This repository was archived by the owner on Dec 7, 2025. It is now read-only.
Refactor/remove unused data #15
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate Helm and Kustomize | |
| on: | |
| pull_request: | |
| paths: | |
| - 'charts/**' | |
| - 'infra/clusters/**' | |
| jobs: | |
| validate: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| env: [dev] # [tst, dev, stg, prd] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup tools | |
| run: | | |
| curl -LO https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-amd64.tar.gz | |
| tar -xf kubeconform-linux-amd64.tar.gz && sudo mv kubeconform /usr/local/bin | |
| curl -LO https://openpolicyagent.org/downloads/latest/opa_linux_amd64 | |
| chmod +x opa_linux_amd64 && sudo mv opa_linux_amd64 /usr/local/bin/opa | |
| - name: Helm Lint | |
| run: helm lint charts/chat | |
| - name: Render Helm templates | |
| run: | | |
| helm template chat-api charts/chat \ | |
| --values charts/chat/values.yaml \ | |
| --values infra/clusters/${{ matrix.env }}/chat-values.yaml \ | |
| --namespace chat-${{ matrix.env }} > rendered.yaml | |
| - name: Save rendered manifest as artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: rendered-manifest-${{ github.run_number }} | |
| path: rendered.yaml | |
| # - name: Dry-run Kubernetes apply | |
| # run: kubectl apply --dry-run=client --validate=false -f rendered.yaml | |
| - name: Kubeconform schema validation | |
| run: kubeconform -summary -strict rendered.yaml | |
| # - name: OPA policy check | |
| # run: | | |
| # result=$(opa eval -f pretty -d policies/ -i rendered.yaml "data.kubernetes.deny[msg]") | |
| # echo "$result" | |
| # if echo "$result" | grep -q "msg"; then | |
| # echo "❌ OPA policy violations found" | |
| # exit 1 | |
| # fi | |
| - name: OPA policy check | |
| run: | | |
| echo "🔎 Evaluating OPA policies..." | |
| opa eval -f pretty -d policies/ -i rendered.yaml "data.kubernetes.deny[msg]" || { | |
| echo "❌ OPA crashed (syntax or data issue)" | |
| exit 2 | |
| } | |
| result=$(opa eval -f pretty -d policies/ -i rendered.yaml "data.kubernetes.deny[msg]") | |
| echo "$result" | |
| if echo "$result" | grep -q "msg"; then | |
| echo "❌ OPA policy violations found" | |
| echo "⛔ Problem fragment:" | |
| line=$(grep -n "$(echo "$result" | grep msg | cut -d':' -f2 | head -n1 | xargs)" rendered.yaml | cut -d':' -f1 | head -n1) | |
| if [ -n "$line" ]; then | |
| start=$((line-10)) | |
| [ "$start" -lt 1 ] && start=1 | |
| end=$((line+10)) | |
| sed -n "${start},${end}p" rendered.yaml | |
| fi | |
| exit 1 | |
| fi |