Skip to content

Commit

Permalink
feat(ci): add dagger yamllint and kubeconform tasks
Browse files Browse the repository at this point in the history
  • Loading branch information
Smana committed Jun 14, 2024
1 parent 48b7473 commit 60190e4
Show file tree
Hide file tree
Showing 14 changed files with 509 additions and 552 deletions.
36 changes: 36 additions & 0 deletions .github/workflows/dagger.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
name: dagger
on:
push:
branches: ["*"]

jobs:
build:
name: build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4

# - name: Yaml lint
# uses: dagger/dagger-for-github@v5
# with:
# version: "latest"
# verb: call
# module: github.com/tsirysndr/daggerverse/yamllint
# args: lint --src .

- name: Validate Flux clusters manifests
uses: dagger/dagger-for-github@v5
with:
version: "latest"
verb: call
module: github.com/Smana/daggerverse/kubeconform@kubeconform/v0.0.4
args: validate --manifests "./clusters" --catalog

- name: Validate Kubernetes manifests (Kustomize directories)
uses: dagger/dagger-for-github@v5
with:
version: "latest"
verb: call
module: github.com/Smana/daggerverse/kubeconform@kubeconform/v0.0.4
args: validate --manifests "." --kustomize --flux --env="cluster_name=foobar,region=eu-west-3,domain_name=example.com" --catalog --crds https://github.com/kubernetes-sigs/gateway-api/tree/main/config/crd
23 changes: 0 additions & 23 deletions .github/workflows/manifests.yaml

This file was deleted.

2 changes: 1 addition & 1 deletion .github/workflows/pr-agent.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,4 @@ jobs:
uses: Codium-ai/pr-agent@main
env:
OPENAI_KEY: ${{ secrets.OPENAI_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
14 changes: 14 additions & 0 deletions .yamllint
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
---
extends: default

rules:
comments-indentation:
level: error
indentation:
indent-sequences: consistent
spaces: 2
check-multi-line-strings: false
line-length: disable
document-start: disable
comments: disable
truthy: disable
66 changes: 0 additions & 66 deletions scripts/validate.sh

This file was deleted.

64 changes: 32 additions & 32 deletions security/base/epis/cert-manager.yaml
Original file line number Diff line number Diff line change
@@ -1,36 +1,36 @@
apiVersion: cloud.ogenki.io/v1alpha1
kind: EPI
metadata:
name: xplane-cert-manager-${cluster_name}
namespace: security
name: xplane-cert-manager-${cluster_name}
namespace: security
spec:
parameters:
clusterName: ${cluster_name}
serviceAccount:
name: cert-manager
namespace: security
# Reference: https://cert-manager.io/docs/configuration/acme/dns01/route53/
policyDocument: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "route53:GetChange",
"Resource": "arn:aws:route53:::change/*"
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": "arn:aws:route53:::hostedzone/*"
},
{
"Effect": "Allow",
"Action": "route53:ListHostedZonesByName",
"Resource": "*"
}
]
}
parameters:
clusterName: ${cluster_name}
serviceAccount:
name: cert-manager
namespace: security
# Reference: https://cert-manager.io/docs/configuration/acme/dns01/route53/
policyDocument: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "route53:GetChange",
"Resource": "arn:aws:route53:::change/*"
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": "arn:aws:route53:::hostedzone/*"
},
{
"Effect": "Allow",
"Action": "route53:ListHostedZonesByName",
"Resource": "*"
}
]
}
68 changes: 34 additions & 34 deletions security/base/epis/external-dns.yaml
Original file line number Diff line number Diff line change
@@ -1,38 +1,38 @@
apiVersion: cloud.ogenki.io/v1alpha1
kind: EPI
metadata:
name: xplane-external-dns-${cluster_name}
namespace: kube-system
name: xplane-external-dns-${cluster_name}
namespace: kube-system
spec:
deletionPolicy: Delete
parameters:
clusterName: ${cluster_name}
serviceAccount:
name: external-dns
namespace: kube-system
# Reference: https://kubernetes-sigs.github.io/external-dns/v0.13.4/tutorials/aws/#iam-policy
policyDocument: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:ListResourceRecordSets"
],
"Resource": [
"*"
]
}
]
}
deletionPolicy: Delete
parameters:
clusterName: ${cluster_name}
serviceAccount:
name: external-dns
namespace: kube-system
# Reference: https://kubernetes-sigs.github.io/external-dns/v0.13.4/tutorials/aws/#iam-policy
policyDocument: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:ListResourceRecordSets"
],
"Resource": [
"*"
]
}
]
}
52 changes: 26 additions & 26 deletions security/base/epis/external-secrets.yaml
Original file line number Diff line number Diff line change
@@ -1,30 +1,30 @@
apiVersion: cloud.ogenki.io/v1alpha1
kind: EPI
metadata:
name: xplane-external-secrets-${cluster_name}
namespace: security
name: xplane-external-secrets-${cluster_name}
namespace: security
spec:
parameters:
clusterName: ${cluster_name}
serviceAccount:
name: external-secrets
namespace: security
# Reference: https://github.com/external-secrets/external-secrets/blob/main/terraform/aws/modules/cluster/irsa.tf
policyDocument: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"secretsmanager:GetResourcePolicy",
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecretVersionIds"
],
"Resource": [
"*"
]
}
]
}
parameters:
clusterName: ${cluster_name}
serviceAccount:
name: external-secrets
namespace: security
# Reference: https://github.com/external-secrets/external-secrets/blob/main/terraform/aws/modules/cluster/irsa.tf
policyDocument: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"secretsmanager:GetResourcePolicy",
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecretVersionIds"
],
"Resource": [
"*"
]
}
]
}
Loading

0 comments on commit 60190e4

Please sign in to comment.