Add validation using kubeconform (#449)

2024-01-31 04:21:27 -08:00 · 2024-01-31 04:21:27 -08:00 · 24b80c1986
commit 24b80c1986
parent 9cbe03c7ee
2 changed files with 25 additions and 0 deletions
--- a/.github/workflows/pulsar-helm-chart-ci.yaml
+++ b/.github/workflows/pulsar-helm-chart-ci.yaml
@ -127,6 +127,23 @@ jobs:
            --validate-maintainers=false \
            --target-branch ${{ github.event.repository.default_branch }}

+      - name: Run kubeconform check
+        if: ${{ steps.check_changes.outputs.docs_only != 'true' }}
+        run: |
+          PULSAR_CHART_HOME=$(pwd)
+          source ${PULSAR_CHART_HOME}/hack/common.sh
+          hack::ensure_kubeconform
+          validate_helm_template_with_k8s_version() {
+            local kube_version=$1
+            echo "Validating helm template with kubeconform for k8s version $kube_version"
+            helm template charts/pulsar --set kube-prometheus-stack.enabled=false --set components.pulsar_manager=true --kube-version $kube_version | \
+              kubeconform -schema-location default -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' -strict -kubernetes-version $kube_version -summary
+          }
+          helm dependency build charts/pulsar
+          set -o pipefail
+          validate_helm_template_with_k8s_version 1.21.0
+          validate_helm_template_with_k8s_version 1.27.0
+
      - name: Wait for ssh connection when build fails
        # ssh access is enabled for builds in own forks
        uses: ./.github/actions/ssh-access
--- a/hack/common.sh
+++ b/hack/common.sh
@ -33,6 +33,8 @@ HELM_BIN=$OUTPUT_BIN/helm
 KIND_BIN=$OUTPUT_BIN/kind
 CR_BIN=$OUTPUT_BIN/cr
 : "${CR_VERSION:=1.6.0}"
+KUBECONFORM_BIN=$OUTPUT_BIN/kubeconform
+: "${KUBECONFORM_VERSION:=0.6.4}"
 export PATH="$OUTPUT_BIN:$PATH"

 test -d "$OUTPUT_BIN" || mkdir -p "$OUTPUT_BIN"
@ -134,3 +136,9 @@ function hack::ensure_cr() {
    chmod +x $CR_BIN
    $CR_BIN version
 }
+
+function hack::ensure_kubeconform() {
+    echo "Installing kubeconform v$KUBECONFORM_VERSION..."
+    curl -s --retry 10 -L https://github.com/yannh/kubeconform/releases/download/v${KUBECONFORM_VERSION}/kubeconform-${OS}-${ARCH}.tar.gz | tar -xzO kubeconform > $KUBECONFORM_BIN
+    chmod +x $KUBECONFORM_BIN
+}