accuknox · SujithKasireddy · Jun 20, 2024 · Jun 20, 2024 · Jun 20, 2024 · Jun 20, 2024
diff --git a/.github/workflows/action.yaml b/.github/workflows/action.yaml
@@ -1,155 +1,69 @@
 name: Accuknox-Job Workflow
+
 on:
   push:
-    tags:
-    - "v[0-9]+.[0-9]+.[0-9]+"
-    - "v[0-9]+.[0-9]+.[0-9]+-*"
+    branches:
+      - main
   pull_request_target:
     branches:
-    - "*"
-
-
-env:
-  REPO: public.ecr.aws/k9v9d5v2
-  CHART_NAME_K8S: cis-k8s-job
-  CHART_PATH_K8S: ./cis-k8s-job
-  CHART_REVISION_NAME_K8S: cis-k8s-job
-  CHART_NAME_K8TLS: k8tls-job
-  CHART_PATH_K8TLS: ./k8tls-job
-  CHART_REVISION_NAME_K8TLS: k8tls-job
-  CHART_NAME_KIEM: kiem-job
-  CHART_PATH_KIEM: ./kiem-job
-  CHART_REVISION_NAME_KIEM: kiem-job
-  CHART_NAME_K8S_RISK_ASSESSMENT: k8s-risk-assessment-job
-  CHART_PATH_K8S_RISK_ASSESSMENT: ./k8s-risk-assessment-job
-  CHART_REVISION_NAME_K8S_RISK_ASSESSMENT: k8s-risk-assessment-job
-  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DEV_ACCESS_ID }}
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DEV_SECRET_ID }} 
-  AWS_REGION: us-east-1
-
+      - "*" 
 
 jobs:
-  tag-validate:
+  helm_chart_validation:
     runs-on: ubuntu-latest
-    if: startsWith(github.ref, 'refs/tags/v')
     steps:
-    - uses: rubenesp87/[email protected]
-      with:
-       version: ${{ github.ref_name }}
-
-
-  chart-validate-k8s:
-    runs-on: ubuntu-latest
-    if: always() && !contains(needs.tag-validate.result, 'failure')
-    needs: [tag-validate]
-    steps:
-    - name: Checkout source
-      uses: accuknox/common-gh-actions/actions/checkout-source@main 
-    - name: Validate helm chart 
-      uses: accuknox/common-gh-actions/actions/helm-check@main
-      with:
-        chart-path: ${{ env.CHART_PATH_K8S }}        
-        revision-name: ${{ env.CHART_REVISION_NAME_K8S }}         
-
-  chart-validate-k8tls:
-    runs-on: ubuntu-latest
-    if: always() && !contains(needs.tag-validate.result, 'failure')
-    needs: [tag-validate]
-    steps:
-    - name: Checkout source
-      uses: accuknox/common-gh-actions/actions/checkout-source@main 
-    - name: Validate helm chart 
-      uses: accuknox/common-gh-actions/actions/helm-check@main
-      with:
-        chart-path: ${{ env.CHART_PATH_K8TLS }}        
-        revision-name: ${{ env.CHART_REVISION_NAME_K8TLS }}  
+      - name: Checkout code
+        uses: actions/checkout@v2
 
-  chart-validate-kiem:
-    runs-on: ubuntu-latest
-    if: always() && !contains(needs.tag-validate.result, 'failure')
-    needs: [tag-validate]
-    steps:
-    - name: Checkout source
-      uses: accuknox/common-gh-actions/actions/checkout-source@main 
-    - name: Validate helm chart 
-      uses: accuknox/common-gh-actions/actions/helm-check@main
-      with:
-        chart-path: ${{ env.CHART_PATH_KIEM }}        
-        revision-name: ${{ env.CHART_REVISION_NAME_KIEM}}         
+      - name: Install Helm
+        run: |
+          curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+          chmod 700 get_helm.sh
+          ./get_helm.sh
+
+      - name: Validate k8s-risk-assessment-job
+        run: |
+          helm lint k8s-risk-assessment-job
+          helm template k8s-risk-assessment-job --dry-run > /dev/null
+
+      - name: Validate k8tls-job
+        run: |
+          helm lint k8tls-job
+          helm template k8tls-job --dry-run > /dev/null
 
