From c998325bfe4d0c10ce222353510feda685c63b74 Mon Sep 17 00:00:00 2001 From: James Otten Date: Sat, 27 Apr 2024 22:09:36 -0400 Subject: [PATCH] actions --- .github/workflows/checkov.yaml | 2 + .github/workflows/helm_lint.yaml | 45 +++++++++++++++++++++++ .github/workflows/publish-and-deploy.yaml | 16 ++++++++ 3 files changed, 63 insertions(+) create mode 100644 .github/workflows/helm_lint.yaml diff --git a/.github/workflows/checkov.yaml b/.github/workflows/checkov.yaml index 7b66543e..58a5f07c 100644 --- a/.github/workflows/checkov.yaml +++ b/.github/workflows/checkov.yaml @@ -3,6 +3,8 @@ name: Checkov on: push: branches: [ "main" ] + pull_request: + branches: [ "main" ] workflow_dispatch: permissions: read-all diff --git a/.github/workflows/helm_lint.yaml b/.github/workflows/helm_lint.yaml new file mode 100644 index 00000000..59e47a28 --- /dev/null +++ b/.github/workflows/helm_lint.yaml @@ -0,0 +1,45 @@ +name: Lint and Test Chart + +on: pull_request + +jobs: + lint-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v3 + with: + version: v3.14.0 + + - uses: actions/setup-python@v4 + with: + python-version: '3.12' + check-latest: true + + - name: Set up chart-testing + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "changed=true" >> "$GITHUB_OUTPUT" + fi + + - name: Run chart-testing (lint) + if: steps.list-changed.outputs.changed == 'true' + run: ct lint --target-branch ${{ github.event.repository.default_branch }} + + - name: Create kind cluster + if: steps.list-changed.outputs.changed == 'true' + uses: helm/kind-action@v1.8.0 + + - name: Run chart-testing (install) + if: steps.list-changed.outputs.changed == 'true' + run: ct install --target-branch ${{ github.event.repository.default_branch }} diff --git a/.github/workflows/publish-and-deploy.yaml b/.github/workflows/publish-and-deploy.yaml index 4901cee1..35c416f3 100644 --- a/.github/workflows/publish-and-deploy.yaml +++ b/.github/workflows/publish-and-deploy.yaml @@ -51,3 +51,19 @@ jobs: if_key_exists: fail # replace / ignore / fail; optional (defaults to fail) - name: Pull new Docker image run: ssh ${{ secrets.GRANDSVC_SSH_TARGET }} "cd ${{ secrets.GRANDSVC_PROJECT_PATH }} && git pull && docker compose pull && docker compose up -d" + + deploy_to_dev0: + name: Deploy to dev0 + needs: push_to_registry + runs-on: ubuntu-latest + steps: + - name: Install SSH key + uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # v2 + with: + key: ${{ secrets.DEV0_KEY }} + name: id_ed25519 # optional + known_hosts: ${{ secrets.DEV0_KNOWN_HOSTS }} + #config: ${{ secrets.CONFIG }} # ssh_config; optional + if_key_exists: fail # replace / ignore / fail; optional (defaults to fail) + - name: Pull new Docker image + run: ssh ${{ secrets.DEV0_SSH_TARGET }} "cd ${{ secrets.DEV0_PROJECT_PATH }} && git pull && cd infra/helm/meshdb && helm template . -f values.yaml -f ${{ secrets.DEV0_HELM_SECRETS_PATH }} | kubectl apply -f -"