ci: Run checkov against helm chart directory instead of templated yaml (

#294)
FlowFuse · Feb 5, 2024 · c1bb99e · c1bb99e
2 parents c07e8f1 + 341f645
commit c1bb99e
Showing 1 changed file with 10 additions and 8 deletions.
diff --git a/.github/workflows/helm-chart.yml b/.github/workflows/helm-chart.yml
@@ -101,21 +101,23 @@ jobs:
         uses: azure/setup-helm@v3.5
         with:
           version: v3.13.2
-
-      - name: Template chart
-        run: |
-          helm template flowforge ./helm/flowforge --set forge.domain=example.com > ${{ github.workspace }}/templated_chart.yaml
 
       - name: Scan chart with checkov
         if: matrix.tool == 'checkov'
-        uses: bridgecrewio/checkov-action@v12
+        uses: bridgecrewio/checkov-action@v12.2655.0
         with:
-          directory: ${{ github.workspace }}
-          file: templated_chart.yaml
-          framework: kubernetes
+          directory: ${{ github.workspace }}/helm
+          var_file: ${{ github.workspace }}/helm/flowforge/ci/default-values.yaml
+          framework: helm
           output_format: cli,sarif
           output_file_path: console,results.sarif
           soft_fail: true
+
+      - name: Template chart
+        # temporary disabled due to https://github.com/zegl/kube-score/issues/559
+        if: false
+        run: |
+          helm template flowforge ./helm/flowforge --set forge.domain=example.com > ${{ github.workspace }}/templated_chart.yaml
       
       - name: Install kube-score
         # temporary disabled due to https://github.com/zegl/kube-score/issues/559