K8s manifests validation pipeline #424
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Linting & Integration tests | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| defaults: | |
| run: | |
| shell: bash | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| # lint: | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Checkout | |
| # uses: actions/checkout@v3 | |
| # with: | |
| # fetch-depth: 0 | |
| # - name: Set up Helm | |
| # uses: azure/[email protected] | |
| # with: | |
| # version: v3.12.1 | |
| # - uses: actions/setup-python@v4 | |
| # with: | |
| # python-version: "3.11" | |
| # - name: Install pre-commit and helm-docs | |
| # run: | | |
| # pip install pre-commit==3.3.3 | |
| # curl -fSsL -o - https://github.com/norwoodj/helm-docs/releases/download/v1.11.0/helm-docs_1.11.0_Linux_x86_64.tar.gz | tar -xz -C /usr/local/bin helm-docs | |
| # - name: Run pre-commit hooks | |
| # run: pre-commit run --all-files | |
| # - name: Set up chart-testing | |
| # uses: helm/[email protected] | |
| # - name: Install additional Helm repos | |
| # run: | | |
| # helm repo add bitnami https://charts.bitnami.com/bitnami | |
| # - name: Run chart-testing (list-changed) | |
| # id: list-changed | |
| # run: | | |
| # changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) | |
| # if [[ -n "$changed" ]]; then | |
| # echo "changed=$(echo "$changed" | tr '\n' ',' | sed 's/,$/\n/')" >> $GITHUB_OUTPUT | |
| # fi | |
| # - name: Run chart-testing (lint) | |
| # run: | | |
| # ct lint \ | |
| # --target-branch ${{ github.event.repository.default_branch }} \ | |
| # --lint-conf chart-testing/lintconf.yaml \ | |
| # --charts ${{ steps.list-changed.outputs.changed }} | |
| # if: steps.list-changed.outputs.changed | |
| # - name: Create kind cluster | |
| # uses: helm/[email protected] | |
| # with: | |
| # node_image: kindest/node:v1.27.3 | |
| # config: chart-testing/kind-config.yaml | |
| # if: steps.list-changed.outputs.changed | |
| # - name: Replace secrets in Helm charts | |
| # env: | |
| # # TODO: rename the secret to avoid confusion | |
| # SMF_CONFIG_MATRIX_ACCESS_TOKEN: ${{ secrets.SMF_BOT_MATRIX_ACCESS_TOKEN }} | |
| # STAKING_MINER_CONFIG_SEED: ${{ secrets.STAKING_MINER_CONFIG_SEED }} | |
| # run: | | |
| # shopt -s globstar | |
| # for f in $(find **/ci/*-values.yaml); do | |
| # sed -i "s/__GITHUB_SECRET_SMF_CONFIG_MATRIX_ACCESS_TOKEN/$SMF_CONFIG_MATRIX_ACCESS_TOKEN/g" $f | |
| # sed -i "s/__GITHUB_SECRET_STAKING_MINER_CONFIG_SEED/$STAKING_MINER_CONFIG_SEED/g" $f | |
| # done | |
| # if: steps.list-changed.outputs.changed | |
| # - name: Run chart-testing (install) | |
| # run: | | |
| # ct install \ | |
| # --target-branch ${{ github.event.repository.default_branch }} \ | |
| # --charts ${{ steps.list-changed.outputs.changed }} | |
| # if: steps.list-changed.outputs.changed | |
| validate-manifests: | |
| runs-on: ubuntu-latest | |
| # container: docker.io/paritytech/kube-manifests-validation:k8s-1.25.9-gator-3.12.0-datree-1.9.19-c18d37d | |
| container: docker.io/bakhtin/kube-manifests-validation:k8s-1.25.9-gator-3.12.0-datree-1.9.19-1 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Validate manifests | |
| run: | | |
| /app/validate-k8s-manifests.sh \ | |
| --datree-policy-config /app/datree-policies.yaml \ | |
| --git-ref-changed-paths $GITHUB_BASE_REF \ | |
| --skip-gatekeeper \ | |
| charts |