diff --git a/.github/workflows/secgen.yaml b/.github/workflows/secgen.yaml
index 6da718d66b4..6d97dcff09f 100644
--- a/.github/workflows/secgen.yaml
+++ b/.github/workflows/secgen.yaml
@@ -52,6 +52,14 @@ jobs:
shell: bash
run: |
#!/bin/bash
+ render(){
+ local chart="$1"
+ local chartname="$2"
+ local train="$3"
+ echo "Rendering helm-template for ${chartname}"
+ mkdir -p ${chart}/render
+ helm template ${chart} --output-dir ${chart}/render || echo "Helm template failed..."
+ }
helm_sec_scan() {
local chart="$1"
local chartname="$2"
@@ -65,15 +73,14 @@ jobs:
echo "" >> website/docs/charts/${train}/${chartname}/helm-security.md
echo "##### Scan Results" >> website/docs/charts/${train}/${chartname}/helm-security.md
echo "" >> website/docs/charts/${train}/${chartname}/helm-security.md
- helm template ${chart} --output-dir ${chart}/render || echo "Helm template failed..."
trivy config -f template --template "@./templates/trivy-config.tpl" ${chart}/render >> website/docs/charts/${train}/${chartname}/helm-security.md || echo "trivy scan failed..."
- rm -rf ${chart}/render
}
container_sec_scan() {
local chart="$1"
local chartname="$2"
local train="$3"
echo "Scanning container security for ${chartname}"
+ mkdir -p ${chart}/render
echo "# Container Security" >> website/docs/charts/${train}/${chartname}/container-security.md
echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
echo "##### Detected Containers" >> website/docs/charts/${train}/${chartname}/container-security.md
@@ -89,23 +96,25 @@ jobs:
ghcrcont=$(echo ${container} | sed "s/tccr.io/ghcr.io/g")
trivy image -f template --template "@./templates/trivy-container.tpl" ${ghcrcont} >> website/docs/charts/${train}/${chartname}/container-security.md
echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
- done
+ done
}
cleanfiles() {
local chart="$1"
local chartname="$2"
local train="$3"
echo "sanitising website output for ${chartname}..."
+ rm -rf ${chart}/render
sed -i 's|
|
|g' website/docs/charts/${train}/${chartname}/helm-security.md
- #sed -i 's|
|
|g' website/docs/charts/${train}/${chartname}/container_sec_scan.md
+ sed -i 's|
|
|g' website/docs/charts/${train}/${chartname}/container_sec_scan.md
sed -i 's|