Kubernetes: Add KubeCheck workflow for validating YAML files and posting results as comments

NotHarshhaa · NotHarshhaa · commit aba7964c8145 · 2025-04-12T16:53:37.000+05:30
Signed-off-by: NotHarshhaa &lt;reddyharshhaa12@gmail.com&gt;
diff --git a/.github/scripts/comment-kubecheck.sh b/.github/scripts/comment-kubecheck.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+set -e
+
+COMMENT="$(cat <<EOF
+🧪 **KubeCheck Validation Results**
+
+🕒 Commit Time: \`${COMMIT_TIME}\`  
+💬 Message: _${COMMIT_MSG}_
+
+${SUMMARY}
+
+---
+
+${RESULTS}
+EOF
+)"
+
+# Print for debug
+echo "$COMMENT"
+
+# Escape for JSON and send
+jq -n --arg body "$COMMENT" '{body: $body}' > comment.json
+
+curl -s -X POST "https://api.github.com/repos/${REPO}/commits/${SHA}/comments" \
+  -H "Authorization: token ${GH_TOKEN}" \
+  -H "Content-Type: application/json" \
+  --data-binary @comment.json
diff --git a/.github/workflows/kubecheck.yml b/.github/workflows/kubecheck.yml
@@ -0,0 +1,87 @@
+name: KubeCheck 🔍
+
+on:
+  push:
+    paths:
+      - '**/*.yaml'
+      - '**/*.yml'
+
+jobs:
+  fetch_commit_info:
+    runs-on: ubuntu-latest
+    outputs:
+      sha: ${{ steps.meta.outputs.sha }}
+      message: ${{ steps.meta.outputs.message }}
+      timestamp: ${{ steps.meta.outputs.timestamp }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Get commit metadata
+        id: meta
+        run: |
+          echo "sha=${GITHUB_SHA}" >> "$GITHUB_OUTPUT"
+          echo "message=$(git log -1 --pretty=%s)" >> "$GITHUB_OUTPUT"
+          echo "timestamp=$(git log -1 --format=%cI)" >> "$GITHUB_OUTPUT"
+
+  validate_kubeconform:
+    runs-on: ubuntu-latest
+    needs: fetch_commit_info
+    outputs:
+      summary: ${{ steps.kubeval.outputs.summary }}
+      results: ${{ steps.kubeval.outputs.results }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Install kubeconform
+        run: |
+          curl -L https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-amd64.tar.gz | tar xz
+          sudo mv kubeconform /usr/local/bin/
+
+      - name: Validate Kubernetes YAML
+        id: kubeval
+        run: |
+          set +e
+          RESULTS=""
+          PASS_COUNT=0
+          FAIL_COUNT=0
+          for file in $(find . -name '*.yaml' -o -name '*.yml'); do
+            output=$(kubeconform -strict -verbose "$file" 2>&1)
+            if echo "$output" | grep -q "PASS"; then
+              emoji="✅"
+              PASS_COUNT=$((PASS_COUNT + 1))
+            else
+              emoji="❌"
+              FAIL_COUNT=$((FAIL_COUNT + 1))
+            fi
+            RESULTS="${RESULTS}${emoji} \`${file}\`\n${output}\n\n"
+          done
+
+          SUMMARY="✅ Passed: ${PASS_COUNT} | ❌ Failed: ${FAIL_COUNT}"
+          echo "$RESULTS" > validation_output.txt
+          echo "::set-output name=results::$RESULTS"
+          echo "::set-output name=summary::$SUMMARY"
+
+      - name: Fail if any errors
+        run: |
+          if grep -q "❌" validation_output.txt; then
+            echo "Validation failed."
+            exit 1
+          fi
+
+  post_comment:
+    runs-on: ubuntu-latest
+    needs: [fetch_commit_info, validate_kubeconform]
+    if: always()
+    steps:
+    - name: Comment on commit
+      env:
+        GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+        SHA: ${{ needs.fetch_commit_info.outputs.sha }}
+        COMMIT_MSG: ${{ needs.fetch_commit_info.outputs.message }}
+        COMMIT_TIME: ${{ needs.fetch_commit_info.outputs.timestamp }}
+        SUMMARY: ${{ needs.validate_kubeconform.outputs.summary }}
+        RESULTS: ${{ needs.validate_kubeconform.outputs.results }}
+        REPO: ${{ github.repository }}
+      run: chmod +x .github/scripts/comment-kubecheck.sh && bash .github/scripts/comment-kubecheck.sh
