diff --git a/.github/workflows/__main-ci.yml b/.github/workflows/__main-ci.yml
index 7d109cec..56532c7a 100644
--- a/.github/workflows/__main-ci.yml
+++ b/.github/workflows/__main-ci.yml
@@ -20,7 +20,6 @@ permissions:
pull-requests: write
security-events: write
statuses: write
- # FIXME: This is a workaround for having workflow actions. See https://github.com/orgs/community/discussions/38659
id-token: write
concurrency:
diff --git a/.github/workflows/__pull-request-ci.yml b/.github/workflows/__pull-request-ci.yml
index 503fc586..e6271043 100644
--- a/.github/workflows/__pull-request-ci.yml
+++ b/.github/workflows/__pull-request-ci.yml
@@ -14,7 +14,6 @@ permissions:
pull-requests: write
security-events: write
statuses: write
- # FIXME: This is a workaround for having workflow actions. See https://github.com/orgs/community/discussions/38659
id-token: write
concurrency:
diff --git a/.github/workflows/__shared-ci.yml b/.github/workflows/__shared-ci.yml
index a9dba027..cc29a2d5 100644
--- a/.github/workflows/__shared-ci.yml
+++ b/.github/workflows/__shared-ci.yml
@@ -12,8 +12,6 @@ permissions:
pull-requests: read
security-events: write
statuses: write
- # yamllint disable-line rule:line-length
- # FIXME: This is a workaround for having workflow actions. See https://github.com/orgs/community/discussions/38659
id-token: write
jobs:
diff --git a/.github/workflows/__test-action-docker-prune-pull-requests-image-tags.yml b/.github/workflows/__test-action-docker-prune-pull-requests-image-tags.yml
index 50b9d886..5d17ae09 100644
--- a/.github/workflows/__test-action-docker-prune-pull-requests-image-tags.yml
+++ b/.github/workflows/__test-action-docker-prune-pull-requests-image-tags.yml
@@ -10,7 +10,6 @@ permissions:
issues: read
packages: write
pull-requests: read
- # FIXME: This is a workaround for having workflow actions. See https://github.com/orgs/community/discussions/38659
id-token: write
env:
diff --git a/.github/workflows/__test-action-helm-release-chart.yml b/.github/workflows/__test-action-helm-release-chart.yml
index be66fae3..bebaa096 100644
--- a/.github/workflows/__test-action-helm-release-chart.yml
+++ b/.github/workflows/__test-action-helm-release-chart.yml
@@ -13,9 +13,6 @@ jobs:
tests:
name: Test for "helm/release-chart" action with simple chart
runs-on: ubuntu-latest
- permissions:
- contents: read
- packages: write
strategy:
fail-fast: false
matrix:
diff --git a/.github/workflows/__test-action-helm-test-chart.yml b/.github/workflows/__test-action-helm-test-chart.yml
index 529ba602..7b923327 100644
--- a/.github/workflows/__test-action-helm-test-chart.yml
+++ b/.github/workflows/__test-action-helm-test-chart.yml
@@ -10,7 +10,6 @@ permissions:
issues: read
packages: write
pull-requests: read
- # FIXME: This is a workaround for having workflow actions. See https://github.com/orgs/community/discussions/38659
id-token: write
jobs:
diff --git a/.github/workflows/__test-workflow-docker-build-images.yml b/.github/workflows/__test-workflow-docker-build-images.yml
index 4af9c0f4..29c6899e 100644
--- a/.github/workflows/__test-workflow-docker-build-images.yml
+++ b/.github/workflows/__test-workflow-docker-build-images.yml
@@ -10,12 +10,12 @@ permissions:
issues: read
packages: write
pull-requests: read
- # FIXME: This is a workaround for having workflow actions. See https://github.com/orgs/community/discussions/38659
id-token: write
# jscpd:ignore-start
jobs:
arrange:
+ name: Arrange
runs-on: ubuntu-latest
steps:
- run: |
@@ -24,7 +24,8 @@ jobs:
exit 1
fi
- act-build-arch:
+ act-build-images:
+ name: Act - Build multi-arch and mono-arch images
needs: arrange
uses: ./.github/workflows/docker-build-images.yml
secrets:
@@ -55,17 +56,18 @@ jobs:
}
]
