This repository has been archived by the owner on Mar 14, 2024. It is now read-only.
Bump helm.sh/helm/v3 from 3.11.3 to 3.14.2 #930
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | |
| on: | |
| push: | |
| pull_request: | |
| env: | |
| HELM_CHART_DIR: helm-chart | |
| GIT_NAME: NGINX Kubernetes Team | |
| GIT_MAIL: [email protected] | |
| concurrency: | |
| group: ${{ github.ref_name }}-ci | |
| cancel-in-progress: true | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - name: Setup Golang Environment | |
| uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Lint Code | |
| uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # v3.4.0 | |
| with: | |
| version: v1.52 | |
| args: --timeout 10m | |
| - name: Lint Helm | |
| run: helm lint ${{ env.HELM_CHART_DIR }} | |
| unit-tests: | |
| name: Unit Tests | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - name: Setup Golang Environment | |
| uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Run Tests | |
| run: make test | |
| - name: Upload Coverage Report | |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: coverage-${{ github.run_id }}.html | |
| path: ${{ github.workspace }}/build/coverage.html | |
| binary: | |
| name: Build Binary | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - name: Setup Golang Environment | |
| uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Build binary | |
| uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4.2.0 | |
| with: | |
| version: latest | |
| args: ${{ startsWith(github.ref, 'refs/tags/') && 'release' || 'build --snapshot' }} --clean | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AZURE_STORAGE_ACCOUNT: ${{ secrets.AZURE_STORAGE_ACCOUNT }} | |
| AZURE_STORAGE_KEY: ${{ secrets.AZURE_STORAGE_KEY }} | |
| AZURE_BUCKET_NAME: ${{ secrets.AZURE_BUCKET_NAME }} | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@1f0aa582c8c8f5f7639610d6d38baddfea4fdcee # 0.9.2 | |
| continue-on-error: true | |
| with: | |
| scan-type: 'rootfs' | |
| scan-ref: '.' | |
| ignore-unfixed: 'true' | |
| format: 'sarif' | |
| output: 'trivy-results-nginx-service-mesh.sarif' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v2.2.12 | |
| continue-on-error: true | |
| with: | |
| sarif_file: 'trivy-results-nginx-service-mesh.sarif' | |
| - name: Upload Scan Results | |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| continue-on-error: true | |
| with: | |
| name: 'trivy-results-nginx-service-mesh.sarif' | |
| path: 'trivy-results-nginx-service-mesh.sarif' | |
| package-helm: | |
| name: Package Helm Chart | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| version: ${{ steps.var.outputs.version }} | |
| if: startsWith(github.ref, 'refs/tags/') | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - name: Output Variables | |
| id: var | |
| run: | | |
| version="$(helm show chart ${{ env.HELM_CHART_DIR }} | grep 'version:' | cut -d ' ' -f 2)" | |
| echo "version=$version" >> $GITHUB_OUTPUT | |
| - name: Package | |
| run: helm package --version ${{ steps.var.outputs.version }} ${{ env.HELM_CHART_DIR }} | |
| - name: Upload Chart | |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: helm-chart | |
| path: ${{ github.workspace }}/nginx-service-mesh-${{ steps.var.outputs.version }}.tgz | |
| release-helm: | |
| name: Release Helm Chart | |
| runs-on: ubuntu-22.04 | |
| needs: package-helm | |
| if: startsWith(github.ref, 'refs/tags/') | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| with: | |
| repository: nginxinc/helm-charts | |
| token: ${{ secrets.NGINX_PAT }} | |
| - name: Retrieve latest Helm Chart | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: helm-chart | |
| path: ${{ github.workspace }}/stable | |
| - name: Push Helm Chart | |
| run: | | |
| helm repo index stable --url https://helm.nginx.com/stable | |
| git add -A | |
| git -c user.name='${{ env.GIT_NAME }}' -c user.email='${{ env.GIT_MAIL }}' \ | |
| commit -m "NGINX Service Mesh - Release ${{ needs.package-helm.outputs.version }}" | |
| git push -u origin master |