Skip to content
CI

chore(deps): update helm charts #165

Sign in to view logs

chore(deps): update helm charts

chore(deps): update helm charts #165

Workflow file for this run

.github/workflows/ci.yml at 7b02334
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
permissions:
contents: read
jobs:
changes:
name: Detect Changes
runs-on: ubuntu-latest
outputs:
cli: ${{ steps.filter.outputs.cli }}
helm: ${{ steps.filter.outputs.helm }}
workflows: ${{ steps.filter.outputs.workflows }}
steps:
- uses: actions/checkout@v6
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
cli:
- 'cluster-bootstrap-cli/**'
helm:
- 'apps/**'
- 'components/**'
workflows:
- '.github/workflows/**'
test:
needs: [changes]
if: github.repository == 'user-cube/cluster-bootstrap' && needs.changes.outputs.cli == 'true'
name: Go Tests
runs-on: ubuntu-latest
defaults:
run:
working-directory: cluster-bootstrap-cli
steps:
- uses: actions/checkout@v6
- uses: actions/setup-go@v6
with:
go-version-file: cluster-bootstrap-cli/go.mod
cache-dependency-path: cluster-bootstrap-cli/go.sum
- name: Run tests
run: go test -race -coverprofile=coverage.out ./...
- name: Upload coverage
uses: actions/upload-artifact@v6
with:
name: coverage
path: cluster-bootstrap-cli/coverage.out
lint:
needs: [changes]
if: github.repository == 'user-cube/cluster-bootstrap' && needs.changes.outputs.cli == 'true'
name: Go Lint
runs-on: ubuntu-latest
defaults:
run:
working-directory: cluster-bootstrap-cli
steps:
- uses: actions/checkout@v6
- uses: actions/setup-go@v6
with:
go-version-file: cluster-bootstrap-cli/go.mod
cache-dependency-path: cluster-bootstrap-cli/go.sum
- uses: golangci/golangci-lint-action@v9
with:
working-directory: cluster-bootstrap-cli
security:
needs: [changes]
if: github.repository == 'user-cube/cluster-bootstrap' && needs.changes.outputs.cli == 'true'
name: Security Scan
runs-on: ubuntu-latest
defaults:
run:
working-directory: cluster-bootstrap-cli
steps:
- uses: actions/checkout@v6
- uses: actions/setup-go@v6
with:
go-version-file: cluster-bootstrap-cli/go.mod
cache-dependency-path: cluster-bootstrap-cli/go.sum
- name: Download Go dependencies
run: go mod download
- name: Install gosec
run: go install github.com/securego/gosec/v2/cmd/gosec@latest
- name: Run gosec
run: gosec -exclude-dir=vendor ./...
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: fs
scan-ref: cluster-bootstrap-cli
exit-code: 1
severity: HIGH,CRITICAL
gitleaks:
name: Secret Detection
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
- uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
helm-lint:
needs: [changes]
if: needs.changes.outputs.helm == 'true'
name: Helm Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: azure/setup-helm@v4
- name: Lint all charts
run: |
helm lint apps/
for chart in components/*/; do
echo "Linting $chart..."
if grep -q "^dependencies:" "$chart/Chart.yaml"; then
helm dependency build "$chart"
fi
if [ -f "$chart/values/base.yaml" ]; then
helm lint "$chart" -f "$chart/values/base.yaml"
else
helm lint "$chart"
fi
done
helm-validate:
needs: [changes]
if: needs.changes.outputs.helm == 'true'
name: Helm Validate Values
runs-on: ubuntu-latest
strategy:
matrix:
environment: [dev, staging, prod]
steps:
- uses: actions/checkout@v6
- uses: azure/setup-helm@v4
- name: Build chart dependencies
run: |
for chart in components/*/; do
if grep -q "^dependencies:" "$chart/Chart.yaml"; then
helm dependency build "$chart"
fi
done
- name: Validate apps values
run: helm template apps/ -f apps/values/${{ matrix.environment }}.yaml
- name: Validate component values
run: |
for chart in components/*/; do
name=$(basename "$chart")
base="$chart/values/base.yaml"
env_file="$chart/values/${{ matrix.environment }}.yaml"
if [ -f "$base" ] && [ -f "$env_file" ]; then
echo "Validating $name for ${{ matrix.environment }}..."
helm template "$chart" -f "$base" -f "$env_file"
fi
done
actionlint:
needs: [changes]
if: needs.changes.outputs.workflows == 'true'
name: Workflow Validation
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: reviewdog/action-actionlint@v1