Force push on image change

action.yml

@@ -16,6 +16,12 @@ inputs:
       deploy-pr/<environment> branch and open a PR for review
     required: false
     default: .*(staging|production).*
+  force-push-on-image-change:
+    description: |
+      When true the action will push to the <environment> branch if there 
+      only image changes detected.
+    required: false
+    default: false
   dry-run:
     description: |
       On a dry-run only the kustomize build will occur and the built branch will
@@ -85,19 +91,16 @@ runs:
 
     # Kustomize setup (this should be abstracted into a separate action repo)
     - name: Kustomize Setup
-      uses: kustomize-everything/action-kustomize@v2.0.2
+      uses: kustomize-everything/action-kustomize@v2.1.0
       with:
         version: ${{ inputs.version }}
         sha256-checksum: ${{ inputs.sha256-checksum }}
 
-    - uses: azure/setup-helm@v3
+    - uses: azure/setup-helm@v4
       with:
         version: ${{ inputs.helm-version }}   # default is latest (stable)
       id: install
 
-    - name: Install yq
-      uses: mikefarah/yq@v4.42.1
-
     - name: Set Git Author
       shell: bash
       run: |
@@ -178,6 +181,13 @@ runs:
         edit-mode: replace
         token: ${{ inputs.token }}
 
+    - name: Detect pure Image Changes and Force push if true
+      if: ${{ inputs.force-push-on-image-change == 'true') }
+      id: detect-image-changes
+      shell: bash
+      working-directory: ${{ inputs.working-directory }}
+      run: sha-change.sh
+
     - name: Commit to ${{ env.PUSH_BRANCH }}
       shell: bash
       working-directory: ${{ inputs.working-directory }}

kustomize-build.sh

@@ -38,7 +38,7 @@ pushd "${RENDER_DIR}" || exit 1
 if [[ -s "${RENDER_FILE}" ]]; then
   # Split the rendered file into individual files for each resource
   # Invalid GitHub artifact path name characters: Double quote ", Colon :, Less than <, Greater than >, Vertical bar |, Asterisk *, Question mark ?
-  yq -s '.kind + "-" + (.apiVersion | sub("/", "_")) + "-" + (.metadata.name | sub("[:<>|*?/\\]", "_")) + ".yaml"' < "${RENDER_FILE}"
+  yq -s '.kind + "-" + (.apiVersion | sub("/", "_")) + "-" + (.metadata.name | sub("[:<>|*?/]", "_")) + ".yaml"' < "${RENDER_FILE}"
 
   if is_debug; then
     echo "[debug] ls ${RENDER_DIR} post-yq"

sha-change.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# Get the git diff output of staged changes
+
+DIFF_OUTPUT=$(git diff  "origin/${DIFF_BRANCH}" --unified=0 | grep '^[+-]' | grep -Ev '^(---|\+\+\+|index)')
+
+echo "Diff lines:"
+echo $DIFF_OUTPUT
+
+# Check if there are any changes
+if [[ -z "$DIFF_OUTPUT" ]]; then
+    echo "No changes found in git diff."
+    exit 1
+fi
+
+# Define the allowed pattern
+ALLOWED_PATTERN='^[+-][[:space:]]*image:.*'
+
+# Check each line of the diff output
+while IFS= read -r line; do
+    if [[ ! "$line" =~ $ALLOWED_PATTERN ]]; then
+        echo "Invalid change detected: $line"
+        exit 1
+    fi
+done <<< "$DIFF_OUTPUT"
+
+echo "All changes match the allowed pattern, Forcing Deploy method to PUSH."
+echo "DEPLOY_METHOD=PUSH" >> "${GITHUB_ENV}"
+
+exit 0