Skip to content

fix(deps): update module helm.sh/helm/v3 to v3.14.2 [security] #527

fix(deps): update module helm.sh/helm/v3 to v3.14.2 [security]

fix(deps): update module helm.sh/helm/v3 to v3.14.2 [security] #527

Workflow file for this run

name: Lint Charts
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
paths:
- "charts/**"
- "tas-installer/**"
- ".github/**"
jobs:
check-metadata:
runs-on: ubuntu-latest
env:
GO111MODULE: on
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4
with:
python-version: 3.7
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
with:
go-version: ^1
- name: Setup helm-docs
run: go install github.com/norwoodj/helm-docs/cmd/helm-docs@latest
- name: Run pre-commit
uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # renovate: tag=v3.0.0
with:
extra_args: --show-diff-on-failure
test:
runs-on: ubuntu-latest
env:
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
IMAGE_REGISTRY: registry.redhat.io
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # renovate: tag=v3.5
with:
version: v3.12.3
- uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4
with:
python-version: 3.7
- name: Set up chart-testing
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
- name: Add Sigstore Repository
run: |
helm repo add sigstore "https://sigstore.github.io/helm-charts"
helm repo update
- name: Run chart-testing (lint)
run: ct lint --config ct.yaml
- name: Log in to registry.redhat.io
uses: redhat-actions/podman-login@9184318aae1ee5034fbfbacc0388acf12669171f # v1
with:
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
registry: ${{ env.IMAGE_REGISTRY }}
auth_file_path: /tmp/config.json
- name: Create KinD Cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
with:
config: ./kind/config.yaml
- name: Install OpenShift CLI
run: |
curl -L https://mirror.openshift.com/pub/openshift-v4/clients/oc/latest/linux/oc.tar.gz | tar xvz
sudo mv oc /usr/local/bin/
oc version
- name: Configure KinD
run: |
oc create ns fulcio-system
oc create ns rekor-system
oc -n fulcio-system create secret generic fulcio-secret-rh --from-file=private=./kind/testing-only-cert-key/file_ca_key.pem --from-file=public=./kind/testing-only-cert-key/file_ca_pub.pem --from-file=cert=./kind/testing-only-cert-key/fulcio-root.pem --from-literal=password=secure --dry-run=client -o yaml | oc apply -f-
oc -n rekor-system create secret generic rekor-private-key --from-file=private=./kind/testing-only-cert-key/rekor_key.pem --dry-run=client -o yaml | oc apply -f-
shell: bash
- name: Install Keycloak
run: |
#install OLM
kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/crds.yaml
# wait for a while to be sure CRDs are installed
sleep 1
kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.25.0/olm.yaml
kubectl create --kustomize keycloak/operator/overlay/kind
until [ ! -z "$(kubectl get pod -l name=keycloak-operator -n keycloak-system 2>/dev/null)" ]
do
echo "Waiting for keycloak operator. Pods in keycloak-system namespace:"
kubectl get pods -n keycloak-system
sleep 10
done
kubectl create --kustomize keycloak/resources/overlay/kind
until [[ $( oc get keycloak keycloak -o jsonpath='{.status.ready}' -n keycloak-system 2>/dev/null) == "true" ]]
do
printf "Waiting for keycloak deployment. \n Keycloak ready: %s\n" $(oc get keycloak keycloak -o jsonpath='{.status.ready}' -n keycloak-system)
sleep 10
done
shell: bash
# tests are in charts/trusted-artifact-signer/templates/tests
- name: Run chart-testing (install)
run: |
ct install --debug --helm-extra-args "--timeout=10m" --config ct-install.yaml