diff --git a/.github/workflows/daily.yaml b/.github/workflows/daily.yaml
deleted file mode 100644
index 0455fe73f31..00000000000
--- a/.github/workflows/daily.yaml
+++ /dev/null
@@ -1,403 +0,0 @@
-name: "Chore: Daily Tasks"
-
-on:
- schedule:
- - cron: "0 0 * * *"
- workflow_dispatch:
-
-permissions:
- issues: write
- pull-requests: write
-
-concurrency:
- group: lock
-
-jobs:
- generate-readme:
- runs-on: ubuntu-latest
- name: "Generate readme files"
- container:
- image: ghcr.io/truecharts/devcontainer:3.1.10@sha256:c239addf725eb5cedf79517f8089fdafdc32b5270d1893ee87ae6e511b9bcae3
- steps:
- - name: Checkout
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- with:
- token: ${{ secrets.BOT_TOKEN }}
- fetch-depth: 1
-
- - name: Setting repo parent dir as safe safe.directory
- run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
-
- - name: generate readme.md
- shell: bash
- run: |
- for train in stable operators SCALE incubator games enterprise develop non-free deprecated dependency core; do
- for chart in charts/${train}/*; do
- if [ -d "${chart}" ]; then
- echo "Generating readme.md for ${train}/${chart}"
- cp "templates/README.md.tpl" "${chart}/README.md"
- sed -i "s/TRAINPLACEHOLDER/${train}/" "${chart}/README.md"
- sed -i "s/CHARTPLACEHOLDER/${chartname}/" "${chart}/README.md"
- fi
- done
- done
- - name: generate HelmIgnore
- shell: bash
- run: |
- for train in stable operators SCALE incubator games enterprise develop non-free deprecated dependency core; do
- for chart in charts/${train}/*; do
- if [ -d "${chart}" ]; then
- echo "Attempting to sync HelmIgnore file for: ${chartname}"
- rm -rf ${chart}/.helmignore
- cp templates/chart/.helmignore ${chart}/
- fi
- done
- done
-
- - name: Checkout
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- with:
- repository: truecharts/website
- path: website
- fetch-depth: 1
- token: ${{ secrets.BOT_TOKEN }}
-
- - name: Bump and Sync
- shell: bash
- run: |
- # Designed to ensure the appversion in Chart.yaml is in sync with the primary Chart tag if found
- # Also makes sure that home link is pointing to the correct url
- sync_tag() {
- local chart="$1"
- local chartname="$2"
- local train="$3"
- echo "Attempting to sync primary tag with appversion for: ${chartname}"
- local tag="$(cat ${chart}/values.yaml | grep '^ tag: ' | awk -F" " '{ print $2 }' | head -1)"
- tag="${tag%%@*}"
- tag="${tag##\"}"
- tag="${tag:-auto}"
- tag=$(echo $tag | sed "s/release-//g")
- tag=$(echo $tag | sed "s/release_//g")
- tag=$(echo $tag | sed "s/version-//g")
- tag=$(echo $tag | sed "s/version_//g")
- tag="${tag#*V.}"
- tag="${tag#*v-}"
- tag="${tag#*v}"
- tag="${tag%-*}"
- tag="${tag:0:10}"
- tag="${tag%-}"
- tag="${tag%_}"
- tag="${tag%.}"
- echo "Updating tag of ${chartname} to ${tag}..."
- sed -i -e "s|appVersion: .*|appVersion: \"${tag}\"|" "${chart}/Chart.yaml"
- echo "Updating icon of ${chartname}..."
- sed -i -e "s|icon: .*|icon: https:\/\/truecharts.org\/img\/hotlink-ok\/chart-icons\/${chartname}.png|" "${chart}/Chart.yaml"
- echo "Updating home of ${chartname}..."
- sed -i -e "s|home: .*|home: https:\/\/truecharts.org\/charts\/${train}\/${chartname}|" "${chart}/Chart.yaml"
- echo "Attempting to update sources of ${chartname}..."
- echo "Using go-yq verion: <$(go-yq -V)>"
- # Get current sources, exluding those that may have been added automatically.
- curr_sources=$(
- go-yq '
- .sources[] |
- select(
- . != "https://github.com/truecharts*" and
- . != "https://ghcr*" and
- . != "docker.io*" and
- . != "https://docker.io*" and
- . != "https://hub.docker*" and
- . != "https://fleet.*" and
- . != "https://github.com/truecharts/containers/tree/master/mirror/*" and
- . != "https://public.ecr.aws*" and
- . != "https://ocir.io*" and
- . != "https://gcr*" and
- . != "https://azurecr*" and
- . != "https://quay*" and
- . != "https://lscr*" and
- . != "https://github.com/truecharts/containers*" and
- . == "http*"
- )
- ' \
- "${chart}/Chart.yaml"
- )
- # Empty sources list in-place
- go-yq -i 'del(.sources.[])' "${chart}/Chart.yaml"
- # Add truechart source
- tcsource="https://github.com/truecharts/charts/tree/master/charts/$train/$chartname" go-yq -i '.sources += env(tcsource)' "${chart}/Chart.yaml"
- # Get the container image name that was parsed out of the Dockerfile for the website.
