diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 000000000..5d82e43ea --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,65 @@ +name: Release Charts + +on: + push: + branches: + - main + - master + paths: + - "charts/**" + +jobs: + release: + runs-on: ubuntu-latest + + permissions: + contents: write + packages: write + id-token: write + + steps: + - name: Checkout + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + with: + fetch-depth: 0 + + - name: Install Cosign + uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Set up Helm + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 + + - name: Add dependency chart repos + run: | + helm repo add falcosecurity https://falcosecurity.github.io/charts + + - name: Run chart-releaser + uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 + with: + charts_dir: charts + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + + - name: Login to GitHub Container Registry + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Publish and Sign OCI Charts + run: | + for chart in `find .cr-release-packages -name '*.tgz' -print`; do + helm push ${chart} oci://ghcr.io/${GITHUB_REPOSITORY} |& tee helm-push-output.log + file_name=${chart##*/} + chart_name=${file_name%-*} + digest=$(awk -F "[, ]+" '/Digest/{print $NF}' < helm-push-output.log) + cosign sign "ghcr.io/${GITHUB_REPOSITORY}/${chart_name}@${digest}" + done + env: + COSIGN_YES: true diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 000000000..18837f59b --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,59 @@ +name: Test Charts + +on: + pull_request: + paths: + - "charts/**" + +jobs: + test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 + + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 + with: + python-version: '3.x' + + - name: Set up chart-testing + uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0 + + - name: Run chart-testing (lint) + run: ct lint --config ct.yaml + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --config ct.yaml) + if [[ -n "$changed" ]]; then + echo "changed=true" >> $GITHUB_OUTPUT + fi + + - name: Create KIND Cluster + if: steps.list-changed.outputs.changed == 'true' + uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 + with: + config: ./tests/kind-config.yaml + + - name: install falco if needed (ie for falco-exporter) + if: steps.list-changed.outputs.changed == 'true' + run: | + changed=$(ct list-changed --config ct.yaml) + if [[ "$changed[@]" =~ "charts/falco-exporter" ]]; then + helm repo add falcosecurity https://falcosecurity.github.io/charts + helm repo update + helm install falco falcosecurity/falco -f ./tests/falco-test-ci.yaml + kubectl get po -A + sleep 120 + kubectl get po -A + fi + + - name: Run chart-testing (install) + if: steps.list-changed.outputs.changed == 'true' + run: ct install --config ct.yaml diff --git a/ct.yaml b/ct.yaml new file mode 100644 index 000000000..4c039c181 --- /dev/null +++ b/ct.yaml @@ -0,0 +1,9 @@ +remote: origin +validate-maintainers: false +target-branch: master +chart-repos: + - stable=https://charts.helm.sh/stable + - falcosecurity=https://falcosecurity.github.io/charts +helm-extra-args: --timeout 800s +chart-dirs: + - charts