GitGuardian
diff --git a/‎.editorconfig‎
Lines changed: 19 additions & 0 deletions b/‎.editorconfig‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎.github/workflows/auto-label.yaml‎
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/auto-label.yaml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/generate-schema-gitguardian.yaml‎
Lines changed: 317 additions & 0 deletions b/‎.github/workflows/generate-schema-gitguardian.yaml‎
Lines changed: 317 additions & 0 deletions
@@ -0,0 +1,19 @@
+# EditorConfig is awesome: https://editorconfig.org
+
+# top-most EditorConfig file
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = space
+insert_final_newline = true
+max_line_length = 150
+tab_width = 2
+
+[*.md]
+max_line_length = 0
+
+[values.schema.json]
+indent_size = 4
@@ -11,6 +11,7 @@ concurrency:
 
 jobs:
   label:
+    if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false }}
     runs-on: ubuntu-latest
     timeout-minutes: 5
     permissions:
 
@@ -0,0 +1,317 @@
+name: "Generate values.schema.json"
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'charts/**/values.yaml'
+  pull_request:
+    paths:
+      - 'charts/**/values.yaml'
+  workflow_dispatch:
+    inputs:
+      charts:
+        description: 'Specific charts to generate schema for (comma-separated, e.g., "nginx,redis"). Leave empty for all charts.'
+        required: false
+        type: string
+      force_regenerate:
+        description: 'Force regeneration even if values.yaml has not changed'
+        required: false
+        type: boolean
+        default: false
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  generate-schema:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    # Skip if the commit was made by github-actions bot to prevent infinite loops
+    if: github.actor != 'github-actions[bot]'
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Python
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+        with:
+          python-version: '3.11'
+
+      - name: Set up Helm
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1
+        with:
+          version: 'v3.19.2'
+
+      - name: Install helm-schema plugin
+        run: |
+          set -e
+          # Check if plugin is already installed
+          if helm plugin list | grep -q "schema"; then
+            echo "Plugin already installed"
+            helm plugin list | grep "schema"
+          else
+            echo "Installing helm-values-schema-json plugin..."
+            helm plugin install https://github.com/losisin/helm-values-schema-json.git --version v1.9.2
+          fi
+
+          # Verify plugin installation
+          echo "Verifying plugin installation..."
+          helm plugin list
+          if ! helm plugin list | grep -q "schema"; then
+            echo "ERROR: Plugin installation failed"
+            exit 1
+          fi
+
+          echo "Plugin installed successfully"
+
+      - name: Determine charts to process
+        id: determine-charts
+        run: |
+          set -e
+
+          # Function to get all charts except 'common'
+          get_all_charts() {
+            find charts -mindepth 1 -maxdepth 1 -type d ! -name 'common' -exec basename {} \; | sort
+          }
+
+          # For workflow_dispatch with specific charts
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ -n "${{ github.event.inputs.charts }}" ]; then
+            echo "Manual trigger with specific charts: ${{ github.event.inputs.charts }}"
+            CHARTS="${{ github.event.inputs.charts }}"
+            echo "charts=$CHARTS" >> $GITHUB_OUTPUT
+            echo "mode=manual-specific" >> $GITHUB_OUTPUT
+
+          # For workflow_dispatch with force regenerate all
+          elif [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ "${{ github.event.inputs.force_regenerate }}" = "true" ]; then
+            echo "Manual trigger: force regenerate all charts"
+            CHARTS=$(get_all_charts | tr '\n' ',' | sed 's/,$//')
+            echo "charts=$CHARTS" >> $GITHUB_OUTPUT
+            echo "mode=manual-all" >> $GITHUB_OUTPUT
+
+          # For push/PR events - detect changed charts
+          else
+            echo "Detecting changed charts from git diff"
+
+            if [ "${{ github.event_name }}" = "pull_request" ]; then
