mirror of
https://github.com/outbackdingo/homelab.git
synced 2026-01-27 18:19:11 +00:00
b7f9daa59a
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
190 lines
8.1 KiB
YAML
190 lines
8.1 KiB
YAML
name: Validate Kubernetes Resources
|
|
|
|
on:
|
|
pull_request:
|
|
branches: ["main"]
|
|
jobs:
|
|
validate:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Check if Services have changed
|
|
id: changed-services
|
|
uses: tj-actions/changed-files@e9772d140489982e0e3704fea5ee93d536f1e275 # v45
|
|
with:
|
|
files: |
|
|
apps/**/svc.yaml
|
|
apps/**/*-svc.yaml
|
|
- name: Check if Deployments/Statefulsets have changed
|
|
id: changed-workloads
|
|
uses: tj-actions/changed-files@e9772d140489982e0e3704fea5ee93d536f1e275 # v45
|
|
with:
|
|
files: |
|
|
apps/**/deployment.yaml
|
|
apps/**/statefulset.yaml
|
|
- name: Check if configMap/Secrets have changed
|
|
id: changed-configs
|
|
uses: tj-actions/changed-files@e9772d140489982e0e3704fea5ee93d536f1e275 # v45
|
|
with:
|
|
files: |
|
|
apps/**/cm.yaml
|
|
apps/**/secret.yaml
|
|
- name: Check if Permissions have changed
|
|
id: changed-rbac
|
|
uses: tj-actions/changed-files@e9772d140489982e0e3704fea5ee93d536f1e275 # v45
|
|
with:
|
|
files: |
|
|
apps/**/rb.yaml
|
|
apps/**/crb.yaml
|
|
apps/**/role.yaml
|
|
apps/**/cr.yaml
|
|
- name: Check if Storage resources have changed
|
|
id: changed-storage
|
|
uses: tj-actions/changed-files@e9772d140489982e0e3704fea5ee93d536f1e275 # v45
|
|
with:
|
|
files: |
|
|
apps/**/pvc.yaml
|
|
apps/**/class.yaml
|
|
apps/**/pv.yaml
|
|
- name: Install Kubeconform
|
|
run: |
|
|
(wget -qO- https://github.com/yannh/kubeconform/releases/download/v0.5.0/kubeconform-linux-amd64.tar.gz | sudo tar xvz -C /usr/bin) && sudo chmod +x /usr/bin/kubeconform
|
|
|
|
- name: Validate new Services
|
|
id: validate-service
|
|
uses: mathiasvr/command-output@v1
|
|
if: steps.changed-services.outputs.any_changed == 'true'
|
|
with:
|
|
run: |
|
|
find . -maxdepth 15 -name svc.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \;
|
|
|
|
- name: Validate new Workloads
|
|
id: validate-workloads
|
|
uses: mathiasvr/command-output@v1
|
|
if: steps.changed-workloads.outputs.any_changed == 'true'
|
|
with:
|
|
run: |
|
|
find . -maxdepth 15 -name deployment.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \;
|
|
find . -maxdepth 15 -name statefulset.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \;
|
|
|
|
- name: Validate new configMaps or Secrets
|
|
id: validate-configs
|
|
uses: mathiasvr/command-output@v1
|
|
if: steps.changed-configs.outputs.any_changed == 'true'
|
|
with:
|
|
run: |
|
|
find . -maxdepth 15 -name cm.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \;
|
|
find . -maxdepth 15 -name secret.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \;
|
|
|
|
- name: Validate new Permissions and RBAC resources
|
|
id: validate-configs
|
|
uses: mathiasvr/command-output@v1
|
|
if: steps.changed-rbac.outputs.any_changed == 'true'
|
|
with:
|
|
run: |
|
|
find . -maxdepth 15 -name rb.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \;
|
|
find . -maxdepth 15 -name crb.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \;
|
|
find . -maxdepth 15 -name role.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \;
|
|
find . -maxdepth 15 -name cr.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \;
|
