Implement autofunding #26
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: 'Package Helm chart Operator' | |
on: | |
pull_request: | |
types: | |
- synchronize | |
- ready_for_review | |
branches: | |
- master | |
paths: | |
- "charts/hoprd-operator/**" | |
concurrency: | |
group: ${{ github.head_ref }}-operator | |
cancel-in-progress: true | |
jobs: | |
bump_version: | |
name: Bump version | |
runs-on: ubuntu-2-core | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Bump Chart version | |
id: bumping_version | |
run: | | |
helm_chart_version=$(grep '^version:' Chart.yaml | sed 's/.*: //') | |
git_tag=$(git tag -l helm-hoprd-operator-${helm_chart_version}) | |
echo "Workspace version is helm-hoprd-operator-${helm_chart_version} while tagged is ${git_tag}" | |
if [ "${git_tag}" = "helm-hoprd-operator-${helm_chart_version}" ]; then | |
patch_number=$(echo $helm_chart_version | sed 's/.*\.//') | |
release_number=$(echo $helm_chart_version | sed "s/\.${patch_number}//") | |
bump_version=${release_number}.$((patch_number + 1)) | |
echo "The helm chart version ${git_tag} already exists, bumping to version helm-hoprd-operator-${bump_version}"; | |
sed -i "s/^version: ${helm_chart_version}/version: ${bump_version}/" Chart.yaml | |
echo "bumped_version=true" >> $GITHUB_OUTPUT | |
fi | |
working-directory: 'charts/hoprd-operator/' | |
- name: Commit and push | |
if: ${{ steps.bumping_version.outputs.bumped_version }} | |
uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
commit_message: "Bump Helm chart version to ${{ steps.bumping_version.outputs.bumped_version }}" | |
repository: . | |
commit_user_name: HOPR CI robot | |
commit_user_email: [email protected] | |
commit_author: HOPR CI robot <[email protected]> | |
skip_fetch: false | |
skip_checkout: false | |
create_branch: false | |
lint: | |
name: Lint | |
runs-on: ubuntu-2-core | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: latest | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Lint | |
run: helm lint | |
working-directory: 'charts/hoprd-operator/' | |
package: | |
name: Package Helm Chart | |
runs-on: ubuntu-2-core | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: latest | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get Helm chart version | |
id: get_version | |
run: | | |
HELM_CHART_VERSION=$(grep '^version:' Chart.yaml | sed 's/.*: //') | |
echo "HELM_CHART_VERSION=${HELM_CHART_VERSION}" >> $GITHUB_OUTPUT | |
working-directory: 'charts/hoprd-operator/' | |
- name: Helm Package | |
run: helm package . --version ${{ steps.get_version.outputs.HELM_CHART_VERSION }} | |
working-directory: 'charts/hoprd-operator/' | |
trivy: | |
name: Helm Security Analysis | |
runs-on: ubuntu-latest | |
permissions: | |
security-events: write | |
actions: read | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 # 93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 | |
- name: Set up Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: latest | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up python | |
uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # tag=v4.7.1 | |
with: | |
python-version: 3.7 | |
- name: Run Trivy vulnerability scanner in IaC mode | |
uses: aquasecurity/trivy-action@master | |
with: | |
scan-type: 'config' | |
hide-progress: false | |
format: 'table' | |
scan-ref: 'charts/hoprd-operator/' | |
exit-code: '1' | |
ignore-unfixed: true | |
severity: 'MEDIUM,HIGH,CRITICAL' | |
generate-readme: | |
name: Generate Readme | |
runs-on: ubuntu-2-core | |
permissions: | |
contents: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup NodeJs | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- name: Install readme-generator-for-helm | |
run: npm install -g @bitnami/[email protected] | |
- name: Execute readme-generator-for-helm | |
id: generator | |
run: | | |
readme-generator --values "charts/hoprd-operator/values.yaml" --readme "charts/hoprd-operator/README.md" --schema "/tmp/schema.json" | |
if git status -s | grep charts; then | |
echo "readme_updated=true" >> $GITHUB_OUTPUT | |
fi | |
- name: Commit and push | |
if: ${{ steps.generator.outputs.readme_updated }} | |
uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
commit_message: Update parameters README.md | |
repository: . | |
commit_user_name: HOPR CI robot | |
commit_user_email: [email protected] | |
commit_author: HOPR CI robot <[email protected]> |