Skip to content

helm: Set rthooks.podSecurityContext to empty by default #785

helm: Set rthooks.podSecurityContext to empty by default

helm: Set rthooks.podSecurityContext to empty by default #785

Workflow file for this run

name: Lint helm chart
on:
push:
branches:
- main
- v*
paths:
- 'install/kubernetes/**'
- 'pkg/k8s/apis/cilium.io/client/crds/v1alpha1/*.yaml'
- '.github/workflows/lint-helm.yaml'
pull_request:
paths:
- 'install/kubernetes/**'
- 'pkg/k8s/apis/cilium.io/client/crds/v1alpha1/*.yaml'
- '.github/workflows/lint-helm.yaml'
workflow_call:
permissions:
pull-requests: write
env:
MIN_K8S_VERSION: "1.23.0"
# renovate: datasource=python-version
PYTHON_VERSION: "3.12"
jobs:
generated-files:
runs-on: ubuntu-latest
steps:
# Get source
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# Check / install dependencies
- name: Check if vendored openapi2jsonschema.py script is up to date
run: |
make -C install/kubernetes openapi2jsonschema.py
test -z "$(git status --porcelain)"
if [ $? != 0 ]; then
git status --porcelain
echo "Vendored openapi2jsonschema.py script is out of date."
echo "Please run 'make -C install/kubernetes openapi2jsonschema.py' and submit your changes."; exit 1
fi
- name: Check if vendored CRD JSON schemas are up to date
run: |
make -C install/kubernetes generate-jsonschemas
test -z "$(git status --porcelain)"
if [ $? != 0 ]; then
git status --porcelain
echo "Vendored CRD JSON schemas are out of date."
echo "Please run 'make -C install/kubernetes generate-jsonschemas' and submit your changes."; exit 1
fi
- name: Install Helm CLI # Required for the Helm chart templating
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
# Validate Helm chart
- name: Generate Helm chart
id: generate_helm_chart
run: |
make -C install/kubernetes
- name: Validate generated files
run: |
test -z "$(git status --porcelain)"
if [ $? != 0 ]; then
git status --porcelain
echo "Please run 'make -C install/kubernetes' and submit your changes."; exit 1
fi
# (Re-)run Kubeconform checks explicitly once again to catch specific errors in that regard (to get the STDOUT/STDERR)
- name: Run Kubeconform with minimum supported K8s version
if: success() || steps.generate_helm_chart.outcome == 'failure'
id: kubeconform_min_k8s_version
uses: mathiasvr/command-output@34408ea3d0528273faff3d9e201761ae96106cd0 # v2.0.0
with:
shell: bash
run: |
make -C install/kubernetes kubeconform K8S_VERSION=${{ env.MIN_K8S_VERSION }}
- name: Run Kubeconform with latest K8s version
if: success() || steps.generate_helm_chart.outcome == 'failure'
id: kubeconform_latest_k8s_version
uses: mathiasvr/command-output@34408ea3d0528273faff3d9e201761ae96106cd0 # v2.0.0
with:
shell: bash
run: |
make -C install/kubernetes kubeconform
# Post Kubeconform issues as comment on the GH PR, if there are any
- name: Comment Kubeconform Output
if: failure() && (steps.kubeconform_min_k8s_version.outcome == 'failure' || steps.kubeconform_latest_k8s_version.outcome == 'failure')
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2
with:
hide_and_recreate: true
skip_unchanged: true
message: |
## Kubeconform with minimum supported K8s version ${{ env.MIN_K8S_VERSION }}
STDOUT:
```
${{ steps.kubeconform_min_k8s_version.outputs.stdout }}
```
STDERR:
```
${{ steps.kubeconform_min_k8s_version.outputs.stderr }}
```
## Kubeconform with latest K8s version
STDOUT:
```
${{ steps.kubeconform_latest_k8s_version.outputs.stdout }}
```
STDERR:
```
${{ steps.kubeconform_latest_k8s_version.outputs.stderr }}
```