Kubernetes: Enhance KubeCheck workflow to detect valid Kubernetes YAM… #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: KubeCheck 🔍 | |
| on: | |
| push: | |
| paths: | |
| - '**/*.yaml' | |
| - '**/*.yml' | |
| jobs: | |
| fetch_commit_info: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| sha: ${{ steps.meta.outputs.sha }} | |
| message: ${{ steps.meta.outputs.message }} | |
| timestamp: ${{ steps.meta.outputs.timestamp }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Get commit metadata | |
| id: meta | |
| run: | | |
| echo "sha=${GITHUB_SHA}" >> "$GITHUB_OUTPUT" | |
| echo "message=$(git log -1 --pretty=%s)" >> "$GITHUB_OUTPUT" | |
| echo "timestamp=$(git log -1 --format=%cI)" >> "$GITHUB_OUTPUT" | |
| validate_kubeconform: | |
| runs-on: ubuntu-latest | |
| needs: fetch_commit_info | |
| outputs: | |
| summary: ${{ steps.kubeval.outputs.summary || steps.kubeval_skip.outputs.summary }} | |
| results: ${{ steps.kubeval.outputs.results || steps.kubeval_skip.outputs.results }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Install kubeconform | |
| run: | | |
| curl -L https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-amd64.tar.gz | tar xz | |
| sudo mv kubeconform /usr/local/bin/ | |
| - name: Detect changed Kubernetes YAML files | |
| id: detect_changes | |
| run: | | |
| git fetch origin ${{ github.event.before }} | |
| CHANGED_FILES=$(git diff --name-only ${{ github.event.before }} ${{ github.sha }} | grep -E '\.ya?ml$' || true) | |
| echo "Detected YAML files:" | |
| echo "$CHANGED_FILES" | |
| # Filter for real Kubernetes manifests (contains kind + apiVersion) | |
| VALID_KUBE_FILES="" | |
| for file in $CHANGED_FILES; do | |
| if [[ -f "$file" ]] && grep -q '^\s*apiVersion:' "$file" && grep -q '^\s*kind:' "$file"; then | |
| VALID_KUBE_FILES+="$file"$'\n' | |
| fi | |
| done | |
| if [[ -z "$VALID_KUBE_FILES" ]]; then | |
| echo "No valid Kubernetes manifests found. Skipping validation." | |
| echo "changed=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "$VALID_KUBE_FILES" > changed_yamls.txt | |
| echo "changed=true" >> $GITHUB_OUTPUT | |
| echo "Files to validate:" | |
| cat changed_yamls.txt | |
| fi | |
| - name: Validate Kubernetes YAML | |
| id: kubeval | |
| if: steps.detect_changes.outputs.changed == 'true' | |
| run: | | |
| set +e | |
| RESULTS="" | |
| PASS_COUNT=0 | |
| FAIL_COUNT=0 | |
| while IFS= read -r file; do | |
| output=$(kubeconform -strict -verbose "$file" 2>&1) | |
| if echo "$output" | grep -q "PASS"; then | |
| emoji="✅" | |
| PASS_COUNT=$((PASS_COUNT + 1)) | |
| else | |
| emoji="❌" | |
| FAIL_COUNT=$((FAIL_COUNT + 1)) | |
| fi | |
| RESULTS="${RESULTS}${emoji} \`${file}\`\n${output}\n\n" | |
| done < changed_yamls.txt | |
| SUMMARY="✅ Passed: ${PASS_COUNT} | ❌ Failed: ${FAIL_COUNT}" | |
| echo "$RESULTS" > validation_output.txt | |
| echo "results<<EOF" >> $GITHUB_OUTPUT | |
| echo "$RESULTS" >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| echo "summary=${SUMMARY}" >> $GITHUB_OUTPUT | |
| echo -e "$SUMMARY" | |
| echo -e "$RESULTS" | |
| - name: Set summary for skipped validation | |
| if: steps.detect_changes.outputs.changed == 'false' | |
| id: kubeval_skip | |
| run: | | |
| echo "summary=✅ No valid Kubernetes YAML files changed. Skipped validation." >> $GITHUB_OUTPUT | |
| echo "results=" >> $GITHUB_OUTPUT | |
| - name: Upload validation results | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: validation-results | |
| path: validation_output.txt | |
| - name: Fail if any errors | |
| if: steps.detect_changes.outputs.changed == 'true' | |
| run: | | |
| if grep -q "❌" validation_output.txt; then | |
| echo "Validation failed." | |
| exit 1 | |
| fi | |
| post_comment: | |
| runs-on: ubuntu-latest | |
| needs: [fetch_commit_info, validate_kubeconform] | |
| if: always() | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Comment on commit | |
| working-directory: ${{ github.workspace }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
| SHA: ${{ needs.fetch_commit_info.outputs.sha }} | |
| COMMIT_MSG: ${{ needs.fetch_commit_info.outputs.message }} | |
| COMMIT_TIME: ${{ needs.fetch_commit_info.outputs.timestamp }} | |
| SUMMARY: ${{ needs.validate_kubeconform.outputs.summary }} | |
| RESULTS: ${{ needs.validate_kubeconform.outputs.results }} | |
| REPO: ${{ github.repository }} | |
| run: chmod +x .github/scripts/comment-kubecheck.sh && bash .github/scripts/comment-kubecheck.sh |