Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hack: enforce conftest and yamllint failures #2328

Merged
merged 10 commits into from
Jul 15, 2021
Merged

hack: enforce conftest and yamllint failures #2328

merged 10 commits into from
Jul 15, 2021

Conversation

spiffxp
Copy link
Member

@spiffxp spiffxp commented Jul 12, 2021

Add more enforcement to hack/verify.sh via:

  • failing on yamllint rules that were previously warnings (new-line-at-end-of-file and trailing-spaces) to bring us to parity with the yamllint enforcment used for kubernetes/test-infra
  • failing on conftest failures based on Open Policy Agent policies defined in policies/

Also tuned down the output noise from verify-shellcheck.sh

Part of #1734

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. area/access Define who has access to what via IAM bindings, role bindings, policy, etc. area/artifacts Issues or PRs related to the hosting of release artifacts for subprojects area/dns DNS records for k8s.io, kubernetes.io, k8s.dev, etc., code in dns/ labels Jul 12, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: spiffxp

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added area/apps/cert-manager cert-manager, code in apps/cert-manager/ area/terraform Terraform modules, testing them, writing more of them, code in infra/gcp/clusters/ approved Indicates a PR has been approved by an approver from all required OWNERS files. area/provider/azure Issues or PRs related to azure provider area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters area/release-eng Issues or PRs related to the Release Engineering subproject sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. sig/network Categorizes an issue or PR as relevant to SIG Network. labels Jul 12, 2021
@k8s-ci-robot k8s-ci-robot requested review from aojea and cpanato July 12, 2021 16:21
@k8s-ci-robot k8s-ci-robot added sig/node Categorizes an issue or PR as relevant to SIG Node. sig/release Categorizes an issue or PR as relevant to SIG Release. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. sig/testing Categorizes an issue or PR as relevant to SIG Testing. wg/k8s-infra wg/reliability Categorizes an issue or PR as relevant to WG Reliability labels Jul 12, 2021
cpanato
cpanato reviewed Jul 14, 2021
View reviewed changes
hack/verify-conftest.sh Outdated Show resolved Hide resolved
@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 15, 2021
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 15, 2021
@spiffxp
Copy link
Member Author

spiffxp commented Jul 15, 2021

I could not get as far as "writing a failing policy and then fix it". What we have now is not quite as copy-paste friendly as a thought, and I'd rather not have this hang out until I more properly learn Rego.

I did at least add some warnings for v1.22 removals we'll want to address

@aojea
Copy link
Member

aojea commented Jul 15, 2021

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 15, 2021
@k8s-ci-robot k8s-ci-robot merged commit a7d10e5 into kubernetes:main Jul 15, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.22 milestone Jul 15, 2021
@spiffxp spiffxp deleted the verify-conftest branch July 15, 2021 21:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aojea aojea aojea left review comments

@cpanato cpanato cpanato left review comments

Assignees

@aojea aojea

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/access Define who has access to what via IAM bindings, role bindings, policy, etc. area/apps/cert-manager cert-manager, code in apps/cert-manager/ area/artifacts Issues or PRs related to the hosting of release artifacts for subprojects area/dns DNS records for k8s.io, kubernetes.io, k8s.dev, etc., code in dns/ area/provider/azure Issues or PRs related to azure provider area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters area/release-eng Issues or PRs related to the Release Engineering subproject area/terraform Terraform modules, testing them, writing more of them, code in infra/gcp/clusters/ cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. sig/network Categorizes an issue or PR as relevant to SIG Network. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/release Categorizes an issue or PR as relevant to SIG Release. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. wg/reliability Categorizes an issue or PR as relevant to WG Reliability
Projects
None yet
Milestone
v1.22
Development

Successfully merging this pull request may close these issues.
4 participants
@spiffxp @k8s-ci-robot @aojea @cpanato