+              BASE_REF="${{ github.event.pull_request.base.sha }}"
+            else
+              BASE_REF="${{ github.event.before }}"
+            fi
+
+            # Get changed values.yaml files
+            CHANGED_FILES=$(git diff --name-only "$BASE_REF" HEAD -- 'charts/**/values.yaml' || echo "")
+
+            if [ -z "$CHANGED_FILES" ]; then
+              echo "No values.yaml files changed"
+              echo "charts=" >> $GITHUB_OUTPUT
+              echo "mode=none" >> $GITHUB_OUTPUT
+            else
+              echo "Changed values.yaml files:"
+              echo "$CHANGED_FILES"
+
+              # Extract chart names from changed files
+              CHARTS=$(echo "$CHANGED_FILES" | grep -o 'charts/[^/]*' | cut -d/ -f2 | sort -u | grep -v '^common$' | tr '\n' ',' | sed 's/,$//')
+
+              if [ -z "$CHARTS" ]; then
+                echo "Only common chart changed, skipping schema generation"
+                echo "charts=" >> $GITHUB_OUTPUT
+                echo "mode=none" >> $GITHUB_OUTPUT
+              else
+                echo "Charts to process: $CHARTS"
+                echo "charts=$CHARTS" >> $GITHUB_OUTPUT
+                echo "mode=auto" >> $GITHUB_OUTPUT
+              fi
+            fi
+          fi
+
+      - name: Generate schema for charts
+        if: steps.determine-charts.outputs.charts != ''
+        run: |
+          set -e
+
+          CHARTS="${{ steps.determine-charts.outputs.charts }}"
+          IFS=',' read -ra CHART_ARRAY <<< "$CHARTS"
+
+          echo "Generating schemas for: ${CHART_ARRAY[*]}"
+
+          SUCCESS_COUNT=0
+          FAIL_COUNT=0
+          FAILED_CHARTS=""
+
+          for chart in "${CHART_ARRAY[@]}"; do
+            chart=$(echo "$chart" | xargs) # trim whitespace
+
+            if [ -z "$chart" ]; then
+              continue
+            fi
+
+            echo "Processing chart: $chart"
+            CHART_DIR="charts/$chart"
+
+            if [ ! -d "$CHART_DIR" ]; then
+              echo "Warning: Chart directory not found: $CHART_DIR"
+              FAIL_COUNT=$((FAIL_COUNT + 1))
+              FAILED_CHARTS="$FAILED_CHARTS $chart"
+              continue
+            fi
+
+            if [ ! -f "$CHART_DIR/values.yaml" ]; then
+              echo "Warning: values.yaml not found in $CHART_DIR"
+              FAIL_COUNT=$((FAIL_COUNT + 1))
+              FAILED_CHARTS="$FAILED_CHARTS $chart"
+              continue
+            fi
+
+            echo "Generating schema for $chart..."
+            if helm schema -input "$CHART_DIR/values.yaml" -output "$CHART_DIR/values.schema.json" -draft 7; then
+              echo "Successfully generated schema for $chart"
+              SUCCESS_COUNT=$((SUCCESS_COUNT + 1))
+            else
+              echo "Failed to generate schema for $chart"
+              FAIL_COUNT=$((FAIL_COUNT + 1))
+              FAILED_CHARTS="$FAILED_CHARTS $chart"
+            fi
+          done
+
+          echo ""
+          echo "Summary:"
+          echo "  Success: $SUCCESS_COUNT"
+          echo "  Failed: $FAIL_COUNT"
+
+          if [ $FAIL_COUNT -gt 0 ]; then
+            echo "  Failed charts:$FAILED_CHARTS"
+          fi
+
+          echo "success_count=$SUCCESS_COUNT" >> $GITHUB_ENV
+          echo "fail_count=$FAIL_COUNT" >> $GITHUB_ENV
+
+      - name: Check for schema changes
+        if: steps.determine-charts.outputs.charts != ''
+        id: check-changes
+        run: |
+          if git status --porcelain | grep -q 'values.schema.json'; then
+            echo "has_changes=true" >> $GITHUB_OUTPUT
+            echo "Schema files have been updated"
+            git status --porcelain | grep 'values.schema.json'
+          else
+            echo "has_changes=false" >> $GITHUB_OUTPUT
+            echo "No schema changes detected"
+          fi
+
+      - name: Debug commit conditions
+        if: steps.determine-charts.outputs.charts != ''
+        run: |
+          echo "Debug information for commit step:"
+          echo "  github.event_name: ${{ github.event_name }}"
+          echo "  github.ref: ${{ github.ref }}"
+          echo "  has_changes: ${{ steps.check-changes.outputs.has_changes }}"
+          echo "  Should commit to main: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main' && steps.check-changes.outputs.has_changes == 'true' }}"
