2024-11-12 18:00:34 +01:00
|
|
|
name: Validate Charts
|
2024-11-11 07:41:59 +01:00
|
|
|
on:
|
|
|
|
pull_request:
|
2024-11-11 19:38:40 +01:00
|
|
|
paths:
|
|
|
|
- 'charts/**'
|
2024-11-11 07:41:59 +01:00
|
|
|
|
|
|
|
jobs:
|
2024-11-11 20:06:16 +01:00
|
|
|
charts-changed:
|
|
|
|
name: Get Charts being Changed
|
2024-11-12 18:00:34 +01:00
|
|
|
runs-on: ci-os
|
2024-11-11 07:41:59 +01:00
|
|
|
steps:
|
|
|
|
- name: Checkout
|
2024-11-11 10:47:00 +00:00
|
|
|
uses: actions/checkout@v4
|
2024-11-11 07:41:59 +01:00
|
|
|
with:
|
|
|
|
fetch-depth: 0
|
|
|
|
|
2024-11-11 19:38:40 +01:00
|
|
|
- name: List changed charts
|
|
|
|
id: changed-charts
|
2024-11-11 07:41:59 +01:00
|
|
|
run: |
|
2024-11-11 19:38:40 +01:00
|
|
|
changed=$(ct --config .forgejo/ct.yaml list-changed | tr '\n' ' ' | jq -R -s -c 'split(" ") | map(select(length > 0))')
|
2024-11-11 07:41:59 +01:00
|
|
|
if [[ -n "$changed" ]]; then
|
2024-11-11 19:38:40 +01:00
|
|
|
echo "changesExist=true" >> $GITHUB_ENV
|
|
|
|
echo "::set-output name=reposChanged::$changed" # Sets output as a JSON array
|
2024-11-11 07:41:59 +01:00
|
|
|
fi
|
2024-11-11 19:38:40 +01:00
|
|
|
outputs:
|
|
|
|
reposChanged: ${{ steps.changed-charts.outputs.reposChanged }}
|
|
|
|
changesExist: ${{ env.changesExist }}
|
2024-11-11 07:41:59 +01:00
|
|
|
|
2024-11-11 20:06:16 +01:00
|
|
|
validate-linting:
|
2024-11-11 20:11:38 +01:00
|
|
|
name: "Lint"
|
2024-11-11 20:06:16 +01:00
|
|
|
needs: charts-changed
|
|
|
|
if: needs.charts-changed.outputs.changesExist == 'true'
|
2024-11-12 18:00:34 +01:00
|
|
|
runs-on: ci-os
|
2024-11-11 07:41:59 +01:00
|
|
|
steps:
|
|
|
|
- name: Checkout
|
2024-11-11 10:47:00 +00:00
|
|
|
uses: actions/checkout@v4
|
2024-11-11 07:41:59 +01:00
|
|
|
with:
|
|
|
|
fetch-depth: 0
|
2024-11-11 20:39:35 +01:00
|
|
|
- name: Validate
|
|
|
|
run: |
|
2024-11-11 20:06:16 +01:00
|
|
|
repos='${{ needs.charts-changed.outputs.reposChanged }}'
|
2024-11-11 19:38:40 +01:00
|
|
|
for repo in $(echo $repos | jq -r '.[]'); do
|
|
|
|
echo "Linting $repo"
|
|
|
|
ct --config .forgejo/ct.yaml lint "$repo"
|
2024-11-11 20:06:16 +01:00
|
|
|
done
|
2024-11-11 07:41:59 +01:00
|
|
|
|
2024-11-11 20:06:16 +01:00
|
|
|
validate-audit:
|
2024-11-11 20:11:38 +01:00
|
|
|
name: "Audit"
|
2024-11-11 20:06:16 +01:00
|
|
|
needs: charts-changed
|
|
|
|
if: needs.charts-changed.outputs.changesExist == 'true'
|
2024-11-12 18:00:34 +01:00
|
|
|
runs-on: ci-os
|
2024-11-11 20:06:16 +01:00
|
|
|
steps:
|
|
|
|
- name: Checkout
|
|
|
|
uses: actions/checkout@v4
|
|
|
|
with:
|
|
|
|
fetch-depth: 0
|
2024-11-11 20:39:35 +01:00
|
|
|
- name: Validate
|
|
|
|
run: |
|
2024-11-11 20:06:16 +01:00
|
|
|
repos='${{ needs.charts-changed.outputs.reposChanged }}'
|
|
|
|
for repo in $(echo $repos | jq -r '.[]'); do
|
2024-11-11 19:38:40 +01:00
|
|
|
echo "Auditing $repo"
|
|
|
|
polaris audit --helm-chart "$repo" \
|
|
|
|
--helm-values "$repo/values.yaml" \
|
|
|
|
--format pretty \
|
|
|
|
--set-exit-code-on-danger \
|
2024-11-11 21:12:45 +01:00
|
|
|
--set-exit-code-below-score 80
|
2024-11-11 20:06:16 +01:00
|
|
|
done
|
2024-11-11 07:41:59 +01:00
|
|
|
|
2024-11-11 20:06:16 +01:00
|
|
|
validate-api:
|
2024-11-11 20:11:38 +01:00
|
|
|
name: "Outdated APIs"
|
2024-11-11 20:06:16 +01:00
|
|
|
needs: charts-changed
|
|
|
|
if: needs.charts-changed.outputs.changesExist == 'true'
|
2024-11-12 18:00:34 +01:00
|
|
|
runs-on: ci-os
|
2024-11-11 20:06:16 +01:00
|
|
|
steps:
|
|
|
|
- name: Checkout
|
|
|
|
uses: actions/checkout@v4
|
|
|
|
with:
|
|
|
|
fetch-depth: 0
|
2024-11-11 20:39:35 +01:00
|
|
|
- name: Validate
|
|
|
|
run: |
|
2024-11-11 20:06:16 +01:00
|
|
|
repos='${{ needs.charts-changed.outputs.reposChanged }}'
|
|
|
|
for repo in $(echo $repos | jq -r '.[]'); do
|
2024-11-11 19:38:40 +01:00
|
|
|
echo "Checking deprecated apiVersions for $repo"
|
|
|
|
helm template "$repo" -f "$repo/ci/pluto-values.yaml" | pluto detect - --ignore-deprecations
|
|
|
|
done
|