- container=$(cat website/docs/charts/description_list.md | grep "\[${chartname}\]" | cut -f3 -d '|' | grep -v 'Not Found' || echo "" || echo "failed-container-fetch")
- # Convert the container image name to a URL.
- if [ ! -z "$container" ]; then
- prefix=""
- case "$container" in
- lscr.io/linuxserver/*)
- prefix="https://fleet.linuxserver.io/image?name="
- container=${container#lscr.io/}
- ;;
- tccr.io/truecharts/*)
- prefix="https://github.com/truecharts/containers/tree/master/mirror"
- container=${container#tccr.io/truecharts/}
- ;;
- mcr.microsoft.com/*)
- prefix=""
- ;;
- public.ecr.aws/*)
- prefix="https://gallery.ecr.aws/"
- container=${container#public.ecr.aws/}
- ;;
- ghcr.io/*)
- prefix="https://"
- ;;
- quay.io/*)
- prefix="https://"
- ;;
- gcr.io/*)
- prefix="https://"
- ;;
- *.azurecr.io/*)
- prefix=""
- ;;
- *.ocir.io/*)
- prefix=""
- ;;
- # There have been a number of domains used for the Docker Hub registry over the years.
- # NOTE: This is also the default case!
- docker.io/*|index.docker.io/*|registry-1.docker.io/*|registry.hub.docker.com/*|*)
- prefix="https://hub.docker.com/r/"
- container=${container#docker.io/}
- container=${container#index.docker.io/}
- container=${container#registry-1.docker.io/}
- container=${container#registry.hub.docker.com/}
- # If the image name does not contain a slash it is a Docker Official Image.
- if [ "$container" == "${container////}" ]; then
- prefix="https://hub.docker.com/_/"
- # If the user name is library it is a Docker Official Image.
- elif [ "${container%%/*}" == "library" ]; then
- prefix="https://hub.docker.com/_/"
- container=${container#library/}
- fi
- # Avoid creating a bad link since an unsupported registry may have been used.
- slashes=${container//[^\/]/}
- # Bail out if the image name has more than 1 slash.
- if [ ${#slashes} -gt 1 ]; then
- prefix=""
- echo "WARNING: Not assuming '$container' is a Docker Hub image"
- fi
- ;;
- esac
- if [ -n "${prefix}" ]; then
- container="${prefix}${container}" go-yq -i '.sources += env(container) | .sources |= unique' "${chart}/Chart.yaml"
- fi
- fi
- # Add the rest of the sources
- while IFS= read -r line; do
- src="$line" go-yq -i '.sources += env(src)' "${chart}/Chart.yaml" || echo "src set error"
- done <<< "$curr_sources"
- echo "Sources of ${chartname} updated!"
- }
- export -f sync_tag
-
- for train in enterprise stable operators incubator dependency; do
- echo "Correcting Chart.yaml for Train: ${train}..."
- for chart in $(ls "charts/${train}"); do
- echo "Correcting Chart.yaml for Chart: ${chart}..."
- sync_tag "charts/${train}/${chart}" "${chart}" "${train}" || echo "failed"
- done
- done
-
- - name: Fix Fixable Pre-Commit issues
- shell: bash
- if: inputs.chartChangesDetected == 'true'
- run: |
- echo "Running pre-commit test-and-cleanup..."
