Skip to content

Implement autofunding #30

Implement autofunding

Implement autofunding #30

---
name: 'Package Helm chart Operator'
on:
pull_request:
types:
- synchronize
- ready_for_review
branches:
- master
paths:
- "charts/hoprd-operator/**"
concurrency:
group: ${{ github.head_ref }}-operator
cancel-in-progress: true
jobs:
bump_version:
name: Bump version
runs-on: ubuntu-2-core
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Bump Chart version
id: bumping_version
run: |
helm_chart_version=$(grep '^version:' Chart.yaml | sed 's/.*: //')
git_tag=$(git tag -l helm-hoprd-operator-${helm_chart_version})
echo "Workspace version is helm-hoprd-operator-${helm_chart_version} while tagged is ${git_tag}"
if [ "${git_tag}" = "helm-hoprd-operator-${helm_chart_version}" ]; then
patch_number=$(echo $helm_chart_version | sed 's/.*\.//')
release_number=$(echo $helm_chart_version | sed "s/\.${patch_number}//")
bump_version=${release_number}.$((patch_number + 1))
echo "The helm chart version ${git_tag} already exists, bumping to version helm-hoprd-operator-${bump_version}";
sed -i "s/^version: ${helm_chart_version}/version: ${bump_version}/" Chart.yaml
echo "bumped_version=true" >> $GITHUB_OUTPUT
fi
working-directory: 'charts/hoprd-operator/'
- name: Commit and push
if: ${{ steps.bumping_version.outputs.bumped_version }}
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: "Bump Helm chart version to ${{ steps.bumping_version.outputs.bumped_version }}"
repository: .
commit_user_name: HOPR CI robot
commit_user_email: [email protected]
commit_author: HOPR CI robot <[email protected]>
skip_fetch: false
skip_checkout: false
create_branch: false
lint:
name: Lint
runs-on: ubuntu-2-core
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Helm
uses: azure/setup-helm@v3
with:
version: latest
token: ${{ secrets.GITHUB_TOKEN }}
- name: Lint
run: helm lint
working-directory: 'charts/hoprd-operator/'
package:
name: Package Helm Chart
runs-on: ubuntu-2-core
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Helm
uses: azure/setup-helm@v3
with:
version: latest
token: ${{ secrets.GITHUB_TOKEN }}
- name: Get Helm chart version
id: get_version
run: |
HELM_CHART_VERSION=$(grep '^version:' Chart.yaml | sed 's/.*: //')
echo "HELM_CHART_VERSION=${HELM_CHART_VERSION}" >> $GITHUB_OUTPUT
working-directory: 'charts/hoprd-operator/'
- name: Helm Package
run: helm package . --version ${{ steps.get_version.outputs.HELM_CHART_VERSION }}
working-directory: 'charts/hoprd-operator/'
trivy:
name: Helm Security Analysis
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4 # 93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
- name: Set up Helm
uses: azure/setup-helm@v3
with:
version: latest
token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up python
uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # tag=v4.7.1
with:
python-version: 3.7
- name: Run Trivy vulnerability scanner in IaC mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'config'
hide-progress: false
format: 'table'
scan-ref: 'charts/hoprd-operator/'
exit-code: '1'
ignore-unfixed: true
severity: 'MEDIUM,HIGH,CRITICAL'
trivyignores: 'charts/.trivyignore'
generate-readme:
name: Generate Readme
runs-on: ubuntu-2-core
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup NodeJs
uses: actions/setup-node@v4
with:
node-version: 18
- name: Install readme-generator-for-helm
run: npm install -g @bitnami/[email protected]
- name: Execute readme-generator-for-helm
id: generator
run: |
readme-generator --values "charts/hoprd-operator/values.yaml" --readme "charts/hoprd-operator/README.md" --schema "/tmp/schema.json"
if git status -s | grep charts; then
echo "readme_updated=true" >> $GITHUB_OUTPUT
fi
- name: Commit and push
if: ${{ steps.generator.outputs.readme_updated }}
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: Update parameters README.md
repository: .
commit_user_name: HOPR CI robot
commit_user_email: [email protected]
commit_author: HOPR CI robot <[email protected]>