-
Notifications
You must be signed in to change notification settings - Fork 1
47 lines (42 loc) · 1.9 KB
/
check-chart-locks.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Check Chart Locks review the existing chart locks and fails if
# the submission does not existing in the right directory structure.
name: Ensure Submitter is Valid
on:
workflow_call:
inputs:
category:
required: true
type: string
description: The category of the submission. (e.g. "partner", choose from [redhat, partner, community])
organization:
required: true
type: string
description: The submitting organization (e.g. "hashicorp")
chartname:
required: true
type: string
description: The name of the chart (e.g. "vault")
env:
LOCKFILE_URL: https://komish.github.io/actions-workflow-call-test/lock.json
jobs:
assert-chart-not-locked-or-locked-but-valid:
runs-on: ubuntu-latest
steps:
- name: Assemble directory path
id: assemble-path
run: |
set -o pipefail
echo "dirpath=${{ inputs.category }}/${{ inputs.organization }}/${{ inputs.chartname }}" | tee -a $GITHUB_OUTPUT
- name: Read entry from current Lockfile
run: |
wget "${{ env.LOCKFILE_URL }}" -O lock.json
md5sum lock.json
- name: Compare lockpaths
run: |
lockpath=$(jq -r .packages.${{ inputs.chartname }} lock.json)
test "${lockpath}" == "null" \
&& { echo "No lock found for chart ${{ inputs.chartname }}. We're clear to merge this in."; exit 0 ;}
test "${lockpath}" = "${{ steps.assemble-path.outputs.dirpath }}" \
&& { echo "Lock found for chart ${{ inputs.chartname }} and submission is coming from the correct path ${{ steps.assemble-path.outputs.dirpath }}."; exit 0 ;}
echo "::error::Submission is invalid. The chart name '${{ inputs.chartname }}' is locked to submissions from path '${lockpath}' and this submission appears to come from '${{ steps.assemble-path.outputs.dirpath }}'"
exit 1