From 720a592d930f769fb3806c79d8aa7d01cd64ce76 Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Wed, 20 May 2026 10:20:35 +0300 Subject: [PATCH] ci: Validate manifests with Flux Schema CLI Signed-off-by: Stefan Prodan --- .github/actions/kubeconform/action.yml | 38 -------------------------- .github/workflows/test.yml | 17 ++++-------- 2 files changed, 6 insertions(+), 49 deletions(-) delete mode 100644 .github/actions/kubeconform/action.yml diff --git a/.github/actions/kubeconform/action.yml b/.github/actions/kubeconform/action.yml deleted file mode 100644 index 752ec3c..0000000 --- a/.github/actions/kubeconform/action.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Setup kubeconform -description: A GitHub Action for running kubeconform commands -author: Stefan Prodan -branding: - color: blue - icon: command -inputs: - version: - description: "kubeconform version e.g. 0.5.0 (defaults to latest stable release)" - required: false - arch: - description: "arch can be amd64 or arm64" - required: true - default: "amd64" -runs: - using: composite - steps: - - name: "Download binary to the GH runner cache" - shell: bash - run: | - ARCH=${{ inputs.arch }} - VERSION=${{ inputs.version }} - - if [ -z $VERSION ]; then - VERSION=$(curl https://api.github.com/repos/yannh/kubeconform/releases/latest -sL | grep tag_name | sed -E 's/.*"([^"]+)".*/\1/' | cut -c 2-) - fi - - BIN_URL="https://github.com/yannh/kubeconform/releases/download/v${VERSION}/kubeconform-linux-${ARCH}.tar.gz" - BIN_DIR=$RUNNER_TOOL_CACHE/kubeconform/$VERSION/$ARCH - - if [[ ! -x "$BIN_DIR/kind" ]]; then - mkdir -p $BIN_DIR - cd $BIN_DIR - curl -sL $BIN_URL | tar xz - chmod +x kubeconform - fi - - echo "$BIN_DIR" >> "$GITHUB_PATH" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index bc2e9ab..7c66752 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,8 +10,7 @@ permissions: contents: read env: - KUBERNETES_VERSION: 1.35.0 - HELM_VERSION: 4.1.1 + HELM_VERSION: 4.2.0 jobs: test: @@ -26,12 +25,8 @@ jobs: cache-dependency-path: | **/go.sum **/go.mod - - name: Setup kubectl - uses: azure/setup-kubectl@15650b3ad78fff148532a140b8a4c821796b2d7b # v5.0.0 - with: - version: v${{ env.KUBERNETES_VERSION }} - - name: Setup kubeconform - uses: ./.github/actions/kubeconform + - name: Setup Flux Schema CLI + uses: fluxcd/flux-schema/actions/setup@c90d3f83707614d21c20226183a9e714d8ba9626 # v0.3.0 - name: Setup Helm uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 with: @@ -45,10 +40,10 @@ jobs: - name: Validate Helm chart run: | helm lint ./charts/podinfo/ - helm template ./charts/podinfo/ | kubeconform -strict -summary -kubernetes-version ${{ env.KUBERNETES_VERSION }} + helm template ./charts/podinfo/ | flux-schema validate --verbose - name: Validate Kustomize overlay run: | - kubectl kustomize ./kustomize/ | kubeconform -strict -summary -kubernetes-version ${{ env.KUBERNETES_VERSION }} + kubectl kustomize ./kustomize/ | flux-schema validate --verbose - name: Verify CUE formatting working-directory: ./timoni/podinfo run: | @@ -64,7 +59,7 @@ jobs: working-directory: ./timoni/podinfo run: | timoni mod lint . - timoni build podinfo . -f test_values.cue | kubeconform -strict -summary -skip=ServiceMonitor -kubernetes-version ${{ env.KUBERNETES_VERSION }} + timoni build podinfo . -f debug_values.cue | flux-schema validate --skip-missing-schemas --verbose - name: Check if working tree is dirty run: | if [[ $(git diff --stat) != '' ]]; then