-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit efb8f9c
Showing
27 changed files
with
1,468 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# EditorConfig is awesome: http://EditorConfig.org | ||
|
||
root = true | ||
|
||
[*] | ||
indent_style = space | ||
indent_size = 4 | ||
trim_trailing_whitespace = true | ||
insert_final_newline = true | ||
charset = utf-8 | ||
|
||
[*.{yml,yaml,md.gotmpl}] | ||
indent_size = 2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
remote: origin | ||
target-branch: main | ||
chart-dirs: | ||
- charts |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
name: Build and push COP-Helper Docker image | ||
|
||
on: | ||
schedule: | ||
- cron: '0 3 * * 1' | ||
push: | ||
branches: | ||
- main | ||
paths: | ||
- 'Dockerfile' | ||
- '.github/workflows/docker-build.yml' | ||
|
||
env: | ||
REGISTRY: ghcr.io | ||
IMAGE_NAME: ${{ github.repository }} | ||
|
||
jobs: | ||
docker: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v1 | ||
|
||
- name: Login to GitHub Container Registry | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ github.repository_owner }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Build and push | ||
uses: docker/build-push-action@v2 | ||
with: | ||
context: . | ||
platforms: linux/amd64 | ||
push: true | ||
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-helper:latest | ||
|
||
- name: Run Trivy vulnerability scanner | ||
uses: aquasecurity/trivy-action@master | ||
with: | ||
image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-helper:latest' | ||
format: 'template' | ||
template: '@/contrib/sarif.tpl' | ||
output: 'trivy-results.sarif' | ||
|
||
- name: Upload Trivy scan results to GitHub Security tab | ||
uses: github/codeql-action/upload-sarif@v1 | ||
with: | ||
sarif_file: 'trivy-results.sarif' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
name: Lint and Test Helm Chart | ||
|
||
on: | ||
pull_request: | ||
paths: | ||
- charts/** | ||
|
||
jobs: | ||
lint-test: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: Set up Helm | ||
uses: azure/setup-helm@v1 | ||
with: | ||
version: v3.5.1 | ||
|
||
# Python is required because `ct lint` runs Yamale (https://github.com/23andMe/Yamale) and | ||
# yamllint (https://github.com/adrienverge/yamllint) which require Python | ||
- name: Set up Python | ||
uses: actions/setup-python@v2 | ||
with: | ||
python-version: 3.7 | ||
|
||
- name: Set up chart-testing | ||
uses: helm/[email protected] | ||
|
||
- name: Run chart-testing (list-changed) | ||
id: list-changed | ||
run: | | ||
changed=$(ct list-changed --config .github/ct.yaml) | ||
if [[ -n "$changed" ]]; then | ||
echo "::set-output name=changed::true" | ||
fi | ||
- name: Run chart-testing (lint) | ||
run: ct lint --config .github/ct.yaml | ||
|
||
- name: Create kind cluster | ||
uses: helm/[email protected] | ||
if: steps.list-changed.outputs.changed == 'true' | ||
|
||
- name: Run chart-testing (install) | ||
run: ct install --config .github/ct.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
name: Release Chart | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
paths: | ||
- charts/** | ||
|
||
jobs: | ||
release: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: Configure Git | ||
run: | | ||
git config user.name "$GITHUB_ACTOR" | ||
git config user.email "[email protected]" | ||
- name: Install Helm | ||
uses: azure/setup-helm@v1 | ||
with: | ||
version: v3.5.1 | ||
|
||
- name: Run chart-releaser | ||
uses: helm/[email protected] | ||
env: | ||
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
name: Close stale issues | ||
|
||
on: | ||
schedule: | ||
- cron: "0 12 * * *" | ||
|
||
jobs: | ||
stale: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/stale@v3 | ||
with: | ||
repo-token: ${{ secrets.GITHUB_TOKEN }} | ||
stale-issue-message: This issue has been marked as stale because it has been open for 30 days with no activity. It will be automatically closed in 10 days if no further activity occurs. | ||
stale-pr-message: This pull request has been marked as stale because it has been open for 30 days with no activity. It will be automatically closed in 10 days if no further activity occurs. | ||
exempt-issue-labels: keep open | ||
exempt-pr-labels: keep open | ||
days-before-stale: 30 | ||
days-before-close: 10 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
name: Scan cop-helper image | ||
|
||
on: pull_request | ||
|
||
env: | ||
REGISTRY: ghcr.io | ||
IMAGE_NAME: ${{ github.repository }} | ||
|
||
jobs: | ||
scan: | ||
name: Scan cop-helper-image | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v2 | ||
|
||
- name: Build an image from Dockerfile | ||
run: | | ||
docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-helper:${{ github.sha }} . | ||
- name: Run Trivy vulnerability scanner | ||
uses: aquasecurity/trivy-action@master | ||
with: | ||
image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-helper:${{ github.sha }}' | ||
format: 'template' | ||
template: '@/contrib/sarif.tpl' | ||
output: 'trivy-results.sarif' | ||
|
||
- name: Upload Trivy scan results to GitHub Security tab | ||
uses: github/codeql-action/upload-sarif@v1 | ||
with: | ||
sarif_file: 'trivy-results.sarif' |
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
* @grieshaber @tielou |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
FROM alpine:3.14 | ||
|
||
RUN apk add yq curl --no-cache | ||
|
||
RUN curl -fsSLO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" && \ | ||
curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256" && \ | ||
echo "$(cat kubectl.sha256) kubectl" | sha256sum -c - && \ | ||
chmod +x kubectl && \ | ||
mv kubectl /usr/local/bin/ | ||
|
||
RUN addgroup -g 1001 -S cop && adduser -u 1001 -S cop -G cop | ||
USER cop |
Oops, something went wrong.