[Snyk] Security upgrade alpine from 3.14.0 to 3.17 #578
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Helm chart | |
on: | |
push: | |
branches: | |
- master | |
tags: | |
- "chart/**/[0-9]+.[0-9]+.[0-9]+" | |
- "chart/**/[0-9]+.[0-9]+.[0-9]+-dev.[0-9]+" | |
pull_request: | |
env: | |
HELM_CHART_NAME: cloudinfo | |
HELM_CHART_PATH: "${{ github.workspace }}/charts/cloudinfo" | |
HELM_PLUGIN_CHARTMUSEUM_PUSH_VERSION: 0.9.0 | |
HELM_PUSH_REPOSITORY_NAME: banzaicloud-stable | |
HELM_VERSION: 3.6.0 | |
jobs: | |
helm: | |
name: Helm | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- uses: azure/setup-helm@v1 | |
with: | |
version: ${{ env.HELM_VERSION }} | |
- name: Add Helm repositories | |
run: | | |
helm repo add banzaicloud-stable "https://kubernetes-charts.banzaicloud.com" | |
helm repo add incubator "https://charts.helm.sh/incubator" | |
helm repo add stable "https://charts.helm.sh/stable" | |
- name: Update Helm repositories | |
run: helm repo update | |
- name: Lint Helm chart | |
run: helm lint "${{ env.HELM_CHART_PATH }}" | |
- name: Update Helm chart dependencies | |
run: helm dependency update "${{ env.HELM_CHART_PATH }}" | |
- name: Package Helm chart | |
id: package-chart | |
run: | | |
HELM_PACKAGE_OUTPUT=$(helm package "${{ env.HELM_CHART_PATH }}") || exit 1 | |
HELM_PACKAGE_PATH="${HELM_PACKAGE_OUTPUT##"Successfully packaged chart and saved it to: "}" | |
echo "HELM_PACKAGE_PATH=${HELM_PACKAGE_PATH}" | |
echo "helm_package_path=${HELM_PACKAGE_PATH}" >> $GITHUB_OUTPUT | |
- name: Set Git refname | |
id: set-git-refname | |
run: | | |
GIT_REFNAME="$(echo "${{ github.ref }}" | sed -r 's@refs/(heads|pull|tags)/@@g')" | |
echo "GIT_REFNAME=${GIT_REFNAME}" | |
echo "git_refname=${GIT_REFNAME}" >> $GITHUB_OUTPUT | |
- name: Set Helm push enabled | |
id: set-helm-push-enabled | |
run: | | |
HELM_PUSH_ENABLED="" | |
if [ "${{ github.event_name }}" == "push" ] && echo "${{ steps.set-git-refname.outputs.git_refname }}" | grep -E -q "^chart/${{ env.HELM_CHART_NAME }}/[0-9]+.[0-9]+.[0-9]+**"; then | |
HELM_PUSH_ENABLED=1 | |
else | |
printf >&2 "Unstable chart (%s) from %s event, chart will not be pushed" "${{ steps.set-git-refname.outputs.git_refname }}" "${{ github.event_name }}" | |
fi | |
echo "HELM_PUSH_ENABLED=${HELM_PUSH_ENABLED}" | |
echo "helm_push_enabled=${HELM_PUSH_ENABLED}" >> $GITHUB_OUTPUT | |
- if: ${{ steps.set-helm-push-enabled.outputs.helm_push_enabled == 1 }} | |
name: Check Helm chart version in repository | |
run: | | |
EXPECTED_CHART_VERSION="$(echo "${{ steps.set-git-refname.outputs.git_refname }}" | awk -F '/' '{print $NF}')" || exit 1 | |
ACTUAL_CHART_VERSION="$(awk '/version: [0-9]+\.[0-9]+\.[0-9]+/ {print $2}' "${{ env.HELM_CHART_PATH }}/Chart.yaml")" || exit 1 | |
if [ "${EXPECTED_CHART_VERSION}" != "${ACTUAL_CHART_VERSION}" ]; then | |
printf >&2 "chart version mismatches, name: %s, expected version (from tag): %s, actual version (from chart): %s" "${{ env.HELM_CHART_NAME }}" "${EXPECTED_CHART_VERSION}" "${ACTUAL_CHART_VERSION}" | |
exit 1 | |
fi | |
if helm search repo "${{ env.HELM_PUSH_REPOSITORY_NAME }}/${{ env.HELM_CHART_NAME }}" --version "${ACTUAL_CHART_VERSION}" --output json | jq --exit-status 'length > 0'; then | |
printf >&2 "chart version already exists in the repository, repository: %s, name: %s, version: %s" "${{ env.HELM_PUSH_REPOSITORY_NAME }}" "${{ env.HELM_CHART_NAME }}" "${ACTUAL_CHART_VERSION}" | |
exit 1 | |
fi | |
- if: ${{ steps.set-helm-push-enabled.outputs.helm_push_enabled == 1 }} | |
name: Install Helm ChartMuseum push plugin | |
run: helm plugin install "https://github.com/chartmuseum/helm-push.git" --version "${{ env.HELM_PLUGIN_CHARTMUSEUM_PUSH_VERSION }}" | |
- if: ${{ steps.set-helm-push-enabled.outputs.helm_push_enabled == 1 }} | |
name: Push Helm chart | |
env: | |
HELM_REPO_PASSWORD: ${{ secrets.HELM_REPO_PASSWORD }} | |
HELM_REPO_USERNAME: ${{ secrets.HELM_REPO_USERNAME }} | |
run: helm push "${{ steps.package-chart.outputs.helm_package_path }}" "${{ env.HELM_PUSH_REPOSITORY_NAME }}" |