improvement(helm): helm chart updates with security, ESO, and docs overhaul #1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Helm Chart | |
| on: | |
| pull_request: | |
| paths: | |
| - 'helm/**' | |
| - '.github/workflows/helm-chart.yml' | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'helm/**' | |
| - '.github/workflows/helm-chart.yml' | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint-test: | |
| name: Lint, unit-test, render, validate | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Helm | |
| uses: azure/setup-helm@v4 | |
| with: | |
| version: v3.16.2 | |
| - name: Install helm-unittest plugin | |
| run: helm plugin install https://github.com/helm-unittest/helm-unittest --version v0.7.2 | |
| - name: Helm dependency build | |
| run: helm dependency build helm/sim | |
| - name: Helm lint | |
| run: helm lint helm/sim --strict | |
| - name: Helm unit tests | |
| run: helm unittest helm/sim | |
| - name: Render every ci/*.yaml | |
| run: | | |
| set -euo pipefail | |
| for f in helm/sim/ci/*.yaml; do | |
| echo "::group::Render $f" | |
| helm template release helm/sim -f "$f" > /tmp/render.yaml | |
| echo "::endgroup::" | |
| done | |
| - name: Install kubeconform | |
| run: | | |
| curl -sSL -o /tmp/kubeconform.tar.gz \ | |
| https://github.com/yannh/kubeconform/releases/download/v0.6.7/kubeconform-linux-amd64.tar.gz | |
| tar -xzf /tmp/kubeconform.tar.gz -C /tmp | |
| sudo mv /tmp/kubeconform /usr/local/bin/kubeconform | |
| kubeconform -v | |
| - name: kubeconform validate every ci/*.yaml | |
| run: | | |
| set -euo pipefail | |
| for f in helm/sim/ci/*.yaml; do | |
| echo "::group::kubeconform $f" | |
| helm template release helm/sim -f "$f" \ | |
| | kubeconform \ | |
| -strict \ | |
| -ignore-missing-schemas \ | |
| -kubernetes-version 1.30.0 \ | |
| -summary | |
| echo "::endgroup::" | |
| done |