[actions] CI pipeline: Check hardcoded images (#29667)

* [actions] CI pipeline: Check hardcoded images Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com> * Update regexp Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com> --------- Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com>
2026-02-11 04:37:23 +08:00 · 2024-10-07 08:19:45 +02:00
parent fb9667635b
commit 021d3e87cc
1 changed files with 46 additions and 0 deletions
--- a/.github/workflows/ci-pipeline.yml
+++ b/.github/workflows/ci-pipeline.yml
@@ -89,6 +89,52 @@ jobs:
            } else {
              core.warning(message);
            }
+  check-images:
+    runs-on: ubuntu-latest
+    needs: [get-chart]
+    name: Look for hardcoded images
+    if: needs.get-chart.outputs.result == 'ok'
+    outputs:
+      result: ${{ steps.check-images.outputs.result }}
+      error: ${{ steps.check-images.outputs.error }}
+    steps:
+      - name: Checkout bitnami/charts
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        with:
+          ref: ${{github.event.pull_request.head.ref}}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+          path: charts
+      - id: check-images
+        name: Look for hardcoded images
+        env:
+          CHART: ${{ needs.get-chart.outputs.chart }}
+        run: |
+          hardcoded_images=()
+          while read -r image; do
+            if [[ $image != {{*}} ]]; then
+              hardcoded_images+=("${image}")
+            fi
+          done <<< "$(grep -REoh "^\s*image:\s+[\"']*.+[\"']*\s*$" "charts/bitnami/${CHART}/templates" | sed "s/image: [\"']*//" | sed "s/[\"']*$//")"
+
+          echo "${hardcoded_images[@]}"
+          if [[ ${#hardcoded_images[@]} -gt 0 ]] ; then
+            echo "error=Found hardcoded images in the chart templates: ${hardcoded_images[@]}" >> $GITHUB_OUTPUT
+            echo "result=fail" >> $GITHUB_OUTPUT
+          else
+            echo "result=ok" >> $GITHUB_OUTPUT
+          fi
+      - id: show-error
+        name: Show error
+        if: ${{ steps.check-images.outputs.result != 'ok' }}
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
+        with:
+          script: |
+            let message='${{ steps.check-images.outputs.error }}';
+            if ('${{ steps.check-images.outputs.result }}' === 'fail' ) {
+              core.setFailed(message);
+            } else {
+              core.warning(message);
+            }
  update-pr:
    runs-on: ubuntu-latest
    needs: [get-chart]