stackrox / kube-linter-action Goto Github PK
View Code? Open in Web Editor NEWGitHub action for automating KubeLinter.
Home Page: https://github.com/stackrox/kube-linter
License: Apache License 2.0
GitHub action for automating KubeLinter.
Home Page: https://github.com/stackrox/kube-linter
License: Apache License 2.0
This issue has started today without changing our action.yaml. When trying to run the kube-linter action, we are seeing the following error output:
Run stackrox/[email protected]
with:
directory: deployments
format: plain
output-file: kubelinter.log
version: latest
Run set -u
set -u
case "Linux" in
macOS) OS=darwin ;;
Windows) OS=windows ;;
*) OS=linux ;;
esac
RELEASE_URL='https://api.github.com/repos/stackrox/kube-linter/releases/latest'
if [[ "latest" != "latest" ]]; then
RELEASE_URL='https://api.github.com/repos/stackrox/kube-linter/releases/tags/latest'
fi
# Although releases endpoint is available without authentication, the current github.token is still passed
# in order to increase the limit of 60 requests per hour per IP address to a higher value that's also counted
# per GitHub account.
# Caching is disabled in order not to receive stale responses from Varnish cache fronting GitHub API.
RELEASE_INFO="$(curl --silent --show-error --fail \
--header 'authorization: ***' \
--header 'Cache-Control: no-cache, must-revalidate' \
"${RELEASE_URL}")"
RELEASE_NAME="$(echo "${RELEASE_INFO}" | jq --raw-output ".name")"
LOCATION="$(echo "${RELEASE_INFO}" \
| jq --raw-output ".assets[].browser_download_url" \
| grep --fixed-strings "kube-linter-${OS}.tar.gz")"
TARGET="kube-linter-${OS}-${RELEASE_NAME}.tar.gz"
# Skip downloading release if downloaded already, e.g. when the action is used multiple times.
if [[ ! -e "$TARGET" ]]; then
curl --silent --show-error --fail --location --output "$TARGET" "$LOCATION"
tar -xf "$TARGET"
fi
shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
curl: (3) URL using bad/illegal format or missing URL
Error: Process completed with exit code 3.
Our orchestration repo is big. Really big. You just won't believe how vastly hugely mind-bogglingly big it is. I mean, you may think it's a long way down the road to the chemist, but that's just peanuts to our orchestration repo.
As such, we'd like to only test files that have actually changed in a PR.
I tried some (what I though) clever shell commands, and ended up at this:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- run: echo "CHANGED_FILES=$(git diff --name-only ${{ github.event.before }}..${{ github.event.after }} | grep 'k8s/.*\.y[a]*ml$' | tr '\n' ' ')" >> $GITHUB_ENV
- name: Scan yaml files with kube-linter
uses: stackrox/[email protected]
id: kube-linter-action-scan
with:
directory: $CHANGED_FILES
config: .kube-linter-config.yaml
# Use plain output, because we don't have GitHub Enterprise which is required for SARIF upload
format: plain
continue-on-error: true
Sadly, this fails because directory
is interpreted as a single file or directory; if multiple files has been changed, it will try to use "file1.yaml file2.yaml" as a single file, which will of course fail.
Suggestion: extend github action so it supports either directory
or files
, where the latter can take multiple files as input.
I'd love to extract results as a txt file and use it afterwards, either as artifact of the workflow run or au create a bug with the content of the results.
Could you add an optional parameter to specify the output file ?
how do we use this with Kustomize repos?
First of all, thank you for the GH action, it is extremely helpful!
however, we encountered an issue since 2 days ago, when kube-linter 0.2.4 was released (https://github.com/stackrox/kube-linter/releases/tag/0.2.4, introducing a new check: "non-isolated-pod".
Our yaml files currently violate this rule, making our test fails.
While we can easily workaround this by excluding this particular check in our config file, I think it would be good to add a parameter to the action that can allow users to use a specific version rather than latest
(which is currently hardcoded) This way we would be sure that new releases won't break our listing tests and we can update as needed
Thanks @neilcar for creating the action.
Would it be possible to do a proper tagging for this project please?
Maybe good starting point is here: https://github.com/actions/checkout
They are using versions like:
v2 -> v2.0.0
v1 -> v1.2.0
v1.1.0
v1.0.0
It would be really handy to use something like v1
instead of specifying the exact version only v0.0.2
:
- uses: stackrox/kube-linter-action@v1
It will save folks from changing the "exact versions" when you release new version.
For example this project can be handy for automating the release process: https://github.com/haya14busa/action-update-semver
Thank you...
This issue was reported on stackrox/kube-linter already but I guess the fix is here.
stackrox/kube-linter#335 (comment)
When the chart is not valid, the linter will exit with status code 0, and the following warning is displayed: "Warning: no valid objects found."
It would be nice if there was at least an option to make the action fail when this happens.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.