mirror of
https://github.com/stackrox/kube-linter-action.git
synced 2026-07-18 13:28:08 +00:00
Update sample and readme with 1.0.4 version of action and sarif (#11)
This commit is contained in:
@@ -1,10 +1,11 @@
|
|||||||
name: Check Kubernetes YAMLs
|
name: Check Kubernetes YAMLs with kube-linter
|
||||||
|
|
||||||
on:
|
on:
|
||||||
|
# Note that both `push` and `pull_request` triggers should be present for GitHub to consistently present kube-linter
|
||||||
|
# SARIF reports.
|
||||||
push:
|
push:
|
||||||
branches: [ main ]
|
branches: [ main, master ]
|
||||||
pull_request:
|
pull_request:
|
||||||
branches: [ main ]
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
scan:
|
scan:
|
||||||
@@ -12,8 +13,34 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: Scan valid yaml with kube-linter
|
# This prepares directory where github/codeql-action/upload-sarif@v1 looks up report files by default.
|
||||||
uses: stackrox/kube-linter-action@v1.0.2
|
- name: Create ../results directory for SARIF report files
|
||||||
|
shell: bash
|
||||||
|
run: mkdir -p ../results
|
||||||
|
|
||||||
|
- name: Scan yaml files with kube-linter
|
||||||
|
uses: stackrox/kube-linter-action@v1.0.4
|
||||||
|
id: kube-linter-action-scan
|
||||||
with:
|
with:
|
||||||
|
# Adjust this directory to the location where your kubernetes resources and helm charts are located.
|
||||||
directory: sample/valid-yaml
|
directory: sample/valid-yaml
|
||||||
|
# Adjust this to the location of kube-linter config you're using, or remove the setting if you'd like to use
|
||||||
|
# the default config.
|
||||||
config: sample/.kube-linter-config.yaml
|
config: sample/.kube-linter-config.yaml
|
||||||
|
# The following two settings make kube-linter produce scan analysis in SARIF format which would then be
|
||||||
|
# made available in GitHub UI via upload-sarif action below.
|
||||||
|
format: sarif
|
||||||
|
output-file: ../results/kube-linter.sarif
|
||||||
|
# The following line prevents aborting the workflow immediately in case your files fail kube-linter checks.
|
||||||
|
# This allows the following upload-sarif action to still upload the results to your GitHub repo.
|
||||||
|
continue-on-error: true
|
||||||
|
|
||||||
|
- name: Upload SARIF report files to GitHub
|
||||||
|
uses: github/codeql-action/upload-sarif@v1
|
||||||
|
|
||||||
|
# Ensure the workflow eventually fails if files did not pass kube-linter checks.
|
||||||
|
- name: Verify kube-linter-action succeeded
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
echo "If this step fails, kube-linter found issues. Check the output of the scan step above."
|
||||||
|
[[ "${{ steps.kube-linter-action-scan.outcome }}" == "success" ]]
|
||||||
|
|||||||
@@ -8,18 +8,22 @@ This is a GitHub action for scanning Kubernetes YAML files and Helm charts in yo
|
|||||||
|
|
||||||
1. Copy [.github/workflows/kube-linter-sample.yml](https://github.com/stackrox/kube-linter-action/tree/main/.github/workflows/kube-linter-sample.yml) file to `.github/workflows` directory in your repo.
|
1. Copy [.github/workflows/kube-linter-sample.yml](https://github.com/stackrox/kube-linter-action/tree/main/.github/workflows/kube-linter-sample.yml) file to `.github/workflows` directory in your repo.
|
||||||
2. Adjust scan `directory` to the location where your Kubernetes or Helm files are. See Parameters below.
|
2. Adjust scan `directory` to the location where your Kubernetes or Helm files are. See Parameters below.
|
||||||
|
3. Adjust or remove `config` parameter.
|
||||||
|
|
||||||
The new workflow will run every time there's a new push to the repo.
|
The new workflow will run every time there's a new push to the repo master branch and for pull requests.
|
||||||
Workflow will fail if kube-linter detects issues. You'll find issues in the output of `kube-linter-action`.
|
|
||||||
|
The workflow will fail if kube-linter detects issues. You'll find issues in the output of `kube-linter-action` and in [Security | Code scanning alerts](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository) view of your GitHub repo (if you used provided sample workflow).
|
||||||
|
|
||||||
### Example
|
### Example
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- name: Scan repo with kube-linter
|
- name: Scan repo with kube-linter
|
||||||
uses: stackrox/kube-linter-action@v1.0.2
|
uses: stackrox/kube-linter-action@v1.0.4
|
||||||
with:
|
with:
|
||||||
directory: yamls
|
directory: yamls
|
||||||
config: .kube-linter/config.yaml
|
config: .kube-linter/config.yaml
|
||||||
|
format: sarif
|
||||||
|
output-file: kube-linter.sarif
|
||||||
```
|
```
|
||||||
|
|
||||||
### Parameters
|
### Parameters
|
||||||
|
|||||||
Reference in New Issue
Block a user