ci(helm): bump Trivy version to 0.55.1 #29
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Helm chart | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - 'helm/trivy/**' | |
| push: | |
| tags: | |
| - "v*" | |
| env: | |
| HELM_REP: helm-charts | |
| GH_OWNER: aquasecurity | |
| CHART_DIR: helm/trivy | |
| KIND_VERSION: "v0.14.0" | |
| KIND_IMAGE: "kindest/node:v1.23.6@sha256:b1fa224cc6c7ff32455e0b1fd9cbfd3d3bc87ecaa8fcb06961ed1afb3db0f9ae" | |
| jobs: | |
| test-chart: | |
| if: github.event_name == 'pull_request' | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Helm | |
| uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 | |
| with: | |
| version: v3.5.0 | |
| - name: Set up python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.7 | |
| - name: Setup Chart Linting | |
| id: lint | |
| uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 | |
| - name: Setup Kubernetes cluster (KIND) | |
| uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde | |
| with: | |
| version: ${{ env.KIND_VERSION }} | |
| image: ${{ env.KIND_IMAGE }} | |
| - name: Run chart-testing | |
| run: ct lint-and-install --validate-maintainers=false --charts helm/trivy | |
| - name: Run chart-testing (Ingress enabled) | |
| run: | | |
| sed -i -e '136s,false,'true',g' ./helm/trivy/values.yaml | |
| ct lint-and-install --validate-maintainers=false --charts helm/trivy | |
| update-chart-version: | |
| if: github.event_name == 'push' | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Git user | |
| run: | | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "GitHub Actions" | |
| - name: Get the tag without the 'v' prefix | |
| run: echo "TAG=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV | |
| - name: Create a PR | |
| run: ./misc/helm-chart/create-pr.sh ${{ env.TAG }} | |
| env: | |
| # Use ORG_REPO_TOKEN instead of GITHUB_TOKEN | |
| # This allows the created PR to trigger tests and other workflows | |
| GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }} | |
| publish-chart: | |
| if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' | |
| needs: | |
| - test-chart | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| with: | |
| fetch-depth: 0 | |
| - name: Install chart-releaser | |
| run: | | |
| wget https://github.com/helm/chart-releaser/releases/download/v1.3.0/chart-releaser_1.3.0_linux_amd64.tar.gz | |
| echo "baed2315a9bb799efb71d512c5198a2a3b8dcd139d7f22f878777cffcd649a37 chart-releaser_1.3.0_linux_amd64.tar.gz" | sha256sum -c - | |
| tar xzvf chart-releaser_1.3.0_linux_amd64.tar.gz cr | |
| - name: Package helm chart | |
| run: | | |
| ./cr package ${{ env.CHART_DIR }} | |
| - name: Upload helm chart | |
| # Failed with upload the same version: https://github.com/helm/chart-releaser/issues/101 | |
| continue-on-error: true | |
| run: | | |
| ./cr upload -o ${{ env.GH_OWNER }} -r ${{ env.HELM_REP }} --token ${{ secrets.ORG_REPO_TOKEN }} -p .cr-release-packages | |
| - name: Index helm chart | |
| run: | | |
| ./cr index -o ${{ env.GH_OWNER }} -r ${{ env.HELM_REP }} -c https://${{ env.GH_OWNER }}.github.io/${{ env.HELM_REP }}/ -i index.yaml | |
| - name: Push index file | |
| uses: dmnemec/copy_file_to_another_repo_action@c93037aa10fa8893de271f19978c980d0c1a9b37 #v1.1.1 | |
| env: | |
| API_TOKEN_GITHUB: ${{ secrets.ORG_REPO_TOKEN }} | |
| with: | |
| source_file: 'index.yaml' | |
| destination_repo: '${{ env.GH_OWNER }}/${{ env.HELM_REP }}' | |
| destination_folder: '.' | |
| destination_branch: 'gh-pages' | |
| user_email: [email protected] | |
| user_name: 'aqua-bot' |