add security context, update the app version and image tag (#93) #150
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Lint and Test Charts | |
on: | |
pull_request: | |
workflow_dispatch: | |
jobs: | |
lint-test: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Fetch history | |
run: git fetch --prune --unshallow | |
- name: Set up Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: 'v3.4.0' | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: 3.7 | |
- name: Set up chart-testing | |
uses: helm/chart-testing-action@v2.6.0 | |
- name: Set up nix | |
uses: cachix/install-nix-action@v24 | |
with: | |
nix_path: nixpkgs=channel:nixos-unstable | |
- name: Set up nix store cache | |
uses: actions/cache@v3 | |
with: | |
path: /tmp/nix-closure | |
# Build inputs are: | |
# - shell.nix | |
# - nix/ directory | |
key: nix-store-${{ hashFiles('default.nix', 'nix') }} | |
restore-keys: | | |
nix-store-${{ hashFiles('default.nix', 'nix') }}- | |
nix-store- | |
- name: Loads nix derivation cache | |
id: load-cache | |
run: | | |
if [[ -f /tmp/nix-closure/nix-shell.closure ]]; then | |
nix-store --import --option require-sigs false < /tmp/nix-closure/nix-shell.closure | |
echo "use-cache=true" >> $GITHUB_OUTPUT | |
fi | |
- run: | | |
nix-env -f '<nixpkgs>' -iA pkgs.direnv | |
nix-build | |
nix-shell --run "direnv allow" | |
- name: Store nix derivation cache | |
run: | | |
DERIVATION=$(readlink result) | |
echo $DERIVATION | |
mkdir -p /tmp/nix-closure | |
nix-store --export $(nix-store -qR ${DERIVATION}) > /tmp/nix-closure/nix-shell.closure | |
- name: Run chart-testing (list-changed) | |
id: list-changed | |
shell: direnv exec . bash -eo pipefail {0} | |
run: | | |
changed=$(ct list-changed) | |
if [[ -n "$changed" ]]; then | |
echo "use-cache=true" >> $GITHUB_OUTPUT | |
fi | |
- name: Run chart-testing (lint) | |
id: lint | |
shell: direnv exec . bash -eo pipefail {0} | |
run: ct lint | |
- name: Create kind cluster | |
uses: helm/kind-action@v1.5.0 | |
with: | |
node_image: "kindest/node:v1.29.0" | |
# Only build a kind cluster if there are chart changes to test. | |
if: steps.list-changed.outputs.changed == 'true' | |
- name: Run chart-testing (install) | |
if: steps.list-changed.outputs.changed == 'true' | |
shell: direnv exec . bash -eo pipefail {0} | |
run: | | |
unset KUBECONFIG | |
ct install |