forked from srijan-deepsource/helm-charts
-
Notifications
You must be signed in to change notification settings - Fork 0
47 lines (41 loc) · 1.72 KB
/
kube-linter.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
name: Scan with kube-linter
on:
# Note that both `push` and `pull_request` triggers should be present for GitHub to consistently present kube-linter
# SARIF reports.
push:
branches: [ main, master ]
pull_request:
jobs:
scan:
runs-on: ubuntu-latest
env:
DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }}
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Tailscale
uses: tailscale/github-action@v1
with:
authkey: ${{ secrets.TAILSCALE_AUTHKEY }}
- name: Scan files with kube-linter
uses: stackrox/[email protected]
id: kube-linter-action-scan
with:
# Adjust this directory to the location where your kubernetes resources and helm charts are located.
directory: .
# Adjust this to the location of kube-linter config you're using, or remove the setting if you'd like to use
# the default config.
# config: sample/.kube-linter-config.yaml
# The following two settings make kube-linter produce scan analysis in SARIF format
format: sarif
output-file: ./kube-linter.sarif
# The following line prevents aborting the workflow immediately in case your files fail kube-linter checks.
# This allows the following upload-sarif action to still upload the results.
continue-on-error: true
- name: Upload SARIF report files to DeepSource
run: |
# Install the CLI
curl https://deepsource.io/cli | sh
# Send the report to DeepSource
./bin/deepsource report --analyzer kube-linter --analyzer-type community --value-file ./kube-linter.sarif