1
0
mirror of https://github.com/stackrox/kube-linter-action.git synced 2026-07-04 23:51:37 +00:00
Files
Nelo-T. Wallus 87802a2f4e support setting token for github enterprise (#31)
Signed-off-by: Nelo-T. Wallus <n.wallus@sap.com>
2025-05-05 17:42:08 +02:00

88 lines
3.3 KiB
YAML
Executable File

name: 'kube-linter'
description: 'Scan directory or file with kube-linter'
branding:
icon: 'check-circle'
color: 'green'
inputs:
directory:
description: 'Directory or file to scan'
required: true
config:
description: 'Path to config file'
required: false
format:
description: 'Output format. Allowed values: sarif, plain, json. Default: "plain"'
required: false
default: 'plain'
output-file:
description: 'Filename to store output. File will be overwritten if it exists. Default: "kubelinter.log"'
required: false
default: 'kubelinter.log'
version:
description: 'Version of kube-linter to use. E.g. "0.2.4". Default: "latest"'
required: false
default: 'latest'
fail-on-invalid-resource:
description: 'Error out when we have an invalid resource. Default: false'
required: false
default: 'false'
token:
description: 'Used to pull release info from GitHub. Does not need to be supplied on github.com.'
required: false
default: ${{ github.server_url == 'https://github.com' && github.token || '' }}
runs:
using: "composite"
steps:
- name: Download kube-linter
shell: bash
run: |
set -u
case "${{ runner.os }}" in
macOS) OS=darwin ;;
Windows) OS=windows ;;
*) OS=linux ;;
esac
RELEASE_URL='https://api.github.com/repos/stackrox/kube-linter/releases/latest'
if [[ "${{ inputs.version }}" != "latest" ]]; then
RELEASE_URL='https://api.github.com/repos/stackrox/kube-linter/releases/tags/${{ inputs.version }}'
fi
# Although releases endpoint is available without authentication, the current github.token is still passed
# in order to increase the limit of 60 requests per hour per IP address to a higher value that's also counted
# per GitHub account.
# Caching is disabled in order not to receive stale responses from Varnish cache fronting GitHub API.
AUTH_HEADER=""
if [[ "${{ inputs.token }}" != "" ]]; then
AUTH_HEADER="Authorization: Bearer ${{ inputs.token }}"
fi
RELEASE_INFO="$(curl --silent --show-error --fail \
--header "$AUTH_HEADER" \
--header 'Cache-Control: no-cache, must-revalidate' \
"${RELEASE_URL}")"
RELEASE_NAME="$(echo "${RELEASE_INFO}" | jq --raw-output ".name")"
LOCATION="$(echo "${RELEASE_INFO}" \
| jq --raw-output ".assets[].browser_download_url" \
| grep --fixed-strings "kube-linter-${OS}.tar.gz")"
TARGET="kube-linter-${OS}-${RELEASE_NAME}.tar.gz"
# Skip downloading release if downloaded already, e.g. when the action is used multiple times.
if [[ ! -e "$TARGET" ]]; then
curl --silent --show-error --fail --location --output "$TARGET" "$LOCATION"
tar -xf "$TARGET"
fi
- name: Lint files
shell: bash
run: |
set -u
if [[ -z "${{ inputs.config }}" ]]; then
CONFIG=""
else
CONFIG="--config ${{ inputs.config }}"
fi
if [[ "${{ inputs.fail-on-invalid-resource }}" == "true" ]]; then
FLAG_ARGS="--fail-on-invalid-resource "
else
FLAG_ARGS=""
fi
./kube-linter $CONFIG lint "${{ inputs.directory }}" --format "${{ inputs.format }}" $FLAG_ARGS | tee "${{ inputs.output-file }}"