diff --git a/.github/workflows/checkov.yaml b/.github/workflows/checkov.yaml new file mode 100644 index 0000000..dd0642c --- /dev/null +++ b/.github/workflows/checkov.yaml @@ -0,0 +1,19 @@ +on: [push] +jobs: + checkov-job: + runs-on: ubuntu-latest + name: checkov-action + steps: + - name: Checkout repo + uses: actions/checkout@master + + - name: Run Checkov action + id: checkov + uses: bridgecrewio/checkov-action@master + with: + directory: charts/directus + quiet: false # optional: display only failed checks + soft_fail: true # optional: do not return an error code if there are failed checks + framework: helm # optional: run only on a specific infrastructure {cloudformation,terraform,kubernetes,all} + output_format: sarif # optional: the output format, one of: cli, json, junitxml, github_failed_only, or sarif. Default: sarif + diff --git a/charts/directus/Chart.yaml b/charts/directus/Chart.yaml index afbd137..4014923 100644 --- a/charts/directus/Chart.yaml +++ b/charts/directus/Chart.yaml @@ -25,10 +25,10 @@ appVersion: "9.5.1" dependencies: - name: mariadb - version: "9.3.13" - repository: "https://charts.bitnami.com/bitnami" + version: "12.2.4" + repository: "oci://registry-1.docker.io/bitnamicharts" condition: mariadb.enabled - name: redis - version: "14.3.2" - repository: "https://charts.bitnami.com/bitnami" + version: "17.11.3" + repository: "oci://registry-1.docker.io/bitnamicharts" condition: redis.enabled diff --git a/charts/directus/values.yaml b/charts/directus/values.yaml index 91d7214..e1a9af0 100644 --- a/charts/directus/values.yaml +++ b/charts/directus/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: - repository: directus/directus + repository: directus/directus pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "9.5.1" @@ -50,11 +50,8 @@ ingress: paths: - path: / backend: - service: - name: chart-example.local - port: - number: 80 - pathType: ImplementationSpecific + serviceName: chart-example.local + servicePort: 80 tls: [] # - secretName: chart-example-tls # hosts: @@ -260,7 +257,8 @@ mariadb: ## updateStrategy for Mariadb Primary statefulset ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## - updateStrategy: RollingUpdate + updateStrategy: + type: RollingUpdate ## Partition update strategy for Mariadb Primary statefulset ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions @@ -556,7 +554,8 @@ mariadb: ## updateStrategy for Mariadb Secondary statefulset ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## - updateStrategy: RollingUpdate + updateStrategy: + type: RollingUpdate ## Partition update strategy for Mariadb Secondary statefulset ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions @@ -963,7 +962,7 @@ mariadb: ## Array with extra yaml to deploy with the chart. Evaluated as a template ## - extraDeploy: [] + extraDeploy: [] redis: enabled: true @@ -1292,7 +1291,7 @@ redis: ## - name: portname ## containerPort: 1234 ## - sidecars: {} + sidecars: [] ## @param master.initContainers Add additional init containers to the Redis(TM) master pod(s) ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: @@ -1302,7 +1301,7 @@ redis: ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## - initContainers: {} + initContainers: [] ## Persistence parameters ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## @@ -1592,7 +1591,7 @@ redis: ## - name: portname ## containerPort: 1234 ## - sidecars: {} + sidecars: [] ## @param replica.initContainers Add additional init containers to the Redis(TM) replicas pod(s) ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: @@ -1602,7 +1601,7 @@ redis: ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## - initContainers: {} + initContainers: [] ## Persistence Parameters ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ##