mirror of
https://github.com/stackrox/kube-linter-action.git
synced 2026-07-04 23:51:37 +00:00
87802a2f4e
Signed-off-by: Nelo-T. Wallus <n.wallus@sap.com>
88 lines
3.3 KiB
YAML
Executable File
88 lines
3.3 KiB
YAML
Executable File
name: 'kube-linter'
|
|
description: 'Scan directory or file with kube-linter'
|
|
branding:
|
|
icon: 'check-circle'
|
|
color: 'green'
|
|
inputs:
|
|
directory:
|
|
description: 'Directory or file to scan'
|
|
required: true
|
|
config:
|
|
description: 'Path to config file'
|
|
required: false
|
|
format:
|
|
description: 'Output format. Allowed values: sarif, plain, json. Default: "plain"'
|
|
required: false
|
|
default: 'plain'
|
|
output-file:
|
|
description: 'Filename to store output. File will be overwritten if it exists. Default: "kubelinter.log"'
|
|
required: false
|
|
default: 'kubelinter.log'
|
|
version:
|
|
description: 'Version of kube-linter to use. E.g. "0.2.4". Default: "latest"'
|
|
required: false
|
|
default: 'latest'
|
|
fail-on-invalid-resource:
|
|
description: 'Error out when we have an invalid resource. Default: false'
|
|
required: false
|
|
default: 'false'
|
|
token:
|
|
description: 'Used to pull release info from GitHub. Does not need to be supplied on github.com.'
|
|
required: false
|
|
default: ${{ github.server_url == 'https://github.com' && github.token || '' }}
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- name: Download kube-linter
|
|
shell: bash
|
|
run: |
|
|
set -u
|
|
case "${{ runner.os }}" in
|
|
macOS) OS=darwin ;;
|
|
Windows) OS=windows ;;
|
|
*) OS=linux ;;
|
|
esac
|
|
RELEASE_URL='https://api.github.com/repos/stackrox/kube-linter/releases/latest'
|
|
if [[ "${{ inputs.version }}" != "latest" ]]; then
|
|
RELEASE_URL='https://api.github.com/repos/stackrox/kube-linter/releases/tags/${{ inputs.version }}'
|
|
fi
|
|
# Although releases endpoint is available without authentication, the current github.token is still passed
|
|
# in order to increase the limit of 60 requests per hour per IP address to a higher value that's also counted
|
|
# per GitHub account.
|
|
# Caching is disabled in order not to receive stale responses from Varnish cache fronting GitHub API.
|
|
AUTH_HEADER=""
|
|
if [[ "${{ inputs.token }}" != "" ]]; then
|
|
AUTH_HEADER="Authorization: Bearer ${{ inputs.token }}"
|
|
fi
|
|
RELEASE_INFO="$(curl --silent --show-error --fail \
|
|
--header "$AUTH_HEADER" \
|
|
--header 'Cache-Control: no-cache, must-revalidate' \
|
|
"${RELEASE_URL}")"
|
|
RELEASE_NAME="$(echo "${RELEASE_INFO}" | jq --raw-output ".name")"
|
|
LOCATION="$(echo "${RELEASE_INFO}" \
|
|
| jq --raw-output ".assets[].browser_download_url" \
|
|
| grep --fixed-strings "kube-linter-${OS}.tar.gz")"
|
|
TARGET="kube-linter-${OS}-${RELEASE_NAME}.tar.gz"
|
|
# Skip downloading release if downloaded already, e.g. when the action is used multiple times.
|
|
if [[ ! -e "$TARGET" ]]; then
|
|
curl --silent --show-error --fail --location --output "$TARGET" "$LOCATION"
|
|
tar -xf "$TARGET"
|
|
fi
|
|
- name: Lint files
|
|
shell: bash
|
|
run: |
|
|
set -u
|
|
if [[ -z "${{ inputs.config }}" ]]; then
|
|
CONFIG=""
|
|
else
|
|
CONFIG="--config ${{ inputs.config }}"
|
|
fi
|
|
|
|
if [[ "${{ inputs.fail-on-invalid-resource }}" == "true" ]]; then
|
|
FLAG_ARGS="--fail-on-invalid-resource "
|
|
else
|
|
FLAG_ARGS=""
|
|
fi
|
|
|
|
./kube-linter $CONFIG lint "${{ inputs.directory }}" --format "${{ inputs.format }}" $FLAG_ARGS | tee "${{ inputs.output-file }}"
|