chore: upgrade kuberconform github action

blackjid · Dec 18, 2023 · d9cd951 · d9cd951
1 parent 993b41d
commit d9cd951
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 27 deletions.
diff --git a/.github/workflows/kubeconform.yaml b/.github/workflows/kubeconform.yaml
@@ -1,4 +1,5 @@
 ---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 name: "Kubeconform"
 
 on:
@@ -9,7 +10,10 @@ on:
       - "kubernetes/main/**"
 
 env:
-  SCHEMA_DIR: /home/runner/crds
+  DEBCONF_NONINTERACTIVE_SEEN: "true"
+  DEBIAN_FRONTEND: noninteractive
+  APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE: DontWarn
+  WORKFLOW_RESOURCE_DIR: ./.github/workflows/resources
 
 jobs:
   kubeconform:
@@ -31,31 +35,20 @@ jobs:
         with:
           token: "${{ steps.app-token.outputs.token }}"
 
-      - name: Setup Homebrew
-        uses: Homebrew/actions/setup-homebrew@master
-
-      - name: Setup Tools
+      - name: Install OS Deps
         shell: bash
-        run: brew install kubeconform kustomize
-
-      - name: Setup QEMU
-        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
+        run: sudo apt-get update && sudo apt-get install -y curl git xz-utils
 
-      - name: Setup Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+      - name: Install Nix
+        uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24
+        with:
+          github_access_token: "${{ steps.app-token.outputs.token }}"
 
-      - name: Extract files from container image
-        shell: bash
-        run: |
-          mkdir -p ${{ env.SCHEMA_DIR }}
-          docker run --rm \
-              -v ${{ env.SCHEMA_DIR }}:/crds \
-              -u $(id -u) \
-              --entrypoint /bin/sh \
-              ghcr.io/onedr0p/kubernetes-schemas:latest \
-              -c "cp -r /usr/share/nginx/html/* /crds"
+      - name: Switch to Nix devShell
+        uses: nicknovitski/nix-develop@a2060d116a50b36dfab02280af558e73ab52427d # v1.1.0
+        with:
+          arguments: "${{ env.WORKFLOW_RESOURCE_DIR }}"
 
       - name: Run kubeconform
         shell: bash
-        run: bash ./.github/scripts/kubeconform.sh ${{ matrix.path }} ${{ env.SCHEMA_DIR }}
+        run: bash ${{ env.WORKFLOW_RESOURCE_DIR }}/kubeconform.sh ${{ matrix.path }}
diff --git a/.github/workflows/resources/flake.nix b/.github/workflows/resources/flake.nix
@@ -0,0 +1,26 @@
+{
+  description = "CI Nix Flake";
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+  outputs = { self, nixpkgs, flake-utils }:
+    flake-utils.lib.eachDefaultSystem(system:
+      let pkgs = import nixpkgs { inherit system; }; in {
+        devShells = {
+          default = pkgs.mkShell
+            {
+              buildInputs = (with pkgs; [
+                cosign
+                fluxcd
+                kubeconform
+                kubectl
+                kustomize
+                jo
+                yq
+              ]);
+            };
+        };
+      }
+    );
+}
diff --git a/.github/scripts/kubeconform.sh → .github/workflows/resources/kubeconform.sh b/.github/scripts/kubeconform.sh → .github/workflows/resources/kubeconform.sh
@@ -2,11 +2,9 @@
 set -o errexit
 
 KUBERNETES_DIR=$1
-SCHEMA_DIR=$2
-KUBE_VERSION="${3:-1.28.0}"
+KUBE_VERSION="${2:-1.28.0}"
 
 [[ -z "${KUBERNETES_DIR}" ]] && echo "Kubernetes location not specified" && exit 1
-[[ -z "${SCHEMA_DIR}" ]] && echo "Schema location not specified" && exit 1
 
 kustomize_args=("--load-restrictor=LoadRestrictionsNone")
 kustomize_config="kustomization.yaml"
@@ -20,7 +18,7 @@ kubeconform_args=(
     "-schema-location"
     "default"
     "-schema-location"
-    "${SCHEMA_DIR}/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json"
+    "https://kubernetes-schemas.pages.dev/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json"
     "-verbose"
 )