#22 chart testing pr pipeline

update libcrypte and libssl

.github/workflows/test-and-lint.yml

@@ -0,0 +1,45 @@
+name: Lint and Test Charts
+
+on: pull_request
+
+jobs:
+  lint-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.11.2
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+          check-latest: true
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.4.0
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Run chart-testing (lint)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct lint --target-branch ${{ github.event.repository.default_branch }}
+
+      - name: Create kind cluster
+        if: steps.list-changed.outputs.changed == 'true'
+        uses: helm/kind-action@v1.4.0
+
+      - name: Run chart-testing (install)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct install --target-branch ${{ github.event.repository.default_branch }}

Dockerfile

@@ -16,6 +16,7 @@ LABEL org.opencontainers.image.licenses=MIT
 ARG PYTHON_VERSION=3.10.11-r0
 ARG PIP_VERSION=22.3.1-r1
 ARG GCOMPAT_VERSION=1.1.0-r0
+ARG LIBCRYPTO_VERSION=3.0.8-r4
 
 COPY --from=builder /tmp/bw /usr/local/bin/bw
 COPY requirements.txt requirements.txt
@@ -26,7 +27,7 @@ RUN set -eux; \
     mkdir -p /home/bw-operator; \
     chown -R bw-operator /home/bw-operator; \
     chmod +x /usr/local/bin/bw; \
-    apk add gcc musl-dev libstdc++ gcompat=${GCOMPAT_VERSION} python3=${PYTHON_VERSION} py3-pip=${PIP_VERSION}; \
+    apk add gcc musl-dev libstdc++ gcompat=${GCOMPAT_VERSION} python3=${PYTHON_VERSION} py3-pip=${PIP_VERSION} libcrypto3=${LIBCRYPTO_VERSION} libssl3=${LIBCRYPTO_VERSION}; \
     pip install -r requirements.txt --no-warn-script-location; \
     apk del --purge gcc musl-dev libstdc++;
 

charts/bitwarden-crd-operator/Chart.yaml

@@ -4,9 +4,9 @@ description: Deploy the Bitwarden CRD Operator
 
 type: application
 
-version: "v0.7.0"
+version: "v0.7.1"
 
-appVersion: "0.6.0"
+appVersion: "0.6.1"
 
 keywords:
   - operator
@@ -93,9 +93,12 @@ annotations:
                 enabled: true  
   artifacthub.io/license: MIT
   artifacthub.io/operator: "true"  
+  artifacthub.io/containsSecurityUpdates: "true"
   artifacthub.io/changes: |
-    - kind: changed
-      description: "Use JSON output mode (--response) of Bitwarden CLI."
+    - kind: fixed
+      description: "Fixed fields lookup"
+    - kind: fixed
+      description: "Fixed CVE-2023-1255 in base image"
   artifacthub.io/images: |
     - name: bitwarden-crd-operator
-      image: ghcr.io/lerentis/bitwarden-crd-operator:0.6.0
+      image: ghcr.io/lerentis/bitwarden-crd-operator:0.6.1

example.yaml

@@ -15,4 +15,18 @@ spec:
         secretScope: login
   id: "88781348-c81c-4367-9801-550360c21295"
   name: "test-secret"
+  namespace: "default"
+---
+apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
+kind: BitwardenSecret
+metadata:
+  name: test-scope
+spec:
+  content:
+    - element:
+        secretName: public_key
+        secretRef: pubKey 
+        secretScope: fields
+  id: "466fc4b0-ffca-4444-8d88-b59d4de3d928"
+  name: "test-scope"
   namespace: "default"

requirements.txt

@@ -1,3 +1,3 @@
-kopf==1.36.0
+kopf==1.36.1
 kubernetes==26.1.0
 Jinja2==3.1.2

src/utils/utils.py

@@ -46,7 +46,7 @@ def parse_login_scope(secret_json, key):
 
 
 def parse_fields_scope(secret_json, key):
-    if "fields" not in secret_json:
+    if "fields" not in secret_json["data"]:
         return None
     for entry in secret_json["data"]["fields"]:
         if entry['name'] == key: