Skip to content

CI: Improved K8s Kubeconformance validation #705

CI: Improved K8s Kubeconformance validation

CI: Improved K8s Kubeconformance validation #705

Workflow file for this run

name: Lint helm chart
on:
push:
branches:
- main
- v*
paths:
- 'install/kubernetes/**'
- 'pkg/k8s/apis/cilium.io/client/crds/v1alpha1/*.yaml'
- '.github/workflows/lint-helm.yaml'
pull_request:
paths:
- 'install/kubernetes/**'
- 'pkg/k8s/apis/cilium.io/client/crds/v1alpha1/*.yaml'
- '.github/workflows/lint-helm.yaml'
env:
MIN_K8S_VERSION: "1.23.0"
# renovate: datasource=python-version
PYTHON_VERSION: "3.12"
jobs:
generated-files:
runs-on: ubuntu-latest
steps:
# Get source
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
# Check / install dependencies
- name: Check if vendored openapi2jsonschema.py script is up to date
run: |
make -C install/kubernetes openapi2jsonschema.py
test -z "$(git status --porcelain)"
if [ $? != 0 ]; then
git status --porcelain
echo "Vendored openapi2jsonschema.py script is out of date."
echo "Please run 'make -C install/kubernetes openapi2jsonschema.py' and submit your changes."; exit 1
fi
- name: Setup Python
id: setup-python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install pipenv
id: install-pipenv
shell: bash
run: |
python -m pip install --upgrade --no-cache-dir pip
python -m pip install --no-cache-dir pipenv
- name: Cache Pipfile
id: cache-pipfile
uses: actions/cache@v4
with:
path: ~/.local/share/virtualenvs
key: ${{ runner.os }}-python-${{ steps.setup-python.outputs.python-version }}-pipenv-${{ hashFiles('Pipfile.lock') }}
- name: Sync Pipfile
id: sync-pipfile
shell: bash
working-directory: install/kubernetes
run: |
pipenv sync --dev --python ${{ env.PYTHON_VERSION }}
- name: Check if vendored CRD JSON schemas are up to date
run: |
make -C install/kubernetes generate-jsonschemas
test -z "$(git status --porcelain)"
if [ $? != 0 ]; then
git status --porcelain
echo "Vendored CRD JSON schemas are out of date."
echo "Please run 'make -C install/kubernetes generate-jsonschemas' and submit your changes."; exit 1
fi
- name: Install Helm CLI # Required for the Helm chart templating
uses: azure/[email protected]
# Validate Helm chart
- name: Generate Helm chart
run: |
make -C install/kubernetes
- name: Validate generated files
run: |
test -z "$(git status --porcelain)"
if [ $? != 0 ]; then
git status --porcelain
echo "Please run 'make -C install/kubernetes' and submit your changes."; exit 1
fi
# (Re-)run Kubeconform checks explicitly once again to catch specific errors in that regard (to get the STDOUT/STDERR)
- name: Run Kubeconform with minimum supported K8s version
id: kubeconform_min_k8s_version
uses: mathiasvr/[email protected]
with:
shell: bash
run: |
make -C install/kubernetes kubeconform K8S_VERSION=${{ env.MIN_K8S_VERSION }}
- name: Run Kubeconform with latest K8s version
id: kubeconform_latest_k8s_version
uses: mathiasvr/[email protected]
with:
shell: bash
run: |
make -C install/kubernetes kubeconform
# Post Kubeconform issues as comment on the GH PR, if there are any
- name: Comment Kubeconform Output
if: failure() && (steps.kubeconform_min_k8s_version.outcome != 'success' || steps.kubeconform_latest_k8s_version.outcome != 'success')
uses: marocchino/sticky-pull-request-comment@v2
with:
hide_and_recreate: true
skip_unchanged: true
message: |
## Kubeconform with minimum supported K8s version ${{ env.MIN_K8S_VERSION }}
STDOUT:
```
${{ steps.kubeconform_min_k8s_version.outputs.stdout }}
```
STDERR:
```
${{ steps.kubeconform_min_k8s_version.outputs.stderr }}
```
## Kubeconform with latest K8s version
STDOUT:
```
${{ steps.kubeconform_latest_k8s_version.outputs.stdout }}
```
STDERR:
```
${{ steps.kubeconform_latest_k8s_version.outputs.stderr }}
```