From a720f9424d0580c2da515008467cea0f4184b309 Mon Sep 17 00:00:00 2001
From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com>
Date: Tue, 4 Aug 2020 16:55:27 +0200
Subject: [PATCH 1/3] Add GitHub CI Config to package and publish the helm
 charts

---
 .github/workflows/helm-charts.yaml | 60 ++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 .github/workflows/helm-charts.yaml

diff --git a/.github/workflows/helm-charts.yaml b/.github/workflows/helm-charts.yaml
new file mode 100644
index 00000000..0ce9475a
--- /dev/null
+++ b/.github/workflows/helm-charts.yaml
@@ -0,0 +1,60 @@
+on:
+  release:
+    types: [published]
+name: "Publish Helm Charts"
+jobs:
+  helm:
+    name: Package and Publish
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: "Install yq"
+        run: |
+          sudo snap install yq
+      - name: Parse Tag 
+        run: echo ::set-env name=RELEASE_VERSION::${GITHUB_REF#refs/*/}
+      - name: "Publish Helm Chart"
+        env:
+          HELM_REGISTRY: https://charts.securecodebox.io
+          USERNAME: ${{ secrets.HELM_REGISTRY_USERNAME }}
+          PASSWORD: ${{ secrets.HELM_REGISTRY_PASSWORD }}
+        run: |
+          package_publish () {
+            echo "Linting Helm Chart"
+            helm lint .
+            echo "Packaging Helm Chart"
+            helm package --version $RELEASE_VERSION .
+            echo "Publising Helm Chart"
+            curl --data-binary "@$(cat Chart.yaml | yq read - name)-${RELEASE_VERSION}.tgz" "${HELM_REGISTRY}/api/charts"
+          }
+
+          # Publishing
+
+          # Operator
+          cd operator
+          package_publish
+          cd -
+
+          # Scanner
+          for dir in scanners/*/
+          do
+            cd $dir
+            echo "Processing Chart in: $dir"
+            if [ -f Chart.yaml ]; then
+                package_publish
+            fi
+            # cd back
+            cd -
+          done
+
+          # Hooks
+          for dir in hooks/*/
+          do
+            cd $dir
+            echo "Processing Chart in: $dir"
+            if [ -f Chart.yaml ]; then
+                package_publish
+            fi
+            # cd back
+            cd -
+          done
\ No newline at end of file

From a001c6d1b407cabc783198e3bd6423e0367f49fd Mon Sep 17 00:00:00 2001
From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com>
Date: Wed, 5 Aug 2020 14:15:11 +0200
Subject: [PATCH 2/3] Update / correct versions of demo apps

---
 demo-apps/bodgeit/Chart.yaml    | 2 +-
 demo-apps/juice-shop/Chart.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/demo-apps/bodgeit/Chart.yaml b/demo-apps/bodgeit/Chart.yaml
index b31df8ec..2c8173c8 100644
--- a/demo-apps/bodgeit/Chart.yaml
+++ b/demo-apps/bodgeit/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 version: 0.1.0
 type: application
-appVersion: "latest"
+appVersion: "v1.4.0"
 name: bodgeit
 description: "The BodgeIt Store is a vulnerable web app which is aimed at people who are new to pen testing"
 home: https://github.com/psiinon/bodgeit
diff --git a/demo-apps/juice-shop/Chart.yaml b/demo-apps/juice-shop/Chart.yaml
index eb4e4e89..2515627a 100644
--- a/demo-apps/juice-shop/Chart.yaml
+++ b/demo-apps/juice-shop/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 version: 0.1.0
-appVersion: "v10.0.0"
+appVersion: "v11.1.2"
 name: juice-shop
 description: "OWASP Juice Shop: Probably the most modern and sophisticated insecure web application"
 type: application

From e65c2139202839d879fc641ce94f3ff2ae8c8ad1 Mon Sep 17 00:00:00 2001
From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com>
Date: Wed, 5 Aug 2020 14:15:49 +0200
Subject: [PATCH 3/3] Use bash magic to publish charts in all folders with a
 Chart.yaml

---
 .github/workflows/helm-charts.yaml | 46 +++++++-----------------------
 1 file changed, 10 insertions(+), 36 deletions(-)

diff --git a/.github/workflows/helm-charts.yaml b/.github/workflows/helm-charts.yaml
index 0ce9475a..7773d5f7 100644
--- a/.github/workflows/helm-charts.yaml
+++ b/.github/workflows/helm-charts.yaml
@@ -19,42 +19,16 @@ jobs:
           USERNAME: ${{ secrets.HELM_REGISTRY_USERNAME }}
           PASSWORD: ${{ secrets.HELM_REGISTRY_PASSWORD }}
         run: |
-          package_publish () {
-            echo "Linting Helm Chart"
+          # Publish charts in all folders containing a `Chart.yaml` file
+          # https://github.com/koalaman/shellcheck/wiki/SC2044
+          find . -type f -name Chart.yaml -print0 | while IFS= read -r -d '' chart; do
+          (
+            dir="$(dirname "${chart}")"
+            cd "${dir}" || exit
+            echo "Processing Chart in $dir"
             helm lint .
-            echo "Packaging Helm Chart"
             helm package --version $RELEASE_VERSION .
-            echo "Publising Helm Chart"
-            curl --data-binary "@$(cat Chart.yaml | yq read - name)-${RELEASE_VERSION}.tgz" "${HELM_REGISTRY}/api/charts"
-          }
-
-          # Publishing
-
-          # Operator
-          cd operator
-          package_publish
-          cd -
-
-          # Scanner
-          for dir in scanners/*/
-          do
-            cd $dir
-            echo "Processing Chart in: $dir"
-            if [ -f Chart.yaml ]; then
-                package_publish
-            fi
-            # cd back
-            cd -
-          done
-
-          # Hooks
-          for dir in hooks/*/
-          do
-            cd $dir
-            echo "Processing Chart in: $dir"
-            if [ -f Chart.yaml ]; then
-                package_publish
-            fi
-            # cd back
-            cd -
+            NAME=$(yq read - name < Chart.yaml)
+            curl --silent --show-error --user "${USERNAME}:${PASSWORD}" --data-binary "@${NAME}-${RELEASE_VERSION}.tgz" "${HELM_REGISTRY}/api/charts"
+          )
           done
\ No newline at end of file