fix: support subpaths #127
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| jobs: | |
| test: | |
| if: github.repository == 'user-cube/cluster-bootstrap' | |
| name: Go Tests | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: cli | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: cli/go.mod | |
| cache-dependency-path: cli/go.sum | |
| - name: Run tests | |
| run: go test -race -coverprofile=coverage.out ./... | |
| - name: Upload coverage | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: coverage | |
| path: cli/coverage.out | |
| lint: | |
| if: github.repository == 'user-cube/cluster-bootstrap' | |
| name: Go Lint | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: cli | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: cli/go.mod | |
| cache-dependency-path: cli/go.sum | |
| - uses: golangci/golangci-lint-action@v9 | |
| with: | |
| working-directory: cli | |
| security: | |
| if: github.repository == 'user-cube/cluster-bootstrap' | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: cli | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: cli/go.mod | |
| cache-dependency-path: cli/go.sum | |
| - name: Download Go dependencies | |
| run: go mod download | |
| - name: Install gosec | |
| run: go install github.com/securego/gosec/v2/cmd/gosec@latest | |
| - name: Run gosec | |
| run: gosec -exclude-dir=vendor ./... | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: fs | |
| scan-ref: cli | |
| exit-code: 1 | |
| severity: HIGH,CRITICAL | |
| gitleaks: | |
| name: Secret Detection | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - uses: gitleaks/gitleaks-action@v2 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| helm-lint: | |
| name: Helm Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: azure/setup-helm@v4 | |
| - name: Lint all charts | |
| run: | | |
| helm lint apps/ | |
| for chart in components/*/; do | |
| echo "Linting $chart..." | |
| if grep -q "^dependencies:" "$chart/Chart.yaml"; then | |
| helm dependency build "$chart" | |
| fi | |
| values_args="" | |
| if [ -f "$chart/values/base.yaml" ]; then | |
| values_args="-f $chart/values/base.yaml" | |
| fi | |
| helm lint "$chart" $values_args | |
| done | |
| helm-validate: | |
| name: Helm Validate Values | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| environment: [dev, staging, prod] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: azure/setup-helm@v4 | |
| - name: Build chart dependencies | |
| run: | | |
| for chart in components/*/; do | |
| if grep -q "^dependencies:" "$chart/Chart.yaml"; then | |
| helm dependency build "$chart" | |
| fi | |
| done | |
| - name: Validate apps values | |
| run: helm template apps/ -f apps/values/${{ matrix.environment }}.yaml | |
| - name: Validate component values | |
| run: | | |
| for chart in components/*/; do | |
| name=$(basename "$chart") | |
| base="$chart/values/base.yaml" | |
| env_file="$chart/values/${{ matrix.environment }}.yaml" | |
| if [ -f "$base" ] && [ -f "$env_file" ]; then | |
| echo "Validating $name for ${{ matrix.environment }}..." | |
| helm template "$chart" -f "$base" -f "$env_file" | |
| fi | |
| done |