From c65fef70ff8da4f16ab103a123e1a842b27dc46a Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 3 Dec 2025 13:07:22 +0530 Subject: [PATCH] refactor --- .gitea/workflows/kubeconform.yml | 76 ++++++++++++++++++++++++++------ 1 file changed, 62 insertions(+), 14 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index 3e760a7..ee0cb9e 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -2,7 +2,7 @@ name: Validate Kubernetes Manifests on: pull_request: - branches: [ main] + branches: [main] jobs: kubeconform: @@ -12,20 +12,68 @@ jobs: steps: - name: Setup environment run: | - pacman -Syu --noconfirm kubeconform git findutils + pacman -Syu --noconfirm kubeconform git yq nodejs npm + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Create kubeconform configuration run: | - git clone https://gitea.akshun-lab.cc/aggarwalakshun/k3s.git /mnt + cat > /tmp/kubeconform-config.yaml << 'EOF' + schema_location: + - default + - "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/{{ .ResourceKind }}_{{ .ResourceAPIVersion }}.json" + EOF + - name: Validate Manifests run: | - find /mnt -type f \( -name "*.yml" \) \ - -not -path "*/.gitea/*" \ - -print0 | xargs -0 --no-run-if-empty kubeconform \ - -verbose \ - -summary \ - -schema-location default \ - -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/bitnami.com/sealedsecret_v1alpha1.json' \ - -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/helm.toolkit.fluxcd.io/helmrelease_v2.json' \ - -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/metallb.io/ipaddresspool_v1beta1.json' \ - -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/metallb.io/l2advertisement_v1beta1.json' \ - -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/source.toolkit.fluxcd.io/helmrepository_v1.json' + # Create a cache directory for schemas + mkdir -p /tmp/kubeconform-cache + + # Validate manifests with proper schema resolution + find . -type f \( -name "*.yml" \) \ + -not -path "./.gitea/*" \ + -exec sh -c ' + for file do + echo "=== Validating: $file ===" + if yq -e "select(.kind == \"HelmRelease\")" "$file" >/dev/null 2>&1; then + echo "Found HelmRelease - using fluxcd schema" + kubeconform \ + -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/helm.toolkit.fluxcd.io/helmrelease_v2.json" \ + -output json \ + "$file" + elif yq -e "select(.kind == \"HelmRepository\")" "$file" >/dev/null 2>&1; then + echo "Found HelmRepository - using fluxcd schema" + kubeconform \ + -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/source.toolkit.fluxcd.io/helmrepository_v1.json" \ + -output json \ + "$file" + elif yq -e "select(.kind == \"L2Advertisement\")" "$file" >/dev/null 2>&1; then + echo "Found L2Advertisement - using metallb schema" + kubeconform \ + -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/metallb.io/l2advertisement_v1beta1.json" \ + -output json \ + "$file" + elif yq -e "select(.kind == \"IPAddressPool\")" "$file" >/dev/null 2>&1; then + echo "Found IPAddressPool - using metallb schema" + kubeconform \ + -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/metallb.io/ipaddresspool_v1beta1.json" \ + -output json \ + "$file" + elif yq -e "select(.kind == \"SealedSecret\")" "$file" >/dev/null 2>&1; then + echo "Found SealedSecret - using bitnami schema" + kubeconform \ + -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/bitnami.com/sealedsecret_v1alpha1.json" \ + -output json \ + "$file" + else + echo "Validating with default schemas" + kubeconform \ + -schema-location default \ + -output json \ + "$file" + fi + done + ' sh {} +