Skip to content
play

GitHub Action

Helm Kubeconform (with schema support)

v0.3.0 Latest version

Helm Kubeconform (with schema support)

play

Helm Kubeconform (with schema support)

Generate manifests with `helm template` and run `kubeconform` on the results

Installation

Copy and paste the following snippet into your .yml file.

              

- name: Helm Kubeconform (with schema support)

uses: shivjm/[email protected]

Learn more about this action in shivjm/helm-kubeconform-action

Choose a version

Helm Kubeconform Action

A flexible GitHub Action to validate Helm charts with Kubeconform. The target may be either a single chart directory or a directory containing multiple charts, at any level.

Usage

Assuming you have a charts directory under which you have a set of charts and a schemas directory containing any custom resource schemas, like this:

charts
└───foo
│  ├───templates
│  └───tests
└───bar
│  ├───templates
│  └───tests
└───schemas

You can validate the charts in your workflow using the Docker image directly, which is quicker but requires adding docker/login-action and supplying the environment variables yourself:

  kubeconform:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@master

    - name: Login to GitHub Container Registry
      uses: docker/login-action@v1
      with:
        registry: ghcr.io
        username: ${{ github.actor }}
        password: ${{ secrets.GITHUB_TOKEN }}

    - name: Generate and validate releases
      uses: docker://ghcr.io/shivjm/helm-kubeconform-action:v0.2.0
      env:
        ADDITIONAL_SCHEMA_PATHS: |
          schemas/{{ .ResourceKind }}.json
        CHARTS_DIRECTORY: "charts"
        KUBECONFORM_STRICT: "true"
        HELM_UPDATE_DEPENDENCIES: "true"

Or by using the action, which will rebuild the Docker image every time but is easier to use:

jobs:
    kubeconform:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@master

    - name: Generate and validate releases
      uses: shivjm/[email protected]
      with:
        additionalSchemaPaths: |
          schemas/{{ .ResourceKind }}.json
        chartsDirectory: "charts"

See action.yml for more information on the parameters.

Schemas

The default Kubernetes schema will always be automatically included. If you need to add custom schemas, additionalSchemaPaths should be a list of paths, one per line, in the format expected by Kubeconform. These are relative to the root of your repository.

Tests

Every chart subdirectory must have a tests subdirectory containing values files as you would pass to Helm. Each file will be passed on its own to helm template release charts/chart and the results will be validated by Kubeconform.

Strict Mode

Kubeconform will be run in strict mode. Pass strict: "false" to disable this.

Rationale

I needed an action to validate some Helm charts. nlamirault/helm-kubeconform-action doesn’t offer enough flexibility and downloads two Git repositories during execution. It was a good opportunity to try writing some bad Go (more about that) and dip my toes into the world of writing GitHub Actions—specifically, a Docker container action.