Skip to content
charts

chore: updated ci workflow tools and version bump #387

Sign in to view logs

chore: updated ci workflow tools and version bump

chore: updated ci workflow tools and version bump #387

Workflow file for this run

.github/workflows/charts.yml at aaf4f25
name: charts
on:
push:
branches:
- main
paths:
- charts/**
pull_request:
branches:
- main
paths:
- charts/**
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions: read-all
jobs:
chart:
runs-on: ubuntu-latest
permissions:
id-token: write
pages: write
security-events: write
contents: write
if: ${{ github.event_name == 'pull_request' || contains(github.ref, 'main') }}
steps:
- name: Checkout source code
uses: actions/checkout@v4
with:
fetch-depth: 0
persist-credentials: false
- name: Install Helm
uses: azure/setup-helm@v4
with:
version: v3.10.0
- name: Setup Chart Linting
if: ${{ github.event_name == 'pull_request' }}
id: lint
uses: helm/chart-testing-action@v2.6.1
- name: Run chart-testing (list-changed)
if: ${{ github.event_name == 'pull_request' }}
id: list-changed
run: |
changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
if [[ -n "$changed" ]]; then
echo "::set-output name=changed::true"
fi
- name: Run chart-testing (lint)
if: ${{ github.event_name == 'pull_request' }}
run: ct lint --target-branch ${{ github.event.repository.default_branch }} --validate-maintainers=false
- name: Configure Git
if: ${{ contains(github.ref, 'main') }}
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Copy Readme and License
if: ${{ contains(github.ref, 'main') }}
run: |
cp -v *.md charts/applicationset/
- name: Run chart-releaser
if: ${{ contains(github.ref, 'main') }}
uses: helm/chart-releaser-action@v1.6.0
with:
charts_dir: charts
config: charts/cr.yml
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
continue-on-error: true
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
continue-on-error: true
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'config'
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
k8s-test:
runs-on: ubuntu-latest
needs: [chart]
if: ${{ ! contains(github.ref, 'main') }}
steps:
- name: Create k8s Kind Cluster
uses: helm/kind-action@v1.9.0
with:
kubectl_version: v1.29.3
node_image: kindest/node:v1.29.2
- name: Checkout
uses: actions/checkout@v4
- name: Run K8s test
run: |
kubectl create ns argocd
kubectl apply -k https://github.com/argoproj/argo-cd/manifests/crds\?ref\=stable -n argocd
helm upgrade -i appsets charts/applicationset --namespace argocd --create-namespace
helm list -A
kubectl get all -A
kubectl get applications -A -o wide
kubectl get applicationsets -A -o wide
auto-approve:
runs-on: ubuntu-latest
needs: [chart, k8s-test]
permissions:
pull-requests: write
if: ${{ github.event_name == 'pull_request' }}
steps:
- name: Auto Approve PR
uses: actions/github-script@v7
with:
script: |
github.rest.pulls.createReview({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
event: "APPROVE"
})