Convert hashicorp/terraform-helm to GitHub Actions (#67)

* Adding workflow .github/workflows/test.yml .github/workflows/update-helm-charts-index.yml * SHA-pin all 3rd-party actions * Restrict workflow permissions * Add actionslint * Add dependabot * Add CODEOWNERS * Update test workflow Signed-off-by: Scott Macfarlane <[email protected]> * WIP: update chart publish Signed-off-by: Scott Macfarlane <[email protected]> * Enable slack notification on failure Signed-off-by: Scott Macfarlane <[email protected]> * Use GH_TOKEN env var for gh cli to not squash GITHUB_TOKEN Signed-off-by: Scott Macfarlane <[email protected]> * Constrain actionlint to run only on changes to workflows Signed-off-by: Scott Macfarlane <[email protected]> * Correct actions-slack-status keys Signed-off-by: Scott Macfarlane <[email protected]> * Remove circleci configuration Signed-off-by: Scott Macfarlane <[email protected]> --------- Signed-off-by: Scott Macfarlane <[email protected]> Co-authored-by: Scott Macfarlane <[email protected]>
hashicorp · Apr 21, 2023 · b089619 · b089619
1 parent bd954ab
commit b089619
Show file tree

Hide file tree

Showing 5 changed files with 85 additions and 62 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,7 @@
+version: 2
+
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
@@ -0,0 +1,15 @@
+# If the repository is public, be sure to change to GitHub hosted runners
+name: Lint GitHub Actions Workflows
+on:
+  pull_request:
+    paths: 
+      - .github/workflows/**
+permissions:
+  contents: read
+jobs:
+  actionlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - name: "Check workflow files"
+        uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint:latest
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,18 @@
+name: hashicorp/terraform-helm/test
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  unit:
+    runs-on: ubuntu-latest
+    container:
+      image: docker.mirror.hashicorp.services/hashicorpdev/terraform-helm-test:0.1.0
+    steps:
+      - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
+      - name: Run Unit Tests
+        run: bats ./test/unit
diff --git a/.github/workflows/update-helm-charts-index.yml b/.github/workflows/update-helm-charts-index.yml
@@ -0,0 +1,45 @@
+name: update-helm-charts-index
+on:
+  push:
+    tags:
+      - "v.*"
+
+permissions:
+  contents: read
+
+jobs:
+  update-helm-charts-index:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
+
+      - name: verify Chart version matches tag version
+        env:
+          ref_name: ${{ github.ref_name }}
+        run: |-
+          chart_tag="$(yq '.version' Chart.yaml)"
+          git_tag="${ref_name#v}"
+          if [ "${git_tag}" != "${chart_tag}" ]; then
+            message="chart version (${chart_tag}) did not match git version (${git_tag})"
+            echo "::error title=Version Mismatch::${message}"
+            echo "${message}"
+            exit 1
+          fi
+
+      - name: update helm-charts index
+        env:
+          GH_TOKEN: ${{ secrets.HELM_CHARTS_GITHUB_TOKEN }}
+        run: |-
+          ./bin/gh workflow run publish-charts.yml \
+            --repo hashicorp/helm-charts \
+            --ref main \
+            -f SOURCE_TAG="${{ github.ref_name }}" \
+            -f SOURCE_REPO="${{ github.repository }}"
+
+      - name: send slack status
+        if: failure()
+        uses: hashicorp/actions-slack-status@v1
+        with:
+          status: "failure"
+          slack-webhook-url: ${{ secrets.SLACK_WEBHOOK }}
+          failure-message: "Failed to trigger an update to the helm charts index."