|
| 1 | +name: Red Hat Chart Certification |
| 2 | + |
| 3 | +# Runs Red Hat Chart Verifier to check if the chart passes Red Hat certification checks |
| 4 | +# This workflow is triggered manually to validate chart compliance with Red Hat standards |
| 5 | + |
| 6 | +permissions: |
| 7 | + contents: read |
| 8 | + |
| 9 | +on: |
| 10 | + workflow_dispatch: |
| 11 | + inputs: |
| 12 | + chart_version: |
| 13 | + description: 'Chart version to verify (leave empty for current version)' |
| 14 | + required: false |
| 15 | + type: string |
| 16 | + |
| 17 | +jobs: |
| 18 | + redhat-certification: |
| 19 | + runs-on: ubuntu-latest |
| 20 | + steps: |
| 21 | + - name: Checkout |
| 22 | + uses: actions/checkout@v3 |
| 23 | + with: |
| 24 | + fetch-depth: 0 |
| 25 | + |
| 26 | + - name: Set up Helm |
| 27 | + uses: azure/setup-helm@v4.2.0 |
| 28 | + with: |
| 29 | + version: v3.12.0 |
| 30 | + |
| 31 | + - name: Install chart dependencies |
| 32 | + run: | |
| 33 | + cd charts/dify |
| 34 | + helm dependency update || true |
| 35 | +
|
| 36 | + - name: Package Helm chart |
| 37 | + id: package |
| 38 | + run: | |
| 39 | + cd charts/dify |
| 40 | + CHART_VERSION="${{ inputs.chart_version }}" |
| 41 | + if [ -z "$CHART_VERSION" ]; then |
| 42 | + # Use version from Chart.yaml |
| 43 | + CHART_VERSION=$(grep '^version:' Chart.yaml | awk '{print $2}') |
| 44 | + fi |
| 45 | + helm package . --version "$CHART_VERSION" |
| 46 | + CHART_FILE=$(ls -t *.tgz | head -1) |
| 47 | + echo "chart_file=$CHART_FILE" >> $GITHUB_OUTPUT |
| 48 | + echo "chart_path=$(pwd)/$CHART_FILE" >> $GITHUB_OUTPUT |
| 49 | + echo "Chart packaged: $CHART_FILE" |
| 50 | +
|
| 51 | + - name: Install Chart Verifier |
| 52 | + run: | |
| 53 | + # Download latest chart-verifier binary |
| 54 | + VERIFIER_VERSION=$(curl -s https://api.github.com/repos/redhat-certification/chart-verifier/releases/latest | grep tag_name | cut -d '"' -f 4) |
| 55 | + echo "Installing chart-verifier version: $VERIFIER_VERSION" |
| 56 | + |
| 57 | + curl -LO "https://github.com/redhat-certification/chart-verifier/releases/latest/download/chart-verifier-linux-amd64.tar.gz" |
| 58 | + tar -xzf chart-verifier-linux-amd64.tar.gz |
| 59 | + sudo mv chart-verifier /usr/local/bin/ |
| 60 | + chmod +x /usr/local/bin/chart-verifier |
| 61 | + chart-verifier version |
| 62 | +
|
| 63 | + - name: Run Chart Verifier |
| 64 | + id: verify |
| 65 | + continue-on-error: true |
| 66 | + run: | |
| 67 | + cd charts/dify |
| 68 | + CHART_FILE="${{ steps.package.outputs.chart_file }}" |
| 69 | + |
| 70 | + echo "Running chart-verifier on: $CHART_FILE" |
| 71 | + echo "==========================================" |
| 72 | + |
| 73 | + # Run chart verifier and capture output |
| 74 | + # Note: Some checks may require a Kubernetes cluster connection |
| 75 | + # Use --enable flag to enable specific checks that don't require cluster |
| 76 | + chart-verifier verify "$CHART_FILE" \ |
| 77 | + --enable helm-lint,is-helm-v3,has-readme,has-kubeversion,not-contains-crds,images-are-accessible \ |
| 78 | + --output yaml \ |
| 79 | + --write-to-file report.yaml || true |
| 80 | + |
| 81 | + # Display report |
| 82 | + if [ -f report.yaml ]; then |
| 83 | + echo "" |
| 84 | + echo "==========================================" |
| 85 | + echo "Chart Verifier Report:" |
| 86 | + echo "==========================================" |
| 87 | + cat report.yaml |
| 88 | + echo "" |
| 89 | + |
| 90 | + # Extract pass/fail status |
| 91 | + if grep -q "passed: true" report.yaml; then |
| 92 | + echo "✅ Chart passed Red Hat certification checks" |
| 93 | + echo "passed=true" >> $GITHUB_OUTPUT |
| 94 | + else |
| 95 | + echo "⚠️ Chart did not pass all Red Hat certification checks" |
| 96 | + echo "passed=false" >> $GITHUB_OUTPUT |
| 97 | + fi |
| 98 | + else |
| 99 | + echo "⚠️ Report file not generated" |
| 100 | + echo "passed=false" >> $GITHUB_OUTPUT |
| 101 | + fi |
| 102 | +
|
| 103 | + - name: Generate Summary |
| 104 | + if: always() |
| 105 | + run: | |
| 106 | + echo "## 🔴 Red Hat Chart Certification Report" >> $GITHUB_STEP_SUMMARY |
| 107 | + echo "" >> $GITHUB_STEP_SUMMARY |
| 108 | + |
| 109 | + if [ -f charts/dify/report.yaml ]; then |
| 110 | + echo "**Chart:** ${{ steps.package.outputs.chart_file }}" >> $GITHUB_STEP_SUMMARY |
| 111 | + echo "" >> $GITHUB_STEP_SUMMARY |
| 112 | + |
| 113 | + # Extract key information from report |
| 114 | + if grep -q "passed: true" charts/dify/report.yaml; then |
| 115 | + echo "✅ **Status:** Chart passed Red Hat certification checks" >> $GITHUB_STEP_SUMMARY |
| 116 | + else |
| 117 | + echo "⚠️ **Status:** Chart did not pass all certification checks" >> $GITHUB_STEP_SUMMARY |
| 118 | + fi |
| 119 | + |
| 120 | + echo "" >> $GITHUB_STEP_SUMMARY |
| 121 | + echo "**Note:** Some checks may require a Kubernetes cluster connection." >> $GITHUB_STEP_SUMMARY |
| 122 | + echo "For full certification, run chart-verifier with cluster access." >> $GITHUB_STEP_SUMMARY |
| 123 | + echo "" >> $GITHUB_STEP_SUMMARY |
| 124 | + echo "See the workflow logs or download the report artifact for details." >> $GITHUB_STEP_SUMMARY |
| 125 | + else |
| 126 | + echo "⚠️ Report generation failed. Check workflow logs for details." >> $GITHUB_STEP_SUMMARY |
| 127 | + fi |
| 128 | +
|
| 129 | + - name: Upload Chart Verifier Report |
| 130 | + uses: actions/upload-artifact@v4 |
| 131 | + if: always() |
| 132 | + with: |
| 133 | + name: redhat-certification-report |
| 134 | + path: | |
| 135 | + charts/dify/report.yaml |
| 136 | + charts/dify/${{ steps.package.outputs.chart_file }} |
| 137 | + retention-days: 30 |
| 138 | + if-no-files-found: ignore |
0 commit comments