feat: Helm CD (#10079)

Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
2026-03-22 03:08:23 +00:00 · 2026-03-11 11:07:22 +02:00
parent e9855bbf2f
commit e40beee315
4 changed files with 105 additions and 0 deletions
--- a/.github/workflows/helm-chart-checks.yml
+++ b/.github/workflows/helm-chart-checks.yml
@@ -0,0 +1,48 @@
+name: 'Helm: Chart Checks'
+# DISCLAIMER: This workflow is not maintained by the Prowler team. Refer to contrib/k8s/helm/prowler-app for the source code.
+on:
+  push:
+    branches:
+      - 'master'
+      - 'v5.*'
+    paths:
+      - 'contrib/k8s/helm/prowler-app/**'
+  pull_request:
+    branches:
+      - 'master'
+      - 'v5.*'
+    paths:
+      - 'contrib/k8s/helm/prowler-app/**'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  CHART_PATH: contrib/k8s/helm/prowler-app
+
+jobs:
+  helm-lint:
+    if: github.repository == 'prowler-cloud/prowler'
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
+
+      - name: Set up Helm
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1
+
+      - name: Update chart dependencies
+        run: helm dependency update ${{ env.CHART_PATH }}
+
+      - name: Lint Helm chart
+        run: helm lint ${{ env.CHART_PATH }}
+
+      - name: Validate Helm chart template rendering
+        run: helm template prowler ${{ env.CHART_PATH }}
--- a/.github/workflows/helm-chart-release.yml
+++ b/.github/workflows/helm-chart-release.yml
@@ -0,0 +1,54 @@
+name: 'Helm: Chart Release'
+# DISCLAIMER: This workflow is not maintained by the Prowler team. Refer to contrib/k8s/helm/prowler-app for the source code.
+
+on:
+  release:
+    types:
+      - 'published'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+env:
+  CHART_PATH: contrib/k8s/helm/prowler-app
+
+jobs:
+  release-helm-chart:
+    if: github.repository == 'prowler-cloud/prowler'
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
+
+      - name: Set up Helm
+        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
+
+      - name: Set appVersion from release tag
+        run: |
+          RELEASE_TAG="${GITHUB_EVENT_RELEASE_TAG_NAME}"
+          echo "Setting appVersion to ${RELEASE_TAG}"
+          sed -i "s/^appVersion:.*/appVersion: \"${RELEASE_TAG}\"/" ${{ env.CHART_PATH }}/Chart.yaml
+        env:
+          GITHUB_EVENT_RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}
+
+      - name: Login to GHCR
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io -u ${GITHUB_ACTOR} --password-stdin
+
+      - name: Update chart dependencies
+        run: helm dependency update ${{ env.CHART_PATH }}
+
+      - name: Package Helm chart
+        run: helm package ${{ env.CHART_PATH }} --destination .helm-packages
+
+      - name: Push chart to GHCR
+        run: |
+          PACKAGE=$(ls .helm-packages/*.tgz)
+          helm push "$PACKAGE" oci://ghcr.io/${{ github.repository_owner }}/charts
--- a/contrib/k8s/helm/prowler-app/.gitignore
+++ b/contrib/k8s/helm/prowler-app/.gitignore
@@ -0,0 +1 @@
+charts/
--- a/contrib/k8s/helm/prowler-app/Chart.yaml
+++ b/contrib/k8s/helm/prowler-app/Chart.yaml
@@ -13,6 +13,8 @@ keywords:
  - gcp
  - kubernetes
 maintainers:
+  - name: Dani
+    email: andre.gomes@promptlyhealth.com
  - name: Mihai
    email: mihai.legat@gmail.com
 dependencies: