Test and lint actions

MediaMarktSaturn · Mar 8, 2023 · 52b8033 · 52b8033
1 parent 1421c45
commit 52b8033
Show file tree

Hide file tree

Showing 8 changed files with 120 additions and 33 deletions.
diff --git a/.github/workflows/chart-publish.yml b/.github/workflows/chart-publish.yml
diff --git a/.github/workflows/main-release.yml b/.github/workflows/main-release.yml
@@ -0,0 +1,52 @@
+---
+name: Release charts
+# yamllint disable-line rule:truthy
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Git config
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+
+      - name: Publish charts
+        uses: helm/[email protected]
+        with:
+          charts_dir: charts
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_SKIP_EXISTING: true
+
+  generate-docs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Generate docs
+        run: .github/workflows/scripts/helm-docs.sh
+
+      - name: Create PR
+        uses: peter-evans/create-pull-request@v4
+        with:
+          commit-message: Generated Chart Docs
+          author: github_actions <[email protected]>
+          delete-branch: true
+          branch: generate-chart-docs/patch
+          add-paths: |
+            *.md
diff --git a/.github/workflows/pr_chart-test.yml → .github/workflows/pr-chart-lint-and-test.yml b/.github/workflows/pr_chart-test.yml → .github/workflows/pr-chart-lint-and-test.yml
@@ -38,8 +38,6 @@ jobs:
       - uses: azure/[email protected]
 
       - uses: actions/setup-python@v4
-        with:
-          python-version: 3.7
 
       - name: Set up chart-testing
         uses: helm/[email protected]
@@ -54,12 +52,19 @@ jobs:
           node_image: ${{ matrix.kindest_image }}
 
       - name: Chart installation tests
-        run: |
-          # copy test-values into charts
-          rsync -a chart-tests/ charts/
-
-          # run chart tests
-          ct install --config .github/workflows/conf/ct.yml
+        run: .github/workflows/scripts/chart-test.sh
 
       - run: kubectl describe nodes; echo "=== API Versions ==="; kubectl api-versions; echo "=== CRDs ==="; kubectl get crd
         if: failure()
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-python@v4
+
+      - name: Run checkov on each test case permutation
+        run: .github/workflows/scripts/checkov-chart-linting.sh
diff --git a/.github/workflows/scripts/chart-test.sh b/.github/workflows/scripts/chart-test.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+# copy test-values into charts
+rsync -a chart-tests/ charts/
+
+# run chart tests
+ct install --config .github/workflows/conf/ct.yml
diff --git a/.github/workflows/scripts/checkov-chart-linting.sh b/.github/workflows/scripts/checkov-chart-linting.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+pip install checkov > /dev/null 2>&1
+export LOG_LEVEL=INFO
+CHECK_STATUS=0
+
+# run checkov on all chart test cases and fail only at the end
+set +e
+
+# for every chart in charts folder
+for chart in $(ls -d charts/*/); do
+  # trim parent folder and trailing slash from $chart
+  chart=${chart/charts\/} && chart=${chart/\/}
+  chart_ci=chart-tests/$chart/ci
+  if [ -d "$chart_ci" ]; then
+    # for every test case of this chart
+    for values in $(ls $chart_ci); do
+      printf "\n\n=== Checking chart $chart with test case $values ===\n\n"
+      rm -rf chckv
+      helm template charts/$chart --values $chart_ci/$values --name-template test-release --namespace test-ns --output-dir chckv
+      checkov --config-file .github/workflows/linting/checkov.yaml -d chckv
+      if [ $? -ne 0 ]; then
+        printf "=== Chart $chart with test case $values FAILED ===\n\n"
+        CHECK_STATUS=1
+      else
+        printf "=== Chart $chart with test test $values SUCCEEDED ===\n\n"
+      fi
+    done
+  fi
+done
+
+exit $CHECK_STATUS
diff --git a/.github/workflows/scripts/helm-docs.sh b/.github/workflows/scripts/helm-docs.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+set -euo pipefail
+
+HELM_DOCS_VERSION="1.11.0"
+
+# install helm-docs
+curl --silent --show-error --fail --location --output /tmp/helm-docs.tar.gz https://github.com/norwoodj/helm-docs/releases/download/v"${HELM_DOCS_VERSION}"/helm-docs_"${HELM_DOCS_VERSION}"_Linux_x86_64.tar.gz
+tar -xzf /tmp/helm-docs.tar.gz helm-docs
+
+# generated docs
+./helm-docs -s file
diff --git a/charts/dependency-track/Chart.yaml b/charts/dependency-track/Chart.yaml
@@ -6,5 +6,5 @@ type: application
 maintainers:
   - name: MediaMarktSaturn
     url: https://github.com/MediaMarktSaturn
-appVersion: 4.7.0
-version: 1.0.1
+appVersion: 4.7.1
+version: 1.0.2
diff --git a/charts/dependency-track/values.yaml b/charts/dependency-track/values.yaml
@@ -1,7 +1,7 @@
 apiserver:
   image:
     repository: docker.io/dependencytrack/apiserver
-    tag: 4.7.0
+    tag: 4.7.1
   resources:
     limits:
       cpu: "3"
@@ -30,7 +30,7 @@ apiserver:
 frontend:
   image:
     repository: docker.io/dependencytrack/frontend
-    tag: 4.7.0
+    tag: 4.7.1
   resources:
     limits:
       cpu: "1"