mirror of
https://github.com/stackrox/kube-linter-action.git
synced 2026-07-04 23:51:37 +00:00
Allow to override output format and action fixes (#7)
Co-authored-by: Armel Soro <armel@rm3l.org>
This commit is contained in:
@@ -10,56 +10,66 @@ on:
|
||||
branches: [ main ]
|
||||
|
||||
jobs:
|
||||
test-scan-linux:
|
||||
test-scan:
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ ubuntu-latest, windows-latest, macos-latest ]
|
||||
format: [ plain, json, sarif ]
|
||||
version: [ latest, 0.2.3 ]
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Scan 1 - should succeed
|
||||
uses: ./
|
||||
with:
|
||||
directory: sample/valid-yaml
|
||||
config: sample/.kube-linter-config.yaml
|
||||
format: ${{ matrix.format }}
|
||||
version: ${{ matrix.version }}
|
||||
|
||||
- name: Scan 2 - should fail
|
||||
id: failing-scan
|
||||
uses: ./
|
||||
with:
|
||||
directory: sample/invalid-yaml
|
||||
config: sample/.kube-linter-config.yaml
|
||||
format: ${{ matrix.format }}
|
||||
version: ${{ matrix.version }}
|
||||
continue-on-error: true
|
||||
|
||||
- name: Verify Scan 2 should have failed
|
||||
shell: bash
|
||||
run: |
|
||||
echo "Verifying that kube-linter-action outcome (${{ steps.failing-scan.outcome }}) from Scan 2 is failure."
|
||||
[[ "${{ steps.failing-scan.outcome }}" == "failure" ]]
|
||||
|
||||
test-with-sarif-upload:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Scan 1 - succeeding
|
||||
# Setup directory where github/codeql-action/upload-sarif@v1 looks up files by default.
|
||||
- name: Create ../results directory for sarif files
|
||||
shell: bash
|
||||
run: mkdir -p ../results
|
||||
|
||||
- name: Scan 1 - should succeed
|
||||
uses: ./
|
||||
with:
|
||||
directory: sample/valid-yaml
|
||||
config: sample/.kube-linter-config.yaml
|
||||
format: sarif
|
||||
output-file: ../results/kube-linter-success.sarif
|
||||
|
||||
- name: Scan 2 - failing
|
||||
- name: Scan 2 - should fail
|
||||
uses: ./
|
||||
with:
|
||||
directory: sample/invalid-yaml
|
||||
config: sample/.kube-linter-config.yaml
|
||||
format: sarif
|
||||
output-file: ../results/kube-linter-fail.sarif
|
||||
continue-on-error: true
|
||||
|
||||
test-scan-windows:
|
||||
runs-on: windows-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Scan 1 - succeeding
|
||||
uses: ./
|
||||
with:
|
||||
directory: sample/valid-yaml
|
||||
config: sample/.kube-linter-config.yaml
|
||||
|
||||
- name: Scan 2 - failing
|
||||
uses: ./
|
||||
with:
|
||||
directory: sample/invalid-yaml
|
||||
config: sample/.kube-linter-config.yaml
|
||||
continue-on-error: true
|
||||
|
||||
test-scan-macos:
|
||||
runs-on: macos-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Scan 1 - succeeding
|
||||
uses: ./
|
||||
with:
|
||||
directory: sample/valid-yaml
|
||||
config: sample/.kube-linter-config.yaml
|
||||
|
||||
- name: Scan 2 - failing
|
||||
uses: ./
|
||||
with:
|
||||
directory: sample/invalid-yaml
|
||||
config: sample/.kube-linter-config.yaml
|
||||
continue-on-error: true
|
||||
- name: Upload SARIF output file to GitHub
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
|
||||
@@ -24,5 +24,10 @@ Workflow will fail if kube-linter detects issues. You'll find issues in the outp
|
||||
|
||||
### Parameters
|
||||
|
||||
* `directory` (required) - path of file or directory to scan, absolute or relative to the root of the repo.
|
||||
* `config` (optional) - path to a [configuration file](https://docs.kubelinter.io/#/configuring-kubelinter) if you wish to use a non-default configuration.
