diff --git a/.github/scripts/gen-docs.sh b/.github/scripts/gen-docs.sh index 50c0e6f5b5a..29578769550 100755 --- a/.github/scripts/gen-docs.sh +++ b/.github/scripts/gen-docs.sh @@ -29,61 +29,6 @@ sync_tag() { } export -f sync_tag -helm_sec_scan() { - local chart="$1" - local chartname="$2" - local train="$3" - local chartversion="$4" - echo "Scanning helm security for ${chartname}" - mkdir -p ${chart}/render - rm -rf ${chart}/security.md || echo "removing old security.md file failed..." - cat templates/security.tpl >> ${chart}/security.md - echo "" >> ${chart}/security.md - helm template ${chart} --output-dir ${chart}/render > /dev/null - #trivy config -f template --template "@./templates/trivy-config.tpl" -o ${chart}/render/tmpsec${chartname}.md ${chart}/render - cat "SCANNING DISABLED DUE TO BUG" >> ${chart}/security.md - rm -rf ${chart}/render/tmpsec${chartname}.md || true - echo "" >> ${chart}/security.md - } - export -f helm_sec_scan - -container_sec_scan() { - local chart="$1" - local chartname="$2" - local train="$3" - local chartversion="$4" - echo "Scanning container security for ${chartname}" - echo "## Containers" >> ${chart}/security.md - echo "" >> ${chart}/security.md - echo "##### Detected Containers" >> ${chart}/security.md - echo "" >> ${chart}/security.md - find ./${chart}/render/ -name '*.yaml' -type f -exec cat {} \; | grep image: | sed "s/image: //g" | sed "s/\"//g" >> ${chart}/render/containers.tmp - cat ${chart}/render/containers.tmp >> ${chart}/security.md - echo "" >> ${chart}/security.md - echo "##### Scan Results" >> ${chart}/security.md - echo "" >> ${chart}/security.md - for container in $(cat ${chart}/render/containers.tmp); do - echo "processing container: ${container}" - echo "SCANNING DISABLED DUE TO BUG" >> ${chart}/security.md - #trivy image -f template --template "@./templates/trivy-container.tpl" -o ${chart}/render/tmpsec${chartname}.md "${container}" - cat ${chart}/render/tmpsec${chartname}.md >> ${chart}/security.md - rm -rf ${chart}/render/tmpsec${chartname}.md || true - echo "" >> ${chart}/security.md - done - - } - export -f container_sec_scan - -sec_scan_cleanup() { - local chart="$1" - local chartname="$2" - local train="$3" - local chartversion="$4" - rm -rf ${chart}/render - sed -i 's/ghcr.io/tccr.io/g' ${chart}/security.md - } - export -f sec_scan_cleanup - create_changelog() { local chart="$1" local chartname="$2" @@ -102,7 +47,7 @@ create_changelog() { fi sed -i '1d' ${chart}/CHANGELOG.md cat ${chart}/app-changelog.md | cat - ${chart}/CHANGELOG.md > temp && mv temp ${chart}/CHANGELOG.md - sed -i '1s/^/# Changelog
\n\n/' ${chart}/CHANGELOG.md + sed -i '1s/^/# Changelog\n\n/' ${chart}/CHANGELOG.md rm ${chart}/app-changelog.md || echo "changelog not found..." } export -f create_changelog @@ -129,9 +74,6 @@ if [[ -d "charts/${1}" ]]; then train=$(basename $(dirname "charts/${1}")) SCALESUPPORT=$(cat charts/${1}/Chart.yaml | yq '.annotations."truecharts.org/SCALE-support"' -r) helm dependency update "charts/${1}" --skip-refresh || (sleep 10 && helm dependency update "charts/${1}" --skip-refresh) || (sleep 10 && helm dependency update "charts/${1}" --skip-refresh) - helm_sec_scan "charts/${1}" "${chartname}" "$train" "${chartversion}" || echo "helm-chart security-scan failed..." - container_sec_scan "charts/${1}" "${chartname}" "$train" "${chartversion}" || echo "container security-scan failed..." - sec_scan_cleanup "charts/${1}" "${chartname}" "$train" "${chartversion}" || echo "security-scan cleanup failed..." sync_tag "charts/${1}" "${chartname}" "$train" "${chartversion}" || echo "Tag sync failed..." create_changelog "charts/${1}" "${chartname}" "$train" "${chartversion}" || echo "changelog generation failed..." generate_docs "charts/${1}" "${chartname}" "$train" "${chartversion}" || echo "Docs generation failed..."