feat: Added appset information to GitHub and GitLab PRs #406
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: charts | ||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - charts/** | ||
| pull_request: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - charts/** | ||
| workflow_dispatch: | ||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.ref }} | ||
| cancel-in-progress: true | ||
| permissions: read-all | ||
| jobs: | ||
| chart: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| pages: write | ||
| security-events: write | ||
| contents: write | ||
| pull-requests: write | ||
| if: ${{ github.event_name == 'pull_request' || contains(github.ref, 'main') }} | ||
| steps: | ||
| - name: Checkout source code | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| persist-credentials: false | ||
| - name: 'Dependency Review' | ||
| if: ${{ github.event_name == 'pull_request' }} | ||
| uses: actions/dependency-review-action@v4 | ||
| with: | ||
| allow-ghsas: true | ||
| comment-summary-in-pr: always | ||
| - name: Install Helm | ||
| uses: azure/setup-helm@v4 | ||
| with: | ||
| version: v3.16.3 | ||
| - name: Setup Chart Linting | ||
| if: ${{ github.event_name == 'pull_request' }} | ||
| id: lint | ||
| uses: helm/[email protected] | ||
| - name: Run chart-testing (list-changed) | ||
| if: ${{ github.event_name == 'pull_request' }} | ||
| id: list-changed | ||
| run: | | ||
| changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) | ||
| if [[ -n "$changed" ]]; then | ||
| echo "::set-output name=changed::true" | ||
| fi | ||
| - name: Run chart-testing (lint) | ||
| if: ${{ github.event_name == 'pull_request' }} | ||
| run: ct lint --target-branch ${{ github.event.repository.default_branch }} --validate-maintainers=false | ||
| - name: Configure Git | ||
| if: ${{ contains(github.ref, 'main') }} | ||
| run: | | ||
| git config user.name "$GITHUB_ACTOR" | ||
| git config user.email "[email protected]" | ||
| - name: Copy Readme and License | ||
| if: ${{ contains(github.ref, 'main') }} | ||
| run: | | ||
| cp -v *.md charts/applicationset/ | ||
| - name: Run chart-releaser | ||
| if: ${{ contains(github.ref, 'main') }} | ||
| uses: helm/[email protected] | ||
| with: | ||
| charts_dir: charts | ||
| config: charts/cr.yml | ||
| mark_as_latest: true | ||
| env: | ||
| CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | ||
| - name: Initialize CodeQL | ||
| uses: github/codeql-action/[email protected] | ||
| continue-on-error: true | ||
| - name: Perform CodeQL Analysis | ||
| uses: github/codeql-action/[email protected] | ||
| continue-on-error: true | ||
| - name: Run Trivy vulnerability scanner | ||
| uses: aquasecurity/trivy-action@master | ||
| continue-on-error: true | ||
| with: | ||
| scan-type: 'config' | ||
| scan-ref: '.' | ||
| format: 'sarif' | ||
| output: 'trivy-results.sarif' | ||
| - name: Upload Trivy scan results to GitHub Security tab | ||
| uses: github/codeql-action/[email protected] | ||
| with: | ||
| sarif_file: 'trivy-results.sarif' | ||
| dependency-review: | ||
|
Check failure on line 99 in .github/workflows/charts.yml
|
||
| uses: saidsef/saidsef/.github/workflows/dependency-review.yaml@main | ||
| if: ${{ github.event_name == 'pull_request' }} | ||
| needs: [chart] | ||
| k8s-test: | ||
| runs-on: ubuntu-latest | ||
| needs: [chart] | ||
| if: ${{ ! contains(github.ref, 'main') }} | ||
| steps: | ||
| - name: Create k8s Kind Cluster | ||
| uses: helm/[email protected] | ||
| with: | ||
| kubectl_version: v1.29.3 # Ensure compatibility with the latest APIs | ||
| node_image: kindest/node:v1.29.2 # Match node version with kubectl for consistency | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| - name: Run K8s test | ||
| run: | | ||
| kubectl create ns argocd | ||
| kubectl apply -k https://github.com/argoproj/argo-cd/manifests/crds\?ref\=stable -n argocd | ||
| helm upgrade -i appsets charts/applicationset --namespace argocd --create-namespace | ||
| helm list -A | ||
| kubectl get all -A | ||
| kubectl get applications -A -o wide | ||
| kubectl get applicationsets -A -o wide | ||
| auto-approve: | ||
| runs-on: ubuntu-latest | ||
| needs: [chart, k8s-test] | ||
| permissions: | ||
| pull-requests: write | ||
| if: ${{ github.event_name == 'pull_request' }} | ||
| steps: | ||
| - name: Auto Approve PR | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| github.rest.pulls.createReview({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| pull_number: context.issue.number, | ||
| event: "APPROVE" | ||
| }) | ||