- assert-build-arch:
- needs: act-build-arch
+ assert-build-arch-mono-arch:
+ name: Assert - multi-arch and mono-arch builds
+ needs: act-build-images
runs-on: "ubuntu-latest"
steps:
- - name: Check built images ouput
+ - name: Assert - built images output
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const assert = require("assert");
- const builtImagesOutput = `${{ needs.act-build-arch.outputs.built-images }}`;
+ const builtImagesOutput = `${{ needs.act-build-images.outputs.built-images }}`;
assert(builtImagesOutput.length, `"built-images" output is empty`);
// Check if is valid Json
@@ -132,13 +134,13 @@ jobs:
username: ${{ github.repository_owner }}
password: ${{ github.token }}
- - name: Check multi-arch docker image and manifest
+ - name: Assert - multi-arch docker image and manifest
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const assert = require("assert");
- const image = `${{ fromJson(needs.act-build-arch.outputs.built-images).test-multi-arch.images[0] }}`;
+ const image = `${{ fromJson(needs.act-build-images.outputs.built-images).test-multi-arch.images[0] }}`;
await exec.exec('docker', ['pull', image]);
@@ -194,13 +196,32 @@ jobs:
assert.equal(annotations[key], value, `Expected annotation not found: ${key}`);
});
- - name: Check mono-arch docker image
+ - uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1
+
+ - name: Assert - signed multi-arch docker image
+ uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+ with:
+ script: |
+ const images = ${{ toJson(fromJson(needs.act-build-images.outputs.built-images).test-multi-arch.images) }};
+
+ for(const image of images) {
+ await exec.exec(
+ 'cosign',
+ [
+ 'verify', image,
+ '--certificate-oidc-issuer', 'https://token.actions.githubusercontent.com',
+ '--certificate-identity-regexp', 'https://github.com/hoverkraft-tech/ci-github-container',
+ ]
+ );
+ }
+
+ - name: Assert - mono-arch docker image
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const assert = require("assert");
- const image = `${{ fromJson(needs.act-build-arch.outputs.built-images).test-mono-arch.images[0] }}`;
+ const image = `${{ fromJson(needs.act-build-images.outputs.built-images).test-mono-arch.images[0] }}`;
await exec.exec('docker', ['pull', image]);
@@ -239,7 +260,25 @@ jobs:
);
});
+ - name: Assert - signed mono-arch docker image
+ uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+ with:
+ script: |
+ const images = ${{ toJson(fromJson(needs.act-build-images.outputs.built-images).test-mono-arch.images) }};
+
+ for(const image of images) {
+ await exec.exec(
+ 'cosign',
+ [
+ 'verify', image,
+ '--certificate-oidc-issuer', 'https://token.actions.githubusercontent.com',
+ '--certificate-identity-regexp', 'https://github.com/hoverkraft-tech/ci-github-container',
+ ]
+ );
+ }
+
act-build-args-secrets-and-registry-caching:
+ name: Act - Build with args, secrets and registry caching
needs: arrange
uses: ./.github/workflows/docker-build-images.yml
secrets:
@@ -275,6 +314,7 @@ jobs:
SECRET_ENV_GITHUB_APP_TOKEN_2
assert-build-args-secrets-and-registry-caching:
+ name: Assert - Build with args, secrets and registry caching
needs: act-build-args-secrets-and-registry-caching
runs-on: "ubuntu-latest"
steps:
diff --git a/.github/workflows/docker-build-images.md b/.github/workflows/docker-build-images.md
index 6c2e218b..6602073e 100644
--- a/.github/workflows/docker-build-images.md
+++ b/.github/workflows/docker-build-images.md
@@ -19,7 +19,7 @@ Needs the following permissions:
- `issues`: `read`
- `packages`: `write`
- `pull-requests`: `read`
-- `id-token`: `write`
+- `id-token`: `write`
@@ -39,7 +39,6 @@ permissions:
issues: read
packages: write
pull-requests: read
