-
Notifications
You must be signed in to change notification settings - Fork 86
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #570 from fluxcd/validate-actions
Add GH Actions for Flux manifests validation
- Loading branch information
Showing
4 changed files
with
179 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| name: Setup kubeconform CLI | ||
| description: A GitHub Action for installing the kubeconform CLI | ||
| author: Flux project | ||
| branding: | ||
| color: blue | ||
| icon: command | ||
| inputs: | ||
| version: | ||
| description: Strict SemVer of the kubeconform CLI to install. Defaults to the latest release. | ||
| required: false | ||
| runs: | ||
| using: composite | ||
| steps: | ||
| - name: Download the binary to the runner's cache dir | ||
| shell: bash | ||
| run: | | ||
| VERSION=${{ inputs.version }} | ||
| if [[ -z "$VERSION" ]] || [[ "$VERSION" == "latest" ]]; then | ||
| VERSION=$(curl -fsSL -H "Authorization: token ${{github.token}}" https://api.github.com/repos/yannh/kubeconform/releases/latest | grep tag_name | cut -d '"' -f 4) | ||
| fi | ||
| if [[ -z "$VERSION" ]]; then | ||
| echo "Unable to determine kubeconform version" | ||
| exit 1 | ||
| fi | ||
| if [[ ! $VERSION = v* ]]; then | ||
| VERSION="v${VERSION}" | ||
| fi | ||
| OS=$(echo "${RUNNER_OS}" | tr '[:upper:]' '[:lower:]') | ||
| if [[ "$OS" == "macos" ]]; then | ||
| OS="darwin" | ||
| fi | ||
| ARCH=$(echo "${RUNNER_ARCH}" | tr '[:upper:]' '[:lower:]') | ||
| if [[ "$ARCH" == "x64" ]]; then | ||
| ARCH="amd64" | ||
| fi | ||
| KUBECONFORM_EXEC_FILE="kubeconform" | ||
| if [[ "$OS" == "windows" ]]; then | ||
| KUBECONFORM_EXEC_FILE="${KUBECONFORM_EXEC_FILE}.exe" | ||
| fi | ||
| KUBECONFORM_TOOL_DIR="${RUNNER_TOOL_CACHE}/kubeconform/${VERSION}/${OS}/${ARCH}" | ||
| if [[ ! -x "$KUBECONFORM_TOOL_DIR/$KUBECONFORM_EXEC_FILE" ]]; then | ||
| DL_DIR="$(mktemp -dt kubeconform-XXXXXX)" | ||
| trap 'rm -rf $DL_DIR' EXIT | ||
| echo "Downloading kubeconform ${VERSION} for ${OS}/${ARCH}" | ||
| KUBECONFORM_TARGET_FILE="kubeconform-${OS}-${ARCH}.tar.gz" | ||
| if [[ "$OS" == "windows" ]]; then | ||
| KUBECONFORM_TARGET_FILE="kubeconform-${OS}-${ARCH}.zip" | ||
| fi | ||
| KUBECONFORM_CHECKSUMS_FILE="CHECKSUMS" | ||
| KUBECONFORM_DOWNLOAD_URL="https://github.com/yannh/kubeconform/releases/download/${VERSION}/" | ||
| curl -fsSL -o "$DL_DIR/$KUBECONFORM_TARGET_FILE" "$KUBECONFORM_DOWNLOAD_URL/$KUBECONFORM_TARGET_FILE" | ||
| curl -fsSL -o "$DL_DIR/$KUBECONFORM_CHECKSUMS_FILE" "$KUBECONFORM_DOWNLOAD_URL/$KUBECONFORM_CHECKSUMS_FILE" | ||
| echo "Verifying checksum" | ||
| sum=$(openssl sha1 -sha256 "$DL_DIR/$KUBECONFORM_TARGET_FILE" | awk '{print $2}') | ||
| expected_sum=$(grep " $KUBECONFORM_TARGET_FILE\$" "$DL_DIR/$KUBECONFORM_CHECKSUMS_FILE" | awk '{print $1}') | ||
| if [ "$sum" != "$expected_sum" ]; then | ||
| echo "SHA sum of ${KUBECONFORM_TARGET_FILE} does not match. Aborting." | ||
| exit 1 | ||
| fi | ||
| echo "Installing kubeconform to ${KUBECONFORM_TOOL_DIR}" | ||
| mkdir -p "$KUBECONFORM_TOOL_DIR" | ||
| if [[ "$OS" == "windows" ]]; then | ||
| unzip "$DL_DIR/$KUBECONFORM_TARGET_FILE" "$KUBECONFORM_EXEC_FILE" -d "$KUBECONFORM_TOOL_DIR" | ||
