mirror of
https://github.com/stackrox/kube-linter-action.git
synced 2026-07-04 23:51:37 +00:00
8ed7cc3d11
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
47 lines
2.0 KiB
YAML
47 lines
2.0 KiB
YAML
name: Check Kubernetes YAMLs with kube-linter
|
|
|
|
on:
|
|
# Note that both `push` and `pull_request` triggers should be present for GitHub to consistently present kube-linter
|
|
# SARIF reports.
|
|
push:
|
|
branches: [ main, master ]
|
|
pull_request:
|
|
|
|
jobs:
|
|
scan:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
|
|
# This prepares directory where github/codeql-action/upload-sarif@v1 looks up report files by default.
|
|
- name: Create ../results directory for SARIF report files
|
|
shell: bash
|
|
run: mkdir -p ../results
|
|
|
|
- name: Scan yaml files with kube-linter
|
|
uses: stackrox/kube-linter-action@v1.0.7
|
|
id: kube-linter-action-scan
|
|
with:
|
|
# Adjust this directory to the location where your kubernetes resources and helm charts are located.
|
|
directory: sample/valid-yaml
|
|
# Adjust this to the location of kube-linter config you're using, or remove the setting if you'd like to use
|
|
# the default config.
|
|
config: sample/.kube-linter-config.yaml
|
|
# The following two settings make kube-linter produce scan analysis in SARIF format which would then be
|
|
# made available in GitHub UI via upload-sarif action below.
|
|
format: sarif
|
|
output-file: ../results/kube-linter.sarif
|
|
# The following line prevents aborting the workflow immediately in case your files fail kube-linter checks.
|
|
# This allows the following upload-sarif action to still upload the results to your GitHub repo.
|
|
continue-on-error: true
|
|
|
|
- name: Upload SARIF report files to GitHub
|
|
uses: github/codeql-action/upload-sarif@v4
|
|
|
|
# Ensure the workflow eventually fails if files did not pass kube-linter checks.
|
|
- name: Verify kube-linter-action succeeded
|
|
shell: bash
|
|
run: |
|
|
echo "If this step fails, kube-linter found issues. Check the output of the scan step above."
|
|
[[ "${{ steps.kube-linter-action-scan.outcome }}" == "success" ]]
|