From 1538969371fe32c5fcfb97d01d45a8280fa2f2c8 Mon Sep 17 00:00:00 2001 From: Himanshu Ahirwar Date: Tue, 14 Jan 2025 00:43:57 +0530 Subject: [PATCH 01/12] feat: Add checksum annotations for ConfigMap and Secret to trigger pod restart on changes --- charts/helmchart/templates/deployment.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/helmchart/templates/deployment.yaml b/charts/helmchart/templates/deployment.yaml index 551fb73..6bfb4fa 100644 --- a/charts/helmchart/templates/deployment.yaml +++ b/charts/helmchart/templates/deployment.yaml @@ -14,10 +14,12 @@ spec: {{- include "helmchart.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: {{- include "helmchart.selectorLabels" . | nindent 8 }} spec: From fe8269e0e39195d2295d76f9b6d70e4ff062f6cd Mon Sep 17 00:00:00 2001 From: Himanshu Ahirwar Date: Thu, 16 Jan 2025 00:49:23 +0530 Subject: [PATCH 02/12] update helm-unittest plugin for error 'Failed to install helm-unittest' --- .github/workflows/helm-template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-template.yaml b/.github/workflows/helm-template.yaml index 8a32098..e289f69 100644 --- a/.github/workflows/helm-template.yaml +++ b/.github/workflows/helm-template.yaml @@ -19,6 +19,6 @@ jobs: - name: Run helm unittest run: | - helm plugin install https://github.com/quintush/helm-unittest + helm plugin install https://github.com/helm-unittest/helm-unittest.git helm unittest ./charts/helmchart From a58705b93c8217a979d8de6c371260446e865b27 Mon Sep 17 00:00:00 2001 From: Himanshu Ahirwar Date: Thu, 16 Jan 2025 00:58:32 +0530 Subject: [PATCH 03/12] test: helm-unittest v1 --- .github/workflows/helm-template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-template.yaml b/.github/workflows/helm-template.yaml index e289f69..595c690 100644 --- a/.github/workflows/helm-template.yaml +++ b/.github/workflows/helm-template.yaml @@ -20,5 +20,5 @@ jobs: - name: Run helm unittest run: | helm plugin install https://github.com/helm-unittest/helm-unittest.git - helm unittest ./charts/helmchart + helm unittest -f ./test/*.yaml ./charts/helmchart From 896faab1cbd8863552e1c6688d2b6840dcf2eaa8 Mon Sep 17 00:00:00 2001 From: Himanshu Ahirwar Date: Thu, 16 Jan 2025 01:13:39 +0530 Subject: [PATCH 04/12] test: helm-unittest v2 --- .github/workflows/checkov.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml index 1e7b378..94b3777 100644 --- a/.github/workflows/checkov.yml +++ b/.github/workflows/checkov.yml @@ -14,11 +14,23 @@ jobs: - name: Checkout uses: actions/checkout@v4 + # - name: Set up Python 3.8 + # uses: actions/setup-python@v4 + # with: + # python-version: 3.8 + + # - name: Test with Checkov + # id: checkov + # uses: bridgecrewio/checkov-action@master + # with: + # directory: example/examplea + # framework: terraform + - name: Installing checkov run: | sudo apt-get update sudo apt install python3-pip -y - sudo pip install checkov + sudo pip3 install checkov - name: Scanning helmchart for Security Vulnerabilities env: From 48290f82f6e14da7505b8c4e9e6513041b6d60c3 Mon Sep 17 00:00:00 2001 From: Himanshu Ahirwar Date: Thu, 16 Jan 2025 01:17:48 +0530 Subject: [PATCH 05/12] test: helm-unittest v3 --- .github/workflows/checkov.yml | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml index 94b3777..ef1a4df 100644 --- a/.github/workflows/checkov.yml +++ b/.github/workflows/checkov.yml @@ -14,22 +14,14 @@ jobs: - name: Checkout uses: actions/checkout@v4 - # - name: Set up Python 3.8 - # uses: actions/setup-python@v4 - # with: - # python-version: 3.8 - - # - name: Test with Checkov - # id: checkov - # uses: bridgecrewio/checkov-action@master - # with: - # directory: example/examplea - # framework: terraform + - name: Set up Python 3.8 + uses: actions/setup-python@v4 + with: + python-version: 3.8 - name: Installing checkov run: | sudo apt-get update - sudo apt install python3-pip -y sudo pip3 install checkov - name: Scanning helmchart for Security Vulnerabilities From 2403938f4156e4d89c0439693b2b92677063433c Mon Sep 17 00:00:00 2001 From: Himanshu Ahirwar Date: Thu, 16 Jan 2025 01:19:39 +0530 Subject: [PATCH 06/12] test: helm-unittest v3 --- .github/workflows/checkov.