chore(deps): bump bridgecrewio/checkov-action from 12.3088.0 to 12.30… #813
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Helm chart validation | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'helm/**' | |
| - '.github/workflows/helm-chart.yml' | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - 'helm/**' | |
| - '.github/workflows/helm-chart.yml' | |
| jobs: | |
| lint: | |
| name: Lint and install chart | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Helm | |
| uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 | |
| with: | |
| version: v3.13.2 | |
| - name: Install Python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: 3.9 | |
| - name: Set up chart-testing | |
| uses: helm/chart-testing-action@6ec842c01de15ebb84c8627d2744a0c2f2755c9f # v2.8.0 | |
| - name: Add bitami repo | |
| run: helm repo add bitnami https://charts.bitnami.com/bitnami | |
| - name: Lint helm chart | |
| run: | | |
| ct lint --config ./.github/configs/chart-testing.yaml | |
| - name: Create kind cluster | |
| if: "${{!startsWith(github.event.pull_request.title, 'feat: Release')}}" | |
| uses: helm/kind-action@ef37e7f390d99f746eb8b610417061a60e82a6cc # v1.14.0 | |
| - name: Label cluster nodes | |
| if: "${{!startsWith(github.event.pull_request.title, 'feat: Release')}}" | |
| run: | | |
| for node in $(kubectl get nodes -o name); do | |
| kubectl label --overwrite $node "role=management" | |
| done | |
| - name: Run chart-testing (install and upgrade) | |
| if: "${{!startsWith(github.event.pull_request.title, 'feat: Release')}}" | |
| run: ct install --upgrade --config ./.github/configs/chart-testing.yaml | |
| validate: | |
| name: Validate chart against kubernetes API | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Helm | |
| uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 | |
| with: | |
| version: v3.13.2 | |
| - name: Create kind cluster | |
| uses: helm/kind-action@ef37e7f390d99f746eb8b610417061a60e82a6cc # v1.14.0 | |
| - name: Validate chart | |
| run: | | |
| helm template flowfuse ./helm/flowfuse --set forge.domain=example.com | kubectl apply --validate=true -f - | |
| unit-tests: | |
| name: Run unit tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Install Helm | |
| uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 | |
| - name: Install unittest plugin | |
| run: helm plugin install https://github.com/helm-unittest/helm-unittest.git --version 1.0.3 --verify=false | |
| - name: Run unit tests | |
| run: | | |
| helm unittest ./helm/flowfuse -t JUnit -o junit-results.xml | |
| - name: Publish Test Report | |
| uses: mikepenz/action-junit-report@49b2ca06f62aa7ef83ae6769a2179271e160d8e4 # v6.3.1 | |
| if: always() | |
| with: | |
| check_name: 'Helm chart unit tests' | |
| report_paths: 'junit-results.xml' | |
| detailed_summary: true | |
| scan: | |
| name: Scan chart | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| tool: | |
| - checkov | |
| # temporary disabled due to https://github.com/zegl/kube-score/issues/559 | |
| # - kube-score | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Helm | |
| uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 | |
| with: | |
| version: v3.13.2 | |
| - name: Scan chart with checkov | |
| if: matrix.tool == 'checkov' | |
| uses: bridgecrewio/checkov-action@2fd3901c8feb52417f27f0d9800259a106c1ec1e # v12.3089.0 | |
| with: | |
| directory: ${{ github.workspace }}/helm | |
| var_file: ${{ github.workspace }}/helm/flowfuse/ci/default-values.yaml | |
| skip_path: /flowfuse/charts/ | |
| framework: helm | |
| output_format: cli,sarif | |
| output_file_path: console,results.sarif | |
| soft_fail: true | |
| env: | |
| HELM_NAMESPACE: no-default-namespace | |
| - name: Template chart | |
| # temporary disabled due to https://github.com/zegl/kube-score/issues/559 | |
| if: false | |
| run: | | |
| helm template flowfuse ./helm/flowfuse --set forge.domain=example.com > ${{ github.workspace }}/templated_chart.yaml | |
| - name: Install kube-score | |
| # temporary disabled due to https://github.com/zegl/kube-score/issues/559 | |
| if: false | |
| uses: yokawasa/action-setup-kube-tools@v0.13.1 | |
| with: | |
| setup-tools: "kube-score" | |
| kube-score: '1.17.0' | |
| - name: Scan chart with kube-score | |
| # temporary disabled due to https://github.com/zegl/kube-score/issues/559 | |
| if: false | |
| continue-on-error: true | |
| run: | |
| kube-score score ${{ github.workspace }}/templated_chart.yaml --output-format sarif > results.sarif | |
| - name: "Upload SARIF file" | |
| if: success() || failure() | |
| uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0 | |
| with: | |
| sarif_file: results.sarif |