feat(chart): Set allowPrivilegeEscalation: false
#20
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test and Push Helm Chart on new Tag | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| jobs: | |
| test_and_push_helm_chart: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Get Latest Semantic Version | |
| id: get_latest_version | |
| uses: PSanetra/git-semver-actions/latest@v1 | |
| - name: Set up Helm | |
| uses: azure/setup-helm@v3 | |
| - name: Install Helm Unittest Plugin | |
| run: helm plugin install https://github.com/helm-unittest/helm-unittest | |
| - name: Run Helm Lint | |
| run: helm lint chart --strict | |
| - name: Run Helm Unit Tests | |
| run: helm unittest chart --strict | |
| - name: Create kind cluster | |
| uses: helm/kind-action@v1 | |
| with: | |
| cluster_name: kind | |
| - uses: docker/build-push-action@v6 | |
| name: Build current image as base for Angular example | |
| with: | |
| context: . | |
| push: false | |
| pull: true | |
| tags: "codecentric/single-page-application-server:1-nginx-stable-alpine" | |
| build-args: NGINX_TAG=stable-alpine | |
| - uses: docker/build-push-action@v6 | |
| name: Build Angular example image | |
| with: | |
| context: examples/angular | |
| push: false | |
| pull: false | |
| tags: "angular-example:latest" | |
| - name: Copy image to kind node | |
| run: kind load docker-image "angular-example:latest" | |
| - name: Set up chart-testing | |
| uses: helm/chart-testing-action@v2 | |
| - name: Run chart-testing in kind | |
| run: ct install --config chart/ci/ct.yaml | |
| - name: Package Helm Chart | |
| run: helm package chart -u --version ${{ steps.get_latest_version.outputs.version }} --destination . | |
| - name: Install yq | |
| run: sudo snap install yq | |
| - name: Push Helm Chart to OCI Registry | |
| run: | | |
| echo '${{ secrets.DOCKER_PASSWORD }}' | helm registry login ${{ vars.HELM_REGISTRY }} --username '${{ secrets.DOCKER_USERNAME }}' --password-stdin | |
| helm push $(yq -r '.name' ./chart/Chart.yaml | tr -d '\n')-${{ steps.get_latest_version.outputs.version }}.tgz ${{ vars.HELM_REPOSITORY }} |