- # FIXME: This is a workaround for having workflow actions. See https://github.com/orgs/community/discussions/38659
id-token: write
jobs:
diff --git a/.github/workflows/docker-build-images.yml b/.github/workflows/docker-build-images.yml
index 5cea947b..ca6de261 100644
--- a/.github/workflows/docker-build-images.yml
+++ b/.github/workflows/docker-build-images.yml
@@ -137,7 +137,6 @@ permissions:
issues: read
packages: write
pull-requests: read
- # FIXME: This is a workaround for having workflow actions. See https://github.com/orgs/community/discussions/38659
id-token: write
jobs:
@@ -500,3 +499,23 @@ jobs:
oci-registry-username: ${{ inputs.oci-registry-username }}
oci-registry-password: ${{ secrets.oci-registry-password }}
built-images: ${{ steps.built-images.outputs.built-images }}
+
+ - id: get-images-to-sign
+ uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+ with:
+ script: |
+ const builtImagesInput = `${{ steps.built-images.outputs.built-images }}`;
+ let builtImages = null;
+ try {
+ builtImages = JSON.parse(builtImagesInput);
+ } catch (error) {
+ throw new Error(`"built-images" input is not a valid JSON: ${error}`);
+ }
+
+ // Get images to sign
+ const imagesToSign = Object.values(builtImages).map(image => image.images).flat();
+ core.setOutput('images-to-sign', JSON.stringify(imagesToSign));
+ - uses: ./self-workflow/actions/docker/sign-images
+ with:
+ images: ${{ steps.get-images-to-sign.outputs.images-to-sign }}
+ github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/actions/docker/create-images-manifests/action.yml b/actions/docker/create-images-manifests/action.yml
index 6bc6ad9a..0c4dbd84 100644
--- a/actions/docker/create-images-manifests/action.yml
+++ b/actions/docker/create-images-manifests/action.yml
@@ -91,12 +91,13 @@ runs:
)
.flat().join(" ");
- createManifestCommand = `docker buildx imagetools create ${annotations} ${tags} ${digests}`;
+ const createManifestCommand = `docker buildx imagetools create ${annotations} ${tags} ${digests}`;
return new Promise(async (resolve, reject) => {
try {
await exec.exec(createManifestCommand);
core.debug(`Create manifest for "${builtImage.name}" ("${createManifestCommand}") executed`);
+
resolve();
} catch(error){
reject(error);
diff --git a/actions/docker/sign-images/README.md b/actions/docker/sign-images/README.md
new file mode 100644
index 00000000..47a80742
--- /dev/null
+++ b/actions/docker/sign-images/README.md
@@ -0,0 +1,37 @@
+
+
+# 
GitHub Action: Docker - Sign Images
+
+
+
+
+
+
+
+
+
+
+
+
+
+If default GitHub token is used, the following permissions are required:
+
+```yml
+permissions:
+ id-token: write
+```
+
+
+
+
+
+
+
+
+
+
+
diff --git a/actions/docker/sign-images/action.yml b/actions/docker/sign-images/action.yml
new file mode 100644
index 00000000..99341107
--- /dev/null
+++ b/actions/docker/sign-images/action.yml
@@ -0,0 +1,102 @@
+---
+name: "Docker - Sign images"
+description: |
+ Action to sign OCI images.
+ It is based on [cosign](https://github.com/sigstore/cosign).
+ It signs the images with the GitHub Actions OIDC token.
+ If the provided image does not have a digest, it will retrieve the digest using `docker buildx imagetools inspect`.
+
+author: hoverkraft
+branding:
+ icon: award
+ color: blue
+
+inputs:
+ images:
+ description: |
+ Images to sign.
+ Can be a single image or a list of images separated by commas or newlines or spaces.
+ The images should be in the format `ghcr.io/my-org/my-repo/application:pr-63-5222075`.
+ It can also be a list of images in JSON format.
+ Example:
+ ```
+ [
+ "ghcr.io/my-org/my-repo/application:pr-63-5222075",
+ "ghcr.io/my-org/my-repo/application:pr-63"
+ ]
+ ```
+ required: true
+ github-token:
+ description: |
+ GitHub Token to sign the image.
