From 5ea9494c24be58bcd2c3445e2eea1a4a4d997cb0 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:08:41 +0530 Subject: [PATCH 01/10] only validate changed files --- .gitea/workflows/kubeconform.yml | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index b578df4..2343b0f 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -29,6 +29,13 @@ jobs: with: fetch-depth: 0 + - name: Get changed files + id: changed-files + uses: tj-actions/changed-files@v47 + with: + files: | + **.yml + - name: Create kubeconform configuration run: | cat > /tmp/kubeconform-config.yaml << 'EOF' @@ -38,9 +45,13 @@ jobs: EOF - name: Validate Manifests + if: steps.changed-files.outputs.any_changed == 'true' + env: + ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} shell: bash run: | - # Define schema mappings + set -o pipefail + declare -A SCHEMA_MAP=( ["HelmRelease"]="helm.toolkit.fluxcd.io/helmrelease_v2.json" ["HelmRepository"]="source.toolkit.fluxcd.io/helmrepository_v1.json" @@ -50,24 +61,13 @@ jobs: ["ClusterPolicy"]="nvidia.com/clusterpolicy_v1.json" ) - # Create cache directory + EXIT_CODE=0 export KUBECONFORM_CACHE_DIR="/tmp/kubeconform-cache" mkdir -p "$KUBECONFORM_CACHE_DIR" - # Exit code tracking - EXIT_CODE=0 - - # Process all YAML files while IFS= read -r file; do + [ -z "$file" ] && continue echo "=== Validating: $file ===" - - # Skip excluded paths - if [[ "$file" == *".gitea/"* ]] || [[ "$file" == *"clusters/default/system-upgrade/"* ]]; then - echo "Skipping excluded file" - continue - fi - - # Detect resource kind KIND=$(yq -r '.kind // ""' "$file" 2>/dev/null || echo "") if [[ -n "$KIND" && -n "${SCHEMA_MAP[$KIND]}" ]]; then @@ -75,6 +75,7 @@ jobs: SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}" if ! /kubeconform \ + -config /tmp/kubeconform-config.yaml \ -schema-location "$SCHEMA_URL" \ -cache "$KUBECONFORM_CACHE_DIR" \ -output json \ @@ -84,6 +85,7 @@ jobs: else echo "Validating with default schemas" if ! /kubeconform \ + -config /tmp/kubeconform-config.yaml \ -schema-location default \ -cache "$KUBECONFORM_CACHE_DIR" \ -output json \ @@ -93,6 +95,6 @@ jobs: fi echo "" - done < <(find . -type f \( -name "*.yml" \) -print) + done <<< "${ALL_CHANGED_FILES}" exit $EXIT_CODE -- 2.49.1 From c7e6aebc3e61259a3d2719c1b8a81ecca8061e14 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:10:44 +0530 Subject: [PATCH 02/10] add missing dep --- .gitea/workflows/kubeconform.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index 2343b0f..e1e54d8 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -22,7 +22,8 @@ jobs: jq \ npm \ nodejs \ - bash + bash \ + git - name: Checkout code uses: actions/checkout@v6 -- 2.49.1 From 22e25a1f9f0168e4dbdea81cbd860de839c4133a Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:17:44 +0530 Subject: [PATCH 03/10] try excluding workflows --- .gitea/workflows/kubeconform.