Ensure secret data is quoted #157
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Chart linting | |
on: | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: {} | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
lint: | |
name: Helm chart linting | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- name: checkout repo | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 | |
with: | |
fetch-depth: 0 | |
- name: Install Helm | |
uses: Azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 | |
with: | |
version: v3.9.0 | |
# Python is required because `ct lint` runs Yamale (https://github.com/23andMe/Yamale) and | |
# yamllint (https://github.com/adrienverge/yamllint) which require Python | |
- uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4 | |
with: | |
python-version: 3.11 | |
- name: Install chart-testing | |
uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0 | |
- name: Chart linting | |
run: ct lint --config .github/ct-config.yaml | |
docs: | |
name: Validate documentation | |
runs-on: ubuntu-latest | |
timeout-minutes: 1 | |
steps: | |
- name: checkout repo | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 | |
with: | |
fetch-depth: 1 | |
- name: Render documentation | |
run: make docs | |
- name: Check git diff | |
run: | | |
git update-index -q --ignore-submodules --refresh | |
if ! git diff-files --quiet --ignore-submodules -- ; then | |
git diff --raw | |
echo '::error:: Generating documentation caused a change. Run "make docs"' && exit 1 | |
fi | |
audit: | |
name: Polaris auditing | |
runs-on: ubuntu-latest | |
timeout-minutes: 2 | |
steps: | |
- name: checkout repo | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 | |
with: | |
fetch-depth: 1 | |
- name: Install Helm | |
uses: Azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 | |
with: | |
version: v3.9.0 | |
- name: Setup polaris | |
uses: fairwindsops/polaris/.github/actions/setup-polaris@master | |
with: | |
version: 7.4.1 | |
- name: Polaris audit | |
run: | | |
for dir in charts/*; do | |
echo "::group::Running polaris audit for chart $(basename $dir)" | |
if [ ! -d "$dir/ci" ]; then | |
echo "Auditing default values" | |
polaris audit \ | |
--set-exit-code-below-score 90 \ | |
--format pretty \ | |
--config .github/polaris.yaml \ | |
--helm-chart "$dir" | |
continue | |
fi | |
for file in "$dir"/ci/*.yaml; do | |
echo "Auditing custom values: $file" | |
polaris audit \ | |
--set-exit-code-below-score 90 \ | |
--format pretty \ | |
--config .github/polaris.yaml \ | |
--helm-chart "$dir" \ | |
--helm-values "$file" | |
done | |
echo "::endgroup::" | |
done |