Skip to content

OPSEXP-2364 Fixup checkov warnings #673

OPSEXP-2364 Fixup checkov warnings

OPSEXP-2364 Fixup checkov warnings #673

Workflow file for this run

name: Lint and Test Charts
on:
pull_request:
branches:
- main
jobs:
lint-test:
runs-on: ubuntu-latest
env:
INSTALL_NAMESPACE: alfresco
# See https://github.com/kubernetes-sigs/kind/releases for the latest available images
KIND_NODE_IMAGE: kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72
TEST_ALL_CHARTS: ${{ contains(github.event.pull_request.labels.*.name, 'ci-test-all') && 'true' || 'false' }}
TEST_ALL_CHARTS_ARG: ${{ contains(github.event.pull_request.labels.*.name, 'ci-test-all') && '--all' || '' }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@v3
with:
version: v3.10.2
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: 3.7
- name: Set up Unit Test plugin for Helm
env:
HELM_UNITTEST_VERSION: v0.3.4
run: |
helm plugin install https://github.com/helm-unittest/helm-unittest --version $HELM_UNITTEST_VERSION
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.6.1
with:
version: v3.8.0
- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --config ct-lint.yaml)
if [[ -n "$changed" || "$TEST_ALL_CHARTS" == "true" ]]; then
echo "changed=true" >> $GITHUB_OUTPUT
fi
- name: Run chart-testing (lint)
if: steps.list-changed.outputs.changed == 'true'
run: ct lint --config ct-lint.yaml $TEST_ALL_CHARTS_ARG
- name: Create kind cluster
uses: helm/kind-action@v1.8.0
with:
node_image: ${{ env.KIND_NODE_IMAGE }}
if: steps.list-changed.outputs.changed == 'true'
- name: Login to Quay.io
uses: docker/login-action@v3
if: steps.list-changed.outputs.changed == 'true'
with:
registry: quay.io
username: ${{ secrets.quay_username }}
password: ${{ secrets.quay_password }}
- name: Prepare namespace for install
if: steps.list-changed.outputs.changed == 'true'
run: |
kubectl create ns "$INSTALL_NAMESPACE"
kubectl create secret generic quay-registry-secret --from-file=.dockerconfigjson="${HOME}"/.docker/config.json --type=kubernetes.io/dockerconfigjson -n "$INSTALL_NAMESPACE"
kubectl create secret generic broker-secret --from-literal=BROKER_URL="failover:(nio://activemq:61616)?timeout=3000" --from-literal=BROKER_USERNAME=admin --from-literal=BROKER_PASSWORD=admin -n "$INSTALL_NAMESPACE"
- name: Prepare charts mocks for testing
if: steps.list-changed.outputs.changed == 'true'
run: |
ITER_CMD="ct lsc --config ct-lint.yaml"
if [[ "$TEST_ALL_CHARTS" == "true" ]]; then
ITER_CMD="ls -1 charts | awk -v prefix='charts/' '{print prefix \$0}'"
fi
for C in $(eval $ITER_CMD); do
if [ -d "${C}/ci/kustomize/" ]; then
echo "Prepare mocks for ${C}"
pushd "${C}/ci/kustomize/"
kubectl kustomize --enable-helm . | \
kubectl -n "$INSTALL_NAMESPACE" apply -f -
popd
fi
done
- name: Run chart-testing (install)
run: |
ct install --config ct-install.yaml \
--namespace "$INSTALL_NAMESPACE" $TEST_ALL_CHARTS_ARG