|
|
|
- name: Validate new Storage resources
|
|
id: validate-configs
|
|
uses: mathiasvr/command-output@v1
|
|
if: steps.changed-storage.outputs.any_changed == 'true'
|
|
with:
|
|
run: |
|
|
find . -maxdepth 15 -name pvc.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \;
|
|
find . -maxdepth 15 -name pv.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \;
|
|
find . -maxdepth 15 -name clas.yaml -exec kubeconform --verbose -exit-on-error -ignore-missing-schemas -kubernetes-version "1.26.0" -schema-location default {} \;
|
|
|
|
- name: Find Comment
|
|
uses: peter-evans/find-comment@d5fe37641ad8451bdd80312415672ba26c86575e # v3
|
|
id: fc
|
|
with:
|
|
issue-number: ${{ github.event.pull_request.number }}
|
|
comment-author: 'github-actions[bot]'
|
|
body: |
|
|
## List of Kubernetes resources schema validation
|
|
|
|
- name: Update comment with Service resouces
|
|
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4
|
|
if: steps.changed-services.outputs.any_changed == 'true'
|
|
with:
|
|
comment-id: ${{ steps.fc.outputs.comment-id }}
|
|
issue-number: ${{ github.event.pull_request.number }}
|
|
body: |
|
|
<details>
|
|
|
|
<summary><b>Kubernetes `Service` resources</b></summary>
|
|
|
|
> ${{ steps.validate-service.outputs.stdout }}
|
|
|
|
</details>
|
|
edit-mode: append
|
|
|
|
- name: Update comment with workload resouces
|
|
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4
|
|
if: steps.changed-workloads.outputs.any_changed == 'true'
|
|
with:
|
|
comment-id: ${{ steps.fc.outputs.comment-id }}
|
|
issue-number: ${{ github.event.pull_request.number }}
|
|
body: |
|
|
<details>
|
|
|
|
<summary><b>Kubernetes Deployment/Statefulset resources</b></summary>
|
|
|
|
> ${{ steps.validate-workloads.outputs.stdout }}
|
|
|
|
</details>
|
|
edit-mode: append
|
|
|
|
- name: Update comment with config resouces
|
|
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4
|
|
if: steps.changed-configs.outputs.any_changed == 'true'
|
|
with:
|
|
comment-id: ${{ steps.fc.outputs.comment-id }}
|
|
issue-number: ${{ github.event.pull_request.number }}
|
|
body: |
|
|
<details>
|
|
|
|
<summary><b>Kubernetes `configMap` and `Secret` resources</b></summary>
|
|
|
|
> ${{ steps.validate-configs.outputs.stdout }}
|
|
|
|
</details>
|
|
edit-mode: append
|
|
|
|
- name: Update comment with RBAC resouces
|
|
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4
|
|
if: steps.changed-rbac.outputs.any_changed == 'true'
|
|
with:
|
|
comment-id: ${{ steps.fc.outputs.comment-id }}
|
|
issue-number: ${{ github.event.pull_request.number }}
|
|
body: |
|
|
<details>
|
|
|
|
<summary><b>Kubernetes `RoleBinding`, `ClusteRoleBinding`, `Role` and `ClusterRole` resources</b></summary>
|
|
|
|
> ${{ steps.validate-rbac.outputs.stdout }}
|
|
|
|
</details>
|
|
edit-mode: append
|
|
|
|
- name: Update comment with Storage resouces
|
|
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4
|
|
if: steps.changed-storage.outputs.any_changed == 'true'
|
|
with:
|
|
comment-id: ${{ steps.fc.outputs.comment-id }}
|
|
issue-number: ${{ github.event.pull_request.number }}
|
|
body: |
|
|
<details>
|
|
|
|
<summary><b>Kubernetes `PersistentVolume`, `PersistentVolumeClaim`, and `StorageClass` resources</b></summary>
|
|
|
|
> ${{ steps.validate-storage.outputs.stdout }}
|
|
|
|
</details>
|
|
edit-mode: append
|