| else | ||
| tar xzf "$DL_DIR/$KUBECONFORM_TARGET_FILE" -C "$KUBECONFORM_TOOL_DIR" $KUBECONFORM_EXEC_FILE | ||
| fi | ||
| chmod +x "$KUBECONFORM_TOOL_DIR/$KUBECONFORM_EXEC_FILE" | ||
| fi | ||
| echo "Adding kubeconform to path" | ||
| echo "$KUBECONFORM_TOOL_DIR" >> "$GITHUB_PATH" | ||
| - name: Print installed kubeconform version | ||
| shell: bash | ||
| run: | | ||
| kubeconform -v |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,84 @@ | ||
| name: Setup yq CLI | ||
| description: A GitHub Action for installing the yq CLI | ||
| author: Flux project | ||
| branding: | ||
| color: blue | ||
| icon: command | ||
| inputs: | ||
| version: | ||
| description: Strict SemVer of the yq CLI to install. Defaults to the latest release. | ||
| required: false | ||
| runs: | ||
| using: composite | ||
| steps: | ||
| - name: Download the binary to the runner's cache dir | ||
| shell: bash | ||
| run: | | ||
| VERSION=${{ inputs.version }} | ||
| if [[ -z "$VERSION" ]] || [[ "$VERSION" == "latest" ]]; then | ||
| VERSION=$(curl -fsSL -H "Authorization: token ${{github.token}}" https://api.github.com/repos/mikefarah/yq/releases/latest | grep tag_name | cut -d '"' -f 4) | ||
| fi | ||
| if [[ -z "$VERSION" ]]; then | ||
| echo "Unable to determine yq version" | ||
| exit 1 | ||
| fi | ||
| if [[ ! $VERSION = v* ]]; then | ||
| VERSION="v${VERSION}" | ||
| fi | ||
| OS=$(echo "${RUNNER_OS}" | tr '[:upper:]' '[:lower:]') | ||
| if [[ "$OS" == "macos" ]]; then | ||
| OS="darwin" | ||
| fi | ||
| ARCH=$(echo "${RUNNER_ARCH}" | tr '[:upper:]' '[:lower:]') | ||
| if [[ "$ARCH" == "x64" ]]; then | ||
| ARCH="amd64" | ||
| fi | ||
| YQ_EXEC_FILE="yq_${OS}_${ARCH}" | ||
| if [[ "$OS" == "windows" ]]; then | ||
| YQ_EXEC_FILE="${YQ_EXEC_FILE}.exe" | ||
| fi | ||
| YQ_TOOL_DIR="${RUNNER_TOOL_CACHE}/yq/${VERSION}/${OS}/${ARCH}" | ||
| if [[ ! -x "$YQ_TOOL_DIR/$YQ_EXEC_FILE" ]]; then | ||
| DL_DIR="$(mktemp -dt yq-XXXXXX)" | ||
| trap 'rm -rf $DL_DIR' EXIT | ||
| echo "Downloading yq ${VERSION} for ${OS}/${ARCH}" | ||
| YQ_TARGET_FILE="yq" | ||
| if [[ "$OS" == "windows" ]]; then | ||
| YQ_TARGET_FILE="yq.exe" | ||
| fi | ||
| YQ_CHECKSUMS_FILE="checksums" | ||
| YQ_DOWNLOAD_URL="https://github.com/mikefarah/yq/releases/download/${VERSION}/" | ||
| curl -fsSL -o "$DL_DIR/$YQ_TARGET_FILE" "$YQ_DOWNLOAD_URL/$YQ_EXEC_FILE" | ||
| curl -fsSL -o "$DL_DIR/$YQ_CHECKSUMS_FILE" "$YQ_DOWNLOAD_URL/$YQ_CHECKSUMS_FILE" | ||
| echo "Verifying checksum" | ||
| sum=$(openssl sha1 -sha256 "$DL_DIR/$YQ_TARGET_FILE" | awk '{print $2}') | ||
| expected_sum=$(grep "^$YQ_EXEC_FILE " "$DL_DIR/$YQ_CHECKSUMS_FILE" | awk '{print $19}') | ||
| if [ "$sum" != "$expected_sum" ]; then | ||
| echo "SHA sum of $DL_DIR/$YQ_TARGET_FILE and $YQ_EXEC_FILE does not match. Aborting." | ||
| exit 1 | ||
| fi | ||
| echo "Installing yq to ${YQ_TOOL_DIR}" | ||
| mkdir -p "$YQ_TOOL_DIR" | ||
| cp "$DL_DIR/$YQ_TARGET_FILE" "$YQ_TOOL_DIR/$YQ_TARGET_FILE" | ||
| chmod +x "$YQ_TOOL_DIR/$YQ_TARGET_FILE" | ||
| fi | ||
| echo "Adding yq to path" | ||
| echo "$YQ_TOOL_DIR" >> "$GITHUB_PATH" | ||
| - name: Print installed yq version | ||
| shell: bash | ||
| run: | | ||
| yq --version |