feat(ci): add validation of dependency chart signatures
Signed-off-by: Kjeld Schouten <kjeld@schouten-lebbing.nl>
This commit is contained in:
parent
45b347fd71
commit
6a7c125052
|
@ -85,17 +85,20 @@ for idx in $(eval echo "{0..$length}"); do
|
||||||
echo "⏬ Downloading dependency $name-$version from $dep_url..."
|
echo "⏬ Downloading dependency $name-$version from $dep_url..."
|
||||||
mkdir -p "$cache_path/$repo_dir"
|
mkdir -p "$cache_path/$repo_dir"
|
||||||
wget --quiet "$dep_url" -P "$cache_path/$repo_dir"
|
wget --quiet "$dep_url" -P "$cache_path/$repo_dir"
|
||||||
|
wget --quiet "$dep_url.prov" -P "$cache_path/$repo_dir"
|
||||||
if [ ! $? ]; then
|
if [ ! $? ]; then
|
||||||
echo "❌ wget encountered an error..."
|
echo "❌ wget encountered an error..."
|
||||||
helm dependency build "$charts_path/$train_chart/Chart.yaml" || helm dependency update "$charts_path/$train_chart/Chart.yaml" || exit 1
|
helm dependency build "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/secring.gpg || helm dependency update "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/secring.gpg || exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -f "$cache_path/$repo_dir/$name-$version.tgz" ]; then
|
if [ -f "$cache_path/$repo_dir/$name-$version.tgz" ]; then
|
||||||
echo "✅ Dependency Downloaded!"
|
echo "✅ Dependency Downloaded!"
|
||||||
|
echo "Validating dependency signature..."
|
||||||
|
helm validate $cache_path/$repo_dir/$name-$version.tgz --keyring $gpg_dir/secring.gpg || echo "❌ Failed to verify dependency chart signature" && exit 1
|
||||||
else
|
else
|
||||||
echo "❌ Failed to download dependency"
|
echo "❌ Failed to download dependency"
|
||||||
# Try helm dependency build/update or otherwise fail fast if a dep fails to download...
|
# Try helm dependency build/update or otherwise fail fast if a dep fails to download...
|
||||||
helm dependency build "$charts_path/$train_chart/Chart.yaml" || helm dependency update "$charts_path/$train_chart/Chart.yaml" || exit 1
|
helm dependency build "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/secring.gpg || helm dependency update "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/secring.gpg || exit 1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
echo ""
|
echo ""
|
||||||
|
|
Loading…
Reference in New Issue