-
Notifications
You must be signed in to change notification settings - Fork 250
122 lines (105 loc) · 4.04 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: Policy Test
permissions: {}
on:
push:
branches:
- '*'
pull_request:
branches:
- main
- release*
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
path: policies
- name: Validate all policies
run: |
#!/bin/bash
set -euo pipefail
# Loop through each policy directory in the repository
for policy_dir in $(find "$GITHUB_WORKSPACE" -type d ! -name '.*' ! -path '*/\.*'); do
# Skip the root directory
if [[ "$policy_dir" == "$GITHUB_WORKSPACE" ]]; then
continue
fi
# Skip directories that contain subdirectories
if find "$policy_dir" -mindepth 1 -type d -print -quit | read; then
# If it does, skip the filename validation
continue
fi
# Get the name of the directory
dir_name=$(basename "$policy_dir")
# Skip if it is the CRDs directory
if [[ $dir_name =~ ^.*CRDs.*$ ]]; then
continue
fi
# Check if the directory name only contains alphanumeric characters and dashes
if [[ ! $dir_name =~ ^[a-zA-Z0-9-]+$ ]]; then
echo "Directory $dir_name contains invalid characters. Only alphanumeric characters and dashes are allowed."
exit 1
fi
# Skip if the directory contains a kustomization.yaml file
if [[ -f "$policy_dir/kustomization.yaml" ]]; then
continue
fi
# Check if a .yml or .yaml file with the same name as the directory exists in the directory
if [[ ! -f "$policy_dir/$dir_name.yml" ]] && [[ ! -f "$policy_dir/$dir_name.yaml" ]]; then
echo "No .yml or .yaml file named $dir_name found in directory $policy_dir"
exit 1
fi
# Validate that artifacthub-pkg.yml or artifacthub-pkg.yaml file is found in the same folder as the policy
if [[ ! -f "$policy_dir/artifacthub-pkg.yml" ]] && [[ ! -f "$policy_dir/artifacthub-pkg.yaml" ]]; then
echo "artifacthub-pkg.yml or artifacthub-pkg.yaml file is not found in the same folder as the policy in directory $policy_dir"
exit 1
fi
done
- name: Clone Kyverno
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
repository: kyverno/kyverno
path: kyverno
# The target branch of a pull request or the branch/tag of a push
ref: ${{ github.base_ref || github.ref_name }}
- name: Set up Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: "1.20"
- name: Test Policy
run: go run ./cmd/cli/kubectl-kyverno test ../policies
working-directory: kyverno
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
path: policies
- name: Clone Kyverno
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
repository: kyverno/kyverno
path: kyverno
# The target branch of a pull request or the branch/tag of a push
ref: ${{ github.base_ref || github.ref_name }}
- name: Set up Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: "1.20"
- name: Lint policies
run: |
set -e
KYVERNO_EXPERIMENTAL=true go run ./cmd/cli/kubectl-kyverno fix test . --save
working-directory: kyverno
- name: Check diff
run: |
set -e
git --no-pager diff .
git diff --quiet --exit-code .
working-directory: policies