chart: drop security permissions and don't use privileged port #38
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| checks: write | |
| jobs: | |
| go-mod: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: true | |
| - name: Check go mod | |
| run: | | |
| go mod tidy | |
| git diff --exit-code go.mod | |
| git diff --exit-code go.sum | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: true | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: goreleaser/goreleaser-action@v5 | |
| with: | |
| distribution: goreleaser | |
| version: latest | |
| args: release --clean --skip=publish --snapshot | |
| test: | |
| # using secrets so this will only work not on a fork | |
| if: github.event.pull_request.head.repo.fork != true | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: true | |
| # this depends on OS_USERNAME and RAX_API_KEY being secrets in GitHub Actions | |
| # they come from https://passwordsafe.corp.rackspace.com/projects/40558/credentials | |
| - run: make test | |
| env: | |
| OS_USERNAME: ${{ secrets.OS_USERNAME }} | |
| RAX_API_KEY: ${{ secrets.RAX_API_KEY }} | |
| chart: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: azure/setup-helm@v4 | |
| with: | |
| version: v3.17.0 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.x' | |
| check-latest: true | |
| - uses: helm/[email protected] | |
| - name: Run chart-testing (list-changed) | |
| id: list-changed | |
| run: | | |
| changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) | |
| if [[ -n "$changed" ]]; then | |
| echo "changed=true" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Run chart-testing (lint) | |
| if: steps.list-changed.outputs.changed == 'true' | |
| run: ct lint --target-branch ${{ github.event.repository.default_branch }} |