From 2790398ce52968f14927caa1a8df4639a8da7bd1 Mon Sep 17 00:00:00 2001 From: Juan Ignacio Donoso Date: Sun, 17 Dec 2023 22:13:15 -0300 Subject: [PATCH] chore: upgrade kuberconform github action --- .github/resources/flake.nix | 26 +++++++++++++ .github/{scripts => resources}/kubeconform.sh | 6 +-- .github/workflows/kubeconform.yaml | 39 ++++++++----------- 3 files changed, 44 insertions(+), 27 deletions(-) create mode 100644 .github/resources/flake.nix rename .github/{scripts => resources}/kubeconform.sh (89%) diff --git a/.github/resources/flake.nix b/.github/resources/flake.nix new file mode 100644 index 0000000000..5c57c3b53c --- /dev/null +++ b/.github/resources/flake.nix @@ -0,0 +1,26 @@ +{ + description = "CI Nix Flake"; + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + flake-utils.url = "github:numtide/flake-utils"; + }; + outputs = { self, nixpkgs, flake-utils }: + flake-utils.lib.eachDefaultSystem(system: + let pkgs = import nixpkgs { inherit system; }; in { + devShells = { + default = pkgs.mkShell + { + buildInputs = (with pkgs; [ + cosign + fluxcd + kubeconform + kubectl + kustomize + jo + yq + ]); + }; + }; + } + ); +} diff --git a/.github/scripts/kubeconform.sh b/.github/resources/kubeconform.sh similarity index 89% rename from .github/scripts/kubeconform.sh rename to .github/resources/kubeconform.sh index e10b314777..fe957e383f 100755 --- a/.github/scripts/kubeconform.sh +++ b/.github/resources/kubeconform.sh @@ -2,11 +2,9 @@ set -o errexit KUBERNETES_DIR=$1 -SCHEMA_DIR=$2 -KUBE_VERSION="${3:-1.28.0}" +KUBE_VERSION="${2:-1.28.0}" [[ -z "${KUBERNETES_DIR}" ]] && echo "Kubernetes location not specified" && exit 1 -[[ -z "${SCHEMA_DIR}" ]] && echo "Schema location not specified" && exit 1 kustomize_args=("--load-restrictor=LoadRestrictionsNone") kustomize_config="kustomization.yaml" @@ -20,7 +18,7 @@ kubeconform_args=( "-schema-location" "default" "-schema-location" - "${SCHEMA_DIR}/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json" + "https://kubernetes-schemas.pages.dev/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json" "-verbose" ) diff --git a/.github/workflows/kubeconform.yaml b/.github/workflows/kubeconform.yaml index f7e3c10461..1114cc82cd 100644 --- a/.github/workflows/kubeconform.yaml +++ b/.github/workflows/kubeconform.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: "Kubeconform" on: @@ -9,7 +10,10 @@ on: - "kubernetes/main/**" env: - SCHEMA_DIR: /home/runner/crds + DEBCONF_NONINTERACTIVE_SEEN: "true" + DEBIAN_FRONTEND: noninteractive + APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE: DontWarn + WORKFLOW_RESOURCE_DIR: ./.github/workflows/resources jobs: kubeconform: @@ -31,31 +35,20 @@ jobs: with: token: "${{ steps.app-token.outputs.token }}" - - name: Setup Homebrew - uses: Homebrew/actions/setup-homebrew@master - - - name: Setup Tools + - name: Install OS Deps shell: bash - run: brew install kubeconform kustomize - - - name: Setup QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + run: sudo apt-get update && sudo apt-get install -y curl git xz-utils - - name: Setup Docker Buildx - id: buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + - name: Install Nix + uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 + with: + github_access_token: "${{ steps.app-token.outputs.token }}" - - name: Extract files from container image - shell: bash - run: | - mkdir -p ${{ env.SCHEMA_DIR }} - docker run --rm \ - -v ${{ env.SCHEMA_DIR }}:/crds \ - -u $(id -u) \ - --entrypoint /bin/sh \ - ghcr.io/onedr0p/kubernetes-schemas:latest \ - -c "cp -r /usr/share/nginx/html/* /crds" + - name: Switch to Nix devShell + uses: nicknovitski/nix-develop@a2060d116a50b36dfab02280af558e73ab52427d # v1.1.0 + with: + arguments: "${{ env.WORKFLOW_RESOURCE_DIR }}" - name: Run kubeconform shell: bash - run: bash ./.github/scripts/kubeconform.sh ${{ matrix.path }} ${{ env.SCHEMA_DIR }} + run: bash ${{ env.WORKFLOW_RESOURCE_DIR }}/kubeconform.sh ${{ matrix.path }}