From 1fbca33b24d397cbfd617ed7562d2554354f584d Mon Sep 17 00:00:00 2001
From: Srijan Saurav <srijan@deepsource.io>
Date: Tue, 3 Oct 2023 09:53:37 +0530
Subject: [PATCH] Enable kube-linter

---
 .deepsource.toml                   |  5 +++-
 .github/workflows/kube-linter.yaml | 47 ++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/kube-linter.yaml

diff --git a/.deepsource.toml b/.deepsource.toml
index 6a7481e..32d7c71 100644
--- a/.deepsource.toml
+++ b/.deepsource.toml
@@ -1,4 +1,7 @@
 version = 1
 
 [[analyzers]]
-name = "secrets"
\ No newline at end of file
+name = "secrets"
+
+[[analyzers]]
+name = "kube-linter"
diff --git a/.github/workflows/kube-linter.yaml b/.github/workflows/kube-linter.yaml
new file mode 100644
index 0000000..b98f5ce
--- /dev/null
+++ b/.github/workflows/kube-linter.yaml
@@ -0,0 +1,47 @@
+name: Scan with kube-linter
+
+on:
+  # Note that both `push` and `pull_request` triggers should be present for GitHub to consistently present kube-linter
+  # SARIF reports.
+  push:
+    branches: [ main, master ]
+  pull_request:
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+            ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Scan files with kube-linter
+        uses: stackrox/kube-linter-action@v1.0.4
+        id: kube-linter-action-scan
+        with:
+          # Adjust this directory to the location where your kubernetes resources and helm charts are located.
+          directory: .
+          # Adjust this to the location of kube-linter config you're using, or remove the setting if you'd like to use
+          # the default config.
+          # config: sample/.kube-linter-config.yaml
+          # The following two settings make kube-linter produce scan analysis in SARIF format
+          format: sarif
+          output-file: ./kube-linter.sarif
+        # The following line prevents aborting the workflow immediately in case your files fail kube-linter checks.
+        # This allows the following upload-sarif action to still upload the results.
+        continue-on-error: true
+
+      - name: Upload SARIF report files to DeepSource
+        run: |
+          # Install the CLI
+          curl https://deepsource.io/cli | sh
+
+          # Send the report to DeepSource
+          ./bin/deepsource report --analyzer kube-linter --value-file ./kube-linter.sarif
+
+      # Ensure the workflow eventually fails if files did not pass kube-linter checks.
+      - name: Verify kube-linter-action succeeded
+        shell: bash
+        run: |
+          echo "If this step fails, kube-linter found issues. Check the output of the scan step above."
+          [[ "${{ steps.kube-linter-action-scan.outcome }}" == "success" ]]