From a2779059e58399e4024ab601dc459ee829e64fdd Mon Sep 17 00:00:00 2001
From: weatherhog <lucas@giantswarm.io>
Date: Fri, 29 May 2026 10:45:13 +0200
Subject: [PATCH 1/2] Add semantic YAML diff PR comments via shared workflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Calls the new giantswarm/github-workflows/yaml-diff reusable workflow on
every PR. It posts a semantic YAML diff (via dyff) of changed source files
as a sticky PR comment, ignoring key reordering. This is the enabling
infrastructure for giantswarm/roadmap#4121 — once the bot proves stable on
real PRs, a follow-up will drop the alphabetical key-ordering rule from
.yamllint, letting users write conventional Kubernetes ordering
(apiVersion, kind, metadata, spec, status).

Also bumps the existing get-diff job's dyff_ver from 1.5.4 to 1.7.1 to
standardize on the version used by the shared workflow.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/validate.yaml  |  2 +-
 .github/workflows/yaml-diff.yaml | 12 ++++++++++++
 CHANGELOG.md                     |  5 +++++
 3 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/yaml-diff.yaml

diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml
index 34129f57..29ac1a54 100644
--- a/.github/workflows/validate.yaml
+++ b/.github/workflows/validate.yaml
@@ -7,7 +7,7 @@ on:
 
 env:
   kubeconform_ver: "0.4.13"
-  dyff_ver: "1.5.4"
+  dyff_ver: "1.7.1"
   clusterctl_ver: "1.2.0"
   apptestctl_ver: "0.18.0"
   kind_ver: "0.12.0"
diff --git a/.github/workflows/yaml-diff.yaml b/.github/workflows/yaml-diff.yaml
new file mode 100644
index 00000000..4aa72a4f
--- /dev/null
+++ b/.github/workflows/yaml-diff.yaml
@@ -0,0 +1,12 @@
+name: yaml-diff
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  yaml-diff:
+    uses: giantswarm/github-workflows/.github/workflows/yaml-diff.yaml@main
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 893f27a1..4eeafbbb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,8 +5,13 @@ following [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## Unreleased
 
+### Added
+
+- Semantic YAML diff PR comments via the new `yaml-diff` workflow (calls `giantswarm/github-workflows/.github/workflows/yaml-diff.yaml`). Key reordering without value changes no longer shows up as noise in PR reviews. Alphabetical key-ordering enforcement in `.yamllint` is unchanged in this release; it will be dropped in a follow-up once the bot has run on real PRs. See [giantswarm/roadmap#4121](https://github.com/giantswarm/roadmap/issues/4121).
+
 ### Changed
 
+- Bump `dyff_ver` from `1.5.4` to `1.7.1` in the existing rendered-manifest diff job (`validate.yaml`), to standardize on the version used by the new `yaml-diff` workflow.
 - migrated `.spec.config` to `.spec.extraConfigs`
 - Templates: Rename `nginx-ingress-controller` to `ingress-nginx`. ([#85](https://github.com/giantswarm/gitops-template/pull/85))
 

From d06680b5516886e2224fb8fa68c975769485d752 Mon Sep 17 00:00:00 2001
From: weatherhog <lucas@giantswarm.io>
Date: Fri, 29 May 2026 11:18:18 +0200
Subject: [PATCH 2/2] Wrap CHANGELOG bullets to satisfy markdownlint MD013

The new Unreleased entries exceeded the 120-char line-length limit
enforced by the pre-commit markdownlint hook. Bullets wrapped with
2-space continuation; rendered output is unchanged.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 CHANGELOG.md | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4eeafbbb..1341e4ad 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,11 +7,19 @@ following [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ### Added
 
-- Semantic YAML diff PR comments via the new `yaml-diff` workflow (calls `giantswarm/github-workflows/.github/workflows/yaml-diff.yaml`). Key reordering without value changes no longer shows up as noise in PR reviews. Alphabetical key-ordering enforcement in `.yamllint` is unchanged in this release; it will be dropped in a follow-up once the bot has run on real PRs. See [giantswarm/roadmap#4121](https://github.com/giantswarm/roadmap/issues/4121).
+- Semantic YAML diff PR comments via the new `yaml-diff` workflow
+  (calls `giantswarm/github-workflows/.github/workflows/yaml-diff.yaml`).
+  Key reordering without value changes no longer shows up as noise in PR
+  reviews. Alphabetical key-ordering enforcement in `.yamllint` is
+  unchanged in this release; it will be dropped in a follow-up once the
+  bot has run on real PRs.
+  See [giantswarm/roadmap#4121](https://github.com/giantswarm/roadmap/issues/4121).
 
 ### Changed
 
-- Bump `dyff_ver` from `1.5.4` to `1.7.1` in the existing rendered-manifest diff job (`validate.yaml`), to standardize on the version used by the new `yaml-diff` workflow.
+- Bump `dyff_ver` from `1.5.4` to `1.7.1` in the existing rendered-manifest
+  diff job (`validate.yaml`), to standardize on the version used by the new
+  `yaml-diff` workflow.
 - migrated `.spec.config` to `.spec.extraConfigs`
 - Templates: Rename `nginx-ingress-controller` to `ingress-nginx`. ([#85](https://github.com/giantswarm/gitops-template/pull/85))