Bump github/super-linter from 6 to 7 (#291)

* Bump github/super-linter from 6 to 7 * Update Zammad image to latest patchlevel Bumps [github/super-linter](https://github.com/github/super-linter) from 6 to 7. - [Release notes](https://github.com/github/super-linter/releases) - [Changelog](https://github.com/github/super-linter/blob/main/CHANGELOG.md) - [Commits](github/super-linter@v6...v7) --- updated-dependencies: - dependency-name: github/super-linter dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Apply configuration changes --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Martin Gruner <mg@zammad.com>
zammad · Sep 5, 2024 · 48d187f · 48d187f
1 parent ca261f2
commit 48d187f
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 3 deletions.
diff --git a/.github/linters/.checkov.yaml b/.github/linters/.checkov.yaml
@@ -0,0 +1,27 @@
+---
+# Don't report passed checks in output
+quiet: true
+
+skip-path:
+  - zammad/templates/tests
+  - zammad/ci
+  - zammad/charts
+
+skip-check:
+  # These checks don't seem to make sense with a / our Helm chart
+  - CKV_K8S_21  # "The default namespace should not be used"
+  - CKV_K8S_10  # "CPU requests should be set"
+  - CKV_K8S_11  # "CPU limits should be set"
+  - CKV_K8S_15  # "Image Pull Policy should be Always"
+  - CKV_K8S_12  # "Memory requests should be set"
+  - CKV_K8S_13  # "Memory limits should be set"
+  - CKV_K8S_43  # "Image should use digest"
+  - CKV_K8S_38  # "Ensure that Service Account Tokens are only mounted where necessary"
+  - CKV_K8S_20  # "Containers should not run with allowPrivilegeEscalation"
+  - CKV_K8S_16  # "Container should not be privileged"
+  - CKV_K8S_40  # "Containers should run as a high UID to avoid host conflict"
+  - CKV_K8S_23  # "Minimize the admission of root containers"
+  - CKV_K8S_22  # "Use read-only filesystem for containers where possible"
+
+  # Maybe consider for improvement
+  - CKV_K8S_35  # "Prefer using secrets as files over secrets as environment variables"
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -23,7 +23,7 @@ jobs:
           fetch-depth: 0
 
       - name: Lint Code Base
-        uses: github/super-linter/slim@v6
+        uses: github/super-linter/slim@v7
         env:
           DEFAULT_BRANCH: main
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -32,6 +32,7 @@ jobs:
           VALIDATE_JSCPD: false
           VALIDATE_KUBERNETES_KUBECONFORM: false
           VALIDATE_YAML: false
+          VALIDATE_YAML_PRETTIER: false
 
   lint-chart:
     runs-on: ubuntu-22.04

diff --git a/zammad/Chart.yaml b/zammad/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: zammad
-version: 12.3.5
-appVersion: 6.3.1-130
+version: 12.3.6
+appVersion: 6.3.1-144
 description: Zammad is a web based open source helpdesk/customer support system with many features to manage customer communication via several channels like telephone, facebook, twitter, chat and e-mails.
 home: https://zammad.org
 icon: https://raw.githubusercontent.com/zammad/zammad-documentation/main/images/zammad_logo_600x520.png

diff --git a/zammad/templates/deployment-scheduler.yaml b/zammad/templates/deployment-scheduler.yaml
@@ -7,6 +7,8 @@ metadata:
     app.kubernetes.io/component: zammad-scheduler
   annotations:
     {{- include "zammad.annotations" . | nindent 4 }}
+    checkov.io/skip1: CKV_K8S_8=Liveness Probe Should be Configured - not possible with scheduler
+    checkov.io/skip2: CKV_K8S_9=Readiness Probe Should be Configured - not possible with scheduler
 spec:
   replicas: 1 # Not scalable, may only run once per cluster.
   selector: