charts/.forgejo/workflows/validate-charts.yaml

86 lines
2.4 KiB
YAML
Raw Normal View History

2024-11-12 18:00:34 +01:00
name: Validate Charts
2024-11-11 07:41:59 +01:00
on:
pull_request:
2024-11-11 19:38:40 +01:00
paths:
- 'charts/**'
2024-11-11 07:41:59 +01:00
jobs:
charts-changed:
name: Get Charts being Changed
2024-11-12 18:00:34 +01:00
runs-on: ci-os
2024-11-11 07:41:59 +01:00
steps:
- name: Checkout
2024-11-11 10:47:00 +00:00
uses: actions/checkout@v4
2024-11-11 07:41:59 +01:00
with:
fetch-depth: 0
2024-11-11 19:38:40 +01:00
- name: List changed charts
id: changed-charts
2024-11-11 07:41:59 +01:00
run: |
2024-11-11 19:38:40 +01:00
changed=$(ct --config .forgejo/ct.yaml list-changed | tr '\n' ' ' | jq -R -s -c 'split(" ") | map(select(length > 0))')
2024-11-11 07:41:59 +01:00
if [[ -n "$changed" ]]; then
2024-11-11 19:38:40 +01:00
echo "changesExist=true" >> $GITHUB_ENV
echo "::set-output name=reposChanged::$changed" # Sets output as a JSON array
2024-11-11 07:41:59 +01:00
fi
2024-11-11 19:38:40 +01:00
outputs:
reposChanged: ${{ steps.changed-charts.outputs.reposChanged }}
changesExist: ${{ env.changesExist }}
2024-11-11 07:41:59 +01:00
validate-linting:
name: "Lint"
needs: charts-changed
if: needs.charts-changed.outputs.changesExist == 'true'
2024-11-12 18:00:34 +01:00
runs-on: ci-os
2024-11-11 07:41:59 +01:00
steps:
- name: Checkout
2024-11-11 10:47:00 +00:00
uses: actions/checkout@v4
2024-11-11 07:41:59 +01:00
with:
fetch-depth: 0
- name: Validate
run: |
repos='${{ needs.charts-changed.outputs.reposChanged }}'
2024-11-11 19:38:40 +01:00
for repo in $(echo $repos | jq -r '.[]'); do
echo "Linting $repo"
ct --config .forgejo/ct.yaml lint "$repo"
done
2024-11-11 07:41:59 +01:00
validate-audit:
name: "Audit"
needs: charts-changed
if: needs.charts-changed.outputs.changesExist == 'true'
2024-11-12 18:00:34 +01:00
runs-on: ci-os
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Validate
run: |
repos='${{ needs.charts-changed.outputs.reposChanged }}'
for repo in $(echo $repos | jq -r '.[]'); do
2024-11-11 19:38:40 +01:00
echo "Auditing $repo"
polaris audit --helm-chart "$repo" \
--helm-values "$repo/values.yaml" \
--format pretty \
--set-exit-code-on-danger \
--set-exit-code-below-score 80
done
2024-11-11 07:41:59 +01:00
validate-api:
name: "Outdated APIs"
needs: charts-changed
if: needs.charts-changed.outputs.changesExist == 'true'
2024-11-12 18:00:34 +01:00
runs-on: ci-os
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Validate
run: |
repos='${{ needs.charts-changed.outputs.reposChanged }}'
for repo in $(echo $repos | jq -r '.[]'); do
2024-11-11 19:38:40 +01:00
echo "Checking deprecated apiVersions for $repo"
helm template "$repo" -f "$repo/ci/pluto-values.yaml" | pluto detect - --ignore-deprecations
done