Skip to content

chore(deps): update aquasec/trivy docker tag to v0.58.0 #2130

chore(deps): update aquasec/trivy docker tag to v0.58.0

chore(deps): update aquasec/trivy docker tag to v0.58.0 #2130

Workflow file for this run

name: Lint and test charts - current
on: pull_request
jobs:
yamllint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Add dependency chart repos
run: |
helm repo add lagoon https://uselagoon.github.io/lagoon-charts/
helm repo add amazeeio https://amazeeio.github.io/charts/
helm repo add nats https://nats-io.github.io/k8s/helm/charts/
helm repo add kube-logging https://kube-logging.github.io/helm-charts
- name: Generate helm templates
run: |
cd charts
# hacky workaround for lagoon-test templated values
tests=[foo,bar] envsubst '$tests' < lagoon-test/ci/linter-values.yaml.tpl > lagoon-test/ci/linter-values.yaml
for chart in *; do
helm dependency build $chart
mkdir -p /tmp/charts/$chart
helm template $chart $chart \
--values $chart/ci/linter-values.yaml \
--output-dir /tmp/charts/$chart
done
# workaround until logging-operator templates are fixed:
# https://github.com/banzaicloud/logging-operator/pull/792
rm -rf /tmp/charts/lagoon-logging/lagoon-logging/charts/logging-operator
# workaround until nats templates are fixed
rm -rf /tmp/charts/lagoon-remote/lagoon-remote/charts/nats
rm -rf /tmp/charts/lagoon-core/lagoon-core/charts/nats
- name: Lint the templates
run: |
set -euo pipefail
cat > .yamllint <<EOF
extends: default
rules:
indentation:
indent-sequences: consistent
line-length: disable
EOF
yamllint -f parsable /tmp/charts | awk -F: '{print; system("sed \"" $2 "q;d\" " $1)}'
# runs for all charts other than lagoon-test, which is excluded in
# default.ct.yaml
lint-test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: "0"
- name: Set up chart-testing dependencies
run: sudo apt-get -y install python3-wheel
- name: Set up chart-testing
uses: helm/[email protected]
- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --config ./default.ct.yaml)
if [[ "$changed" ]]; then
echo "changed=true" >> $GITHUB_OUTPUT
echo "$changed"
fi
- name: Run chart-testing (lint)
run: ct lint --config ./default.ct.yaml
- name: Create kind cluster
uses: helm/[email protected]
with:
version: v0.24.0
node_image: kindest/node:v1.30.4@sha256:976ea815844d5fa93be213437e3ff5754cd599b040946b5cca43ca45c2047114
kubectl_version: v1.30.4
if: |
(steps.list-changed.outputs.changed == 'true') ||
(contains(github.event.pull_request.labels.*.name, 'needs-testing'))
- name: Run chart-testing (install changed only)
run: |
ct install --config ./default.ct.yaml --helm-extra-args "--timeout 30m"
if: ${{ !contains(github.event.pull_request.labels.*.name, 'next-release') && !contains(github.event.pull_request.labels.*.name, 'needs-testing') }}
- name: Run chart-testing (install changed next-release only)
run: |
yq eval-all --inplace 'select(fileIndex == 0) * select(fileIndex == 1)' ./charts/lagoon-core/ci/linter-values.yaml ./charts/lagoon-core/ci/testlagoon-main-override.yaml
ct install --config ./default.ct.yaml --helm-extra-args "--timeout 30m"
if: ${{ contains(github.event.pull_request.labels.*.name, 'next-release') }}
# - name: Run chart-testing (upgrade changed next-release only)
# run: |
# ct install --upgrade --config ./default.ct.yaml --helm-extra-args "--timeout 30m"
# if: ${{ contains(github.event.pull_request.labels.*.name, 'next-release') }}
- name: Run chart-testing (install all charts when required)
run: ct install --config ./default.ct.yaml --helm-extra-args "--timeout 30m" --all
if: ${{ contains(github.event.pull_request.labels.*.name, 'next-release') || contains(github.event.pull_request.labels.*.name, 'needs-testing') }}
linter-artifacthub:
runs-on: ubuntu-latest
container:
image: artifacthub/ah
options: --user root
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run ah lint
working-directory: ./charts/
run: ah lint
artifacthub-changelog:
if: ${{ !contains(github.event.pull_request.labels.*.name, 'automated-dependencies') }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: "0"
- name: Install gojq
run: |
cd /tmp
curl -sSLO https://github.com/itchyny/gojq/releases/download/v0.12.16/gojq_v0.12.16_linux_amd64.tar.gz
tar -xf ./gojq_v0.12.16_linux_amd64.tar.gz
sudo cp /tmp/gojq_v0.12.16_linux_amd64/gojq /usr/local/bin/gojq
- name: Run artifacthub.io changelog check
run: |
for chartyaml in $(git diff --name-only origin/main | awk -F/ '/^charts\// { printf "%s/%s/%s\n",$1,$2,"Chart.yaml" }' | sort -u); do
if diff <(gojq -r --yaml-input '.annotations."artifacthub.io/changes"' <(git show HEAD:$chartyaml)) <(gojq -r --yaml-input '.annotations."artifacthub.io/changes"' <(git show origin/main:$chartyaml)); then
echo "$chartyaml artifacthub.io changelog needs an update!"
exit 1
fi
done