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml index ef1a4df..2d84f77 100644 --- a/.github/workflows/checkov.yml +++ b/.github/workflows/checkov.yml @@ -14,10 +14,10 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Set up Python 3.8 + - name: Set up Python 3.9 uses: actions/setup-python@v4 with: - python-version: 3.8 + python-version: 3.9 - name: Installing checkov run: | From 10f3822cae10d152268b20886f1669215cce0d52 Mon Sep 17 00:00:00 2001 From: Himanshu Ahirwar Date: Thu, 16 Jan 2025 01:22:42 +0530 Subject: [PATCH 07/12] test: helm-unittest v4 --- .github/workflows/checkov.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml index 2d84f77..03b50a7 100644 --- a/.github/workflows/checkov.yml +++ b/.github/workflows/checkov.yml @@ -14,10 +14,10 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Set up Python 3.9 - uses: actions/setup-python@v4 + - name: Set up Python 3.10 + uses: actions/setup-python@v5 with: - python-version: 3.9 + python-version: 3.10 - name: Installing checkov run: | From 192f6819f4ada135b8593ef2de28b16822dc1cb3 Mon Sep 17 00:00:00 2001 From: Himanshu Ahirwar Date: Thu, 16 Jan 2025 01:24:03 +0530 Subject: [PATCH 08/12] test: helm-unittest v5 --- .github/workflows/checkov.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml index 03b50a7..5ff8168 100644 --- a/.github/workflows/checkov.yml +++ b/.github/workflows/checkov.yml @@ -17,7 +17,7 @@ jobs: - name: Set up Python 3.10 uses: actions/setup-python@v5 with: - python-version: 3.10 + python-version: '3.10' - name: Installing checkov run: | From 5f03f2ef3040774331d31132e370481faf973e76 Mon Sep 17 00:00:00 2001 From: Himanshu Ahirwar Date: Thu, 16 Jan 2025 01:37:12 +0530 Subject: [PATCH 09/12] test: helm-unittest v6 --- .github/workflows/checkov.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml index 5ff8168..16f46bd 100644 --- a/.github/workflows/checkov.yml +++ b/.github/workflows/checkov.yml @@ -22,7 +22,7 @@ jobs: - name: Installing checkov run: | sudo apt-get update - sudo pip3 install checkov + sudo pip3 install -U checkov - name: Scanning helmchart for Security Vulnerabilities env: From 8d1ee681a83184f95f3be2cc712f732cef0dcdf3 Mon Sep 17 00:00:00 2001 From: Himanshu Ahirwar Date: Thu, 16 Jan 2025 01:46:31 +0530 Subject: [PATCH 10/12] test: helm-unittest v7 --- .github/workflows/checkov.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml index 16f46bd..0ab93e3 100644 --- a/.github/workflows/checkov.yml +++ b/.github/workflows/checkov.yml @@ -22,7 +22,7 @@ jobs: - name: Installing checkov run: | sudo apt-get update - sudo pip3 install -U checkov + sudo pip3 install --upgrade --force-reinstall checkov - name: Scanning helmchart for Security Vulnerabilities env: From d652f98661ad9d5531ab06ffc86155e337382655 Mon Sep 17 00:00:00 2001 From: Himanshu Ahirwar Date: Thu, 16 Jan 2025 01:57:05 +0530 Subject: [PATCH 11/12] test: helm-unittest v8 --- .github/workflows/checkov.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml index 0ab93e3..e329bdf 100644 --- a/.github/workflows/checkov.yml +++ b/.github/workflows/checkov.yml @@ -22,6 +22,7 @@ jobs: - name: Installing checkov run: | sudo apt-get update + sudo apt-get remove python-urllib3 sudo pip3 install --upgrade --force-reinstall checkov - name: Scanning helmchart for Security Vulnerabilities From 57784c03d4cd8d513afd148aff1432743fef2131 Mon Sep 17 00:00:00 2001 From: Himanshu Ahirwar Date: Thu, 16 Jan 2025 02:05:21 +0530 Subject: [PATCH 12/12] test: helm-unittest v9 --- .github/workflows/checkov.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml index e329bdf..fbb90e6 100644 --- a/.github/workflows/checkov.yml +++ b/.github/workflows/checkov.yml @@ -22,7 +22,7 @@ jobs: - name: Installing checkov run: | sudo apt-get update - sudo apt-get remove python-urllib3 + sudo apt-get remove python3-urllib3 sudo pip3 install --upgrade --force-reinstall checkov - name: Scanning helmchart for Security Vulnerabilities