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index e1e54d8..5f9c06f 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -36,6 +36,7 @@ jobs: with: files: | **.yml + !.gitea/workflows/** - name: Create kubeconform configuration run: | -- 2.49.1 From 953de482a5ae85ab595ff42fe14f0ca32a0329d6 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:22:55 +0530 Subject: [PATCH 04/10] mess up paperless-secret for testing --- clusters/default/tools/paperless-ngx/paperless-secrets.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-secrets.yml b/clusters/default/tools/paperless-ngx/paperless-secrets.yml index 7d48f4a..2e050fe 100644 --- a/clusters/default/tools/paperless-ngx/paperless-secrets.yml +++ b/clusters/default/tools/paperless-ngx/paperless-secrets.yml @@ -12,4 +12,4 @@ spec: metadata: name: paperless-secrets namespace: tools - type: Opaque + type: Opaque -- 2.49.1 From dfb3b13317ede37fe58f4cb0e272eaa7ce08baf9 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:25:41 +0530 Subject: [PATCH 05/10] remove not needed code --- .gitea/workflows/kubeconform.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index 5f9c06f..7a421db 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -38,14 +38,6 @@ jobs: **.yml !.gitea/workflows/** - - name: Create kubeconform configuration - run: | - cat > /tmp/kubeconform-config.yaml << 'EOF' - schema_location: - - default - - "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/{{ .ResourceKind }}_{{ .ResourceAPIVersion }}.json" - EOF - - name: Validate Manifests if: steps.changed-files.outputs.any_changed == 'true' env: @@ -77,7 +69,6 @@ jobs: SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}" if ! /kubeconform \ - -config /tmp/kubeconform-config.yaml \ -schema-location "$SCHEMA_URL" \ -cache "$KUBECONFORM_CACHE_DIR" \ -output json \ @@ -87,7 +78,6 @@ jobs: else echo "Validating with default schemas" if ! /kubeconform \ - -config /tmp/kubeconform-config.yaml \ -schema-location default \ -cache "$KUBECONFORM_CACHE_DIR" \ -output json \ -- 2.49.1 From 41f83d571dfebc18fb5f3a2cad0b127f5dea9bd2 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:25:55 +0530 Subject: [PATCH 06/10] mess with papaerless secret for testing --- clusters/default/tools/paperless-ngx/paperless-secrets.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-secrets.yml b/clusters/default/tools/paperless-ngx/paperless-secrets.yml index 2e050fe..6b36dff 100644 --- a/clusters/default/tools/paperless-ngx/paperless-secrets.yml +++ b/clusters/default/tools/paperless-ngx/paperless-secrets.yml @@ -12,4 +12,4 @@ spec: metadata: name: paperless-secrets namespace: tools - type: Opaque +type: Opaque -- 2.49.1 From 6266f1bc09555905473020f2a346b9577c66b219 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:28:06 +0530 Subject: [PATCH 07/10] more testing on paperless-secret --- clusters/default/tools/paperless-ngx/paperless-secrets.