+ Permissions:
+ - id-token: write
+ default: ${{ github.token }}
+
+runs:
+ using: "composite"
+ steps:
+ - uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1
+
+ - name: Sign the images with GitHub OIDC Token
+ uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+ with:
+ github-token: ${{ inputs.github-token }}
+ script: |
+ const images = `${{ inputs.images }}`;
+ let imagesList = null;
+ try {
+ // Try to parse the input as JSON
+ imagesList = JSON.parse(images);
+ } catch (error) {
+ // If it fails, split the input by commas, newlines or spaces
+ imagesList = images.split(/[\s,]+/).filter(image => image.trim() !== "");
+ }
+
+ if (!Array.isArray(imagesList) || imagesList.length === 0) {
+ throw new Error(`"images" input is not a valid JSON array or a non-empty string: ${images}`);
+ }
+
+ const getImageDigest = async function(image) {
+ // Check if the image already has a digest
+ if (image.match(/@/)) {
+ core.debug(`Image "${image}" already has a digest, skipping inspection.`);
+ return image;
+ }
+
+ const inspectImageCommand = `docker buildx imagetools inspect ${image}`;
+ core.debug(`Inspecting image "${image}" with command: "${inspectImageCommand}"`);
+
+ const { stdout } = await exec.getExecOutput(inspectImageCommand);
+
+ core.debug(`Inspect image "${image}" ("${inspectImageCommand}") executed: ${stdout}`);
+
+ if (!stdout) {
+ throw new Error(`Failed to retrieve manifest for image "${image}": "${inspectImageCommand}" returned empty output`);
+ }
+
+ // Retrieve digest from the manifest
+ const digestRegex = /Digest:\s+([a-z0-9]+:[a-z0-9]{64})/;
+ const digestMatch = stdout.match(digestRegex);
+ if (!digestMatch || digestMatch.length < 2) {
+ throw new Error(`Failed to retrieve digest for image "${image}": "${inspectImageCommand}" returned unexpected output: ${stdout}`);
+ }
+
+ const digest = digestMatch[1];
+ if (!digest) {
+ throw new Error(`Failed to retrieve digest for image "${image}": "${inspectImageCommand}" returned empty digest`);
+ }
+
+ core.debug(`Digest for image "${image}" is "${digest}"`);
+ return `${image}@${digest}`;
+ }
+
+ // Wait for all images to be inspected and digests retrieved
+ const imagesWithDigests = await Promise.all(imagesList.map(image => getImageDigest(image)));
+
+ // Create manifest for each image
+ const signImageCommand = `cosign sign --recursive --yes ${imagesWithDigests.map(image => `"${image}"`).join(" ")}`;
+
+ core.debug(`Signing images with command: "${signImageCommand}"`);
+ await exec.exec(signImageCommand);
+ core.debug("All images signed successfully");
diff --git a/tests/charts/application/README.md b/tests/charts/application/README.md
index 36717a55..1a13f553 100644
--- a/tests/charts/application/README.md
+++ b/tests/charts/application/README.md
@@ -6,66 +6,67 @@ A Helm chart for Kubernetes
## Requirements
-| Repository | Name | Version |
-|------------|------|---------|
-| https://charts.bitnami.com/bitnami | mysql | 12.2.1 |
+| Repository | Name | Version |
+| ------------------------------------ | ----- | ------- |
+| | MySQL | 12.2.1 |
## Values
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| affinity | object | `{}` | |
-| application.dbConnection | string | `"mysql"` | |
-| application.dbDatabase | string | `"test"` | |
-| application.dbHost | string | `"mysql"` | |
-| application.dbPassword | string | `"test"` | |
-| application.dbPort | int | `3306` | |
-| application.dbUsername | string | `"test"` | |
-| autoscaling.enabled | bool | `false` | |
-| autoscaling.maxReplicas | int | `100` | |
-| autoscaling.minReplicas | int | `1` | |
-| autoscaling.targetCPUUtilizationPercentage | int | `80` | |
-| fullnameOverride | string | `""` | |
-| image.digest | string | `"sha256:da3b65f32ea75f8041079d220b72da4f605738996256a7dc32715424cc117271"` | |
-| image.pullPolicy | string | `"Always"` | |
-| image.registry | string | `"ghcr.io"` | |
-| image.repository | string | `"hoverkraft-tech/ci-github-container/application-test"` | |
-| image.tag | string | `""` | |
-| imagePullSecrets | list | `[]` | |
