Update tj-actions/changed-files digest to 4edd678 #919
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Validate Kubernetes Resources | ||
on: | ||
pull_request: | ||
branches: ["main"] | ||
jobs: | ||
validate: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
- name: Check if Services have changed | ||
id: changed-services | ||
uses: tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf # v45 | ||
with: | ||
files: | | ||
apps/**/svc.yaml | ||
apps/**/*-svc.yaml | ||
- name: Check if Deployments/Statefulsets have changed | ||
id: changed-workloads | ||
uses: tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf # v45 | ||
with: | ||
files: | | ||
apps/**/deployment.yaml | ||
apps/**/statefulset.yaml | ||
- name: Check if configMap/Secrets have changed | ||
id: changed-configs | ||
uses: tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf # v45 | ||
with: | ||
files: | | ||
apps/**/cm.yaml | ||
apps/**/secret.yaml | ||
- name: Check if Permissions have changed | ||
id: changed-rbac | ||
uses: tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf # v45 | ||
with: | ||
files: | | ||
apps/**/rb.yaml | ||
apps/**/crb.yaml | ||
apps/**/role.yaml | ||
apps/**/cr.yaml | ||
- name: Check if Storage resources have changed | ||
id: changed-storage | ||
uses: tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf # v45 | ||
with: | ||
files: | | ||
apps/**/pvc.yaml | ||
apps/**/class.yaml | ||
apps/**/pv.yaml | ||
- name: Install Kubeconform | ||
run: | | ||
(wget -qO- https://github.com/yannh/kubeconform/releases/download/v0.5.0/kubeconform-linux-amd64.tar.gz | sudo tar xvz -C /usr/bin) && sudo chmod +x /usr/bin/kubeconform | ||
- name: Validate new Services | ||
id: validate-service | ||
uses: mathiasvr/command-output@v1 | ||
if: steps.changed-services.outputs.any_changed == 'true' | ||
with: | ||
run: | | ||
find . -maxdepth 15 -name svc.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; | ||
- name: Validate new Workloads | ||
id: validate-workloads | ||
uses: mathiasvr/command-output@v1 | ||
if: steps.changed-workloads.outputs.any_changed == 'true' | ||
with: | ||
run: | | ||
find . -maxdepth 15 -name deployment.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; | ||
find . -maxdepth 15 -name statefulset.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; | ||
- name: Validate new configMaps or Secrets | ||
id: validate-configs | ||
uses: mathiasvr/command-output@v1 | ||
if: steps.changed-configs.outputs.any_changed == 'true' | ||
with: | ||
run: | | ||
find . -maxdepth 15 -name cm.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; | ||
find . -maxdepth 15 -name secret.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; | ||
- name: Validate new Permissions and RBAC resources | ||
id: validate-configs | ||
Check failure on line 82 in .github/workflows/validate.yaml GitHub Actions / Validate Kubernetes ResourcesInvalid workflow file
|
||
uses: mathiasvr/command-output@v1 | ||
if: steps.changed-rbac.outputs.any_changed == 'true' | ||
with: | ||
run: | | ||
find . -maxdepth 15 -name rb.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; | ||
find . -maxdepth 15 -name crb.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; | ||
find . -maxdepth 15 -name role.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; | ||
find . -maxdepth 15 -name cr.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; | ||
- name: Validate new Storage resources | ||
id: validate-configs | ||
uses: mathiasvr/command-output@v1 | ||
if: steps.changed-storage.outputs.any_changed == 'true' | ||
with: | ||
run: | | ||
find . -maxdepth 15 -name pvc.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; | ||
find . -maxdepth 15 -name pv.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; | ||
find . -maxdepth 15 -name clas.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \; | ||
- name: Find Comment | ||
uses: peter-evans/find-comment@d5fe37641ad8451bdd80312415672ba26c86575e # v3 | ||
id: fc | ||
with: | ||
issue-number: ${{ github.event.pull_request.number }} | ||
comment-author: 'github-actions[bot]' | ||
body: | | ||
## List of Kubernetes resources schema validation | ||
- name: Update comment with Service resouces | ||
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 | ||
if: steps.changed-services.outputs.any_changed == 'true' | ||
with: | ||
comment-id: ${{ steps.fc.outputs.comment-id }} | ||
issue-number: ${{ github.event.pull_request.number }} | ||
body: | | ||
<details> | ||
<summary><b>Kubernetes `Service` resources</b></summary> | ||
> ${{ steps.validate-service.outputs.stdout }} | ||
</details> | ||
edit-mode: append | ||
- name: Update comment with workload resouces | ||
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 | ||
if: steps.changed-workloads.outputs.any_changed == 'true' | ||
with: | ||
comment-id: ${{ steps.fc.outputs.comment-id }} | ||
issue-number: ${{ github.event.pull_request.number }} | ||
body: | | ||
<details> | ||
<summary><b>Kubernetes Deployment/Statefulset resources</b></summary> | ||
> ${{ steps.validate-workloads.outputs.stdout }} | ||
</details> | ||
edit-mode: append | ||
- name: Update comment with config resouces | ||
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 | ||
if: steps.changed-configs.outputs.any_changed == 'true' | ||
with: | ||
comment-id: ${{ steps.fc.outputs.comment-id }} | ||
issue-number: ${{ github.event.pull_request.number }} | ||
body: | | ||
<details> | ||
<summary><b>Kubernetes `configMap` and `Secret` resources</b></summary> | ||
> ${{ steps.validate-configs.outputs.stdout }} | ||
</details> | ||
edit-mode: append | ||
- name: Update comment with RBAC resouces | ||
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 | ||
if: steps.changed-rbac.outputs.any_changed == 'true' | ||
with: | ||
comment-id: ${{ steps.fc.outputs.comment-id }} | ||
issue-number: ${{ github.event.pull_request.number }} | ||
body: | | ||
<details> | ||
<summary><b>Kubernetes `RoleBinding`, `ClusteRoleBinding`, `Role` and `ClusterRole` resources</b></summary> | ||
> ${{ steps.validate-rbac.outputs.stdout }} | ||
</details> | ||
edit-mode: append | ||
- name: Update comment with Storage resouces | ||
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 | ||
if: steps.changed-storage.outputs.any_changed == 'true' | ||
with: | ||
comment-id: ${{ steps.fc.outputs.comment-id }} | ||
issue-number: ${{ github.event.pull_request.number }} | ||
body: | | ||
<details> | ||
<summary><b>Kubernetes `PersistentVolume`, `PersistentVolumeClaim`, and `StorageClass` resources</b></summary> | ||
> ${{ steps.validate-storage.outputs.stdout }} | ||
</details> | ||
edit-mode: append |