refactor(ci): extract get-all-charts function into workflow

teutonet · Sep 19, 2024 · cc92b57 · cc92b57
1 parent 77c08ea
commit cc92b57
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 22 deletions.
diff --git a/.github/scripts/generate-sarif-reports.sh b/.github/scripts/generate-sarif-reports.sh
@@ -12,11 +12,6 @@ function createSarifReports() {
  chartName="$(basename "$chart")"
  mkdir -p reports
 
- if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then
- echo "Skipping library chart '$chart'" >&2
- return 0
- fi
-
  # shellcheck disable=SC2046
  yq -r '.annotations["artifacthub.io/images"]' "$chart/Chart.yaml" |
  yq -r '.[] | .image' |

diff --git a/.github/workflows/get-all-charts.yaml b/.github/workflows/get-all-charts.yaml
@@ -0,0 +1,36 @@
+name: Get all Charts
+
+on:
+ workflow_call:
+ inputs:
+ showLibraryCharts:
+ type: boolean
+ default: true
+ outputs:
+ charts:
+ description: "All Charts"
+ value: ${{ jobs.getAllCharts.outputs.charts }}
+jobs:
+ getAllCharts:
+ runs-on: ubuntu-latest
+ outputs:
+ charts: ${{ steps.getCharts.outputs.charts }}
+ steps:
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+ - run: pip install yq
+ - name: Get all charts
+ id: getCharts
+ run: |
+ set -ex
+ set -o pipefail
+ (
+ echo -n charts=
+ for chart in charts/*; do
+ # shellcheck disable=SC2016
+ if [[ -f "$chart/Chart.yaml" ]] && yq --argjson showLibraryCharts '${{ inputs.showLibraryCharts }}' -e '.type != "library" or $showLibraryCharts' "$chart/Chart.yaml" >/dev/null; then
+ echo "$chart"
+ else
+ echo "Skipping library chart: '$chart'" >&2
+ fi
+ done | jq -c -Rn '[inputs]'
+ ) | tee -a "$GITHUB_OUTPUT"
diff --git a/.github/workflows/scan-for-cves.yaml b/.github/workflows/scan-for-cves.yaml
@@ -7,23 +7,9 @@ on:
 
 jobs:
  getAllCharts:
- runs-on: ubuntu-latest
- outputs:
- charts: ${{ steps.getCharts.outputs.charts }}
- steps:
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
-
- - name: Get all charts with their images
- id: getCharts
- run: |
- set -ex
- set -o pipefail
- (
- echo -n charts=
- for chart in charts/*; do
- [[ -f "$chart/Chart.yaml" ]] && echo "$chart"
- done | jq -c -Rn '[inputs]'
- ) | tee -a "$GITHUB_OUTPUT"
+ uses: ./.github/workflows/get-all-charts.yaml
+ with:
+ showLibraryCharts: false
 
  generateSarifReports:
  runs-on: ubuntu-latest