feat: Add checksum annotations for ConfigMap and Secret to trigger pod restart on changes

.github/workflows/checkov.yml

@@ -14,11 +14,16 @@ jobs:
     - name: Checkout
       uses: actions/checkout@v4
 
+    - name: Set up Python 3.10
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.10'
+
     - name: Installing checkov
       run: |
         sudo apt-get update
-        sudo apt install python3-pip -y
-        sudo pip install checkov
+        sudo apt-get remove python3-urllib3
+        sudo pip3 install --upgrade --force-reinstall checkov
 
     - name: Scanning helmchart for Security Vulnerabilities
       env:

.github/workflows/helm-template.yaml

@@ -19,6 +19,6 @@ jobs:
 
     - name: Run helm unittest
       run: |
-        helm plugin install https://github.com/quintush/helm-unittest
-        helm unittest ./charts/helmchart
+        helm plugin install https://github.com/helm-unittest/helm-unittest.git
+        helm unittest -f ./test/*.yaml ./charts/helmchart
 

charts/helmchart/templates/deployment.yaml

@@ -14,10 +14,12 @@ spec:
       {{- include "helmchart.selectorLabels" . | nindent 6 }}
   template:
     metadata:
-      {{- with .Values.podAnnotations }}
       annotations:
+      {{- with .Values.podAnnotations }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
       labels:
         {{- include "helmchart.selectorLabels" . | nindent 8 }}
     spec: