Merge pull request #87 from colearendt/fix-ci
Fix ci permissions
diff --git a/.github/actions/chart-releaser-action b/.github/actions/chart-releaser-action
new file mode 160000
index 0000000..a3454e4
--- /dev/null
+++ b/.github/actions/chart-releaser-action
@@ -0,0 +1 @@
+Subproject commit a3454e46a6f5ac4811069a381e646961dda2e1bf
diff --git a/.github/actions/chart-testing-action b/.github/actions/chart-testing-action
new file mode 160000
index 0000000..dae259e
--- /dev/null
+++ b/.github/actions/chart-testing-action
@@ -0,0 +1 @@
+Subproject commit dae259e86a35ff09145c0805e2d7dd3f7207064a
diff --git a/.github/actions/kind-action b/.github/actions/kind-action
new file mode 160000
index 0000000..d08cf6f
--- /dev/null
+++ b/.github/actions/kind-action
@@ -0,0 +1 @@
+Subproject commit d08cf6ff1575077dee99962540d77ce91c62387d
diff --git a/.github/workflows/chart-rebuild.yaml b/.github/workflows/chart-rebuild.yaml
index 9edb835..37971b5 100644
--- a/.github/workflows/chart-rebuild.yaml
+++ b/.github/workflows/chart-rebuild.yaml
@@ -1,7 +1,12 @@
+# Will be superseded by https://github.com/helm/chart-releaser/issues/133
name: Rebuild index.yaml manually
on:
workflow_dispatch:
+permissions:
+ contents: write
+ pull-requests: write
+
jobs:
rebuild:
runs-on: ubuntu-latest
@@ -9,6 +14,7 @@
- name: Checkout
uses: actions/checkout@v2
with:
+ persist-credentials: false
ref: 'gh-pages'
fetch-depth: 0
@@ -19,7 +25,7 @@
- name: Rebuild index.yaml
env:
- version: v1.4.0
+ version: v1.5.0
run: |
if [[ ! -d "$RUNNER_TOOL_CACHE" ]]; then
echo "Cache directory '$RUNNER_TOOL_CACHE' does not exist" >&2
diff --git a/.github/workflows/chart-releaser.yaml b/.github/workflows/chart-releaser.yaml
index 5fcef0c..7d152f8 100644
--- a/.github/workflows/chart-releaser.yaml
+++ b/.github/workflows/chart-releaser.yaml
@@ -5,6 +5,10 @@
branches:
- main
+permissions:
+ contents: read
+ deployments: write
+
jobs:
release:
runs-on: ubuntu-latest
@@ -13,6 +17,8 @@
uses: actions/checkout@v2
with:
fetch-depth: 0
+ persist-credentials: false
+ submodules: recursive
- name: Configure Git
run: |
@@ -25,7 +31,7 @@
version: v3.6.3
- name: Run chart-releaser
- uses: helm/chart-releaser-action@v1.4.0
+ uses: ./.github/actions/chart-releaser-action
with:
charts_dir: .
charts_repo_url: https://apache.github.io/couchdb-helm
diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml
index b5156d5..9329966 100644
--- a/.github/workflows/chart-test.yaml
+++ b/.github/workflows/chart-test.yaml
@@ -5,6 +5,15 @@
branches:
- main
pull_request:
+ paths:
+ - '.github/workflows/chart-test.yaml'
+ - '.github/actions/**'
+ - 'couchdb/**'
+
+permissions:
+ checks: write
+ contents: read
+ statuses: write
jobs:
lint:
@@ -14,6 +23,8 @@
uses: actions/checkout@v2
with:
fetch-depth: 0
+ persist-credentials: false
+ submodules: recursive
- name: Set up Helm
uses: azure/setup-helm@v1
@@ -21,22 +32,9 @@
version: v3.6.3
- name: Set up chart-testing
- uses: helm/chart-testing-action@v2.1.0
-
- - name: Run chart-testing (list-changed)
- id: list-changed
- run: |
- changed=$(ct list-changed --target-branch main --chart-dirs .)
- if [[ -n "$changed" ]]; then
- echo "::set-output name=changed::true"
- fi
-
- - name: Run chart-testing (lint changed)
- if: ${{ github.ref != 'refs/heads/main' }}
- run: ct lint --target-branch main --chart-dirs .
+ uses: ./.github/actions/chart-testing-action
- name: Run chart-testing (lint all)
- if: ${{ github.ref == 'refs/heads/main' }}
run: ct lint --target-branch main --all --chart-dirs .
install:
@@ -46,6 +44,8 @@
uses: actions/checkout@v2
with:
fetch-depth: 0
+ persist-credentials: false
+ submodules: recursive
- name: Set up Helm
uses: azure/setup-helm@v1
@@ -53,28 +53,10 @@
version: v3.6.3
- name: Set up chart-testing
- uses: helm/chart-testing-action@v2.2.1
-
- - name: Run chart-testing (list-changed)
- id: list-changed
- run: |
- changed=$(ct list-changed --target-branch main --chart-dirs .)
- if [[ -n "$changed" ]]; then
- echo "::set-output name=changed::true"
- fi
+ uses: ./.github/actions/chart-testing-action
- name: Create kind cluster
- uses: helm/kind-action@v1.2.0
- if: ( steps.list-changed.outputs.changed == 'true' ) || ${{ github.ref == 'refs/heads/main' }}
+ uses: ./.github/actions/kind-action
- # no allow-failure until https://github.com/actions/toolkit/issues/399
- - name: Run chart-testing (install changed)
- if: ${{ github.ref != 'refs/heads/main' }}
- run: ct install --target-branch main --chart-dirs --upgrade .
- continue-on-error: true
-
- # no allow-failure until https://github.com/actions/toolkit/issues/399
- name: Run chart-testing (install all)
- if: ${{ github.ref == 'refs/heads/main' }}
- run: ct install --target-branch main --all --chart-dirs --upgrade .
- continue-on-error: true
+ run: ct install --target-branch main --all --upgrade --chart-dirs .
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..e7cadd5
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,9 @@
+[submodule ".github/actions/chart-testing-action"]
+ path = .github/actions/chart-testing-action
+ url = https://github.com/helm/chart-testing-action.git
+[submodule ".github/actions/kind-action"]
+ path = .github/actions/kind-action
+ url = https://github.com/helm/kind-action.git
+[submodule ".github/actions/chart-releaser-action"]
+ path = .github/actions/chart-releaser-action
+ url = https://github.com/helm/chart-releaser-action.git