1
0
mirror of https://github.com/stackrox/kube-linter-action.git synced 2026-07-17 13:48:09 +00:00

Update sample and readme with 1.0.4 version of action and sarif (#11)

This commit is contained in:
msugakov
2021-10-05 08:57:08 +02:00
committed by GitHub
parent ca0d55b925
commit 59b1ecadf2
2 changed files with 39 additions and 8 deletions
+32 -5
View File
@@ -1,10 +1,11 @@
name: Check Kubernetes YAMLs
name: Check Kubernetes YAMLs with kube-linter
on:
# Note that both `push` and `pull_request` triggers should be present for GitHub to consistently present kube-linter
# SARIF reports.
push:
branches: [ main ]
branches: [ main, master ]
pull_request:
branches: [ main ]
jobs:
scan:
@@ -12,8 +13,34 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Scan valid yaml with kube-linter
uses: stackrox/kube-linter-action@v1.0.2
# This prepares directory where github/codeql-action/upload-sarif@v1 looks up report files by default.
- name: Create ../results directory for SARIF report files
shell: bash
run: mkdir -p ../results
- name: Scan yaml files with kube-linter
uses: stackrox/kube-linter-action@v1.0.4
id: kube-linter-action-scan
with:
# Adjust this directory to the location where your kubernetes resources and helm charts are located.
directory: sample/valid-yaml
# Adjust this to the location of kube-linter config you're using, or remove the setting if you'd like to use
# the default config.
config: sample/.kube-linter-config.yaml
# The following two settings make kube-linter produce scan analysis in SARIF format which would then be
# made available in GitHub UI via upload-sarif action below.
format: sarif
output-file: ../results/kube-linter.sarif
# The following line prevents aborting the workflow immediately in case your files fail kube-linter checks.
# This allows the following upload-sarif action to still upload the results to your GitHub repo.
continue-on-error: true
- name: Upload SARIF report files to GitHub
uses: github/codeql-action/upload-sarif@v1
# Ensure the workflow eventually fails if files did not pass kube-linter checks.
- name: Verify kube-linter-action succeeded
shell: bash
run: |
echo "If this step fails, kube-linter found issues. Check the output of the scan step above."
[[ "${{ steps.kube-linter-action-scan.outcome }}" == "success" ]]