-| ingress.annotations | object | `{}` | |
-| ingress.className | string | `""` | |
-| ingress.enabled | bool | `false` | |
-| ingress.hosts[0].host | string | `"chart-example.local"` | |
-| ingress.hosts[0].paths[0].path | string | `"/"` | |
-| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | |
-| ingress.tls | list | `[]` | |
-| mysql.auth.database | string | `"test"` | |
-| mysql.auth.password | string | `"test"` | |
-| mysql.auth.rootPassword | string | `"root"` | |
-| mysql.auth.username | string | `"test"` | |
-| mysql.enabled | bool | `false` | |
-| mysql.fullnameOverride | string | `"mysql"` | |
-| nameOverride | string | `""` | |
-| nodeSelector | object | `{}` | |
-| podAnnotations | object | `{}` | |
-| podSecurityContext | object | `{}` | |
-| replicaCount | int | `1` | |
-| resources.limits.cpu | string | `"100m"` | |
-| resources.limits.memory | string | `"128Mi"` | |
-| resources.requests.cpu | string | `"100m"` | |
-| resources.requests.memory | string | `"128Mi"` | |
-| securityContext.allowPrivilegeEscalation | bool | `false` | |
-| securityContext.capabilities.drop[0] | string | `"ALL"` | |
-| securityContext.readOnlyRootFilesystem | bool | `true` | |
-| securityContext.runAsNonRoot | bool | `true` | |
-| securityContext.runAsUser | int | `10001` | |
-| securityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
-| service.port | int | `8080` | |
-| service.type | string | `"ClusterIP"` | |
-| serviceAccount.annotations | object | `{}` | |
-| serviceAccount.create | bool | `true` | |
-| serviceAccount.name | string | `""` | |
-| tolerations | list | `[]` | |
+| Key | Type | Default | Description |
+| ------------------------------------------ | ------ | --------------------------------------------------------------------------- | ----------- |
+| affinity | object | `{}` | |
+| application.dbConnection | string | `"mysql"` | |
+| application.dbDatabase | string | `"test"` | |
+| application.dbHost | string | `"mysql"` | |
+| application.dbPassword | string | `"test"` | |
+| application.dbPort | int | `3306` | |
+| application.dbUsername | string | `"test"` | |
+| autoscaling.enabled | bool | `false` | |
+| autoscaling.maxReplicas | int | `100` | |
+| autoscaling.minReplicas | int | `1` | |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` | |
+| fullnameOverride | string | `""` | |
+| image.digest | string | `"sha256:da3b65f32ea75f8041079d220b72da4f605738996256a7dc32715424cc117271"` | |
+| image.pullPolicy | string | `"Always"` | |
+| image.registry | string | `"ghcr.io"` | |
+| image.repository | string | `"hoverkraft-tech/ci-github-container/application-test"` | |
+| image.tag | string | `""` | |
+| imagePullSecrets | list | `[]` | |
+| ingress.annotations | object | `{}` | |
+| ingress.className | string | `""` | |
+| ingress.enabled | bool | `false` | |
+| ingress.hosts[0].host | string | `"chart-example.local"` | |
+| ingress.hosts[0].paths[0].path | string | `"/"` | |
+| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | |
+| ingress.tls | list | `[]` | |
+| mysql.auth.database | string | `"test"` | |
+| mysql.auth.password | string | `"test"` | |
+| mysql.auth.rootPassword | string | `"root"` | |
+| mysql.auth.username | string | `"test"` | |
+| mysql.enabled | bool | `false` | |
+| mysql.fullnameOverride | string | `"mysql"` | |
+| nameOverride | string | `""` | |
+| nodeSelector | object | `{}` | |
+| podAnnotations | object | `{}` | |
+| podSecurityContext | object | `{}` | |
+| replicaCount | int | `1` | |
+| resources.limits.cpu | string | `"100m"` | |
+| resources.limits.memory | string | `"128Mi"` | |
+| resources.requests.cpu | string | `"100m"` | |
+| resources.requests.memory | string | `"128Mi"` | |
+| securityContext.allowPrivilegeEscalation | bool | `false` | |
+| securityContext.capabilities.drop[0] | string | `"ALL"` | |
+| securityContext.readOnlyRootFilesystem | bool | `true` | |
+| securityContext.runAsNonRoot | bool | `true` | |
+| securityContext.runAsUser | int | `10001` | |
+| securityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
