Skip to content
Lint Helm chart

Dependency Track parser: Store DT uuid into unique_id_from_tool instead of vuln_id_from_tool #23619

Sign in to view logs

Dependency Track parser: Store DT uuid into unique_id_from_tool instead of vuln_id_from_tool

Dependency Track parser: Store DT uuid into unique_id_from_tool instead of vuln_id_from_tool #23619

Workflow file for this run

.github/workflows/test-helm-chart.yml at ef02236
name: Lint Helm chart
on:
pull_request:
branches:
- master
- dev
- bugfix
- release/**
- hotfix/**
jobs:
lint:
name: Lint chart (version)
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: 3.14 # Renovate helper is not needed here
# Running update is not needed for listing - it just triggers errors as soon as one of the subcharts is not in the latest version (`helm dep. update` change content of the chart)
# As soon as we would like to run more extensive tests, this can be reenabled, but this will need to be placed after "ct list-changed" command
# - name: Configure Helm repos
# run: |-
# helm dependency list ./helm/defectdojo
# helm dependency update ./helm/defectdojo
- name: Set up chart-testing
uses: helm/chart-testing-action@6ec842c01de15ebb84c8627d2744a0c2f2755c9f # v2.8.0
with:
version: 3.14.0 # renovate: datasource=github-releases depName=helm/chart-testing
yamale_version: 6.1.0 # renovate: datasource=pypi depName=yamale versioning=semver
yamllint_version: 1.38.0 # renovate: datasource=pypi depName=yamllint versioning=semver
- name: Determine target branch
id: ct-branch-target
run: |
if [ ! -z ${GITHUB_BASE_REF} ]; then
echo "ct-branch=${GITHUB_BASE_REF}" >> $GITHUB_ENV
else
echo "ct-branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
fi
- name: Run chart-testing (list-changed)
id: list_changed
run: |
changed=$(ct list-changed --config ct.yaml --target-branch ${{ env.ct-branch}})
if [[ -n "$changed" ]]; then
echo "changed=true" >> $GITHUB_OUTPUT
echo "Content changed:"
echo "$changed" | sed 's/^/ /'
fi
# run version check only if not dev as in dev we have a `x.y.z-dev` version
# x.y.z gets bumped automatically when doing a release
- name: Run chart-testing (lint)
run: ct lint --config ct.yaml --target-branch ${{ env.ct-branch }} --check-version-increment=true
if: ${{ steps.list_changed.outputs.changed == 'true' && env.ct-branch != 'dev' && env.ct-branch != 'bugfix' }}
# run all checks but version increment always when something changed
- name: Run chart-testing (lint)
run: ct lint --config ct.yaml --target-branch ${{ env.ct-branch }} --check-version-increment=false
if: steps.list_changed.outputs.changed == 'true'
- name: Check update of "artifacthub.io/changes" HELM annotation
if: ${{ steps.list_changed.outputs.changed == 'true' && !(startsWith(github.head_ref, 'master-into-dev/') || startsWith(github.head_ref, 'master-into-bugfix/')) }}
run: |
# fast fail if `git show` fails
set -e
set -o pipefail
target_branch=${{ env.ct-branch }}
echo "Checking Chart.yaml annotation changes"
# Get current branch annotation
current_annotation=$(yq e '.annotations."artifacthub.io/changes"' "helm/defectdojo/Chart.yaml")
echo "Current annotation: "
echo $current_annotation
# Get target branch version of Chart.yaml annotation
target_annotation=$(git show "origin/${{ env.ct-branch }}:helm/defectdojo/Chart.yaml" | yq e '.annotations."artifacthub.io/changes"' -)
echo "Target annotation: "
echo $target_annotation
if [[ "$current_annotation" == "$target_annotation" ]]; then
echo "::error file=helm/defectdojo/Chart.yaml::The 'artifacthub.io/changes' annotation has not been updated compared to ${{ env.ct-branch }}. For more, check the hint in 'helm/defectdojo/Chart.yaml'"
exit 1
fi
echo "'artifacthub.io/changes' annotation updated in helm/defectdojo"
# - name: Create kind cluster
# uses: helm/kind-action@v1.1.0
# if: steps.list_changed.outputs.changed == 'true'
# - name: Run chart-testing (install)
# run: ct install --config ct.yaml --target-branch ${{ env.ct-branch }} --helm-extra-args '--set createSecret=true --set createRabbitMqSecret=true --set createPostgresqlSecret=true --set timeout=900'
# if: steps.list_changed.outputs.changed == 'true'
docs_generation:
name: Update documentation
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.ref }}
- name: Update values in HELM chart
if: startsWith(github.head_ref, 'renovate/') || startsWith(github.head_ref, 'dependabot/')
run: |
title='${{ github.event.pull_request.title }}'
chars='{}:[],&*#?|-<>=!%@'
for c in $(echo "$chars" | grep -o .); do
title="${title//"$c"/_}"
done
yq -i '.annotations."artifacthub.io/changes" += "- kind: changed\n description: '"$title"'\n"' helm/defectdojo/Chart.yaml
git add helm/defectdojo/Chart.yaml
git commit -m "ci: update Chart annotations from PR #${{ github.event.pull_request.number }}" || echo "No changes to commit"
- name: Run helm-docs (update)
uses: losisin/helm-docs-github-action@6f957579ac122ecc167bf515fe84e828686c9a15 # v1.7.1
if: startsWith(github.head_ref, 'renovate/') || startsWith(github.head_ref, 'dependabot/')
with:
chart-search-root: "helm/defectdojo"
git-push: true
- name: Run helm-docs (check)
uses: losisin/helm-docs-github-action@6f957579ac122ecc167bf515fe84e828686c9a15 # v1.7.1
if: ${{ !(startsWith(github.head_ref, 'renovate/') || startsWith(github.head_ref, 'dependabot/')) }}
with:
fail-on-diff: true
chart-search-root: "helm/defectdojo"
- name: Failed Information
if: failure()
run: |-
echo "Your HELM chart changed but you haven't adjusted documentation. Check https://github.com/defectdojo/django-DefectDojo/tree/master/helm/defectdojo#helm-docs-update for more information."
generate_schema:
name: Update schema
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Generate values schema json
uses: losisin/helm-values-schema-json-action@b0c5e688b224ce7c36fcf005184f1105850d8f3b # v2.4.1
with:
fail-on-diff: true
working-directory: "helm/defectdojo"
useHelmDocs: true
values: values.yaml
- name: Failed Information
if: failure()
run: |-
echo "Your HELM chart changed but you haven't adjusted schema. Check https://github.com/defectdojo/django-DefectDojo/tree/master/helm/defectdojo#helm-schema-update for more information."
lint_format:
name: Lint chart (format)
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1
- name: Configure Helm repos
run: |-
helm dependency list ./helm/defectdojo
helm dependency update ./helm/defectdojo
- name: Lint
run: |-
helm lint ./helm/defectdojo --strict
artifacthub_linter:
name: Artifacthub Lint
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Run ah lint
working-directory: ./helm/defectdojo
run: |-
docker run --rm \
-v ${{ github.workspace }}/helm/defectdojo:/workspace \
-w /workspace \
artifacthub/ah:v1.21.0@sha256:511818fa90ce87d7132c6214e51ea6dd62eea030f5d2271ce073f948b3060972 \
ah lint