- pre-commit run --all ||:
- # Fix sh files to always be executable
- find . -name '*.sh' | xargs chmod +x
-
- - name: Cleanup
- run: |
- rm -rf changes.json
- rm -rf master
-
- - name: Commit changes
- run: |
- git config user.name "TrueCharts-Bot"
- git config user.email "bot@truecharts.org"
- git pull
- git add --all
- git commit -sm "Commit daily changes" || exit 0
- git push
-
- generate-security-reports:
- runs-on: ubuntu-latest
- name: "Generate Security Reports"
- container:
- image: ghcr.io/truecharts/devcontainer:3.1.10@sha256:c239addf725eb5cedf79517f8089fdafdc32b5270d1893ee87ae6e511b9bcae3
- steps:
- - name: Install Kubernetes tools
- uses: yokawasa/action-setup-kube-tools@af4ebb1af1efd30c5bd84a2e9773355ad6362a33 # v0.9.3
- with:
- setup-tools: |
- helmv3
- helm: "3.8.0"
-
- - name: Prep Helm
- run: |
- helm repo add truecharts https://charts.truecharts.org
- helm repo add truecharts-library https://library-charts.truecharts.org
- helm repo add truecharts-deps https://deps.truecharts.org
- helm repo add jetstack https://charts.jetstack.io
- helm repo add vmwaretanzu https://vmware-tanzu.github.io/helm-charts
- helm repo add cnpg https://cloudnative-pg.github.io/charts
- helm repo add metallb https://metallb.github.io/metallb
- helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
- helm repo update
-
- - name: Checkout
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- with:
- token: ${{ secrets.BOT_TOKEN }}
- fetch-depth: 1
-
- - name: Setting repo parent dir as safe safe.directory
- run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
-
- - name: Checkout website
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- with:
- fetch-depth: 1
- repository: truecharts/website
- token: ${{ secrets.BOT_TOKEN }}
- path: website
-
- - name: fetch dependencies
- shell: bash
- run: |
- .github/scripts/fetch_helm_deps.sh
-
- - name: generate security reports
- shell: bash
- run: |
- #!/bin/bash
- render() {
- local chart="$1"
- local chartname="$2"
- local train="$3"
- echo "Rendering helm-template for ${chartname}"
- mkdir -p ${chart}/render
- helm template ${chart} >> ${chart}/render/app.yaml || echo "Helm template failed..."
- }
- helm_sec_scan() {
- local chart="$1"
- local chartname="$2"
- local train="$3"
- echo "Scanning helm security for ${chartname}"
- mkdir -p ${chart}/render
- rm -rf website/docs/charts/${train}/${chartname}/helm-security.md || echo "removing old helm-security file failed..."
- echo "# Helm Security" >> website/docs/charts/${train}/${chartname}/helm-security.md
- echo "" >> website/docs/charts/${train}/${chartname}/helm-security.md
- echo "## Helm-Chart" >> website/docs/charts/${train}/${chartname}/helm-security.md
- echo "" >> website/docs/charts/${train}/${chartname}/helm-security.md
- echo "##### Scan Results" >> website/docs/charts/${train}/${chartname}/helm-security.md
- echo "" >> website/docs/charts/${train}/${chartname}/helm-security.md
- trivy config --namespaces builtin.kubernetes.* -f template --template "@./templates/trivy-config.tpl" ${chart}/render >> website/docs/charts/${train}/${chartname}/helm-security.md || echo "trivy scan failed..."
- }
- container_sec_scan() {
- local chart="$1"
- local chartname="$2"
- local train="$3"
- echo "Scanning container security for ${chartname}"
- mkdir -p ${chart}/render
- rm -rf website/docs/charts/${train}/${chartname}/container-security.md || echo "removing old container-security file failed..."
- echo "# Container Security" >> website/docs/charts/${train}/${chartname}/container-security.md
- echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
- echo "##### Detected Containers" >> website/docs/charts/${train}/${chartname}/container-security.md
- echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
- find ${chart}/render/ -name '*.yaml' -type f -exec cat {} \; | grep image: | sed "s/image: //g" | sed "s/\"//g" >> ${chart}/render/containers.tmp
- cat ${chart}/render/containers.tmp >> website/docs/charts/${train}/${chartname}/container-security.md
- echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
- echo "##### Scan Results" >> website/docs/charts/${train}/${chartname}/container-security.md
- echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
- for container in $(cat ${chart}/render/containers.tmp | sort | uniq); do
- if [[ "$container" == *"truecharts/alpine"* || "$container" == *"truecharts/ubuntu"* || "$container" == *"truecharts/kubectl"* ]]; then
- echo "Skipping ${container}, as it's a shared common container..."
- else
- echo "**Container: ${container}**" >> website/docs/charts/${train}/${chartname}/container-security.md
- echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
- trivy image --security-checks vuln -f template --template "@./templates/trivy-container.tpl" ${container} >> website/docs/charts/${train}/${chartname}/container-security.md || echo "trivy container scan failed..."
- echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
- fi
- done
- }
- cleanfiles() {
- local chart="$1"
- local chartname="$2"
- local train="$3"
- echo "sanitising website output for ${chartname}..."
- rm -rf ${chart}/render
- sed -i 's|
|
|g' website/docs/charts/${train}/${chartname}/helm-security.md ||:
- sed -i 's|
|
|g' website/docs/charts/${train}/${chartname}/container-security.md ||:
- sed -i 's|