From 1791bb2cd5d5ec66a330b1ed44f4a3283f40c95a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Lajus?= <74196307+Superfluxx@users.noreply.github.com> Date: Wed, 1 Apr 2026 11:39:56 +0200 Subject: [PATCH 1/2] Update pipeline (#22) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Added support fir build-args for container-ci workflow * Added default build-args logic, and renamed the build-args input parameter ti extra-build-args * Added custom user-defined tags support * Added support for ignoring hadolint rules * Added missing git metadata step * Modified author injection for commit vars * Added debug step for commit author * Added missing git fetch info * Updated git tech depth * Updated fetch depth * Fixed steps order in docker image build step * Fixed formatting issues with args * Refactored arg parse for docker build * Rationalized build args steps * Added missing checkout step * Trimmed arg-json command * Updated args json for build-args phase * Updated build-args logic * Updated build-args logic * Updated and refactored : - Added support for Dockles Ignore - Added support for Trivy Ignores - Optimized workflow by removing duplicated steps qs much as possible whilst keeping parallelization - Renamed a few steps for clarity * Updated defaults for a few params * Fixed weog version definition and updated parameters * Refactored an bu,ped hadolint action version * Added skip trivy init where it as needed * Fixed wrong dockle parameter for scan * Updated README * Made artifacts refere,ce unique * Updated docs * Cheese dockle by running it from binary * Clean dockle step and add argument handleling * Fix tentative when building chart depedencies -> ignoring oci repositories * Added fix at frst step too * Added back missing chart dir as param * Doc update : calling workflows * Change release suffix condition for dev branch * Change condition for running chart-releaser on branches * Add release steps for feature branch in CI workflow * add skip * Comment on repository OCI definition * fix CI * Clarify release types and update workflow references Updated README to clarify release management and workflow usage. * update rules * Fix config on CI Linter * fix Yaml Linter error * Fix Linter Errors * Fix : Error: ub/workflows/ci.yml:11:16: [error] too many spaces inside brackets (brackets) Error: ub/workflows/ci.yml:11:24: [error] too few spaces after comma (commas) Error: ub/workflows/ci.yml:11:29: [error] too many spaces inside brackets (brackets) * add exclusion OCI helm repository * refactoring + set path * rebuild DEV / SNAPSHOT every time called * fix chart release that not update index.yaml * fix yaml lint errors * refactor * update version of tools used by the workflow * add checkout * set the version of helm (same in all steps) * Log more info for the name of the version * Update config for chart-Releaser * skip upload if it is already made * remove download * try without upload / download at each job the chart * Need source for Polaris Scan * Delete release before create it again * skip if existe * from main * new line at end of file * test option with index * add feature branch in release process * Choose the right package-path * fix linter error : Error: ub/workflows/chart-ci.yml:361:1: [error] too many blank lines (1 > 0) (empty-lines) * remove CR releaser * downgrade chart-releaser plugin * remove download chart * [Temporary] Disable Helm, Checkout, Downloard pakaged Chart * Add Chechout step * Add Helm * All do in 1 job * Adjust task order in the job * Replace chart-releaser by specifics steps. * uncomment the right step for snapshot version name * remove tag creation * add login for fetch gh-pages * Clean before MR * add merge with helm before cr index * update url in index.yaml * update index with cr_releaser 1.7.0 * Fix for "chart-cr" action bug https://github.com/helm/chart-releaser-action/issues/171#issuecomment-2372464055 * same error * Put latest tag at the right step * again : latest_tag * Latest tag * Latest * Latest tag from $tag * Latest * export latest * CR and GH * Prepare git for chart-releaser * Latest * CR update * do it by cr * Fix version in chart. * Update CR rags + upload release * remove upload in case : immutable release * Cr args : owner and repo * Remove unused instructions * Add git login * remove OCI in dependancies list * Remove Hardcode * lower ? * name use for tag and for CR * Name * Name * Name * Name * Name * Name * looking for folder structure load for gh-pages branch * Name * Name . * Ref the commit that run the workflow * Add changelog.md as ref to release * Update trivy action to 0.35.0 (#15) * Update trivy (#19) * Fix release on Immutable TAG / RELEASE - Yaml Linter (#12) * Added support fir build-args for container-ci workflow * Added default build-args logic, and renamed the build-args input parameter ti extra-build-args * Added custom user-defined