GitHub Action
Helm Kubeconform (with schema support)
A flexible GitHub Action to validate Helm charts with Kubeconform. The target may be either a single chart directory or a directory containing multiple charts, at any level.
Assuming you have a charts directory under which you have a set of charts and a schemas directory containing any custom resource schemas, like this:
charts
└───foo
│ ├───templates
│ └───tests
└───bar
│ ├───templates
│ └───tests
└───schemas
You can validate the charts in your workflow using the Docker image directly, which is quicker but requires adding docker/login-action and supplying the environment variables yourself:
kubeconform:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Generate and validate releases
uses: docker://ghcr.io/shivjm/helm-kubeconform-action:v0.2.0
env:
ADDITIONAL_SCHEMA_PATHS: |
schemas/{{ .ResourceKind }}.json
CHARTS_DIRECTORY: "charts"
KUBECONFORM_STRICT: "true"
HELM_UPDATE_DEPENDENCIES: "true"
Or by using the action, which will rebuild the Docker image every time but is easier to use:
jobs:
kubeconform:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Generate and validate releases
uses: shivjm/[email protected]
with:
additionalSchemaPaths: |
schemas/{{ .ResourceKind }}.json
chartsDirectory: "charts"
See action.yml for more information on the parameters.
The default Kubernetes
schema will always
be automatically included. If you need to add custom schemas,
additionalSchemaPaths
should be a list of paths, one per line, in
the format expected by
Kubeconform.
These are relative to the root of your repository.
Every chart subdirectory must have a tests subdirectory containing values files as you would pass to Helm. Each file will be passed on its own to helm template release charts/chart and the results will be validated by Kubeconform.
Kubeconform will be run in strict mode. Pass strict: "false"
to
disable this.
I needed an action to validate some Helm charts. nlamirault/helm-kubeconform-action doesn’t offer enough flexibility and downloads two Git repositories during execution. It was a good opportunity to try writing some bad Go (more about that) and dip my toes into the world of writing GitHub Actions—specifically, a Docker container action.