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-secrets.yml b/clusters/default/tools/paperless-ngx/paperless-secrets.yml index 6b36dff..243e7d1 100644 --- a/clusters/default/tools/paperless-ngx/paperless-secrets.yml +++ b/clusters/default/tools/paperless-ngx/paperless-secrets.yml @@ -5,11 +5,11 @@ metadata: name: paperless-secrets namespace: tools spec: - encryptedData: +encryptedData: PAPERLESS_CSRF_TRUSTED_ORIGINS: AgAhEaZe3HP8WQeap3HloSs0c4C1IxKyk3Frq0Peheu6adg2pgkaRsDFdIaftgXjMSDWm+thn7vpBtfKLnLI4vM5fGLhMRP7ufW87l9ugYUzEvZIax3/HjhUKpZDjzvIN49FlzMrurXtPA31dxjYAqzC2mrV9WSJ6nCOpUSMeuW71R/DJ5cxD6YM6gXEbepLAPLhrZCz2w0M9MLfkj7CJXkiuE99q03AV8YDwuv/k1xh+U/7VeewTBTk61+2bBGoqJNXby84tAbeI+mhuBvocmAr6Uc0tDR9eY9ruBL8/xkid8ewtzQ2wDGMF1PLN6E6CCEhbNcfsM+x/+okAOIle7XYPY5h5yxqLFV6fSXj/SNI1l3zD9h8DVoUGsVc/NH7WP6xC8kyO1gIDfEOzYNBTjMEUe2lXxzHa0AlF59u1o75Zz4MUbMaWnAn7LR6OMz8Fv4qCEtX8ek/lbr+sC2Hh2zyYI0C8RAQZ5eQJ2Zjstkn6/XqYoqF0d0QUEpN9l8yuXus7O60+JoRD5aVeFSRiQ+wSCrInSv1p0ZX4zZKqxNHaMZIxUfYzSKP/ea05p+500lZhkLmD5z34hxZK6/onvclW6WTtyOeURb6x9nLYuaDxOHiXzxfnrQmpbehtdHhM6wm1G4n7nhvHDEZTYWzsc6fSq+D/bPAlCFExs7LrMAyY9DRfDrwh2hPVQQIFTeIKUdQlg9RdVsM+4NPe9qgAb+LEZQGrME1Sg== PAPERLESS_URL: AgAs6ZzSqeDlof3DBp/yj4yvqDb5te4H+U6M3tlvfd5ZlccLWBHcf5A3bw8QvvEx0hXfRQlIycjCBDpdNlpo/wf7VMj4J+hut6ttPF3KFmK9yAwZikAXcjl680B0z847IvDUKILvj4pdrPJ/qx2M/3HgDiioHguTnR9jjwu1IgVflrGbWnOl+DMvK9TsbJHxVe4WZb5pgu48wF5ncllF4+aKrh5c3gFATaeR8A8T0LbeId8O885tiiT3wYKOhzRrFajJWG5P5ZHaVxTroU+PsPhGfaH6yqPLh37Ek/6MM1ktxzuxknrLIhhgG8rTTseLE9vGFNAl1Q8tgLmckPmVSzekTTYf5Ltfe676CPSM2KnCd+/KPs/wYinHImZGHQyx0ZOsXG3pphiouQ6witrQ0cXEGAEoef2cbLKFBS4VWbTPy/J/dLfY4SCbFya03oDfj0FRzyuMm4nN08lQvQN2UUL4IL535Hl65aNyTcH6ja/s0Y6u/ixE0Tl8klv/uNUhh5x1T4BJqSvB2Dr3UICR91VwYIU2gXMfyIOsTIhyBktU0/lABhB+MdWxCar01TsG/1HsCzyCMSws+IXl0Qppj2uu5Yp9/lmBqswR//+eXMUGoG1dOzAoupPlv28AqZkMSx1j0Ta/FtO1TvIFCOO9MJdEdzZrRtILahbsrkHKPYAuHn77qtxnzADmYnW4lP0H5j3RB6wlYQ6Dn8cNMIWiiIM79fedQNKHkuAA template: metadata: name: paperless-secrets namespace: tools -type: Opaque + type: Opaque -- 2.49.1 From 3858ffc741292a70c5ad3ac971a9673c64c1b1f1 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:29:10 +0530 Subject: [PATCH 08/10] correct indentaion for paperless-secret --- clusters/default/tools/paperless-ngx/paperless-secrets.