Merge branch 'master' into master

Signed-off-by: Marcel Birkner <[email protected]>

.github/workflows/release.yml

@@ -39,7 +39,7 @@ jobs:
           helm repo add falcosecurity https://falcosecurity.github.io/charts
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0
+        uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
         with:
           charts_dir: charts
         env:

.github/workflows/test.yml

@@ -20,7 +20,7 @@ jobs:
           python-version: '3.x'
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
+        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
 
       - name: Run chart-testing (lint)
         run: ct lint --config ct.yaml

README.md

@@ -12,6 +12,7 @@ For more information about installing and using Helm, see the
 ## Repository Structure
 
 This GitHub repository contains the source for the packaged and versioned charts released to [https://falcosecurity.github.io/charts](https://falcosecurity.github.io/charts) (our Helm Chart Repository).
+We also, are publishing the charts in a OCI Image and it is hosted in [GitHub Packages](https://github.com/orgs/falcosecurity/packages?repo_name=charts)
 
 The Charts in this repository are organized into folders: each directory that contains a `Chart.yaml` is a chart.
 
@@ -21,10 +22,10 @@ The Charts in the `master` branch (with a corresponding [GitHub release](https:/
 
 Charts currently available are listed below.
 
-- [falco](charts/falco)
-- [falco-exporter](charts/falco-exporter)
-- [falcosidekick](charts/falcosidekick)
-- [event-generator](charts/event-generator)
+- [falco](./charts/falco)
+- [falco-exporter](./charts/falco-exporter)
+- [falcosidekick](./charts/falcosidekick)
+- [event-generator](./charts/event-generator)
 
 ## Usage
 

charts/falco/CHANGELOG.md

@@ -3,6 +3,14 @@
 This file documents all notable changes to Falco Helm Chart. The release
 numbering uses [semantic versioning](http://semver.org).
 
+## v3.8.4
+
+* Upgrade Falco to 0.36.2: https://github.com/falcosecurity/falco/releases/tag/0.36.2
+
+## v3.8.3
+
+* Upgrade falcosidekick chart to `v0.7.7`.
+
 ## v3.8.2
 
 * Upgrade falcosidekick chart to `v0.7.6`.

charts/falco/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: falco
-version: 3.8.2
-appVersion: "0.36.1"
+version: 3.8.4
+appVersion: "0.36.2"
 description: Falco
 keywords:
   - monitoring
@@ -19,6 +19,6 @@ maintainers:
     email: [email protected]
 dependencies:
   - name: falcosidekick
-    version: "0.7.6"
+    version: "0.7.7"
     condition: falcosidekick.enabled
     repository: https://falcosecurity.github.io/charts

charts/falcosidekick/CHANGELOG.md

@@ -5,6 +5,10 @@ numbering uses [semantic versioning](http://semver.org).
 
 Before release 0.1.20, the helm chart can be found in `falcosidekick` [repository](https://github.com/falcosecurity/falcosidekick/tree/master/deploy/helm/falcosidekick).
 
+## 0.7.8
+
+* Fix the condition for missing cert files
+
 ## 0.7.7
 
 * Support extraArgs in the helm chart

charts/falcosidekick/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: 2.28.0
 description: Connect Falco to your ecosystem
 icon: https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png
 name: falcosidekick
-version: 0.7.7
+version: 0.7.8
 keywords:
   - monitoring
   - security

charts/falcosidekick/templates/deployment.yaml

@@ -114,6 +114,7 @@ spec:
               value: {{ .Values.config.mutualtlsclient.keyfile | quote }}
             - name: MUTUALTLSCLIENT_CACERTFILE
               value: {{ .Values.config.mutualtlsclient.cacertfile | quote }}
+            {{-  if .Values.config.tlsserver.deploy }}  
             - name: TLSSERVER_DEPLOY
               value: {{ .Values.config.tlsserver.deploy | quote }}
             - name: TLSSERVER_CERTFILE
@@ -128,6 +129,7 @@ spec:
               value: {{ .Values.config.tlsserver.notlsport | quote }}
             - name: TLSSERVER_NOTLSPATHS
               value: {{ .Values.config.tlsserver.notlspaths | quote }}
+            {{- end }}
 