|
||||
| Parameter name | Required? | Description |
|
||||
| --- | --- | --- |
|
||||
| `directory` | **(required)** | Path of file or directory to scan, absolute or relative to the root of the repo. |
|
||||
| `config` | (optional) | Path to a [configuration file](https://docs.kubelinter.io/#/configuring-kubelinter) if you wish to use a non-default configuration. |
|
||||
| `format` | (optional) | Output format. Allowed values: `sarif`, `plain`, `json`. Default is `plain`. |
|
||||
| `output-file` | (optional) | Path to a file where kube-linter output will be stored. Default is `kube-linter.log`. File will be overwritten if it exists. |
|
||||
| `version` | (optional) | kube-linter release version to use, e.g. "0.2.4". The latest available version is used by default. |
|
||||
|
||||
+32
-19
@@ -10,46 +10,59 @@ inputs:
|
||||
config:
|
||||
description: 'Path to config file'
|
||||
required: false
|
||||
format:
|
||||
description: 'Output format. Allowed values: sarif, plain, json. Default: "plain"'
|
||||
required: false
|
||||
default: 'plain'
|
||||
output-file:
|
||||
description: 'Filename to store output. Default "kubelinter.log"'
|
||||
description: 'Filename to store output. File will be overwritten if it exists. Default: "kubelinter.log"'
|
||||
required: false
|
||||
default: 'kubelinter.log'
|
||||
version:
|
||||
description: 'Version of kube-linter to use. Default "latest"'
|
||||
description: 'Version of kube-linter to use. E.g. "0.2.4". Default: "latest"'
|
||||
required: false
|
||||
default: 'latest'
|
||||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
- name: Download kube-linter
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
set -u
|
||||
case "${{ runner.os }}" in
|
||||
macOS) OS=darwin ;;
|
||||
Windows) OS=windows ;;
|
||||
*) OS=linux ;;
|
||||
esac
|
||||
RELEASE_INFO=$(curl --silent --show-error --fail https://api.github.com/repos/stackrox/kube-linter/releases/${{ inputs.version }})
|
||||
RELEASE_NAME=$(echo "${RELEASE_INFO}" | jq --raw-output ".name")
|
||||
LOCATION=$(echo "${RELEASE_INFO}" \
|
||||
| jq --raw-output ".assets[].browser_download_url" \
|
||||
| grep --fixed-strings kube-linter-${OS}.tar.gz)
|
||||
TARGET=kube-linter-${OS}-${RELEASE_NAME}.tar.gz
|
||||
# Skip downloading release if downloaded already, e.g. when the action is used multiple times.
|
||||
if [ ! -e $TARGET ]; then
|
||||
curl --silent --show-error --fail --location --output $TARGET "$LOCATION"
|
||||
tar -xf $TARGET
|
||||
RELEASE_URL='https://api.github.com/repos/stackrox/kube-linter/releases/latest'
|
||||
if [[ "${{ inputs.version }}" != "latest" ]]; then
|
||||
RELEASE_URL='https://api.github.com/repos/stackrox/kube-linter/releases/tags/${{ inputs.version }}'
|
||||
fi
|
||||
# Although releases endpoint is available without authentication, the current github.token is still passed
|
||||
# in order to increase the limit of 60 requests per hour per IP address to a higher value that's also counted
|
||||
# per GitHub account.
|
||||
# Caching is disabled in order not to receive stale responses from Varnish cache fronting GitHub API.
|
||||
RELEASE_INFO="$(curl --silent --show-error --fail \
|
||||
--header 'authorization: Bearer ${{ github.token }}' \
|
||||
--header 'Cache-Control: no-cache, must-revalidate' \
|
||||
"${RELEASE_URL}")"
|
||||
RELEASE_NAME="$(echo "${RELEASE_INFO}" | jq --raw-output ".name")"
|
||||
LOCATION="$(echo "${RELEASE_INFO}" \
|
||||
| jq --raw-output ".assets[].browser_download_url" \
|
||||
| grep --fixed-strings "kube-linter-${OS}.tar.gz")"
|
||||
TARGET="kube-linter-${OS}-${RELEASE_NAME}.tar.gz"
|
||||
# Skip downloading release if downloaded already, e.g. when the action is used multiple times.
|
||||
if [[ ! -e "$TARGET" ]]; then
|
||||
curl --silent --show-error --fail --location --output "$TARGET" "$LOCATION"
|
||||
tar -xf "$TARGET"
|
||||
fi
|
||||
shell: bash
|
||||
- name: Lint files
|
||||
shell: bash
|
||||
run: |
|
||||
set -u
|
||||
set +e
|
||||
if [ -z ${{ inputs.config }} ]; then
|
||||
if [[ -z "${{ inputs.config }}" ]]; then
|
||||
CONFIG=""
|
||||
else
|
||||
CONFIG="--config ${{ inputs.config }}"
|
||||
fi
|
||||
./kube-linter $CONFIG lint ${{ inputs.directory }} 2>&1 | tee -a ${{ inputs.output-file }}
|
||||
exit ${PIPESTATUS[0]}
|
||||
shell: bash
|
||||
./kube-linter $CONFIG lint "${{ inputs.directory }}" --format "${{ inputs.format }}" | tee "${{ inputs.output-file }}"
|
||||
|
||||
Reference in New Issue
Block a user