+| service.port | int | `8080` | |
+| service.type | string | `"ClusterIP"` | |
+| serviceAccount.annotations | object | `{}` | |
+| serviceAccount.create | bool | `true` | |
+| serviceAccount.name | string | `""` | |
+| tolerations | list | `[]` | |
+
+---
-----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
diff --git a/tests/charts/umbrella-application/README.md b/tests/charts/umbrella-application/README.md
index a123c44a..e7d03187 100644
--- a/tests/charts/umbrella-application/README.md
+++ b/tests/charts/umbrella-application/README.md
@@ -6,22 +6,23 @@ An umbrella Helm chart for Kubernetes
## Requirements
-| Repository | Name | Version |
-|------------|------|---------|
-| file://./charts/app | app | 0.0.0 |
-| https://charts.bitnami.com/bitnami | database(mysql) | 12.2.1 |
+| Repository | Name | Version |
+| ------------------------------------ | --------------- | ------- |
+| file://./charts/app | app | 0.0.0 |
+| | database(MySQL) | 12.2.1 |
## Values
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| app.enabled | bool | `true` | |
-| database.auth.database | string | `"test-umbrella-application"` | |
-| database.auth.username | string | `"test-umbrella-application"` | |
-| database.enabled | bool | `true` | |
-| database.fullnameOverride | string | `"database"` | |
-| global.fullnameOverride | string | `""` | |
-| global.nameOverride | string | `""` | |
-
-----------------------------------------------
+| Key | Type | Default | Description |
+| ------------------------- | ------ | ----------------------------- | ----------- |
+| app.enabled | bool | `true` | |
+| database.auth.database | string | `"test-umbrella-application"` | |
+| database.auth.username | string | `"test-umbrella-application"` | |
+| database.enabled | bool | `true` | |
+| database.fullnameOverride | string | `"database"` | |
+| global.fullnameOverride | string | `""` | |
+| global.nameOverride | string | `""` | |
+
+---
+
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
diff --git a/tests/charts/umbrella-application/charts/app/README.md b/tests/charts/umbrella-application/charts/app/README.md
index 4d807c81..2ac865bb 100644
--- a/tests/charts/umbrella-application/charts/app/README.md
+++ b/tests/charts/umbrella-application/charts/app/README.md
@@ -6,65 +6,66 @@ An umbrella Helm chart for Kubernetes (app component)
## Values
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| affinity | object | `{}` | |
-| app.dbConnection | string | `"mysql"` | |
-| app.dbDatabase | string | `"test"` | |
-| app.dbHost | string | `"mysql"` | |
-| app.dbPassword | string | `"test"` | |
-| app.dbPort | int | `3306` | |
-| app.dbUsername | string | `"test"` | |
-| autoscaling.enabled | bool | `false` | |
-| autoscaling.maxReplicas | int | `100` | |
-| autoscaling.minReplicas | int | `1` | |
-| autoscaling.targetCPUUtilizationPercentage | int | `80` | |
-| autoscaling.targetMemoryUtilizationPercentage | int | `80` | |
-| fullnameOverride | string | `""` | |
-| image.digest | string | `"sha256:da3b65f32ea75f8041079d220b72da4f605738996256a7dc32715424cc117271"` | |
-| image.pullPolicy | string | `"Always"` | |
-| image.registry | string | `"ghcr.io"` | |
-| image.repository | string | `"hoverkraft-tech/ci-github-container/application-test"` | |
-| image.tag | string | `""` | |
-| imagePullSecrets | list | `[]` | |
-| ingress.annotations | object | `{}` | |
-| ingress.className | string | `""` | |
-| ingress.enabled | bool | `false` | |
-| ingress.hosts[0].host | string | `"chart-example.local"` | |
-| ingress.hosts[0].paths[0].path | string | `"/"` | |
-| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | |
-| ingress.tls | list | `[]` | |
-| mysql.auth.database | string | `"test"` | |
-| mysql.auth.password | string | `"test"` | |
-| mysql.auth.rootPassword | string | `"root"` | |
-| mysql.auth.username | string | `"test"` | |
-| mysql.enabled | bool | `false` | |
-| mysql.fullnameOverride | string | `"mysql"` | |
-| nameOverride | string | `""` | |
-| namespace | string | `"app-system"` | |