             {{- if .Values.config.extraEnv }}
             {{ toYaml .Values.config.extraEnv | nindent 12 }}

release.md

@@ -1,6 +1,6 @@
 # Release Process
 
-Our release process is automated using [CircleCI](https://app.circleci.com/pipelines/github/falcosecurity/charts), [helm](https://github.com/helm/helm), and [chart-releaser](https://github.com/helm/chart-releaser). You can find the full script [here](.circleci/release.sh) and more details under the [Automation explained](#Automation-explained) section. Finally, the GitHub pages feature is used to host our Helm repo.
+Our release process is automated using [GitHub Actions](.github/workflows/release.yml), [helm](https://github.com/helm/helm), and [chart-releaser](https://github.com/helm/chart-releaser). More details under the [Automation explained](#Automation-explained) section. Finally, the GitHub pages feature is used to host our Helm repo.
 
 The following process describes how to release just one chart. Since this repository can host multiple charts, the same instructions apply for any of them.
 
@@ -20,31 +20,17 @@ Once the CI has done its job, a new tag is live on [GitHub](https://github.com/f
 
 ## Automation explained
 
-By convention, we assume that each top-level directory of the [falcosecury/charts](https://github.com/falcosecurity/charts) repository that contains a `Chart.yaml` is a Helm chart source directory. We may extend it also to support those charts that have source files in a different repository.
+By convention, we assume that each top-level directory of the [falcosecury/charts/charts](https://github.com/falcosecurity/charts/tree/master/charts) repository that contains a `Chart.yaml` is a Helm chart source directory. We may extend it also to support those charts that have source files in a different repository.
 
 The automated release process starts when any modification added to `master` triggers CircleCI. It ends with a GitHub Pages job that publishes the updated index of our Helm repo.
 
-### CircleCI workflow
+### GitHub Actions workflow
 
-The CI is configured to [install the required tools](.circleci/install_tools.sh) then to runs [.circleci/release.sh](.circleci/release.sh) script.
+We have two main workflows:
 
-The script performs the following actions:
-
-- for each `*/Chart.yaml` file found:
-  - extract the `version` and the `name` attributes
-  - check if a git tag in the form `<name>-<version>` (e.g. `falco-1.1.10`) is already present
-    - if yes, skip the chart
-    - otherwise, add the chart to the list of charts to be released
-- if the list is empty, the process stops
-- for each chart in the resulting list:
-    - create the chart package (using `helm package`)
-- run ([chart-releaser](https://github.com/helm/chart-releaser)) to create a GitHub release and to upload the package for each packaged created by the previous step
-- run ([chart-releaser](https://github.com/helm/chart-releaser)) to update the `index.yaml`, then commit and push it to the `gh-pages` branch
-
-**N.B.**
-- The name and the version of the chart are extracted from `Chart.yaml`, thus the directory name is not relevant in this process.
-- The above process can release multiple charts simultaneously.
+- [test](.github/workflows/test.yml): This will check the chart lint and will also run tests to validate if the chart can be installed, if the chart have tests those will run as well.
+- [release](.github/workflows/release.yml): This will run everything a Pull Requests of a chart is merged, it will update the index and generate the package, and publish it.
 
 ### GitHub Pages job
 
-Eventually, the GitHub pages job will publish the updated index to [https://falcosecurity.github.io/charts/index.yaml](https://falcosecurity.github.io/charts/index.yaml), and the process completes.
+Eventually, the GitHub pages job will publish the updated index to [https://falcosecurity.github.io/charts/index.yaml](https://falcosecurity.github.io/charts/index.yaml), and the process completes.