diff --git a/.github/workflows/chart-publish.yml b/.github/workflows/chart-publish.yml deleted file mode 100644 index 435671d..0000000 --- a/.github/workflows/chart-publish.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -name: Publish helm charts -# yamllint disable-line rule:truthy -on: - push: - branches: - - main - -jobs: - build: - name: Publish helm charts - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - - name: Publish Helm charts - uses: stefanprodan/helm-gh-pages@v1.7.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - linting: off - charts_dir: charts diff --git a/.github/workflows/main-release.yml b/.github/workflows/main-release.yml new file mode 100644 index 0000000..b50f67b --- /dev/null +++ b/.github/workflows/main-release.yml @@ -0,0 +1,52 @@ +--- +name: Release charts +# yamllint disable-line rule:truthy +on: + push: + branches: + - main + +jobs: + release: + name: Release + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Git config + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@v3 + + - name: Publish charts + uses: helm/chart-releaser-action@v1.5.0 + with: + charts_dir: charts + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + CR_SKIP_EXISTING: true + + generate-docs: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Generate docs + run: .github/workflows/scripts/helm-docs.sh + + - name: Create PR + uses: peter-evans/create-pull-request@v4 + with: + commit-message: Generated Chart Docs + author: github_actions + delete-branch: true + branch: generate-chart-docs/patch + add-paths: | + *.md diff --git a/.github/workflows/pr_chart-test.yml b/.github/workflows/pr-chart-lint-and-test.yml similarity index 86% rename from .github/workflows/pr_chart-test.yml rename to .github/workflows/pr-chart-lint-and-test.yml index c0af5cb..78a7752 100644 --- a/.github/workflows/pr_chart-test.yml +++ b/.github/workflows/pr-chart-lint-and-test.yml @@ -38,8 +38,6 @@ jobs: - uses: azure/setup-helm@v3.5 - uses: actions/setup-python@v4 - with: - python-version: 3.7 - name: Set up chart-testing uses: helm/chart-testing-action@v2.3.1 @@ -54,12 +52,19 @@ jobs: node_image: ${{ matrix.kindest_image }} - name: Chart installation tests - run: | - # copy test-values into charts - rsync -a chart-tests/ charts/ - - # run chart tests - ct install --config .github/workflows/conf/ct.yml + run: .github/workflows/scripts/chart-test.sh - run: kubectl describe nodes; echo "=== API Versions ==="; kubectl api-versions; echo "=== CRDs ==="; kubectl get crd if: failure() + + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - uses: actions/setup-python@v4 + + - name: Run checkov on each test case permutation + run: .github/workflows/scripts/checkov-chart-linting.sh diff --git a/.github/workflows/scripts/chart-test.sh b/.github/workflows/scripts/chart-test.sh new file mode 100644 index 0000000..ddc1a94 --- /dev/null +++ b/.github/workflows/scripts/chart-test.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +# copy test-values into charts +rsync -a chart-tests/ charts/ + +# run chart tests +ct install --config .github/workflows/conf/ct.yml diff --git a/.github/workflows/scripts/checkov-chart-linting.sh b/.github/workflows/scripts/checkov-chart-linting.sh new file mode 100644 index 0000000..243b33e --- /dev/null +++ b/.github/workflows/scripts/checkov-chart-linting.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash +set -euo pipefail + +pip install checkov > /dev/null 2>&1 +export LOG_LEVEL=INFO +CHECK_STATUS=0 + +# run checkov on all chart test cases and fail only at the end +set +e + +# for every chart in charts folder +for chart in $(ls -d charts/*/); do + # trim parent folder and trailing slash from $chart + chart=${chart/charts\/} && chart=${chart/\/} + chart_ci=chart-tests/$chart/ci + if [ -d "$chart_ci" ]; then + # for every test case of this chart + for values in $(ls $chart_ci); do + printf "\n\n=== Checking chart $chart with test case $values ===\n\n" + rm -rf chckv + helm template charts/$chart --values $chart_ci/$values --name-template test-release --namespace test-ns --output-dir chckv + checkov --config-file .github/workflows/linting/checkov.yaml -d chckv + if [ $? -ne 0 ]; then + printf "=== Chart $chart with test case $values FAILED ===\n\n" + CHECK_STATUS=1 + else + printf "=== Chart $chart with test test $values SUCCEEDED ===\n\n" + fi + done + fi +done + +exit $CHECK_STATUS diff --git a/.github/workflows/scripts/helm-docs.sh b/.github/workflows/scripts/helm-docs.sh new file mode 100755 index 0000000..c4e642e --- /dev/null +++ b/.github/workflows/scripts/helm-docs.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -euo pipefail + +HELM_DOCS_VERSION="1.11.0" + +# install helm-docs +curl --silent --show-error --fail --location --output /tmp/helm-docs.tar.gz https://github.com/norwoodj/helm-docs/releases/download/v"${HELM_DOCS_VERSION}"/helm-docs_"${HELM_DOCS_VERSION}"_Linux_x86_64.tar.gz +tar -xzf /tmp/helm-docs.tar.gz helm-docs + +# generated docs +./helm-docs -s file diff --git a/charts/dependency-track/Chart.yaml b/charts/dependency-track/Chart.yaml index a198034..7a81303 100644 --- a/charts/dependency-track/Chart.yaml +++ b/charts/dependency-track/Chart.yaml @@ -6,5 +6,5 @@ type: application maintainers: - name: MediaMarktSaturn url: https://github.com/MediaMarktSaturn -appVersion: 4.7.0 -version: 1.0.1 +appVersion: 4.7.1 +version: 1.0.2 diff --git a/charts/dependency-track/values.yaml b/charts/dependency-track/values.yaml index 06849dd..5407c0b 100644 --- a/charts/dependency-track/values.yaml +++ b/charts/dependency-track/values.yaml @@ -1,7 +1,7 @@ apiserver: image: repository: docker.io/dependencytrack/apiserver - tag: 4.7.0 + tag: 4.7.1 resources: limits: cpu: "3" @@ -30,7 +30,7 @@ apiserver: frontend: image: repository: docker.io/dependencytrack/frontend - tag: 4.7.0 + tag: 4.7.1 resources: limits: cpu: "1"