Cloned2Preserve
/
TrueChartsClone
mirror of https://github.com/truecharts/charts.git
1
0
Fork 0
Code
TrueChartsClone/.github/scripts/gen-docs.sh

142 lines
5.7 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
# Designed to ensure the appversion in Chart.yaml is in sync with the primary App tag if found
sync_tag() {
local chart="$1"
local chartname="$2"
local train="$3"
local chartversion="$4"
echo "Attempting to sync primary tag with appversion for: ${chartname}"
local tag="$(cat ${chart}/values.yaml | grep '^ tag: ' | awk -F" " '{ print $2 }' | head -1)"
tag="${tag%%@*}"
tag="${tag:-auto}"
tag=$(echo $tag | sed "s/release-//g")
tag=$(echo $tag | sed "s/release_//g")
tag=$(echo $tag | sed "s/version-//g")
tag=$(echo $tag | sed "s/version_//g")
tag="${tag#*V.}"
tag="${tag#*v-}"
tag="${tag#*v}"
tag="${tag%-*}"
tag="${tag:0:10}"
tag="${tag%-}"
tag="${tag%_}"
tag="${tag%.}"
sed -i -e "s|appVersion: .*|appVersion: \"${tag}\"|" "${chart}/Chart.yaml"
}
export -f sync_tag
helm_sec_scan() {
local chart="$1"
local chartname="$2"
local train="$3"
local chartversion="$4"
echo "Scanning helm security for ${chartname}"
mkdir -p ${chart}/render
rm -rf ${chart}/security.md || echo "removing old security.md file failed..."
cat templates/security.tpl >> ${chart}/security.md
echo "" >> ${chart}/security.md
helm template ${chart} --output-dir ${chart}/render > /dev/null
trivy config -f template --template "@./templates/trivy-config.tpl" -o ${chart}/render/tmpsec${chartname}.md ${chart}/render
cat ${chart}/render/tmpsec${chartname}.md >> ${chart}/security.md
rm -rf ${chart}/render/tmpsec${chartname}.md || true
echo "" >> ${chart}/security.md
}
export -f helm_sec_scan
container_sec_scan() {
local chart="$1"
local chartname="$2"
local train="$3"
local chartversion="$4"
echo "Scanning container security for ${chartname}"
echo "## Containers" >> ${chart}/security.md
echo "" >> ${chart}/security.md
echo "##### Detected Containers" >> ${chart}/security.md
echo "" >> ${chart}/security.md
find ./${chart}/render/ -name '*.yaml' -type f -exec cat {} \; | grep image: | sed "s/image: //g" | sed "s/\"//g" >> ${chart}/render/containers.tmp
cat ${chart}/render/containers.tmp >> ${chart}/security.md
echo "" >> ${chart}/security.md
echo "##### Scan Results" >> ${chart}/security.md
echo "" >> ${chart}/security.md
for container in $(cat ${chart}/render/containers.tmp); do
echo "processing container: ${container}"
echo "" >> ${chart}/security.md
trivy image -f template --template "@./templates/trivy-container.tpl" -o ${chart}/render/tmpsec${chartname}.md "${container}"
cat ${chart}/render/tmpsec${chartname}.md >> ${chart}/security.md
rm -rf ${chart}/render/tmpsec${chartname}.md || true
echo "" >> ${chart}/security.md
done
}
export -f container_sec_scan
sec_scan_cleanup() {
local chart="$1"
local chartname="$2"
local train="$3"
local chartversion="$4"
rm -rf ${chart}/render
sed -i 's/ghcr.io/tccr.io/g' ${chart}/security.md
}
export -f sec_scan_cleanup
create_changelog() {
local chart="$1"
local chartname="$2"
local train="$3"
local chartversion="$4"
local prevversion="$(git tag -l "${chartname}-*" --sort=-v:refname | head -n 1)"
echo "Generating changelogs for: ${chartname}"
# SCALE "Changelog" containing only last change
git-chglog --next-tag ${chartname}-${chartversion} --tag-filter-pattern ${chartname} --path ${chart} -o ${chart}/app-changelog.md ${chartname}-${chartversion}
# Append SCALE changelog to actual changelog
if [[ -f "${chart}/CHANGELOG.md" ]]; then
true
else
touch ${chart}/CHANGELOG.md
fi
sed -i '1d' ${chart}/CHANGELOG.md
cat ${chart}/app-changelog.md | cat - ${chart}/CHANGELOG.md > temp && mv temp ${chart}/CHANGELOG.md
sed -i '1s/^/# Changelog<br>\n\n/' ${chart}/CHANGELOG.md
rm ${chart}/app-changelog.md || echo "changelog not found..."
}
export -f create_changelog
generate_docs() {
local chart="$1"
local chartname="$2"
local train="$3"
local chartversion="$4"
echo "Generating Docs"
helm-docs \
--ignore-file=".helmdocsignore" \
--output-file="README.md" \
--template-files="/__w/apps/apps/templates/docs/README.md.gotmpl" \
--chart-search-root="${chart}"
}
export -f generate_docs
if [[ -d "charts/${1}" ]]; then
echo "Start processing charts/${1} ..."
chartversion=$(cat charts/${1}/Chart.yaml | grep "^version: " | awk -F" " '{ print $2 }')
chartname=$(basename charts/${1})
train=$(basename $(dirname "charts/${1}"))
SCALESUPPORT=$(cat charts/${1}/Chart.yaml | yq '.annotations."truecharts.org/SCALE-support"' -r)
helm dependency update "charts/${1}" --skip-refresh || (sleep 10 && helm dependency update "charts/${1}" --skip-refresh) || (sleep 10 && helm dependency update "charts/${1}" --skip-refresh)
helm_sec_scan "charts/${1}" "${chartname}" "$train" "${chartversion}" || echo "helm-chart security-scan failed..."
container_sec_scan "charts/${1}" "${chartname}" "$train" "${chartversion}" || echo "container security-scan failed..."
sec_scan_cleanup "charts/${1}" "${chartname}" "$train" "${chartversion}" || echo "security-scan cleanup failed..."
sync_tag "charts/${1}" "${chartname}" "$train" "${chartversion}" || echo "Tag sync failed..."
create_changelog "charts/${1}" "${chartname}" "$train" "${chartversion}" || echo "changelog generation failed..."
generate_docs "charts/${1}" "${chartname}" "$train" "${chartversion}" || echo "Docs generation failed..."
else
echo "Chart 'charts/${1}' no longer exists in repo. Skipping it..."
fi
echo "Done processing charts/${1} ..."
View Git Blame Copy Permalink