Validate Kubernetes manifests in your repository.
This action uses conftest for validating.
# .github/workflows/manifests-validation.yml
name: Pull Request Check
on: [pull_request]
jobs:
validation:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: validate manifest-dir
uses: makocchi-git/[email protected]
with:
file: manifest-dir
token: ${{ secrets.GITHUB_TOKEN }}Default kubernetes policies are installed to /policy in the working container.
If you want to use your own policies, commit your rego files into any directory and set it's path into policy parameter.
# use policy/your_awesome_regos as your custom policy directory
- name: validate manifest-dir with custom policies
uses: makocchi-git/[email protected]
with:
file: manifest-dir
policy: policy/your_awesome_regos
token: ${{ secrets.GITHUB_TOKEN }}You can use external custom policies for validation.
# policies will download from github.com/makocchi-git/sample-kubernetes-rego-policy before validation
- name: validate manifest-dir with external custom policies
uses: makocchi-git/[email protected]
with:
file: manifest-dir
update: github.com/makocchi-git/sample-kubernetes-rego-policy
policy: policy/your_awesome_regos # this parameter will be ignored
token: ${{ secrets.GITHUB_TOKEN }}| Parameter | Description | Default |
|---|---|---|
file |
File or directory to validate | . |
output |
Output format for conftest results - valid options are: [stdout json tap table] | stdout |
policy |
Path to the Rego policy files directory | /policy |
trace |
Enable more verbose trace output for rego queries | false |
update |
A list of urls can be provided to the update flag, which will download before the tests run | "" |
comment |
Write validation details to pull request comments | true |
token |
Github token for api. This is required if comment is true |
"" |