controller-0
+    address: 10.10.10.100
+    controller: true
+    disk: fake
+    mac_addr: fake
+  - name: k8s-worker-0
+    address: 10.10.10.101
+    controller: false
+    disk: fake
+    mac_addr: fake
+bootstrap_dns_servers: ["1.1.1.1", "1.0.0.1"]
+bootstrap_ntp_servers: ["time.cloudflare.com"]
+bootstrap_pod_network: 10.69.0.0/16
+bootstrap_service_network: 10.96.0.0/16
+bootstrap_controller_vip: 10.10.10.254
+bootstrap_tls_sans: ["fake"]
+bootstrap_sops_age_pubkey: $BOOTSTRAP_AGE_PUBLIC_KEY
+bootstrap_bgp:
+  enabled: false
+bootstrap_github_address: https://github.com/onedr0p/cluster-template
+bootstrap_github_branch: main
+bootstrap_github_webhook_token: fake
+bootstrap_cloudflare:
+  enabled: true
+  domain: fake
+  token: take
+  acme:
+    email: [email protected]
+    production: false
+  tunnel:
+    account_id: fake
+    id: fake
+    secret: fake
+    ingress_vip: 10.10.10.252
+  ingress_vip: 10.10.10.251
+  gateway_vip: 10.10.10.253

.github/tests/config-talos.yaml

@@ -0,0 +1,58 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: "devcontainer"
+
+on:
+  workflow_dispatch:
+  push:
+    branches: ["main"]
+    paths: [".devcontainer/ci/**"]
+  pull_request:
+    branches: ["main"]
+    paths: [".devcontainer/ci/**"]
+  schedule:
+    - cron: "0 0 * * *"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  devcontainer:
+    if: ${{ github.repository == 'onedr0p/cluster-template' }}
+    name: publish
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: linux/amd64 #,linux/arm64
+
+      - if: ${{ github.event_name != 'pull_request' }}
+        name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: devcontainers/[email protected]
+        env:
+          BUILDX_NO_DEFAULT_ATTESTATIONS: true
+        with:
+          imageName: ghcr.io/${{ github.repository }}/devcontainer
+          # cacheFrom: ghcr.io/${{ github.repository }}/devcontainer
+          imageTag: base,latest
+          platform: linux/amd64 #,linux/arm64
+          configFile: .devcontainer/ci/devcontainer.json
+          push: ${{ github.event_name == 'pull_request' && 'never' || 'always' }}