Merge pull request #50 from accuknox/pr-test #166

Workflow file for this run

.github/workflows/action.yaml at ae82fc8

	name: Accuknox-Job Workflow

	on:
	push:
	tags:
	- "v[0-9]+.[0-9]+.[0-9]+"
	- "v[0-9]+.[0-9]+.[0-9]+-*"
	pull_request_target:
	branches:
	- "*"

	env:
	AK_URL: "https://cspm.accuknox.com"
	AK_SAST_LABEL: "SAST"

	jobs:
	tag-validate:
	runs-on: ubuntu-latest
	if: startsWith(github.ref, 'refs/tags/v')
	steps:
	- uses: rubenesp87/[email protected]
	with:
	version: ${{ github.ref_name }}

	sonarqube-code-scan:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2
	- uses: accuknox/common-gh-actions/actions/sonarqube@main
	with:
	token: ${{ secrets.SQ_TOKEN }}
	qualityGateCheck: 'false'
	args: >
	-Dsonar.projectKey=accuknox-jobs
	-Dsonar.sources=.
	projectKey: accuknox-jobs
	pushToSaas: startsWith(github.ref, 'refs/tags/v')
	ak_url: ${{ env.AK_URL }}
	ak_tok: ${{ secrets.AK_PROD_ACCUKNOXTECH_TOKEN }}
	tenant_id: ${{ secrets.AK_PROD_ACCUKNOXTECH_TENANT_ID }}
	label: ${{ env.AK_SAST_LABEL }}

	helm_chart_validation:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v2

	- name: Install Helm
	run: \|
	curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
	chmod 700 get_helm.sh
	./get_helm.sh

	- name: Validate cis-k8s-job
	run: \|
	helm lint cis-k8s-job
	helm template cis-k8s-job --dry-run > /dev/null

	- name: Validate k8s-risk-assessment-job
	run: \|
	helm lint k8s-risk-assessment-job
	helm template k8s-risk-assessment-job --dry-run > /dev/null

	- name: Validate k8tls-job
	run: \|
	helm lint k8tls-job
	helm template k8tls-job --dry-run > /dev/null

	- name: Validate kiem-job
	run: \|
	helm lint kiem-job
	helm template kiem-job --dry-run > /dev/null

	helm_push_to_ecr:
	runs-on: ubuntu-latest
	needs: [helm_chart_validation,tag-validate]
	steps:
	- name: Checkout code
	uses: actions/checkout@v2

	- name: Set up AWS Credentials
	uses: aws-actions/configure-aws-credentials@v2
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: us-east-1

	- name: Install Helm
	run: \|
	curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
	chmod 700 get_helm.sh
	./get_helm.sh

	- name: Login to AWS ECR
	run: \|
	aws ecr-public get-login-password --region us-east-1 \| helm registry login --username AWS --password-stdin ${{ secrets.REPO }}


	- name: Chart versioning
	if: ( github.event_name != 'pull_request' && github.event_name != 'pull_request_target' )
	shell: bash
	id: chart-version
	run: \|
	for CHART_DIR in cis-k8s-job k8s-risk-assessment-job k8tls-job kiem-job; do
	sed -i "s/^version:.*$/version: ${{ github.ref_name }}/" $CHART_DIR/Chart.yaml
	sed -i "s/^appVersion:.*$/appVersion: ${{ github.ref_name }}/" $CHART_DIR/Chart.yaml
	done

	- name: Package and Push Helm Charts
	run: \|
	for CHART_DIR in cis-k8s-job k8s-risk-assessment-job k8tls-job kiem-job; do
	helm package $CHART_DIR
	HELM_PACKAGE=$(ls $CHART_DIR-*.tgz)
	helm push $HELM_PACKAGE oci://${{ secrets.REPO }}
	done

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #50 from accuknox/pr-test #166

Workflow file

Merge pull request #50 from accuknox/pr-test #166

Jobs

Run details

Workflow file for this run