-| networkPolicy.egress | list | `[]` | |
-| networkPolicy.enabled | bool | `true` | |
-| networkPolicy.ingress | list | `[]` | |
-| nodeSelector | object | `{}` | |
-| podAnnotations | object | `{}` | |
-| podSecurityContext | object | `{}` | |
-| replicaCount | int | `1` | |
-| resources.limits.cpu | string | `"100m"` | |
-| resources.limits.memory | string | `"128Mi"` | |
-| resources.requests.cpu | string | `"100m"` | |
-| resources.requests.memory | string | `"128Mi"` | |
-| securityContext.allowPrivilegeEscalation | bool | `false` | |
-| securityContext.capabilities.drop[0] | string | `"ALL"` | |
-| securityContext.readOnlyRootFilesystem | bool | `true` | |
-| securityContext.runAsNonRoot | bool | `true` | |
-| securityContext.runAsUser | int | `10001` | |
-| securityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
-| service.port | int | `8080` | |
-| service.type | string | `"ClusterIP"` | |
-| serviceAccount.annotations | object | `{}` | |
-| serviceAccount.create | bool | `true` | |
-| serviceAccount.name | string | `""` | |
-| tolerations | list | `[]` | |
+| Key | Type | Default | Description |
+| --------------------------------------------- | ------ | --------------------------------------------------------------------------- | ----------- |
+| affinity | object | `{}` | |
+| app.dbConnection | string | `"mysql"` | |
+| app.dbDatabase | string | `"test"` | |
+| app.dbHost | string | `"mysql"` | |
+| app.dbPassword | string | `"test"` | |
+| app.dbPort | int | `3306` | |
+| app.dbUsername | string | `"test"` | |
+| autoscaling.enabled | bool | `false` | |
+| autoscaling.maxReplicas | int | `100` | |
+| autoscaling.minReplicas | int | `1` | |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` | |
+| autoscaling.targetMemoryUtilizationPercentage | int | `80` | |
+| fullnameOverride | string | `""` | |
+| image.digest | string | `"sha256:da3b65f32ea75f8041079d220b72da4f605738996256a7dc32715424cc117271"` | |
+| image.pullPolicy | string | `"Always"` | |
+| image.registry | string | `"ghcr.io"` | |
+| image.repository | string | `"hoverkraft-tech/ci-github-container/application-test"` | |
+| image.tag | string | `""` | |
+| imagePullSecrets | list | `[]` | |
+| ingress.annotations | object | `{}` | |
+| ingress.className | string | `""` | |
+| ingress.enabled | bool | `false` | |
+| ingress.hosts[0].host | string | `"chart-example.local"` | |
+| ingress.hosts[0].paths[0].path | string | `"/"` | |
+| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | |
+| ingress.tls | list | `[]` | |
+| mysql.auth.database | string | `"test"` | |
+| mysql.auth.password | string | `"test"` | |
+| mysql.auth.rootPassword | string | `"root"` | |
+| mysql.auth.username | string | `"test"` | |
+| mysql.enabled | bool | `false` | |
+| mysql.fullnameOverride | string | `"mysql"` | |
+| nameOverride | string | `""` | |
+| namespace | string | `"app-system"` | |
+| networkPolicy.egress | list | `[]` | |
+| networkPolicy.enabled | bool | `true` | |
+| networkPolicy.ingress | list | `[]` | |
+| nodeSelector | object | `{}` | |
+| podAnnotations | object | `{}` | |
+| podSecurityContext | object | `{}` | |
+| replicaCount | int | `1` | |
+| resources.limits.cpu | string | `"100m"` | |
+| resources.limits.memory | string | `"128Mi"` | |
+| resources.requests.cpu | string | `"100m"` | |
+| resources.requests.memory | string | `"128Mi"` | |
+| securityContext.allowPrivilegeEscalation | bool | `false` | |
+| securityContext.capabilities.drop[0] | string | `"ALL"` | |
+| securityContext.readOnlyRootFilesystem | bool | `true` | |
+| securityContext.runAsNonRoot | bool | `true` | |
+| securityContext.runAsUser | int | `10001` | |
+| securityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
+| service.port | int | `8080` | |
+| service.type | string | `"ClusterIP"` | |
+| serviceAccount.annotations | object | `{}` | |
+| serviceAccount.create | bool | `true` | |
+| serviceAccount.name | string | `""` | |
+| tolerations | list | `[]` | |
+
+---
-----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)