104 lines
		
	
	
		
			3.6 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			104 lines
		
	
	
		
			3.6 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| name: Check with kubeconform
 | |
| on:
 | |
|   push:
 | |
|     branches: [ main ]
 | |
|     paths:
 | |
|       - 'k8s/**'
 | |
| jobs:
 | |
|   lint:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       - uses: actions/checkout@v4
 | |
|       
 | |
|       - uses: bmuschko/setup-kubeconform@v1
 | |
|         name: Setup Kubeconform
 | |
|       
 | |
|       - name: Kubeconform validation
 | |
|         id: kubeconform
 | |
|         run: |
 | |
|           # Create exclusion list - add files that should be skipped from validation
 | |
|           EXCLUSIONS=(
 | |
|             "./k8s/core/system-upgrade/crd.yaml"
 | |
|             # Add more files here as needed
 | |
|             # "./path/to/another/file.yaml"
 | |
|           )
 | |
|           
 | |
|           # Create a temporary file for storing validation output
 | |
|           VALIDATION_OUTPUT=$(mktemp)
 | |
|           
 | |
|           # Function to check if file is in exclusions
 | |
|           is_excluded() {
 | |
|             local file="$1"
 | |
|             for exclusion in "${EXCLUSIONS[@]}"; do
 | |
|               if [[ "$file" == "$exclusion" ]]; then
 | |
|                 return 0
 | |
|               fi
 | |
|             done
 | |
|             return 1
 | |
|           }
 | |
|           
 | |
|           # Find all yaml files and filter out exclusions
 | |
|           YAML_FILES=()
 | |
|           while IFS= read -r -d '' file; do
 | |
|             if ! is_excluded "$file"; then
 | |
|               YAML_FILES+=("$file")
 | |
|             else
 | |
|               echo "⚠️  Skipping excluded file: $file"
 | |
|             fi
 | |
|           done < <(find . -name '*.yaml' \
 | |
|             ! -name '*values.yaml' \
 | |
|             ! -path './.gitea/*' \
 | |
|             -print0)
 | |
|           
 | |
|           # Run kubeconform only if there are files to validate
 | |
|           if [ ${#YAML_FILES[@]} -gt 0 ]; then
 | |
|             printf '%s\0' "${YAML_FILES[@]}" | xargs -0 kubeconform \
 | |
|               -summary \
 | |
|               -verbose \
 | |
|               -output pretty \
 | |
|               -ignore-missing-schemas \
 | |
|               -schema-location default \
 | |
|               -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' \
 | |
|               -schema-location 'https://raw.githubusercontent.com/SchemaStore/schemastore/refs/heads/master/src/schemas/json/kustomization.json' > $VALIDATION_OUTPUT 2>&1 || true
 | |
|           else
 | |
|             echo "No files to validate after applying exclusions" > $VALIDATION_OUTPUT
 | |
|           fi
 | |
|           
 | |
|           # Display output in logs
 | |
|           cat $VALIDATION_OUTPUT
 | |
|           
 | |
|           # Extract invalid files to a list
 | |
|           if grep -q "invalid" $VALIDATION_OUTPUT; then
 | |
|             grep -o "[^ ]*.yaml:.*invalid" $VALIDATION_OUTPUT | sort | uniq > invalid_files.txt
 | |
|             echo "FAILED=true" >> $GITHUB_ENV
 | |
|             echo "::error::Kubernetes manifest validation failed!"
 | |
|             cat invalid_files.txt
 | |
|             exit 1
 | |
|           else
 | |
|             echo "✅ All manifests are valid!"
 | |
|           fi
 | |
|         continue-on-error: true
 | |
|       
 | |
|       - name: Build notification message
 | |
|         if: env.FAILED == 'true'
 | |
|         run: |
 | |
|           # Read invalid files and format them for the message
 | |
|           INVALID_FILES=$(cat invalid_files.txt)
 | |
|           echo "INVALID_FILES<<EOF" >> $GITHUB_ENV
 | |
|           echo "$INVALID_FILES" >> $GITHUB_ENV
 | |
|           echo "EOF" >> $GITHUB_ENV
 | |
|           
 | |
|       - name: Send Telegram message
 | |
|         if: env.FAILED == 'true'
 | |
|         uses: appleboy/telegram-action@master
 | |
|         with:
 | |
|           to: ${{ secrets.TELEGRAM_TO }}
 | |
|           token: ${{ secrets.TELEGRAM_TOKEN }}
 | |
|           format: html
 | |
|           message: |
 | |
|             ❌ <b>Kubernetes validation failed!</b>
 | |
|             
 | |
|             Invalid files:
 | |
|             ${{ env.INVALID_FILES }}
 | |
|             <a href="https://gt.hexor.cy/${{ github.repository }}/actions/runs/${{ github.run_number }}">🔗 Check details</a>
 |