1
0
mirror of https://github.com/stackrox/kube-linter-action.git synced 2026-07-04 23:51:37 +00:00

Allow to override output format and action fixes (#7)

Co-authored-by: Armel Soro <armel@rm3l.org>
This commit is contained in:
msugakov
2021-10-04 19:30:04 +02:00
committed by GitHub
parent f2d56dc800
commit ca0d55b925
3 changed files with 87 additions and 59 deletions
+48 -38
View File
@@ -10,56 +10,66 @@ on:
branches: [ main ]
jobs:
test-scan-linux:
test-scan:
strategy:
matrix:
os: [ ubuntu-latest, windows-latest, macos-latest ]
format: [ plain, json, sarif ]
version: [ latest, 0.2.3 ]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v2
- name: Scan 1 - should succeed
uses: ./
with:
directory: sample/valid-yaml
config: sample/.kube-linter-config.yaml
format: ${{ matrix.format }}
version: ${{ matrix.version }}
- name: Scan 2 - should fail
id: failing-scan
uses: ./
with:
directory: sample/invalid-yaml
config: sample/.kube-linter-config.yaml
format: ${{ matrix.format }}
version: ${{ matrix.version }}
continue-on-error: true
- name: Verify Scan 2 should have failed
shell: bash
run: |
echo "Verifying that kube-linter-action outcome (${{ steps.failing-scan.outcome }}) from Scan 2 is failure."
[[ "${{ steps.failing-scan.outcome }}" == "failure" ]]
test-with-sarif-upload:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Scan 1 - succeeding
# Setup directory where github/codeql-action/upload-sarif@v1 looks up files by default.
- name: Create ../results directory for sarif files
shell: bash
run: mkdir -p ../results
- name: Scan 1 - should succeed
uses: ./
with:
directory: sample/valid-yaml
config: sample/.kube-linter-config.yaml
format: sarif
output-file: ../results/kube-linter-success.sarif
- name: Scan 2 - failing
- name: Scan 2 - should fail
uses: ./
with:
directory: sample/invalid-yaml
config: sample/.kube-linter-config.yaml
format: sarif
output-file: ../results/kube-linter-fail.sarif
continue-on-error: true
test-scan-windows:
runs-on: windows-latest
steps:
- uses: actions/checkout@v2
- name: Scan 1 - succeeding
uses: ./
with:
directory: sample/valid-yaml
config: sample/.kube-linter-config.yaml
- name: Scan 2 - failing
uses: ./
with:
directory: sample/invalid-yaml
config: sample/.kube-linter-config.yaml
continue-on-error: true
test-scan-macos:
runs-on: macos-latest
steps:
- uses: actions/checkout@v2
- name: Scan 1 - succeeding
uses: ./
with:
directory: sample/valid-yaml
config: sample/.kube-linter-config.yaml
- name: Scan 2 - failing
uses: ./
with:
directory: sample/invalid-yaml
config: sample/.kube-linter-config.yaml
continue-on-error: true
- name: Upload SARIF output file to GitHub
uses: github/codeql-action/upload-sarif@v1
+7 -2
View File
@@ -24,5 +24,10 @@ Workflow will fail if kube-linter detects issues. You'll find issues in the outp
### Parameters
* `directory` (required) - path of file or directory to scan, absolute or relative to the root of the repo.
* `config` (optional) - path to a [configuration file](https://docs.kubelinter.io/#/configuring-kubelinter) if you wish to use a non-default configuration.
| Parameter name | Required? | Description |
| --- | --- | --- |
| `directory` | **(required)** | Path of file or directory to scan, absolute or relative to the root of the repo. |
| `config` | (optional) | Path to a [configuration file](https://docs.kubelinter.io/#/configuring-kubelinter) if you wish to use a non-default configuration. |
| `format` | (optional) | Output format. Allowed values: `sarif`, `plain`, `json`. Default is `plain`. |
| `output-file` | (optional) | Path to a file where kube-linter output will be stored. Default is `kube-linter.log`. File will be overwritten if it exists. |
| `version` | (optional) | kube-linter release version to use, e.g. "0.2.4". The latest available version is used by default. |
+32 -19
View File
@@ -10,46 +10,59 @@ inputs:
config:
description: 'Path to config file'
required: false
format:
description: 'Output format. Allowed values: sarif, plain, json. Default: "plain"'
required: false
default: 'plain'
output-file:
description: 'Filename to store output. Default "kubelinter.log"'
description: 'Filename to store output. File will be overwritten if it exists. Default: "kubelinter.log"'
required: false
default: 'kubelinter.log'
version:
description: 'Version of kube-linter to use. Default "latest"'
description: 'Version of kube-linter to use. E.g. "0.2.4". Default: "latest"'
required: false
default: 'latest'
runs:
using: "composite"
steps:
- name: Download kube-linter
shell: bash
run: |
set -euo pipefail
set -u
case "${{ runner.os }}" in
macOS) OS=darwin ;;
Windows) OS=windows ;;
*) OS=linux ;;
esac
RELEASE_INFO=$(curl --silent --show-error --fail https://api.github.com/repos/stackrox/kube-linter/releases/${{ inputs.version }})
RELEASE_NAME=$(echo "${RELEASE_INFO}" | jq --raw-output ".name")
LOCATION=$(echo "${RELEASE_INFO}" \
| jq --raw-output ".assets[].browser_download_url" \
| grep --fixed-strings kube-linter-${OS}.tar.gz)
TARGET=kube-linter-${OS}-${RELEASE_NAME}.tar.gz
# Skip downloading release if downloaded already, e.g. when the action is used multiple times.
if [ ! -e $TARGET ]; then
curl --silent --show-error --fail --location --output $TARGET "$LOCATION"
tar -xf $TARGET
RELEASE_URL='https://api.github.com/repos/stackrox/kube-linter/releases/latest'
if [[ "${{ inputs.version }}" != "latest" ]]; then
RELEASE_URL='https://api.github.com/repos/stackrox/kube-linter/releases/tags/${{ inputs.version }}'
fi
# Although releases endpoint is available without authentication, the current github.token is still passed
# in order to increase the limit of 60 requests per hour per IP address to a higher value that's also counted
# per GitHub account.
# Caching is disabled in order not to receive stale responses from Varnish cache fronting GitHub API.
RELEASE_INFO="$(curl --silent --show-error --fail \
--header 'authorization: Bearer ${{ github.token }}' \
--header 'Cache-Control: no-cache, must-revalidate' \
"${RELEASE_URL}")"
RELEASE_NAME="$(echo "${RELEASE_INFO}" | jq --raw-output ".name")"
LOCATION="$(echo "${RELEASE_INFO}" \
| jq --raw-output ".assets[].browser_download_url" \
| grep --fixed-strings "kube-linter-${OS}.tar.gz")"
TARGET="kube-linter-${OS}-${RELEASE_NAME}.tar.gz"
# Skip downloading release if downloaded already, e.g. when the action is used multiple times.
if [[ ! -e "$TARGET" ]]; then
curl --silent --show-error --fail --location --output "$TARGET" "$LOCATION"
tar -xf "$TARGET"
fi
shell: bash
- name: Lint files
shell: bash
run: |
set -u
set +e
if [ -z ${{ inputs.config }} ]; then
if [[ -z "${{ inputs.config }}" ]]; then
CONFIG=""
else
CONFIG="--config ${{ inputs.config }}"
fi
./kube-linter $CONFIG lint ${{ inputs.directory }} 2>&1 | tee -a ${{ inputs.output-file }}
exit ${PIPESTATUS[0]}
shell: bash
./kube-linter $CONFIG lint "${{ inputs.directory }}" --format "${{ inputs.format }}" | tee "${{ inputs.output-file }}"