charts/.forgejo/workflows/validate-charts.yaml

name: Validate Charts
on:
  pull_request:
    paths:
    - 'charts/**'

jobs:
  charts-changed:
    name: Get Charts being Changed
    runs-on: ci-os
    steps:
    - name: Checkout
      uses: actions/checkout@v4
      with:
        fetch-depth: 0

    - name: List changed charts
      id: changed-charts
      run: |
        changed=$(ct --config .forgejo/ct.yaml list-changed | tr '\n' ' ' | jq -R -s -c 'split(" ") | map(select(length > 0))')
        if [[ -n "$changed" ]]; then
          echo "changesExist=true" >> $GITHUB_ENV
          echo "::set-output name=reposChanged::$changed"  # Sets output as a JSON array
        fi        
    outputs:
      reposChanged: ${{ steps.changed-charts.outputs.reposChanged }}
      changesExist: ${{ env.changesExist }}

  validate-linting:
    name: "Lint"
    needs: charts-changed
    if: needs.charts-changed.outputs.changesExist == 'true'
    runs-on: ci-os
    steps:
    - name: Checkout
      uses: actions/checkout@v4
      with:
        fetch-depth: 0
    - name: Validate
      run: |
        repos='${{ needs.charts-changed.outputs.reposChanged }}'
        for repo in $(echo $repos | jq -r '.[]'); do
          echo "Linting $repo"
          ct --config .forgejo/ct.yaml lint "$repo"
        done        

  validate-audit:
    name: "Audit"
    needs: charts-changed
    if: needs.charts-changed.outputs.changesExist == 'true'
    runs-on: ci-os
    steps:
    - name: Checkout
      uses: actions/checkout@v4
      with:
        fetch-depth: 0
    - name: Validate
      run: |
        repos='${{ needs.charts-changed.outputs.reposChanged }}'
        for repo in $(echo $repos | jq -r '.[]'); do
          echo "Auditing $repo"
          polaris audit --helm-chart "$repo" \
            --helm-values "$repo/values.yaml" \
            --format pretty \
            --set-exit-code-on-danger \
            --set-exit-code-below-score 80
        done        

  validate-api:
    name: "Outdated APIs"
    needs: charts-changed
    if: needs.charts-changed.outputs.changesExist == 'true'
    runs-on: ci-os
    steps:
    - name: Checkout
      uses: actions/checkout@v4
      with:
        fetch-depth: 0
    - name: Validate
      run: |
        repos='${{ needs.charts-changed.outputs.reposChanged }}'
        for repo in $(echo $repos | jq -r '.[]'); do
          echo "Checking deprecated apiVersions for $repo"
          helm template "$repo" -f "$repo/ci/pluto-values.yaml" | pluto detect - --ignore-deprecations
        done