checkov.yml

name:  checkov
on: 
  # this can be trigger based on both master and main branch.
  push:
    branches: [ "main", "master" ]
  pull_request:
    branches: [ "main", "master" ]
  workflow_dispatch:

jobs:
  checkov:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
      uses: actions/checkout@v4

    - name: Set up Python 3.10
      uses: actions/setup-python@v5
      with:
        python-version: '3.10'

    - name: Installing checkov
      run: |
        sudo apt-get update
        sudo apt-get remove python-urllib3
        sudo pip3 install --upgrade --force-reinstall checkov

    - name: Scanning helmchart for Security Vulnerabilities
      env:
        HELMCHART_DIRECTORY: "./charts/helmchart"
        OVERRIDE_VALUE_FILE_PATH: "./charts/helmchart/config/override-values.yaml"
        CHART_NAME: "helmchart"
      run: |
        helm template helm-chart $HELMCHART_DIRECTORY -f $OVERRIDE_VALUE_FILE_PATH --namespace not-default --output-dir /tmp/helm-template
        rm -rf /tmp/helm-template/$CHART_NAME/templates/tests
        checkov -d /tmp/helm-template/$CHART_NAME
      continue-on-error: true