feat(ci): add validation of dependency chart signatures

Signed-off-by: Kjeld Schouten <kjeld@schouten-lebbing.nl>
This commit is contained in:
Kjeld Schouten 2023-05-05 20:05:46 +02:00 committed by GitHub
parent 45b347fd71
commit 6a7c125052
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 2 deletions

View File

@ -85,17 +85,20 @@ for idx in $(eval echo "{0..$length}"); do
echo "⏬ Downloading dependency $name-$version from $dep_url..."
mkdir -p "$cache_path/$repo_dir"
wget --quiet "$dep_url" -P "$cache_path/$repo_dir"
wget --quiet "$dep_url.prov" -P "$cache_path/$repo_dir"
if [ ! $? ]; then
echo "❌ wget encountered an error..."
helm dependency build "$charts_path/$train_chart/Chart.yaml" || helm dependency update "$charts_path/$train_chart/Chart.yaml" || exit 1
helm dependency build "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/secring.gpg || helm dependency update "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/secring.gpg || exit 1
fi
if [ -f "$cache_path/$repo_dir/$name-$version.tgz" ]; then
echo "✅ Dependency Downloaded!"
echo "Validating dependency signature..."
helm validate $cache_path/$repo_dir/$name-$version.tgz --keyring $gpg_dir/secring.gpg || echo "❌ Failed to verify dependency chart signature" && exit 1
else
echo "❌ Failed to download dependency"
# Try helm dependency build/update or otherwise fail fast if a dep fails to download...
helm dependency build "$charts_path/$train_chart/Chart.yaml" || helm dependency update "$charts_path/$train_chart/Chart.yaml" || exit 1
helm dependency build "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/secring.gpg || helm dependency update "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/secring.gpg || exit 1
fi
fi
echo ""