+
+      - name: Create PR for schema updates (push to main)
+        if: |
+          (github.event_name == 'push' || github.event_name == 'workflow_dispatch') &&
+          github.ref == 'refs/heads/main' &&
+          steps.check-changes.outputs.has_changes == 'true'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          git config user.name 'github-actions[bot]'
+          git config user.email 'github-actions[bot]@users.noreply.github.com'
+
+          # Create a new branch for the schema updates
+          BRANCH_NAME="auto/schema-update-$(date +%s)"
+          git checkout -b "$BRANCH_NAME"
+
+          git add charts/*/values.schema.json
+
+          git commit -m "chore: auto-generate values.schema.json for updated charts" \
+            -m "Automatically generated JSON schemas for Helm values files." \
+            -m "" \
+            -m "Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>"
+
+          # Push the branch
+          git push origin "$BRANCH_NAME"
+
+          # Create a pull request
+          gh pr create \
+            --title "chore: auto-generate values.schema.json" \
+            --body "This PR contains automatically generated JSON schemas for Helm values files.
+
+          ## Changes
+          - Auto-generated \`values.schema.json\` files for charts with updated \`values.yaml\`
+
+          ## Notes
+          - This PR was automatically created by the schema generation workflow
+          - Please review and merge if the changes look correct
+          - The workflow will not run again on this bot's commits to prevent loops
+
+          ---
+          🤖 Generated by [generate-schema workflow](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})" \
+            --base main \
+            --head "$BRANCH_NAME"
+
+      - name: Commit schema updates to PR branch
+        if: |
+          github.event_name == 'pull_request' &&
+          steps.check-changes.outputs.has_changes == 'true'
+        run: |
+          git config user.name 'github-actions[bot]'
+          git config user.email 'github-actions[bot]@users.noreply.github.com'
+
+          git add charts/*/values.schema.json
+
+          git commit -m "chore: auto-generate values.schema.json" \
+            -m "Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>" || echo "No changes to commit"
+
+          # Push to PR branch
+          git push origin HEAD:${{ github.head_ref }}
+
+      - name: Commit schema updates to current branch (workflow_dispatch on non-main)
+        if: |
+          github.event_name == 'workflow_dispatch' &&
+          github.ref != 'refs/heads/main' &&
+          steps.check-changes.outputs.has_changes == 'true'
+        run: |
+          git config user.name 'github-actions[bot]'
+          git config user.email 'github-actions[bot]@users.noreply.github.com'
+
+          git add charts/*/values.schema.json
+
+          git commit -m "chore: auto-generate values.schema.json" \
+            -m "Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>"
+
+          # Push to current branch
+          git push origin HEAD:${{ github.ref }}
+
+      - name: Generate job summary
+        if: steps.determine-charts.outputs.charts != ''
+        run: |
+          echo "## 📋 Schema Generation Summary" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+
+          if [ "${{ steps.determine-charts.outputs.mode }}" = "none" ]; then
+            echo "No charts required schema generation." >> $GITHUB_STEP_SUMMARY
+          else
+            echo "**Mode:** ${{ steps.determine-charts.outputs.mode }}" >> $GITHUB_STEP_SUMMARY
+            echo "**Charts processed:** ${{ steps.determine-charts.outputs.charts }}" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "**Results:**" >> $GITHUB_STEP_SUMMARY
+            echo "- ✅ Success: ${success_count}" >> $GITHUB_STEP_SUMMARY
+            echo "- ❌ Failed: ${fail_count}" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+
+            if [ "${{ steps.check-changes.outputs.has_changes }}" = "true" ]; then
+              echo "**Status:** Schema files updated and committed" >> $GITHUB_STEP_SUMMARY
+            else
+              echo "**Status:** No schema changes detected" >> $GITHUB_STEP_SUMMARY
+            fi
+          fi