From 9d6133b22f6ec04772df541d00ea2073e4c89d11 Mon Sep 17 00:00:00 2001 From: Lari Hotari Date: Mon, 29 Jan 2024 17:03:08 +0200 Subject: [PATCH] Add validation using kubeconform --- .github/workflows/pulsar-helm-chart-ci.yaml | 15 +++++++++++++++ hack/common.sh | 8 ++++++++ 2 files changed, 23 insertions(+) diff --git a/.github/workflows/pulsar-helm-chart-ci.yaml b/.github/workflows/pulsar-helm-chart-ci.yaml index 9027cf89..9907f05b 100644 --- a/.github/workflows/pulsar-helm-chart-ci.yaml +++ b/.github/workflows/pulsar-helm-chart-ci.yaml @@ -127,6 +127,21 @@ jobs: --validate-maintainers=false \ --target-branch ${{ github.event.repository.default_branch }} + - name: Run kubeconform check + if: ${{ steps.check_changes.outputs.docs_only != 'true' }} + run: | + PULSAR_CHART_HOME=$(pwd) + source ${PULSAR_CHART_HOME}/hack/common.sh + hack::ensure_kubeconform + validate_helm_template_with_k8s_version() { + local kube_version=$1 + echo "Validating helm template with kubeconform for k8s version $kube_version" + helm template charts/pulsar --set kube-prometheus-stack.enabled=false --set components.pulsar_manager=true --kube-version $kube_version | \ + kubeconform -schema-location default -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' -strict -kubernetes-version $kube_version -summary + } + validate_helm_template_with_k8s_version 1.21.0 + validate_helm_template_with_k8s_version 1.27.0 + - name: Wait for ssh connection when build fails # ssh access is enabled for builds in own forks uses: ./.github/actions/ssh-access diff --git a/hack/common.sh b/hack/common.sh index a776c23f..4a68d40f 100755 --- a/hack/common.sh +++ b/hack/common.sh @@ -33,6 +33,8 @@ HELM_BIN=$OUTPUT_BIN/helm KIND_BIN=$OUTPUT_BIN/kind CR_BIN=$OUTPUT_BIN/cr : "${CR_VERSION:=1.6.0}" +KUBECONFORM_BIN=$OUTPUT_BIN/kubeconform +: "${KUBECONFORM_VERSION:=0.6.4}" export PATH="$OUTPUT_BIN:$PATH" test -d "$OUTPUT_BIN" || mkdir -p "$OUTPUT_BIN" @@ -134,3 +136,9 @@ function hack::ensure_cr() { chmod +x $CR_BIN $CR_BIN version } + +function hack::ensure_kubeconform() { + echo "Installing kind v$KUBECONFORM_VERSION..." + curl --retry 10 -L https://github.com/yannh/kubeconform/releases/download/v${KUBECONFORM_VERSION}/kubeconform-${OS}-${ARCH}.tar.gz | tar -xzO kubeconform > $KUBECONFORM_BIN + chmod +x $KUBECONFORM_BIN +} \ No newline at end of file