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-secrets.yml b/clusters/default/tools/paperless-ngx/paperless-secrets.yml index 243e7d1..7d48f4a 100644 --- a/clusters/default/tools/paperless-ngx/paperless-secrets.yml +++ b/clusters/default/tools/paperless-ngx/paperless-secrets.yml @@ -5,7 +5,7 @@ metadata: name: paperless-secrets namespace: tools spec: -encryptedData: + encryptedData: PAPERLESS_CSRF_TRUSTED_ORIGINS: AgAhEaZe3HP8WQeap3HloSs0c4C1IxKyk3Frq0Peheu6adg2pgkaRsDFdIaftgXjMSDWm+thn7vpBtfKLnLI4vM5fGLhMRP7ufW87l9ugYUzEvZIax3/HjhUKpZDjzvIN49FlzMrurXtPA31dxjYAqzC2mrV9WSJ6nCOpUSMeuW71R/DJ5cxD6YM6gXEbepLAPLhrZCz2w0M9MLfkj7CJXkiuE99q03AV8YDwuv/k1xh+U/7VeewTBTk61+2bBGoqJNXby84tAbeI+mhuBvocmAr6Uc0tDR9eY9ruBL8/xkid8ewtzQ2wDGMF1PLN6E6CCEhbNcfsM+x/+okAOIle7XYPY5h5yxqLFV6fSXj/SNI1l3zD9h8DVoUGsVc/NH7WP6xC8kyO1gIDfEOzYNBTjMEUe2lXxzHa0AlF59u1o75Zz4MUbMaWnAn7LR6OMz8Fv4qCEtX8ek/lbr+sC2Hh2zyYI0C8RAQZ5eQJ2Zjstkn6/XqYoqF0d0QUEpN9l8yuXus7O60+JoRD5aVeFSRiQ+wSCrInSv1p0ZX4zZKqxNHaMZIxUfYzSKP/ea05p+500lZhkLmD5z34hxZK6/onvclW6WTtyOeURb6x9nLYuaDxOHiXzxfnrQmpbehtdHhM6wm1G4n7nhvHDEZTYWzsc6fSq+D/bPAlCFExs7LrMAyY9DRfDrwh2hPVQQIFTeIKUdQlg9RdVsM+4NPe9qgAb+LEZQGrME1Sg== PAPERLESS_URL: AgAs6ZzSqeDlof3DBp/yj4yvqDb5te4H+U6M3tlvfd5ZlccLWBHcf5A3bw8QvvEx0hXfRQlIycjCBDpdNlpo/wf7VMj4J+hut6ttPF3KFmK9yAwZikAXcjl680B0z847IvDUKILvj4pdrPJ/qx2M/3HgDiioHguTnR9jjwu1IgVflrGbWnOl+DMvK9TsbJHxVe4WZb5pgu48wF5ncllF4+aKrh5c3gFATaeR8A8T0LbeId8O885tiiT3wYKOhzRrFajJWG5P5ZHaVxTroU+PsPhGfaH6yqPLh37Ek/6MM1ktxzuxknrLIhhgG8rTTseLE9vGFNAl1Q8tgLmckPmVSzekTTYf5Ltfe676CPSM2KnCd+/KPs/wYinHImZGHQyx0ZOsXG3pphiouQ6witrQ0cXEGAEoef2cbLKFBS4VWbTPy/J/dLfY4SCbFya03oDfj0FRzyuMm4nN08lQvQN2UUL4IL535Hl65aNyTcH6ja/s0Y6u/ixE0Tl8klv/uNUhh5x1T4BJqSvB2Dr3UICR91VwYIU2gXMfyIOsTIhyBktU0/lABhB+MdWxCar01TsG/1HsCzyCMSws+IXl0Qppj2uu5Yp9/lmBqswR//+eXMUGoG1dOzAoupPlv28AqZkMSx1j0Ta/FtO1TvIFCOO9MJdEdzZrRtILahbsrkHKPYAuHn77qtxnzADmYnW4lP0H5j3RB6wlYQ6Dn8cNMIWiiIM79fedQNKHkuAA template: -- 2.49.1 From 0bb6dcac6aceffc9187b9b2ad527d04b254c4f45 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:30:04 +0530 Subject: [PATCH 09/10] mess with paperless-pvc for testing --- clusters/default/tools/paperless-ngx/paperless-pvc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-pvc.yml b/clusters/default/tools/paperless-ngx/paperless-pvc.yml index ad6255c..a87b531 100644 --- a/clusters/default/tools/paperless-ngx/paperless-pvc.yml +++ b/clusters/default/tools/paperless-ngx/paperless-pvc.yml @@ -26,4 +26,4 @@ spec: resources: requests: storage: 1Gi - storageClassName: longhorn + storageClass: longhorn -- 2.49.1 From 1766460069ecdd35e9f54dbbc6d84474f784fa3e Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:33:55 +0530 Subject: [PATCH 10/10] fix paperless-ngx pvc --- clusters/default/tools/paperless-ngx/paperless-pvc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-pvc.yml b/clusters/default/tools/paperless-ngx/paperless-pvc.yml index a87b531..ad6255c 100644 --- a/clusters/default/tools/paperless-ngx/paperless-pvc.yml +++ b/clusters/default/tools/paperless-ngx/paperless-pvc.yml @@ -26,4 +26,4 @@ spec: resources: requests: storage: 1Gi - storageClass: longhorn + storageClassName: longhorn -- 2.49.1