A flexible GitHub Action to validate Helm
charts with
Kubeconform. The target may
be either a single chart directory or a directory containing multiple
charts, at any level.
Usage
Assuming you have a charts directory under which you have a
set of charts and a schemas directory containing any custom
resource schemas, like this:
charts
└───foo
│ ├───templates
│ └───tests
└───bar
│ ├───templates
│ └───tests
└───schemas
You can validate the charts in your workflow using the Docker image
directly, which is quicker but requires adding
docker/login-action and
supplying the environment variables yourself:
kubeconform:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Generate and validate releases
uses: docker://ghcr.io/shivjm/helm-kubeconform-action:v0.2.0
env:
ADDITIONAL_SCHEMA_PATHS: |
schemas/{{ .ResourceKind }}.json
CHARTS_DIRECTORY: "charts"
KUBECONFORM_STRICT: "true"
HELM_UPDATE_DEPENDENCIES: "true"
Or by using the action, which will rebuild the Docker image every time
but is easier to use:
jobs:
kubeconform:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Generate and validate releases
uses: shivjm/helm-kubeconform-action@v0.2.0
with:
additionalSchemaPaths: |
schemas/{{ .ResourceKind }}.json
chartsDirectory: "charts"
See action.yml for more information on the parameters.
Schemas
The default Kubernetes
schema will always
be automatically included. If you need to add custom schemas,
additionalSchemaPaths
should be a list of paths, one per line, in
the format expected by
Kubeconform.
These are relative to the root of your repository.
Tests
Every chart subdirectory must have a tests subdirectory
containing values files as you would pass to
Helm.
Each file will be passed on its own to helm template release
charts/chart and the results will be validated by
Kubeconform.
Strict Mode
Kubeconform will be run in strict mode. Pass strict: "false"
to
disable this.
Rationale
I needed an action to validate some Helm charts.
nlamirault/helm-kubeconform-action
doesn’t offer enough flexibility and downloads two Git repositories
during
execution.
It was a good opportunity to try writing some bad Go (more about
that) and dip my toes
into the world of writing GitHub Actions—specifically, a Docker
container
action.