feat(ci): add validation of dependency chart signatures
Signed-off-by: Kjeld Schouten <kjeld@schouten-lebbing.nl>
This commit is contained in:
parent
45b347fd71
commit
6a7c125052
|
@ -85,17 +85,20 @@ for idx in $(eval echo "{0..$length}"); do
|
|||
echo "⏬ Downloading dependency $name-$version from $dep_url..."
|
||||
mkdir -p "$cache_path/$repo_dir"
|
||||
wget --quiet "$dep_url" -P "$cache_path/$repo_dir"
|
||||
wget --quiet "$dep_url.prov" -P "$cache_path/$repo_dir"
|
||||
if [ ! $? ]; then
|
||||
echo "❌ wget encountered an error..."
|
||||
helm dependency build "$charts_path/$train_chart/Chart.yaml" || helm dependency update "$charts_path/$train_chart/Chart.yaml" || exit 1
|
||||
helm dependency build "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/secring.gpg || helm dependency update "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/secring.gpg || exit 1
|
||||
fi
|
||||
|
||||
if [ -f "$cache_path/$repo_dir/$name-$version.tgz" ]; then
|
||||
echo "✅ Dependency Downloaded!"
|
||||
echo "Validating dependency signature..."
|
||||
helm validate $cache_path/$repo_dir/$name-$version.tgz --keyring $gpg_dir/secring.gpg || echo "❌ Failed to verify dependency chart signature" && exit 1
|
||||
else
|
||||
echo "❌ Failed to download dependency"
|
||||
# Try helm dependency build/update or otherwise fail fast if a dep fails to download...
|
||||
helm dependency build "$charts_path/$train_chart/Chart.yaml" || helm dependency update "$charts_path/$train_chart/Chart.yaml" || exit 1
|
||||
helm dependency build "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/secring.gpg || helm dependency update "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/secring.gpg || exit 1
|
||||
fi
|
||||
fi
|
||||
echo ""
|
||||
|
|
Loading…
Reference in New Issue