-
Notifications
You must be signed in to change notification settings - Fork 184
87 lines (78 loc) · 2.74 KB
/
kubecheck.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
name: KubeCheck 🔍
on:
push:
paths:
- '**/*.yaml'
- '**/*.yml'
jobs:
fetch_commit_info:
runs-on: ubuntu-latest
outputs:
sha: ${{ steps.meta.outputs.sha }}
message: ${{ steps.meta.outputs.message }}
timestamp: ${{ steps.meta.outputs.timestamp }}
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Get commit metadata
id: meta
run: |
echo "sha=${GITHUB_SHA}" >> "$GITHUB_OUTPUT"
echo "message=$(git log -1 --pretty=%s)" >> "$GITHUB_OUTPUT"
echo "timestamp=$(git log -1 --format=%cI)" >> "$GITHUB_OUTPUT"
validate_kubeconform:
runs-on: ubuntu-latest
needs: fetch_commit_info
outputs:
summary: ${{ steps.kubeval.outputs.summary }}
results: ${{ steps.kubeval.outputs.results }}
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Install kubeconform
run: |
curl -L https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-amd64.tar.gz | tar xz
sudo mv kubeconform /usr/local/bin/
- name: Validate Kubernetes YAML
id: kubeval
run: |
set +e
RESULTS=""
PASS_COUNT=0
FAIL_COUNT=0
for file in $(find . -name '*.yaml' -o -name '*.yml'); do
output=$(kubeconform -strict -verbose "$file" 2>&1)
if echo "$output" | grep -q "PASS"; then
emoji="✅"
PASS_COUNT=$((PASS_COUNT + 1))
else
emoji="❌"
FAIL_COUNT=$((FAIL_COUNT + 1))
fi
RESULTS="${RESULTS}${emoji} \`${file}\`\n${output}\n\n"
done
SUMMARY="✅ Passed: ${PASS_COUNT} | ❌ Failed: ${FAIL_COUNT}"
echo "$RESULTS" > validation_output.txt
echo "::set-output name=results::$RESULTS"
echo "::set-output name=summary::$SUMMARY"
- name: Fail if any errors
run: |
if grep -q "❌" validation_output.txt; then
echo "Validation failed."
exit 1
fi
post_comment:
runs-on: ubuntu-latest
needs: [fetch_commit_info, validate_kubeconform]
if: always()
steps:
- name: Comment on commit
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
SHA: ${{ needs.fetch_commit_info.outputs.sha }}
COMMIT_MSG: ${{ needs.fetch_commit_info.outputs.message }}
COMMIT_TIME: ${{ needs.fetch_commit_info.outputs.timestamp }}
SUMMARY: ${{ needs.validate_kubeconform.outputs.summary }}
RESULTS: ${{ needs.validate_kubeconform.outputs.results }}
REPO: ${{ github.repository }}
run: chmod +x .github/scripts/comment-kubecheck.sh && bash .github/scripts/comment-kubecheck.sh