chore(deps): update vfps docker tag to v2.1.69 (#458) #236
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Charts | |
| on: | |
| push: | |
| branches: | |
| - master | |
| paths: | |
| - "charts/**" | |
| # Declare default permissions as read only. | |
| permissions: | |
| contents: read | |
| jobs: | |
| release: | |
| runs-on: ubuntu-24.04 | |
| container: ghcr.io/chgl/kube-powertools:v2.3.41@sha256:a2426888bec87aee40ce8e6555b50a9e2bf9ccb8b1d62d14eec82045cd161b9c | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: Add workspace as safe directory | |
| run: | | |
| git config --global --add safe.directory /__w/charts/charts | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Configure Git | |
| run: | | |
| git config user.name "$GITHUB_ACTOR" | |
| git config user.email "[email protected]" | |
| - name: Add Helm chart dependency repos | |
| run: | | |
| helm repo add codecentric https://codecentric.github.io/helm-charts | |
| helm repo add hapifhir https://hapifhir.github.io/hapi-fhir-jpaserver-starter | |
| - name: Update dependencies | |
| run: find charts/ ! -path charts/ -maxdepth 1 -type d -exec helm dependency update {} \; | |
| - name: Generate changelogs | |
| run: generate-chart-changelog.sh | |
| - name: Run chart-releaser | |
| uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0 | |
| with: | |
| config: .github/ct/ct.yaml | |
| env: | |
| CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Login to GitHub Container Registry | |
| run: | | |
| # used by helm | |
| echo "${GHCR_REGISTRY_PASSWORD}" | helm registry login ghcr.io --username ${{ github.actor }} --password-stdin | |
| # used by cosign | |
| echo "${GHCR_REGISTRY_PASSWORD}" | crane auth login ghcr.io --username ${{ github.actor }} --password-stdin | |
| env: | |
| GHCR_REGISTRY_PASSWORD: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Push Charts to ghcr.io | |
| run: | | |
| for pkg in .cr-release-packages/*; do | |
| if [ -z "${pkg:-}" ]; then | |
| break | |
| fi | |
| helm push "${pkg}" oci://ghcr.io/${{ github.repository }} 2> .digest | |
| OCI_ARTIFACT_PATH="$(awk -F "[, ]+" '/Pushed/{print $NF}' < .digest)" | |
| OCI_ARTIFACT_DIGEST="$(awk -F "[, ]+" '/Digest/{print $NF}' < .digest)" | |
| cosign sign --yes "${OCI_ARTIFACT_PATH}@${OCI_ARTIFACT_DIGEST}" | |
| done | |
| - name: Generate kubescape reports | |
| run: | | |
| kubescape scan framework cis-v1.23-t1.0.1 --format=html --output=kubescape-reports/cis-v1.23-t1.0.1.html charts/ | |
| kubescape scan framework nsa --format=html --output=kubescape-reports/nsa.html charts/ | |
| kubescape scan framework mitre --format=html --output=kubescape-reports/mitre.html charts/ | |
| - name: "Upload kubescape reports" | |
| uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
| with: | |
| name: kubescape-reports | |
| path: kubescape-reports/ | |
| retention-days: 5 | |
| update-kubescape-reports: | |
| runs-on: ubuntu-24.04 | |
| container: ghcr.io/chgl/kube-powertools:v2.3.41@sha256:a2426888bec87aee40ce8e6555b50a9e2bf9ccb8b1d62d14eec82045cd161b9c | |
| permissions: | |
| contents: write | |
| needs: | |
| - release | |
| steps: | |
| - name: Add workspace as safe directory | |
| run: | | |
| git config --global --add safe.directory /__w/charts/charts | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| ref: gh-pages | |
| - name: Download reports | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: kubescape-reports | |
| path: "kubescape-reports/" | |
| - run: | | |
| ls -lsa ./ | |
| - uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4 | |
| with: | |
| add: "kubescape-reports/" | |
| message: "docs: updated kubescape reports" |