From 653064486a8919fcc25eb4dd56cb74cb45eef819 Mon Sep 17 00:00:00 2001 From: Michael Riedmann Date: Wed, 15 May 2024 11:56:14 +0200 Subject: [PATCH] ci: init gh-actions --- .github/workflows/helm-ci.yml | 74 ++++++++++++++++++++++++++++++ .github/workflows/helm-docs.yml | 44 ++++++++++++++++++ .github/workflows/helm-release.yml | 31 +++++++++++++ cr.yaml | 2 + ct.yaml | 2 + 5 files changed, 153 insertions(+) create mode 100644 .github/workflows/helm-ci.yml create mode 100644 .github/workflows/helm-docs.yml create mode 100644 .github/workflows/helm-release.yml create mode 100644 cr.yaml create mode 100644 ct.yaml diff --git a/.github/workflows/helm-ci.yml b/.github/workflows/helm-ci.yml new file mode 100644 index 0000000..fe8b2e0 --- /dev/null +++ b/.github/workflows/helm-ci.yml @@ -0,0 +1,74 @@ +name: Helm CI + +on: + push: + branches: + - main + paths: + - .github/workflows/** + - charts/** + pull_request: + branches: + - main + paths: + - .github/workflows/** + - charts/** + +permissions: { } + +jobs: + lint: + name: Lint + runs-on: ubuntu-latest + timeout-minutes: 5 + permissions: + security-events: write + steps: + - name: Checkout Repository + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # tag=v4.1.5 + with: + fetch-depth: "0" + - name: Set up Helm + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # tag=v4.2.0 + - name: Set up Python + uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # tag=v5.1.0 + with: + python-version: "3.11" + check-latest: true + - name: Set up Chart Testing + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # tag=v2.6.1 + - name: Lint Chart + run: ct lint --config ct.yaml + - name: Scan for Misconfiguration + uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # tag=v0.20.0 + with: + scan-type: config + format: sarif + output: misconfig.sarif + - name: Upload Misconfiguration Scan Results + uses: github/codeql-action/upload-sarif@956f09c2ef1926b580554b9014cfb8a51abf89dd # tag=codeql-bundle-v2.16.6 + with: + sarif_file: misconfig.sarif + + test: + name: Test + runs-on: ubuntu-latest + timeout-minutes: 15 + steps: + - name: Checkout Repository + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # tag=v4.1.5 + with: + fetch-depth: "0" + - name: Set up Helm + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # tag=v4.2.0 + - name: Set up Python + uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # tag=v5.1.0 + with: + python-version: "3.11" + check-latest: true + - name: Set up Chart Testing + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # tag=v2.6.1 + - name: Create Kind Cluster + uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # tag=v1.10.0 + - name: Test + run: ct install --config ct.yaml --debug diff --git a/.github/workflows/helm-docs.yml b/.github/workflows/helm-docs.yml new file mode 100644 index 0000000..3bbd18a --- /dev/null +++ b/.github/workflows/helm-docs.yml @@ -0,0 +1,44 @@ +name: Helm Docs + +on: + push: + branches: + - main + paths: + - .github/workflows/** + - charts/** + workflow_dispatch: { } + +permissions: { } + +jobs: + update-docs: + name: Update Docs + runs-on: ubuntu-latest + timeout-minutes: 5 + permissions: + contents: write + pull-requests: write + steps: + - name: Checkout Repository + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # tag=v4.1.5 + - name: Setup Go + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # tag=v5.0.1 + with: + go-version: "1.22" + check-latest: true + - name: Install helm-docs + run: go install -v github.com/norwoodj/helm-docs/cmd/helm-docs@v1.13.1 + - name: Run helm-docs + run: helm-docs + - name: Create Pull Request + uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # tag=v6.0.5 + with: + add-paths: "charts/*/README.md" + branch: update-helm-docs + body: "Updates Helm chart documentation using [helm-docs](https://github.com/norwoodj/helm-docs)" + commit-message: Update helm docs + delete-branch: true + labels: documentation + signoff: true + title: Update helm docs \ No newline at end of file diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml new file mode 100644 index 0000000..e39c96d --- /dev/null +++ b/.github/workflows/helm-release.yml @@ -0,0 +1,31 @@ +name: Helm Release + +on: + workflow_dispatch: { } + +permissions: { } + +jobs: + release: + name: Release + runs-on: ubuntu-latest + timeout-minutes: 5 + permissions: + contents: write + steps: + - name: Checkout Repository + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # tag=v4.1.5 + with: + fetch-depth: "0" + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + - name: Set up Helm + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # tag=v4.2.0 + - name: Release Chart + uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # tag=v1.6.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + with: + config: cr.yaml \ No newline at end of file diff --git a/cr.yaml b/cr.yaml new file mode 100644 index 0000000..0808d9f --- /dev/null +++ b/cr.yaml @@ -0,0 +1,2 @@ +generate-release-notes: true +skip-existing: true \ No newline at end of file diff --git a/ct.yaml b/ct.yaml new file mode 100644 index 0000000..056375a --- /dev/null +++ b/ct.yaml @@ -0,0 +1,2 @@ +target-branch: main +helm-extra-args: --timeout 60s \ No newline at end of file