tags support * Added support for ignoring hadolint rules * Added missing git metadata step * Modified author injection for commit vars * Added debug step for commit author * Added missing git fetch info * Updated git tech depth * Updated fetch depth * Fixed steps order in docker image build step * Fixed formatting issues with args * Refactored arg parse for docker build * Rationalized build args steps * Added missing checkout step * Trimmed arg-json command * Updated args json for build-args phase * Updated build-args logic * Updated build-args logic * Updated and refactored : - Added support for Dockles Ignore - Added support for Trivy Ignores - Optimized workflow by removing duplicated steps qs much as possible whilst keeping parallelization - Renamed a few steps for clarity * Updated defaults for a few params * Fixed weog version definition and updated parameters * Refactored an bu,ped hadolint action version * Added skip trivy init where it as needed * Fixed wrong dockle parameter for scan * Updated README * Made artifacts refere,ce unique * Updated docs * Cheese dockle by running it from binary * Clean dockle step and add argument handleling * Fix tentative when building chart depedencies -> ignoring oci repositories * Added fix at frst step too * Added back missing chart dir as param * Doc update : calling workflows * Change release suffix condition for dev branch * Change condition for running chart-releaser on branches * Add release steps for feature branch in CI workflow * add skip * Comment on repository OCI definition * fix CI * Clarify release types and update workflow references Updated README to clarify release management and workflow usage. * update rules * Fix config on CI Linter * fix Yaml Linter error * Fix Linter Errors * Fix : Error: ub/workflows/ci.yml:11:16: [error] too many spaces inside brackets (brackets) Error: ub/workflows/ci.yml:11:24: [error] too few spaces after comma (commas) Error: ub/workflows/ci.yml:11:29: [error] too many spaces inside brackets (brackets) * add exclusion OCI helm repository * refactoring + set path * rebuild DEV / SNAPSHOT every time called * fix chart release that not update index.yaml * fix yaml lint errors * refactor * update version of tools used by the workflow * add checkout * set the version of helm (same in all steps) * Log more info for the name of the version * Update config for chart-Releaser * skip upload if it is already made * remove download * try without upload / download at each job the chart * Need source for Polaris Scan * Delete release before create it again * skip if existe * from main * new line at end of file * test option with index * add feature branch in release process * Choose the right package-path * fix linter error : Error: ub/workflows/chart-ci.yml:361:1: [error] too many blank lines (1 > 0) (empty-lines) * remove CR releaser * downgrade chart-releaser plugin * remove download chart * [Temporary] Disable Helm, Checkout, Downloard pakaged Chart * Add Chechout step * Add Helm * All do in 1 job * Adjust task order in the job * Replace chart-releaser by specifics steps. * uncomment the right step for snapshot version name * remove tag creation * add login for fetch gh-pages * Clean before MR * add merge with helm before cr index * update url in index.yaml * update index with cr_releaser 1.7.0 * Fix for "chart-cr" action bug https://github.com/helm/chart-releaser-action/issues/171#issuecomment-2372464055 * same error * Put latest tag at the right step * again : latest_tag * Latest tag * Latest * Latest tag from $tag * Latest * export latest * CR and GH * Prepare git for chart-releaser * Latest * CR update * do it by cr * Fix version in chart. * Update CR rags + upload release * remove upload in case : immutable release * Cr args : owner and repo * Remove unused instructions * Add git login * remove OCI in dependancies list * Remove Hardcode * lower ? * name use for tag and for CR * Name * Name * Name * Name * Name * Name * looking for folder structure load for gh-pages branch * Name * Name . * Ref the commit that run the workflow * Add changelog.md as ref to release --------- Co-authored-by: Kévin ZGRZENDEK Co-authored-by: Kévin ZGRZENDEK Co-authored-by: Lajus Co-authored-by: Cédric Lajus <74196307+Superfluxx@users.noreply.github.com> * trivy (#16) * Added support fir build-args for container-ci workflow * Added default build-args logic, and renamed the build-args input parameter ti extra-build-args * Added custom user-defined tags support * Added support for ignoring hadolint rules * Added missing git metadata step * Modified author injection for commit vars * Added debug step for commit author * Added missing git fetch info * Updated git tech depth * Updated fetch depth * Fixed steps order in docker image build step * Fixed formatting issues with args * Refactored arg parse for docker build * Rationalized build args steps * Added missing checkout step * Trimmed arg-json command * Updated args json for build-args phase * Updated build-args logic * Updated build-args logic * Updated and refactored : - Added support for Dockles Ignore - Added support for Trivy Ignores - Optimized workflow by removing duplicated steps qs much as possible whilst keeping parallelization - Renamed a few steps for clarity * Updated defaults for a few params * Fixed weog version definition and updated parameters * Refactored an bu,ped hadolint action version * Added skip trivy init where it as needed * Fixed wrong dockle parameter for scan * Updated README * Made artifacts refere,ce unique * Updated docs * Cheese dockle by running it from binary * Clean dockle step and add argument handleling * Fix tentative when building chart depedencies -> ignoring oci repositories * Added fix at frst step too * Added back missing chart dir as param * Doc update : calling workflows * Change release suffix condition for dev branch * Change condition for running chart-releaser on branches * Add release steps for feature branch in CI workflow * add skip * Comment on repository OCI definition * fix CI * Clarify release types and update workflow references Updated README to clarify release management and workflow usage. * update rules * Fix config on CI Linter * fix Yaml Linter error * Fix Linter Errors * Fix : Error: ub/workflows/ci.yml:11:16: [error] too many spaces inside brackets (brackets) Error: ub/workflows/ci.yml:11:24: [error] too few spaces after comma (commas) Error: ub/workflows/ci.yml:11:29: [error] too many spaces inside brackets (brackets) * add exclusion OCI helm repository * refactoring + set path * rebuild DEV / SNAPSHOT every time called * fix chart release that not update index.yaml * fix yaml lint errors * refactor * update version of tools used by the workflow * add checkout * set the version of helm (same in all steps) * Log more info for the name of the version * Update config for chart-Releaser * skip upload if it is already made * remove download * try without upload / download at each job the chart * Need source for Polaris Scan * Delete release before create it again * skip if existe * from main * new line at end of file * test option with index * add feature branch in release process * Choose the right package-path * fix linter error : Error: ub/workflows/chart-ci.yml:361:1: [error] too many blank lines (1 > 0) (empty-lines) * remove CR releaser * downgrade chart-releaser plugin * remove download chart * [Temporary] Disable Helm, Checkout, Downloard pakaged Chart * Add Chechout step * Add Helm * All do in 1 job * Adjust task order in the job * Replace chart-releaser by specifics steps. * uncomment the right step for snapshot version name * remove tag creation * add login for fetch gh-pages * Clean before MR * add merge with helm before cr index * update url in index.yaml * update index with cr_releaser 1.7.0 * Fix for "chart-cr" action bug https://github.com/helm/chart-releaser-action/issues/171#issuecomment-2372464055 * same error * Put latest tag at the right step * again : latest_tag * Latest tag * Latest * Latest tag from $tag * Latest * export latest * CR and GH * Prepare git for chart-releaser * Latest * CR update * do it by cr * Fix version in chart. * Update CR rags + upload release * remove upload in case : immutable release * Cr args : owner and repo * Remove unused instructions * Add git login * remove OCI in dependancies list * Remove Hardcode * lower ? * name use for tag and for CR * Name * Name * Name * Name * Name * Name * looking for folder structure load for gh-pages branch * Name * Name . * Ref the commit that run the workflow * Add changelog.md as ref to release * Update trivy action to 0.35.0 (#15) --------- Co-authored-by: Kévin ZGRZENDEK Co-authored-by: Kévin ZGRZENDEK Co-authored-by: Lajus Co-authored-by: Cédric Lajus <74196307+Superfluxx@users.noreply.github.com> * Update CI workflow with update (#17) * Added support fir build-args for container-ci workflow * Added default build-args logic, and renamed the build-args input parameter ti extra-build-args * Added custom user-defined tags support * Added support for ignoring hadolint rules * Added missing git metadata step * Modified author injection for commit vars * Added debug step for commit author * Added missing git fetch info * Updated git tech depth * Updated fetch depth * Fixed steps order in docker image build step * Fixed formatting issues with args * Refactored arg parse for docker build * Rationalized build args steps * Added missing checkout step * Trimmed arg-json command * Updated args json for build-args phase * Updated build-args logic * Updated build-args logic * Updated and refactored : - Added support for Dockles Ignore - Added support for Trivy Ignores - Optimized workflow by removing duplicated steps qs much as possible whilst keeping