784c3b5de1
## Summary - New `ci/generate-schemas.sh` script that generates JSON schemas from three sources: 1. Live cluster CRDs via `kubectl get crds` 2. Offline CRD manifests (ArgoCD v3.3.2, Gateway API v1.5.1) 3. Kubernetes v1.33.7 swagger spec for native types - Schemas follow Datree catalog convention (`<group>/<Kind>_<version>.json`) - `validate-apps.sh` and `validate-clusters.sh` check local schemas first, falling back to remote - Fixes TLSRoute (and other CRD) schema validation failures in kubeconform ## Sources - ArgoCD: `artifactapi.../argoproj/argo-cd/refs/tags/v3.3.2/manifests/ha/install.yaml` - Gateway API: `artifactapi.../kubernetes-sigs/gateway-api/releases/download/v1.5.1/standard-install.yaml` - Kubernetes: `artifactapi.../kubernetes/kubernetes/refs/tags/v1.33.7/api/openapi-spec/swagger.json` Reviewed-on: #212 Co-authored-by: Ben Vincent <ben@unkin.net> Co-committed-by: Ben Vincent <ben@unkin.net>
45 lines
1.2 KiB
YAML
45 lines
1.2 KiB
YAML
repos:
|
|
# General file checks
|
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
rev: v4.5.0
|
|
hooks:
|
|
- id: check-executables-have-shebangs
|
|
- id: check-json
|
|
- id: check-added-large-files
|
|
args: ['--maxkb=500']
|
|
exclude: '^schemas/'
|
|
- id: check-merge-conflict
|
|
- id: check-shebang-scripts-are-executable
|
|
- id: check-symlinks
|
|
- id: check-toml
|
|
- id: check-yaml
|
|
args: [--allow-multiple-documents]
|
|
- id: detect-aws-credentials
|
|
args: [--allow-missing-credentials]
|
|
- id: detect-private-key
|
|
- id: end-of-file-fixer
|
|
- id: forbid-new-submodules
|
|
- id: pretty-format-json
|
|
args: ['--autofix']
|
|
- id: trailing-whitespace
|
|
|
|
# YAML linting
|
|
- repo: https://github.com/adrienverge/yamllint.git
|
|
rev: v1.37.1
|
|
hooks:
|
|
- id: yamllint
|
|
args:
|
|
[
|
|
"-d {extends: relaxed, rules: {line-length: disable}, ignore: chart}",
|
|
"-s",
|
|
]
|
|
|
|
# Kubernetes manifest validation
|
|
- repo: local
|
|
hooks:
|
|
- id: no_plain_secrets
|
|
name: prevent plain kubernetes secrets
|
|
entry: ci/validate-no-secrets.sh
|
|
language: system
|
|
pass_filenames: false
|