Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable kube-linter scan on DeepSource #10

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Enable kube-linter scan on DeepSource #10

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b532ef2
Enable kube-linter scan on DeepSource
srijan-deepsource Oct 3, 2023
5124f51
Update .github/workflows/kube-linter.yaml
srijan-deepsource Oct 3, 2023
dd659cb
update config
srijan-deepsource Nov 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion .deepsource.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
version = 1

[[analyzers]]
name = "secrets"
name = "secrets"

[[analyzers]]
name = "kube-linter"
type = "community"
49 changes: 49 additions & 0 deletions .github/workflows/kube-linter.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: Scan with kube-linter

on:
# Note that both `push` and `pull_request` triggers should be present for GitHub to consistently present kube-linter
# SARIF reports.
push:
branches: [ main, master ]
pull_request:

jobs:
scan:
runs-on: ubuntu-latest
srijan-deepsource marked this conversation as resolved.
Show resolved Hide resolved
env:
DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }}
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}

- name: Scan files with kube-linter
uses: stackrox/[email protected]
id: kube-linter-action-scan
with:
# Adjust this directory to the location where your kubernetes resources and helm charts are located.
directory: .
# Adjust this to the location of kube-linter config you're using, or remove the setting if you'd like to use
# the default config.
# config: sample/.kube-linter-config.yaml
# The following two settings make kube-linter produce scan analysis in SARIF format
format: sarif
output-file: ./kube-linter.sarif
# The following line prevents aborting the workflow immediately in case your files fail kube-linter checks.
# This allows the following upload-sarif action to still upload the results.
continue-on-error: true

- name: Upload SARIF report files to DeepSource
run: |
# Install the CLI
curl https://deepsource.io/cli | sh

# Send the report to DeepSource
./bin/deepsource report --analyzer kube-linter --analyzer-type community --value-file ./kube-linter.sarif

# Ensure the workflow eventually fails if files did not pass kube-linter checks.
- name: Verify kube-linter-action succeeded
shell: bash
run: |
echo "If this step fails, kube-linter found issues. Check the output of the scan step above."
[[ "${{ steps.kube-linter-action-scan.outcome }}" == "success" ]]
Loading