parallelization - Renamed a few steps for clarity * Updated defaults for a few params * Fixed weog version definition and updated parameters * Refactored an bu,ped hadolint action version * Added skip trivy init where it as needed * Fixed wrong dockle parameter for scan * Updated README * Made artifacts refere,ce unique * Updated docs * Cheese dockle by running it from binary * Clean dockle step and add argument handleling * Fix tentative when building chart depedencies -> ignoring oci repositories * Added fix at frst step too * Added back missing chart dir as param * Doc update : calling workflows * Change release suffix condition for dev branch * Change condition for running chart-releaser on branches * Add release steps for feature branch in CI workflow * add skip * Comment on repository OCI definition * fix CI * Clarify release types and update workflow references Updated README to clarify release management and workflow usage. * update rules * Fix config on CI Linter * fix Yaml Linter error * Fix Linter Errors * Fix : Error: ub/workflows/ci.yml:11:16: [error] too many spaces inside brackets (brackets) Error: ub/workflows/ci.yml:11:24: [error] too few spaces after comma (commas) Error: ub/workflows/ci.yml:11:29: [error] too many spaces inside brackets (brackets) * add exclusion OCI helm repository * refactoring + set path * rebuild DEV / SNAPSHOT every time called * fix chart release that not update index.yaml * fix yaml lint errors * refactor * update version of tools used by the workflow * add checkout * set the version of helm (same in all steps) * Log more info for the name of the version * Update config for chart-Releaser * skip upload if it is already made * remove download * try without upload / download at each job the chart * Need source for Polaris Scan * Delete release before create it again * skip if existe * from main * new line at end of file * test option with index * add feature branch in release process * Choose the right package-path * fix linter error : Error: ub/workflows/chart-ci.yml:361:1: [error] too many blank lines (1 > 0) (empty-lines) * remove CR releaser * downgrade chart-releaser plugin * remove download chart * [Temporary] Disable Helm, Checkout, Downloard pakaged Chart * Add Chechout step * Add Helm * All do in 1 job * Adjust task order in the job * Replace chart-releaser by specifics steps. * uncomment the right step for snapshot version name * remove tag creation * add login for fetch gh-pages * Clean before MR * add merge with helm before cr index * update url in index.yaml * update index with cr_releaser 1.7.0 * Fix for "chart-cr" action bug https://github.com/helm/chart-releaser-action/issues/171#issuecomment-2372464055 * same error * Put latest tag at the right step * again : latest_tag * Latest tag * Latest * Latest tag from $tag * Latest * export latest * CR and GH * Prepare git for chart-releaser * Latest * CR update * do it by cr * Fix version in chart. * Update CR rags + upload release * remove upload in case : immutable release * Cr args : owner and repo * Remove unused instructions * Add git login * remove OCI in dependancies list * Remove Hardcode * lower ? * name use for tag and for CR * Name * Name * Name * Name * Name * Name * looking for folder structure load for gh-pages branch * Name * Name . * Ref the commit that run the workflow * Add changelog.md as ref to release * Update trivy action to 0.35.0 (#15) --------- Co-authored-by: Kévin ZGRZENDEK Co-authored-by: Kévin ZGRZENDEK Co-authored-by: Lajus Co-authored-by: Cédric Lajus <74196307+Superfluxx@users.noreply.github.com> * Update container-ci.yml * Update chart-ci.yml * Update container-ci.yml * Update chart-ci.yml --------- Co-authored-by: Kévin ZGRZENDEK Co-authored-by: Kévin ZGRZENDEK Co-authored-by: Lajus Co-authored-by: Cédric Lajus <74196307+Superfluxx@users.noreply.github.com> * Update versions (#21) * Mise à jour des versions * fix --------- Co-authored-by: Kévin ZGRZENDEK Co-authored-by: Kévin ZGRZENDEK Co-authored-by: Nicolas-Delahaye --- .github/workflows/chart-ci.yml | 40 +++++++++++++++--------------- .github/workflows/container-ci.yml | 24 +++++++++--------- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/.github/workflows/chart-ci.yml b/.github/workflows/chart-ci.yml index 7c86129..ac760b2 100644 --- a/.github/workflows/chart-ci.yml +++ b/.github/workflows/chart-ci.yml @@ -25,12 +25,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Install Helm - uses: azure/setup-helm@v4.3.1 + uses: azure/setup-helm@v5 with: version: v3.14.4 @@ -52,22 +52,22 @@ jobs: helm dependency build ${{ inputs.chart-dir }} - name: Generate values schema json - uses: losisin/helm-values-schema-json-action@v1.5.3 + uses: losisin/helm-values-schema-json-action@v2.5.0 with: - input: ${{ inputs.chart-dir }}/values.yaml + values: ${{ inputs.chart-values }} output: ${{ inputs.chart-dir }}/values.schema.json - name: Helm-docs - uses: losisin/helm-docs-github-action@v1.3.3 + uses: losisin/helm-docs-github-action@v1.8.0 with: chart-search-root: ${{ inputs.chart-dir }} - values-file: ${{ inputs.chart-dir }}/values.yaml + values-file: ${{ inputs.chart-values }} output-file: ${{ inputs.chart-dir }}/README.md template-files: ${{ inputs.chart-dir }}/README.md.gotpl sort-values-order: file - name: Upload packaged Chart - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: packaged-chart path: ${{ inputs.chart-dir }} @@ -81,21 +81,21 @@ jobs: needs: helm-build-chart steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Download packaged Chart - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: packaged-chart path: ${{ inputs.chart-dir }} - name: Set up Helm - uses: azure/setup-helm@v4.3.1 + uses: azure/setup-helm@v5 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@v2.8.0 - name: Run ct lint run: | @@ -110,13 +110,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Download packaged Chart - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: packaged-chart path: ${{ inputs.chart-dir }} - name: Set up Helm - uses: azure/setup-helm@v4.3.1 + uses: azure/setup-helm@v5 with: version: v3.14.4 @@ -141,7 +141,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download packaged Chart - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: packaged-chart path: ${{ inputs.chart-dir }} @@ -179,7 +179,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download packaged Chart - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: packaged-chart path: ${{ inputs.chart-dir }} @@ -225,23 +225,23 @@ jobs: - trivy steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Download packaged Chart - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: packaged-chart path: ${{ inputs.chart-dir }} - name: Set up Helm - uses: azure/setup-helm@v4.3.1 + uses: azure/setup-helm@v5 with: version: v3.14.4 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@v2.8.0 - name: Run chart-testing (list-changed) id: list-changed @@ -272,7 +272,7 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 diff --git a/.github/workflows/container-ci.yml b/.github/workflows/container-ci.yml index 373ce83..b73172f 100644 --- a/.github/workflows/container-ci.yml +++ b/.github/workflows/container-ci.yml @@ -64,7 +64,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Build Hadolint report uses: hadolint/hadolint-action@v3.3.0 @@ -97,7 +97,7 @@ jobs: needs: dockerfile-lint steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 @@ -123,7 +123,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 env: DOCKER_METADATA_SHORT_SHA_LENGTH: 7 with: @@ -159,7 +159,7 @@ jobs: outputs: type=docker,dest=/tmp/container.image.${{ hashFiles(inputs.dockerfile-path) }}.tar - name: Upload artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: container.image.${{ hashFiles(inputs.dockerfile-path) }} path: /tmp/container.image.${{ hashFiles(inputs.dockerfile-path) }}.tar @@ -171,10 +171,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Download image tarball - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: container.image.${{ hashFiles(inputs.dockerfile-path) }} path: /tmp @@ -236,10 +236,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Download image tarball - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: container.image.${{ hashFiles(inputs.dockerfile-path) }} path: /tmp @@ -292,7 +292,7 @@ jobs: exit-code: '0' - name: Submit SBOM to GitHub Dependency Graph - uses: advanced-security/spdx-dependency-submission-action@v0.1.1 + uses: advanced-security/spdx-dependency-submission-action@v0.2.0 with: filePath: 'image-sbom.spdx.json' @@ -378,10 +378,10 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Download image tarball - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: container.image.${{ hashFiles(inputs.dockerfile-path) }} path: /tmp @@ -396,7 +396,7 @@ jobs: docker image ls -a - name: Login to GitHub Container Registry - uses: docker/login-action@v3.3.0 + uses: docker/login-action@v4 with: registry: ghcr.io username: ${{github.actor}} From 9a19c08163c466eaa1dbd760a023c771c7c0500f Mon Sep 17 00:00:00 2001 From: 7066189 Date: Mon, 4 May 2026 16:23:56 +0200 Subject: [PATCH 2/2] Update how to get polaris from github --- .github/workflows/chart-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-ci.yml b/.github/workflows/chart-ci.yml index 987c4c4..3f90942 100644 --- a/.github/workflows/chart-ci.yml +++ b/.github/workflows/chart-ci.yml @@ -150,7 +150,7 @@ jobs: run: | mkdir -p .local/bin curl -s https://api.github.com/repos/FairwindsOps/polaris/releases/latest | \ - jq '.assets[] | select(.name=="polaris_linux_amd64.tar.gz")'.browser_download_url | \ + jq '.assets[] | select(.name | endswith("linux_amd64.tar.gz"))'.browser_download_url | \ xargs curl -s -L | \ tar xvz -C .local/bin polaris echo "$PWD/.local/bin" >> $GITHUB_PATH