diff --git a/.github/workflows/action.yaml b/.github/workflows/action.yaml index b27aced..8f04141 100644 --- a/.github/workflows/action.yaml +++ b/.github/workflows/action.yaml @@ -1,4 +1,4 @@ -name: Accuknox-Job Workflow +name: KSPM-Runtime Workflow on: push: @@ -9,6 +9,7 @@ on: branches: - "*" + jobs: tag-validate: runs-on: ubuntu-latest @@ -20,6 +21,7 @@ jobs: helm_chart_validation: runs-on: ubuntu-latest + if: always() && !contains(needs.tag-validate.result, 'failure') needs: [tag-validate] steps: - name: Checkout code @@ -31,14 +33,19 @@ jobs: chmod 700 get_helm.sh ./get_helm.sh + - name: Update Helm Dependencies + run: | + cd kspm-runtime + helm dependency update + - name: Validate Helm charts run: | - helm lint accuknox-jobs - helm template accuknox-jobs --dry-run > /dev/null + helm lint kspm-runtime + helm template kspm-runtime --dry-run > /dev/null helm_push_to_ecr: runs-on: ubuntu-latest - needs: [helm_chart_validation,tag-validate] + needs: [helm_chart_validation] steps: - name: Checkout code uses: actions/checkout@v2 @@ -60,19 +67,19 @@ jobs: run: | aws ecr-public get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin ${{ secrets.REPO }} + - name: Update Helm Dependencies + run: | + cd kspm-runtime + helm dependency update - - name: Chart versioning + - name: Chart versioning if: ( github.event_name != 'pull_request' && github.event_name != 'pull_request_target' ) - shell: bash - id: chart-version run: | - sed -i "s/^version:.*$/version: ${{ github.ref_name }}/" accuknox-jobs/Chart.yaml - sed -i "s/^appVersion:.*$/appVersion: ${{ github.ref_name }}/" accuknox-jobs/Chart.yaml - + sed -i "s/^version:.*$/version: ${{ github.ref_name }}/" kspm-runtime/Chart.yaml + sed -i "s/^appVersion:.*$/appVersion: ${{ github.ref_name }}/" kspm-runtime/Chart.yaml - - name: Package and Push Helm Charts + - name: Package and Push Helm Chart run: | - helm package accuknox-jobs - HELM_PACKAGE=$(ls accuknox-jobs-*.tgz) - helm push $HELM_PACKAGE oci://${{ secrets.REPO }} - + helm package kspm-runtime + HELM_PACKAGE=$(ls kspm-runtime-*.tgz) + helm push $HELM_PACKAGE oci://${{ secrets.REPO }} \ No newline at end of file diff --git a/.github/workflows/kspm-runtime.yaml b/.github/workflows/kspm-runtime.yaml deleted file mode 100644 index 8f04141..0000000 --- a/.github/workflows/kspm-runtime.yaml +++ /dev/null @@ -1,85 +0,0 @@ -name: KSPM-Runtime Workflow - -on: - push: - tags: - - "v[0-9]+.[0-9]+.[0-9]+" - - "v[0-9]+.[0-9]+.[0-9]+-*" - pull_request_target: - branches: - - "*" - - -jobs: - tag-validate: - runs-on: ubuntu-latest - if: startsWith(github.ref, 'refs/tags/v') - steps: - - uses: rubenesp87/semver-validation-action@0.1.0 - with: - version: ${{ github.ref_name }} - - helm_chart_validation: - runs-on: ubuntu-latest - if: always() && !contains(needs.tag-validate.result, 'failure') - needs: [tag-validate] - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Install Helm - run: | - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - chmod 700 get_helm.sh - ./get_helm.sh - - - name: Update Helm Dependencies - run: | - cd kspm-runtime - helm dependency update - - - name: Validate Helm charts - run: | - helm lint kspm-runtime - helm template kspm-runtime --dry-run > /dev/null - - helm_push_to_ecr: - runs-on: ubuntu-latest - needs: [helm_chart_validation] - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Set up AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-1 - - - name: Install Helm - run: | - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - chmod 700 get_helm.sh - ./get_helm.sh - - - name: Login to AWS ECR - run: | - aws ecr-public get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin ${{ secrets.REPO }} - - - name: Update Helm Dependencies - run: | - cd kspm-runtime - helm dependency update - - - name: Chart versioning - if: ( github.event_name != 'pull_request' && github.event_name != 'pull_request_target' ) - run: | - sed -i "s/^version:.*$/version: ${{ github.ref_name }}/" kspm-runtime/Chart.yaml - sed -i "s/^appVersion:.*$/appVersion: ${{ github.ref_name }}/" kspm-runtime/Chart.yaml - - - name: Package and Push Helm Chart - run: | - helm package kspm-runtime - HELM_PACKAGE=$(ls kspm-runtime-*.tgz) - helm push $HELM_PACKAGE oci://${{ secrets.REPO }} \ No newline at end of file diff --git a/kspm-runtime/Chart.yaml b/kspm-runtime/Chart.yaml index e3c6399..664326c 100644 --- a/kspm-runtime/Chart.yaml +++ b/kspm-runtime/Chart.yaml @@ -13,7 +13,7 @@ dependencies: repository: oci://registry-1.docker.io/accuknox condition: accuknox-agents.enabled - name: kubearmor - version: v1.4.3 + version: v1.4.6 repository: https://kubearmor.github.io/charts condition: kubearmor.enabled - name: cis-k8s-job