Skip to content

[Snyk] Security upgrade alpine from 3.14.0 to 3.19.3 #581

[Snyk] Security upgrade alpine from 3.14.0 to 3.19.3

[Snyk] Security upgrade alpine from 3.14.0 to 3.19.3 #581

Workflow file for this run

name: Helm chart
on:
push:
branches:
- master
tags:
- "chart/**/[0-9]+.[0-9]+.[0-9]+"
- "chart/**/[0-9]+.[0-9]+.[0-9]+-dev.[0-9]+"
pull_request:
env:
HELM_CHART_NAME: cloudinfo
HELM_CHART_PATH: "${{ github.workspace }}/charts/cloudinfo"
HELM_PLUGIN_CHARTMUSEUM_PUSH_VERSION: 0.9.0
HELM_PUSH_REPOSITORY_NAME: banzaicloud-stable
HELM_VERSION: 3.6.0
jobs:
helm:
name: Helm
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- uses: azure/setup-helm@v1
with:
version: ${{ env.HELM_VERSION }}
- name: Add Helm repositories
run: |
helm repo add banzaicloud-stable "https://kubernetes-charts.banzaicloud.com"
helm repo add incubator "https://charts.helm.sh/incubator"
helm repo add stable "https://charts.helm.sh/stable"
- name: Update Helm repositories
run: helm repo update
- name: Lint Helm chart
run: helm lint "${{ env.HELM_CHART_PATH }}"
- name: Update Helm chart dependencies
run: helm dependency update "${{ env.HELM_CHART_PATH }}"
- name: Package Helm chart
id: package-chart
run: |
HELM_PACKAGE_OUTPUT=$(helm package "${{ env.HELM_CHART_PATH }}") || exit 1
HELM_PACKAGE_PATH="${HELM_PACKAGE_OUTPUT##"Successfully packaged chart and saved it to: "}"
echo "HELM_PACKAGE_PATH=${HELM_PACKAGE_PATH}"
echo "helm_package_path=${HELM_PACKAGE_PATH}" >> $GITHUB_OUTPUT
- name: Set Git refname
id: set-git-refname
run: |
GIT_REFNAME="$(echo "${{ github.ref }}" | sed -r 's@refs/(heads|pull|tags)/@@g')"
echo "GIT_REFNAME=${GIT_REFNAME}"
echo "git_refname=${GIT_REFNAME}" >> $GITHUB_OUTPUT
- name: Set Helm push enabled
id: set-helm-push-enabled
run: |
HELM_PUSH_ENABLED=""
if [ "${{ github.event_name }}" == "push" ] && echo "${{ steps.set-git-refname.outputs.git_refname }}" | grep -E -q "^chart/${{ env.HELM_CHART_NAME }}/[0-9]+.[0-9]+.[0-9]+**"; then
HELM_PUSH_ENABLED=1
else
printf >&2 "Unstable chart (%s) from %s event, chart will not be pushed" "${{ steps.set-git-refname.outputs.git_refname }}" "${{ github.event_name }}"
fi
echo "HELM_PUSH_ENABLED=${HELM_PUSH_ENABLED}"
echo "helm_push_enabled=${HELM_PUSH_ENABLED}" >> $GITHUB_OUTPUT
- if: ${{ steps.set-helm-push-enabled.outputs.helm_push_enabled == 1 }}
name: Check Helm chart version in repository
run: |
EXPECTED_CHART_VERSION="$(echo "${{ steps.set-git-refname.outputs.git_refname }}" | awk -F '/' '{print $NF}')" || exit 1
ACTUAL_CHART_VERSION="$(awk '/version: [0-9]+\.[0-9]+\.[0-9]+/ {print $2}' "${{ env.HELM_CHART_PATH }}/Chart.yaml")" || exit 1
if [ "${EXPECTED_CHART_VERSION}" != "${ACTUAL_CHART_VERSION}" ]; then
printf >&2 "chart version mismatches, name: %s, expected version (from tag): %s, actual version (from chart): %s" "${{ env.HELM_CHART_NAME }}" "${EXPECTED_CHART_VERSION}" "${ACTUAL_CHART_VERSION}"
exit 1
fi
if helm search repo "${{ env.HELM_PUSH_REPOSITORY_NAME }}/${{ env.HELM_CHART_NAME }}" --version "${ACTUAL_CHART_VERSION}" --output json | jq --exit-status 'length > 0'; then
printf >&2 "chart version already exists in the repository, repository: %s, name: %s, version: %s" "${{ env.HELM_PUSH_REPOSITORY_NAME }}" "${{ env.HELM_CHART_NAME }}" "${ACTUAL_CHART_VERSION}"
exit 1
fi
- if: ${{ steps.set-helm-push-enabled.outputs.helm_push_enabled == 1 }}
name: Install Helm ChartMuseum push plugin
run: helm plugin install "https://github.com/chartmuseum/helm-push.git" --version "${{ env.HELM_PLUGIN_CHARTMUSEUM_PUSH_VERSION }}"
- if: ${{ steps.set-helm-push-enabled.outputs.helm_push_enabled == 1 }}
name: Push Helm chart
env:
HELM_REPO_PASSWORD: ${{ secrets.HELM_REPO_PASSWORD }}
HELM_REPO_USERNAME: ${{ secrets.HELM_REPO_USERNAME }}
run: helm push "${{ steps.package-chart.outputs.helm_package_path }}" "${{ env.HELM_PUSH_REPOSITORY_NAME }}"