name: Chart
on:
  pull_request:

  pull_request:
    branches:
    - 'main'
  push:
    branches:
    - 'main'

jobs:
  chart-testing:
    runs-on: flakes-action
    steps:
    - name: Checkout
      uses: actions/checkout@v4
      with:
        fetch-depth: 0

    - name: Run chart-testing (list-changed)
      id: list-changed
      run: |
        changed=$(ct --config .forgejo/ct.yaml list-changed)
        if [[ -n "$changed" ]]; then
          echo "::set-output name=changed::true"
        fi

    - name: Run chart-testing (lint)
      run: ct --config .forgejo/ct.yaml lint

  polaris-audit:
    runs-on: flakes-action
    steps:
    - name: Checkout
      uses: actions/checkout@v4
      with:
        fetch-depth: 0

    - name: Run audit
      run: |
        polaris audit --helm-chart ./charts/well-known --helm-values ./charts/well-known/values.yaml --format pretty --set-exit-code-on-danger --set-exit-code-below-score 90

  pluto-scan:
    runs-on: flakes-action
    steps:
    - name: Checkout
      uses: actions/checkout@v2
      with:
        fetch-depth: 0

    - name: Use pluto
      run: |
        helm template ./charts/well-known -f ./charts/well-known/ci/pluto-values.yaml | pluto detect - --ignore-deprecations