From 1c588f13ab74356241277d65322d1b9031c27e87 Mon Sep 17 00:00:00 2001 From: Campbell Pool Date: Tue, 24 Mar 2026 14:46:39 -0700 Subject: [PATCH 1/2] ci: add helm lint and template validation on PRs Runs helm lint and helm template for all charts on pull requests that touch files under charts/. Catches template rendering errors before merge. Uses the same Helm version (v3.12.0) and setup action as release.yaml. --- .github/workflows/ci.yaml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .github/workflows/ci.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..93d7163 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,34 @@ +name: CI + +on: + pull_request: + branches: + - main + paths: + - 'charts/**' + +jobs: + lint-and-template: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up Helm + uses: azure/setup-helm@v4 + with: + version: v3.12.0 + + - name: Lint charts + run: | + for chart in charts/*/; do + echo "=== Linting ${chart} ===" + helm lint "${chart}" + done + + - name: Template charts + run: | + for chart in charts/*/; do + echo "=== Templating ${chart} ===" + helm template test "${chart}" + done From 1a83f65c8604d0d3b3bb850acea8b2fd1937a643 Mon Sep 17 00:00:00 2001 From: Campbell Pool Date: Wed, 1 Apr 2026 16:35:58 -0700 Subject: [PATCH 2/2] ci: add explicit minimal permissions to CI workflow --- .github/workflows/ci.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 93d7163..caecf6c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -9,6 +9,9 @@ on: jobs: lint-and-template: + permissions: + contents: read + runs-on: ubuntu-latest steps: - name: Checkout