-
Notifications
You must be signed in to change notification settings - Fork 18
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #363 from nautobot/develop
Prepare for a new release
- Loading branch information
Showing
20 changed files
with
919 additions
and
698 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -46,14 +46,14 @@ jobs: | |
| # run only if changed files were detected | ||
| - name: "Run against changes" | ||
| uses: "pre-commit/[email protected].0" | ||
| uses: "pre-commit/[email protected].1" | ||
| if: "steps.filter.outputs.addedOrModified == 'true'" | ||
| with: | ||
| extra_args: "--files ${{ steps.filter.outputs.addedOrModified_files }}" | ||
|
|
||
| # run if no changed files were detected (e.g. workflow_dispatch on main branch) | ||
| - name: "Run against all files" | ||
| uses: "pre-commit/[email protected].0" | ||
| uses: "pre-commit/[email protected].1" | ||
| if: "steps.filter.outputs.addedOrModified != 'true'" | ||
| with: | ||
| extra_args: "--all-files" | ||
|
|
@@ -63,41 +63,40 @@ jobs: | |
| # with: | ||
| # sarif_file: "checkov.sarif" | ||
|
|
||
| # Disabling Snyk for now see https://github.com/nautobot/helm-charts/issues/340 | ||
| # snyk-security-check: | ||
| # name: "Snyk Security Scanning" | ||
| # runs-on: "ubuntu-22.04" | ||
| # env: | ||
| # GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | ||
| # steps: | ||
| # - name: "Checkout" | ||
| # uses: "actions/checkout@v4" | ||
| # - uses: "azure/setup-helm@v3" | ||
| # - run: "mkdir template_output" | ||
| # - run: "helm repo add bitnami https://charts.bitnami.com/bitnami" | ||
| # - run: "helm dependency update charts/nautobot" | ||
| # - run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml charts/nautobot --output-dir=./template_output/test-postgresql" | ||
| # - run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml -f charts/nautobot/linter_values_mysql.yaml charts/nautobot --output-dir=./template_output/test-mysql" | ||
| # - run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml -f charts/nautobot/linter_values_postgresql_ha.yaml charts/nautobot --output-dir=./template_output/test-postgresql-ha" | ||
| # - run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml charts/nautobot --output-dir=./template_output/test-defaults" | ||
| # - name: "Run Snyk to check template files for security issues" | ||
| # # Snyk can be used to break the build when it detects security issues. | ||
| # # In this case we want to upload the issues to GitHub Code Scanning | ||
| # continue-on-error: true | ||
| # uses: "snyk/actions/iac@master" | ||
| # env: | ||
| # # In order to use the Snyk Action you will need to have a Snyk API token. | ||
| # # More details in https://github.com/snyk/actions#getting-your-snyk-token | ||
| # SNYK_TOKEN: "${{ secrets.SNYK_TOKEN }}" | ||
| # with: | ||
| # # Add the path to the configuration file that you would like to test. | ||
| # # For example `deployment.yaml` for a Kubernetes deployment manifest | ||
| # # or `main.tf` for a Terraform configuration file | ||
| # file: "./template_output" | ||
| # - name: "Upload result to GitHub Code Scanning" | ||
| # uses: "github/codeql-action/upload-sarif@v2" | ||
| # with: | ||
| # sarif_file: "snyk.sarif" | ||
| snyk-security-check: | ||
| name: "Snyk Security Scanning" | ||
| runs-on: "ubuntu-22.04" | ||
| env: | ||
| GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | ||
| steps: | ||
| - name: "Checkout" | ||
| uses: "actions/checkout@v4" | ||
| - uses: "azure/setup-helm@v3" | ||
| - run: "mkdir template_output" | ||
| - run: "helm repo add bitnami https://charts.bitnami.com/bitnami" | ||
| - run: "helm dependency update charts/nautobot" | ||
| - run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml charts/nautobot --output-dir=./template_output/test-postgresql" | ||
| - run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml -f charts/nautobot/linter_values_mysql.yaml charts/nautobot --output-dir=./template_output/test-mysql" | ||
| - run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml -f charts/nautobot/linter_values_postgresql_ha.yaml charts/nautobot --output-dir=./template_output/test-postgresql-ha" | ||
| - run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml charts/nautobot --output-dir=./template_output/test-defaults" | ||
| - name: "Run Snyk to check template files for security issues" | ||
| # Snyk can be used to break the build when it detects security issues. | ||
| # In this case we want to upload the issues to GitHub Code Scanning | ||
| continue-on-error: true | ||
| uses: "snyk/actions/iac@master" | ||
| env: | ||
| # In order to use the Snyk Action you will need to have a Snyk API token. | ||
| # More details in https://github.com/snyk/actions#getting-your-snyk-token | ||
| SNYK_TOKEN: "${{ secrets.SNYK_TOKEN }}" | ||
| with: | ||
| # Add the path to the configuration file that you would like to test. | ||
| # For example `deployment.yaml` for a Kubernetes deployment manifest | ||
| # or `main.tf` for a Terraform configuration file | ||
| file: "./template_output" | ||
| - name: "Upload result to GitHub Code Scanning" | ||
| uses: "github/codeql-action/upload-sarif@v2" | ||
| with: | ||
| sarif_file: "snyk.sarif" | ||
|
|
||
| kubescape-security-check: | ||
| name: "Kubescape Security Scanning" | ||
|
|
@@ -115,26 +114,26 @@ jobs: | |
| - run: "helm repo add bitnami https://charts.bitnami.com/bitnami" | ||
| - run: "helm dependency update charts/nautobot" | ||
| - name: "Kubescape NSA Scan - Defaults" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml charts/nautobot | kubescape scan framework nsa - --fail-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml charts/nautobot | kubescape scan framework nsa - --compliance-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| - name: "Kubescape NSA Scan - PostgreSQL" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml charts/nautobot | kubescape scan framework nsa - --fail-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml charts/nautobot | kubescape scan framework nsa - --compliance-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| - name: "Kubescape NSA Scan - MySQL" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml -f charts/nautobot/linter_values_mysql.yaml charts/nautobot | kubescape scan framework nsa - --fail-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml -f charts/nautobot/linter_values_mysql.yaml charts/nautobot | kubescape scan framework nsa - --compliance-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| - name: "Kubescape NSA Scan - PostgreSQL HA" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml -f charts/nautobot/linter_values_postgresql_ha.yaml charts/nautobot | kubescape scan framework nsa - --fail-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml -f charts/nautobot/linter_values_postgresql_ha.yaml charts/nautobot | kubescape scan framework nsa - --compliance-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| - name: "Kubescape MITRE Scan - Defaults" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml charts/nautobot | kubescape scan framework mitre - --fail-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml charts/nautobot | kubescape scan framework mitre - --compliance-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| - name: "Kubescape MITRE Scan - PostgreSQL" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml charts/nautobot | kubescape scan framework mitre - --fail-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml charts/nautobot | kubescape scan framework mitre - --compliance-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| - name: "Kubescape MITRE Scan - MySQL" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml -f charts/nautobot/linter_values_mysql.yaml charts/nautobot | kubescape scan framework mitre - --fail-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml -f charts/nautobot/linter_values_mysql.yaml charts/nautobot | kubescape scan framework mitre - --compliance-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| - name: "Kubescape MITRE Scan - PostgreSQL HA" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml -f charts/nautobot/linter_values_postgresql_ha.yaml charts/nautobot | kubescape scan framework mitre - --fail-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml -f charts/nautobot/linter_values_postgresql_ha.yaml charts/nautobot | kubescape scan framework mitre - --compliance-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| - name: "Kubescape ARMOBest Scan - Defaults" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml charts/nautobot | kubescape scan framework armobest - --fail-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml charts/nautobot | kubescape scan framework armobest - --compliance-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| - name: "Kubescape ARMOBest Scan - PostgreSQL" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml charts/nautobot | kubescape scan framework armobest - --fail-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml charts/nautobot | kubescape scan framework armobest - --compliance-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| - name: "Kubescape ARMOBest Scan - MySQL" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml -f charts/nautobot/linter_values_mysql.yaml charts/nautobot | kubescape scan framework armobest - --fail-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml -f charts/nautobot/linter_values_mysql.yaml charts/nautobot | kubescape scan framework armobest - --compliance-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| - name: "Kubescape ARMOBest Scan - PostgreSQL HA" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml -f charts/nautobot/linter_values_postgresql_ha.yaml charts/nautobot | kubescape scan framework armobest - --fail-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
| run: "helm template -n testing -f charts/nautobot/linter_values_minimum.yaml -f charts/nautobot/linter_values.yaml -f charts/nautobot/linter_values_postgresql_ha.yaml charts/nautobot | kubescape scan framework armobest - --compliance-threshold 0 --exceptions ./kubescape-exceptions.json" | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.