improvement(helm): helm chart updates with security, ESO, and docs overhaul #2

Workflow file for this run

.github/workflows/helm-chart.yml at 4dc7966

	name: Helm Chart

	on:
	pull_request:
	paths:
	- 'helm/**'
	- '.github/workflows/helm-chart.yml'
	push:
	branches:
	- main
	paths:
	- 'helm/**'
	- '.github/workflows/helm-chart.yml'

	permissions:
	contents: read

	jobs:
	lint-test:
	name: Lint, unit-test, render, validate
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v3.16.2

	- name: Install helm-unittest plugin
	run: helm plugin install https://github.com/helm-unittest/helm-unittest --version v0.7.2

	- name: Helm dependency build
	run: helm dependency build helm/sim

	- name: Helm lint
	run: helm lint helm/sim --strict

	- name: Helm unit tests
	run: helm unittest helm/sim

	- name: Render every ci/*.yaml
	run: \|
	set -euo pipefail
	for f in helm/sim/ci/*.yaml; do
	echo "::group::Render $f"
	helm template release helm/sim -f "$f" > /tmp/render.yaml
	echo "::endgroup::"
	done

	- name: Install kubeconform
	run: \|
	curl -sSL -o /tmp/kubeconform.tar.gz \
	https://github.com/yannh/kubeconform/releases/download/v0.6.7/kubeconform-linux-amd64.tar.gz
	tar -xzf /tmp/kubeconform.tar.gz -C /tmp
	sudo mv /tmp/kubeconform /usr/local/bin/kubeconform
	kubeconform -v

	- name: kubeconform validate every ci/*.yaml
	run: \|
	set -euo pipefail
	for f in helm/sim/ci/*.yaml; do
	echo "::group::kubeconform $f"
	helm template release helm/sim -f "$f" \
	\| kubeconform \
	-strict \
	-ignore-missing-schemas \
	-kubernetes-version 1.30.0 \
	-summary
	echo "::endgroup::"
	done

	apiserver-dryrun:
	name: API-server dry-run on kind
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up Helm
	uses: azure/setup-helm@v4
	with:
	version: v3.16.2

	- name: Create kind cluster
	uses: helm/kind-action@v1
	with:
	version: v0.24.0
	node_image: kindest/node:v1.30.4
	wait: 120s

	- name: Helm dependency build
	run: helm dependency build helm/sim

	- name: Server-side dry-run for CRD-free ci values
	# Skips fixtures that reference CRDs (ExternalSecret, ServiceMonitor)
	# the kind cluster does not have installed. Those are still covered
	# by kubeconform in the lint-test job.
	run: \|
	set -euo pipefail
	kubectl create namespace sim
	for f in \
	helm/sim/ci/default-values.yaml \
	helm/sim/ci/existing-secret-values.yaml \
	helm/sim/ci/external-db-values.yaml; do
	echo "::group::dry-run $f"
	helm template release helm/sim \
	--namespace sim \
	-f "$f" \
	\| kubectl apply --namespace sim --dry-run=server -f -
	echo "::endgroup::"
	done

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

improvement(helm): helm chart updates with security, ESO, and docs overhaul #2

Workflow file

improvement(helm): helm chart updates with security, ESO, and docs overhaul #2

Uh oh!

Workflow file for this run