Skip to content

Commit

Permalink
Use cosign to verify the release and update chart-testing to v3.8.0 (#…
Browse files Browse the repository at this point in the history
…116)

* use cosign to verify the release artifact

Signed-off-by: cpanato <ctadeu@gmail.com>

* bump chart-testing to v3.8.0

Signed-off-by: cpanato <ctadeu@gmail.com>

---------

Signed-off-by: cpanato <ctadeu@gmail.com>
  • Loading branch information
cpanato authored Mar 24, 2023
1 parent 68148c9 commit e878887
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 14 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/test-action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ jobs:
ct version
CT_VERSION_OUTPUT=$(ct version 2>&1 /dev/null)
ACTUAL_VERSION=$(echo "$CT_VERSION_OUTPUT" | grep Version | rev | cut -d ' ' -f1 | rev)
if [[ $ACTUAL_VERSION != 'v3.7.1' ]]; then
echo 'should be v3.7.1'
if [[ $ACTUAL_VERSION != 'v3.8.0' ]]; then
echo 'should be v3.8.0'
exit 1
else
exit 0
Expand All @@ -41,16 +41,16 @@ jobs:
- name: Install chart-testing
uses: ./
with:
version: 'v3.5.1'
version: 'v3.7.1'
yamllint_version: '1.27.1'
yamale_version: '3.0.4'
- name: Check install!
run: |
ct version
CT_VERSION_OUTPUT=$(ct version 2>&1 /dev/null)
ACTUAL_VERSION=$(echo "$CT_VERSION_OUTPUT" | grep Version | rev | cut -d ' ' -f1 | rev)
if [[ $ACTUAL_VERSION != 'v3.5.1' ]]; then
echo 'should be v3.5.1'
if [[ $ACTUAL_VERSION != 'v3.7.1' ]]; then
echo 'should be v3.7.1'
exit 1
else
exit 0
Expand Down
11 changes: 5 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ A GitHub Action for installing the [helm/chart-testing](https://github.com/helm/

For more information on inputs, see the [API Documentation](https://developer.github.com/v3/repos/releases/#input)

- `version`: The chart-testing version to install (default: `v3.7.1`)
- `version`: The chart-testing version to install (default: `v3.8.0`)
- `yamllint_version`: The chart-testing version to install (default: `1.27.1`)
- `yamale_version`: The chart-testing version to install (default: `3.0.4`)

Expand Down Expand Up @@ -44,15 +44,15 @@ jobs:
- name: Set up Helm
uses: azure/setup-helm@v3
with:
version: v3.10.0
version: v3.11.2

- uses: actions/setup-python@v4
with:
python-version: '3.9'
check-latest: true

- name: Set up chart-testing
uses: helm/chart-testing-action@v2.3.1
uses: helm/chart-testing-action@v2.4.0

- name: Run chart-testing (list-changed)
id: list-changed
Expand All @@ -67,13 +67,12 @@ jobs:
run: ct lint --target-branch ${{ github.event.repository.default_branch }}

- name: Create kind cluster
uses: helm/kind-action@v1.4.0
if: steps.list-changed.outputs.changed == 'true'
uses: helm/kind-action@v1.4.0

- name: Run chart-testing (install)
run: ct install --target-branch ${{ github.event.repository.default_branch }}
if: steps.list-changed.outputs.changed == 'true'

run: ct install --target-branch ${{ github.event.repository.default_branch }}
```
This uses [`helm/kind-action`](https://www.github.com/helm/kind-action) GitHub Action to spin up a [kind](https://kind.sigs.k8s.io/) Kubernetes cluster,
Expand Down
5 changes: 3 additions & 2 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@ branding:
icon: anchor
inputs:
version:
description: "The chart-testing version to install (default: v3.7.1)"
description: "The chart-testing version to install (default: v3.8.0)"
required: false
default: v3.7.1
default: v3.8.0
yamllint_version:
description: "The yamllint version to install (default: 1.27.1)"
required: false
Expand All @@ -20,6 +20,7 @@ inputs:
runs:
using: composite
steps:
- uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1
- run: |
cd $GITHUB_ACTION_PATH \
&& ./ct.sh \
Expand Down
14 changes: 13 additions & 1 deletion ct.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ set -o errexit
set -o nounset
set -o pipefail

DEFAULT_CHART_TESTING_VERSION=v3.7.1
DEFAULT_CHART_TESTING_VERSION=v3.8.0
DEFAULT_YAMLLINT_VERSION=1.27.1
DEFAULT_YAMALE_VERSION=3.0.4

Expand Down Expand Up @@ -88,7 +88,19 @@ install_chart_testing() {
mkdir -p "$cache_dir"

echo "Installing chart-testing ${version}..."
CT_CERT=https://github.com/helm/chart-testing/releases/download/$version/chart-testing_${version#v}_linux_amd64.tar.gz.pem
CT_SIG=https://github.com/helm/chart-testing/releases/download/$version/chart-testing_${version#v}_linux_amd64.tar.gz.sig

curl --retry 5 --retry-delay 1 -sSLo ct.tar.gz "https://github.com/helm/chart-testing/releases/download/$version/chart-testing_${version#v}_linux_amd64.tar.gz"
cosign verify-blob --certificate $CT_CERT --signature $CT_SIG \
--certificate-identity "https://github.com/helm/chart-testing/.github/workflows/release.yaml@refs/heads/main" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" ct.tar.gz
retVal=$?
if [[ "$retVal" -ne 0 ]]; then
log_error "Unable to validate chart-testing version: ${version}"
exit 1
fi

tar -xzf ct.tar.gz -C "$cache_dir"
rm -f ct.tar.gz

Expand Down

0 comments on commit e878887

Please sign in to comment.