-  chart-validate-k8s-risk-assessment:
+      - name: Validate kiem-job
+        run: |
+          helm lint kiem-job
+          helm template kiem-job --dry-run > /dev/null
+
+  helm_push_to_ecr:
     runs-on: ubuntu-latest
-    if: always() && !contains(needs.tag-validate.result, 'failure')
-    needs: [tag-validate]
+    needs: [helm_chart_validation]
     steps:
-    - name: Checkout source
-      uses: accuknox/common-gh-actions/actions/checkout-source@main
-    - name: Validate helm chart
-      uses: accuknox/common-gh-actions/actions/helm-check@main
-      with:
-        chart-path: ${{ env.CHART_PATH_K8S_RISK_ASSESSMENT }}
-        revision-name: ${{ env.CHART_REVISION_NAME_K8S_RISK_ASSESSMENT}}
+      - name: Checkout code
+        uses: actions/checkout@v2
 
-  chart-push-k8s:
-    runs-on: ubuntu-latest 
-    needs: [chart-validate-k8s]
-    if: startsWith(github.ref, 'refs/tags/v')
-    steps:
-    - name: Checkout source
-      uses: accuknox/common-gh-actions/actions/checkout-source@main 
-    - name: Push helm chart to ECR
-      uses: accuknox/common-gh-actions/actions/helm-push@main
-      with:
-        chart-path: ${{ env.CHART_PATH_K8S }}
-        version: ${{ github.ref_name }}
-        ecr-region: ${{ env.AWS_REGION }}
-        ecr-repo: ${{ env.REPO }}
-        type: public
+      - name: Set up AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
 
-  chart-push-k8tls:
-    runs-on: ubuntu-latest 
-    needs: [chart-validate-k8tls]
-    if: startsWith(github.ref, 'refs/tags/v')
-    steps:
-    - name: Checkout source
-      uses: accuknox/common-gh-actions/actions/checkout-source@main 
-    - name: Push helm chart to ECR
-      uses: accuknox/common-gh-actions/actions/helm-push@main
-      with:
-        chart-path: ${{ env.CHART_PATH_K8TLS }}
-        version: ${{ github.ref_name }}
-        ecr-region: ${{ env.AWS_REGION }}
-        ecr-repo: ${{ env.REPO }}
-        type: public
+      - name: Install Helm
+        run: |
+          curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+          chmod 700 get_helm.sh
+          ./get_helm.sh
 
-  chart-push-kiem:
-    runs-on: ubuntu-latest 
-    needs: [chart-validate-kiem]
-    if: startsWith(github.ref, 'refs/tags/v')
-    steps:
-    - name: Checkout source
-      uses: accuknox/common-gh-actions/actions/checkout-source@main 
-    - name: Push helm chart to ECR
-      uses: accuknox/common-gh-actions/actions/helm-push@main
-      with:
-        chart-path: ${{ env.CHART_PATH_KIEM }}
-        version: ${{ github.ref_name }}
-        ecr-region: ${{ env.AWS_REGION }}
-        ecr-repo: ${{ env.REPO }}
-        type: public
+      - name: Login to AWS ECR
+        run: |
+          aws ecr-public get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin ${{ secrets.REPO }}
 
-  chart-push-k8s-risk-assessment:
-    runs-on: ubuntu-latest
-    needs: [chart-validate-k8s-risk-assessment]
-    if: startsWith(github.ref, 'refs/tags/v')
-    steps:
-    - name: Checkout source
-      uses: accuknox/common-gh-actions/actions/checkout-source@main
-    - name: Push helm chart to ECR
-      uses: accuknox/common-gh-actions/actions/helm-push@main
-      with:
-        chart-path: ${{ env.CHART_PATH_K8S_RISK_ASSESSMENT }}
-        version: ${{ github.ref_name }}
-        ecr-region: ${{ env.AWS_REGION }}
-        ecr-repo: ${{ env.REPO }}
-        type: public
+      - name: Package and Push Helm Charts
+        run: |
+          for CHART_DIR in k8s-risk-assessment-job k8tls-job kiem-job; do
+            helm package $CHART_DIR
+            HELM_PACKAGE=$(ls $CHART_DIR-*.tgz)
+            helm push $HELM_PACKAGE oci://${{ secrets.REPO }}
+          done