Only check one level of children

davidcollom · davidcollom · commit 484e5ad7a719 · 2025-04-14T11:50:52.000+01:00
diff --git a/.github/workflows/helm-test.yaml b/.github/workflows/helm-test.yaml
@@ -12,37 +12,39 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  setup:
-    name: "Checkout and Setup"
+  lint:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
+    name: Lint Helm Chart
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
       - name: Setup Golang
         uses: actions/setup-go@v5
         with:
           go-version-file: go.mod
+
       - uses: azure/setup-helm@v4
-        with:
-          token: ${{ github.token }}
 
-  lint:
-    needs:
-      - setup
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
-    name: Lint Helm Chart
-    runs-on: ubuntu-latest
-    steps:
       - run: helm lint deploy/charts/version-checker
 
   test:
-    needs:
-      - setup
     name: Run unit tests for Helm Chart
     runs-on: ubuntu-latest
     steps:
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Setup Golang
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - uses: azure/setup-helm@v4
+
       - name: Install helm Plugins
         run: |
           if [ ! -e "${HELM_PLUGINS}/helm-unittest" ]; then
@@ -58,13 +60,14 @@ jobs:
           helm unittest deploy/charts/version-checker
 
   security_policies:
-    needs:
-      - setup
     name: Verify that the Helm chart complies with the pod security standards
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
       - name: Install Kyverno CLI
         uses: kyverno/action-install-cli@v0.2.0
-      - run: kyverno apply -p https://github.com/kyverno/policies/pod-security/restricted --git-branch main --resource <(helm template deploy/charts/version-checker/)
+
+      - run: |-
+          kyverno apply -p https://github.com/kyverno/policies/pod-security/restricted --git-branch main --resource <(helm template deploy/charts/version-checker/)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -12,9 +12,14 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  setup:
-    name: "Checkout and Setup"
+  prepare-release:
+    # Don't push back to a tag!
+    if: ${{ !startsWith(github.ref, 'refs/tags/') }}
+    name: Prepare release
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      contents: write
     steps:
       - name: Checkout code
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
@@ -23,17 +28,6 @@ jobs:
         with:
           go-version-file: go.mod
 
-  prepare-release:
-    # Don't push back to a tag!
-    if: ${{ !startsWith(github.ref, 'refs/tags/') }}
-    name: Prepair release
-    needs:
-      - setup
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
-      contents: write
-    steps:
       - uses: bhowell2/github-substring-action@1.0.2
         id: release_number
         with:
@@ -121,10 +115,11 @@ jobs:
           allow_no_diff: false
 
   helm-release:
-    needs:
-      - setup
     runs-on: ubuntu-latest
     steps:
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
       - name: checkout jetstack-charts
         uses: actions/checkout@v4
         with:
@@ -160,15 +155,15 @@ jobs:
           draft: ${{ !startsWith(github.ref, 'refs/tags/') }}
 
       - name: Push to Quay
-        run: |
-          CHART_VERSION=$(echo "${{ github.ref_name }}"
-          helm push jetstack-charts/charts/version-checker-${CHART_VERSION}.tgz oci://quay.io/quay.io/jetstack/version-checker/chart
+        run: |-
+          helm push jetstack-charts/charts/version-checker-${{ github.ref_name }}.tgz oci://quay.io/quay.io/jetstack/version-checker/chart
 
   docker-release:
     runs-on: ubuntu-latest
-    needs:
-      - setup
     steps:
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
 
diff --git a/pkg/api/types.go b/pkg/api/types.go
@@ -26,7 +26,7 @@ func (i *ImageTag) MatchesSHA(sha string) bool {
 		return true
 	}
 	for _, known := range i.Children {
-		if known.MatchesSHA(sha) {
+		if known.SHA == sha {
 			return true
 		}
 	}

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ func (i *ImageTag) MatchesSHA(sha string) bool {`
`26`	`26`	`return true`
`27`	`27`	`}`
`28`	`28`	`for _, known := range i.Children {`
`29`		`- if known.MatchesSHA(sha) {`
	`29`	`+ if known.SHA == sha {`
`30`	`30`	`return true`
`31`	`31`	`}`
`32`	`32`	`}`