Deduplicate findings in batches #22184
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Lint Helm chart | |
| on: | |
| pull_request: | |
| branches: | |
| - master | |
| - dev | |
| - bugfix | |
| - release/** | |
| - hotfix/** | |
| jobs: | |
| lint: | |
| name: Lint chart (version) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - name: Set up Helm | |
| uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 | |
| - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 | |
| with: | |
| python-version: 3.14 # Renovate helper is not needed here | |
| - name: Configure Helm repos | |
| run: |- | |
| helm dependency list ./helm/defectdojo | |
| helm dependency update ./helm/defectdojo | |
| - name: Set up chart-testing | |
| uses: helm/chart-testing-action@6ec842c01de15ebb84c8627d2744a0c2f2755c9f # v2.8.0 | |
| with: | |
| yamale_version: 6.0.0 # renovate: datasource=pypi depName=yamale versioning=semver | |
| yamllint_version: 1.37.1 # renovate: datasource=pypi depName=yamllint versioning=semver | |
| - name: Determine target branch | |
| id: ct-branch-target | |
| run: | | |
| if [ ! -z ${GITHUB_BASE_REF} ]; then | |
| echo "ct-branch=${GITHUB_BASE_REF}" >> $GITHUB_ENV | |
| else | |
| echo "ct-branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV | |
| fi | |
| - name: Run chart-testing (list-changed) | |
| id: list-changed | |
| run: | | |
| changed=$(ct list-changed --config ct.yaml --target-branch ${{ env.ct-branch}}) | |
| if [[ -n "$changed" ]]; then | |
| echo "changed=true" >> $GITHUB_ENV | |
| fi | |
| # run version check only if not dev as in dev we have a `x.y.z-dev` version | |
| # x.y.z gets bumped automatically when doing a release | |
| - name: Run chart-testing (lint) | |
| run: ct lint --config ct.yaml --target-branch ${{ env.ct-branch }} --check-version-increment=true | |
| if: ${{ env.changed == 'true' && env.ct-branch != 'dev' && env.ct-branch != 'bugfix' }} | |
| # run all checks but version increment always when something changed | |
| - name: Run chart-testing (lint) | |
| run: ct lint --config ct.yaml --target-branch ${{ env.ct-branch }} --check-version-increment=false | |
| if: env.changed == 'true' | |
| - name: Check update of "artifacthub.io/changes" HELM annotation | |
| if: env.changed == 'true' | |
| run: | | |
| # fast fail if `git show` fails | |
| set -e | |
| set -o pipefail | |
| target_branch=${{ env.ct-branch }} | |
| echo "Checking Chart.yaml annotation changes" | |
| # Get current branch annotation | |
| current_annotation=$(yq e '.annotations."artifacthub.io/changes"' "helm/defectdojo/Chart.yaml") | |
| echo "Current annotation: " | |
| echo $current_annotation | |
| # Get target branch version of Chart.yaml annotation | |
| target_annotation=$(git show "origin/${{ env.ct-branch }}:helm/defectdojo/Chart.yaml" | yq e '.annotations."artifacthub.io/changes"' -) | |
| echo "Target annotation: " | |
| echo $target_annotation | |
| if [[ "$current_annotation" == "$target_annotation" ]]; then | |
| echo "::error file=helm/defectdojo/Chart.yaml::The 'artifacthub.io/changes' annotation has not been updated compared to ${{ env.ct-branch }}. For more, check the hint in 'helm/defectdojo/Chart.yaml'" | |
| exit 1 | |
| fi | |
| echo "'artifacthub.io/changes' annotation updated in helm/defectdojo" | |
| # - name: Create kind cluster | |
| # uses: helm/kind-action@v1.1.0 | |
| # if: env.changed == 'true' | |
| # - name: Run chart-testing (install) | |
| # run: ct install --config ct.yaml --target-branch ${{ env.ct-branch }} --helm-extra-args '--set createSecret=true --set createRabbitMqSecret=true --set createPostgresqlSecret=true --set timeout=900' | |
| # if: env.changed == 'true' | |
| docs_generation: | |
| name: Update documentation | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Update values in HELM chart | |
| if: startsWith(github.head_ref, 'renovate/') || startsWith(github.head_ref, 'dependabot/') | |
| run: | | |
| yq -i '.annotations."artifacthub.io/changes" += "- kind: changed\n description: ${{ github.event.pull_request.title }}\n"' helm/defectdojo/Chart.yaml | |
| - name: Run helm-docs (update) | |
| uses: losisin/helm-docs-github-action@a57fae5676e4c55a228ea654a1bcaec8dd3cf5b5 # v1.6.2 | |
| if: startsWith(github.head_ref, 'renovate/') || startsWith(github.head_ref, 'dependabot/') | |
| with: | |
| chart-search-root: "helm/defectdojo" | |
| git-push: true | |
| # Documentation provided in the README file needs to contain the latest information from `values.yaml` and all other related assets. | |
| # If this step fails, install https://github.com/norwoodj/helm-docs and run locally `helm-docs --chart-search-root helm/defectdojo` before committing your changes. | |
| # The helm-docs documentation will be generated for you. | |
| - name: Run helm-docs (check) | |
| uses: losisin/helm-docs-github-action@a57fae5676e4c55a228ea654a1bcaec8dd3cf5b5 # v1.6.2 | |
| if: ! startsWith(github.head_ref, 'renovate/') || startsWith(github.head_ref, 'dependabot/') | |
| with: | |
| fail-on-diff: true | |
| chart-search-root: "helm/defectdojo" | |
| generate_schema: | |
| name: Update schema | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| # The HELM structure supports the existence of a `values.schema.json` file. This file is used to validate all values provided by the user before Helm starts rendering templates. | |
| # The chart needs to have a `values.schema.json` file that is compatible with the default `values.yaml` file. | |
| # If this step fails, install https://github.com/losisin/helm-values-schema-json and run locally `helm schema --use-helm-docs` in `helm/defectdojo` before committing your changes. | |
| # The helm schema will be generated for you. | |
| - name: Generate values schema json | |
| uses: losisin/helm-values-schema-json-action@660c441a4a507436a294fc55227e1df54aca5407 # v2.3.1 | |
| with: | |
| fail-on-diff: true | |
| working-directory: "helm/defectdojo" | |
| useHelmDocs: true | |
| values: values.yaml | |
| lint_format: | |
| name: Lint chart (format) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - name: Set up Helm | |
| uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 | |
| - name: Configure Helm repos | |
| run: |- | |
| helm dependency list ./helm/defectdojo | |
| helm dependency update ./helm/defectdojo | |
| - name: Lint | |
| run: |- | |
| helm lint ./helm/defectdojo --strict | |
| artifacthub_linter: | |
| name: Artifacthub Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Run ah lint | |
| working-directory: ./helm/defectdojo | |
| run: |- | |
| docker run --rm \ | |
| -v ${{ github.workspace }}/helm/defectdojo:/workspace \ | |
| -w /workspace \ | |
| artifacthub/ah:v1.21.0@sha256:511818fa90ce87d7132c6214e51ea6dd62eea030f5d2271ce073f948b3060972 \ | |
| ah lint |