93581bfde2
Add scripts to extract OpenAPI v3 schemas from CRD definitions in all kustomize overlays and write JSON schema files to ci/crd-schemas/ for kubeconform validation. This allows kubeconform to validate CRD instances (Elasticsearch, Kibana, CNPG Cluster, VictoriaMetrics, etc.) instead of skipping or erroring on them. - ci/generate-crd-schemas.py: extracts schemas from CRD YAML on stdin - ci/generate-crd-schemas.sh: iterates overlays, pipes to Python script - ci/validate-apps.sh, ci/validate-clusters.sh: add local schema-location fallback - Makefile: add generate-schemas target - add generate-schemas step to kubeconform woodpecker pipeline so schemas
43 lines
1.2 KiB
YAML
43 lines
1.2 KiB
YAML
repos:
|
|
# General file checks
|
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
rev: v4.5.0
|
|
hooks:
|
|
- id: check-executables-have-shebangs
|
|
- id: check-json
|
|
- id: check-added-large-files
|
|
args: ['--maxkb=2048']
|
|
- id: check-merge-conflict
|
|
- id: check-shebang-scripts-are-executable
|
|
- id: check-symlinks
|
|
- id: check-toml
|
|
- id: check-yaml
|
|
args: [--allow-multiple-documents]
|
|
- id: detect-aws-credentials
|
|
args: [--allow-missing-credentials]
|
|
- id: detect-private-key
|
|
- id: end-of-file-fixer
|
|
- id: forbid-new-submodules
|
|
- id: pretty-format-json
|
|
- id: trailing-whitespace
|
|
|
|
# YAML linting
|
|
- repo: https://github.com/adrienverge/yamllint.git
|
|
rev: v1.37.1
|
|
hooks:
|
|
- id: yamllint
|
|
args:
|
|
[
|
|
"-d {extends: relaxed, rules: {line-length: disable}, ignore: chart}",
|
|
"-s",
|
|
]
|
|
|
|
# Kubernetes manifest validation
|
|
- repo: local
|
|
hooks:
|
|
- id: no_plain_secrets
|
|
name: prevent plain kubernetes secrets
|
|
entry: ci/validate-no-secrets.sh
|
|
language: system
|
|
pass_filenames: false
|