Ben Vincent
72a892eb14
- add pre-commit-config - add yamllint config - add ci/validate-* custom scripts - verify no secrets added - verify clusters with kustomize and kubeconform - verify apps with kustomize and kubeconform Reviewed-on: #9
54 lines
1.5 KiB
YAML
54 lines
1.5 KiB
YAML
repos:
|
|
# General file checks
|
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
rev: v4.5.0
|
|
hooks:
|
|
- id: check-executables-have-shebangs
|
|
- id: check-json
|
|
- id: check-added-large-files
|
|
args: ['--maxkb=500']
|
|
- id: check-merge-conflict
|
|
- id: check-shebang-scripts-are-executable
|
|
- id: check-symlinks
|
|
- id: check-toml
|
|
- id: check-yaml
|
|
args: [--allow-multiple-documents]
|
|
- id: detect-aws-credentials
|
|
args: [--allow-missing-credentials]
|
|
- id: detect-private-key
|
|
- id: end-of-file-fixer
|
|
- id: forbid-new-submodules
|
|
- id: no-commit-to-branch
|
|
- id: pretty-format-json
|
|
- id: trailing-whitespace
|
|
|
|
# YAML linting
|
|
- repo: https://github.com/adrienverge/yamllint.git
|
|
rev: v1.37.1
|
|
hooks:
|
|
- id: yamllint
|
|
args:
|
|
[
|
|
"-d {extends: relaxed, rules: {line-length: disable}, ignore: chart}",
|
|
"-s",
|
|
]
|
|
|
|
# Kubernetes manifest validation
|
|
- repo: local
|
|
hooks:
|
|
- id: kubeconform_validate_apps
|
|
name: kubeconform validate apps
|
|
entry: ci/validate-apps.sh
|
|
language: system
|
|
pass_filenames: false
|
|
- id: kubeconform_validate_clusters
|
|
name: kubeconform validate clusters
|
|
entry: ci/validate-clusters.sh
|
|
language: system
|
|
pass_filenames: false
|
|
- id: no_plain_secrets
|
|
name: prevent plain kubernetes secrets
|
|
entry: ci/validate-no-secrets.sh
|
|
language: system
|
|
pass_filenames: false
|