name: Validate Charts on: pull_request: paths: - 'charts/**' jobs: charts-changed: name: Get Charts being Changed runs-on: ci-os steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: List changed charts id: changed-charts run: | changed=$(ct --config .forgejo/ct.yaml list-changed | tr '\n' ' ' | jq -R -s -c 'split(" ") | map(select(length > 0))') if [[ -n "$changed" ]]; then echo "changesExist=true" >> $GITHUB_ENV echo "::set-output name=reposChanged::$changed" # Sets output as a JSON array fi outputs: reposChanged: ${{ steps.changed-charts.outputs.reposChanged }} changesExist: ${{ env.changesExist }} validate-linting: name: "Lint" needs: charts-changed if: needs.charts-changed.outputs.changesExist == 'true' runs-on: ci-os steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: Validate run: | repos='${{ needs.charts-changed.outputs.reposChanged }}' for repo in $(echo $repos | jq -r '.[]'); do echo "Linting $repo" ct --config .forgejo/ct.yaml lint "$repo" done validate-audit: name: "Audit" needs: charts-changed if: needs.charts-changed.outputs.changesExist == 'true' runs-on: ci-os steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: Validate run: | repos='${{ needs.charts-changed.outputs.reposChanged }}' for repo in $(echo $repos | jq -r '.[]'); do echo "Auditing $repo" polaris audit --helm-chart "$repo" \ --helm-values "$repo/values.yaml" \ --format pretty \ --set-exit-code-on-danger \ --set-exit-code-below-score 80 done validate-api: name: "Outdated APIs" needs: charts-changed if: needs.charts-changed.outputs.changesExist == 'true' runs-on: ci-os steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: Validate run: | repos='${{ needs.charts-changed.outputs.reposChanged }}' for repo in $(echo $repos | jq -r '.[]'); do echo "Checking deprecated apiVersions for $repo" helm template "$repo" -f "$repo/ci/pluto-values.yaml" | pluto detect - --ignore-deprecations done