├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ ├── bugReportForm.yml │ ├── config.yml │ └── featureRequestForm.yml ├── dependabot.yml └── workflows │ ├── codeql.yml │ ├── default-labels.yml │ ├── integration-tests.yml │ ├── prettify-code.yml │ ├── release-pr.yml │ └── unit-tests.yml ├── .gitignore ├── .prettierignore ├── .prettierrc.json ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── LICENSE ├── README.md ├── SECURITY.md ├── action.yml ├── jest.config.js ├── package-lock.json ├── package.json ├── src ├── kubeconform │ ├── kubeconform.test.ts │ └── kubeconform.ts ├── kubectl │ ├── kubectl.test.ts │ └── kubectl.ts ├── run.test.ts ├── run.ts ├── utils.test.ts └── utils.ts ├── test ├── invalid-ingress.yml ├── invalid-service.yml ├── valid-ingress.yml └── valid-service.yml └── tsconfig.json /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @Azure/aks-atlanta -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bugReportForm.yml: -------------------------------------------------------------------------------- 1 | name: Bug Report 2 | description: File a bug report specifying all inputs you provided for the action, we will respond to this thread with any questions. 3 | title: 'Bug: ' 4 | labels: ['bug', 'triage'] 5 | assignees: '@Azure/aks-atlanta' 6 | body: 7 | - type: textarea 8 | id: What-happened 9 | attributes: 10 | label: What happened? 11 | description: Tell us what happened and how is it different from the expected? 12 | placeholder: Tell us what you see! 13 | validations: 14 | required: true 15 | - type: checkboxes 16 | id: Version 17 | attributes: 18 | label: Version 19 | options: 20 | - label: I am using the latest version 21 | required: true 22 | - type: input 23 | id: Runner 24 | attributes: 25 | label: Runner 26 | description: What runner are you using? 27 | placeholder: Mention the runner info (self-hosted, operating system) 28 | validations: 29 | required: true 30 | - type: textarea 31 | id: Logs 32 | attributes: 33 | label: Relevant log output 34 | description: Run in debug mode for the most verbose logs. Please feel free to attach a screenshot of the logs 35 | validations: 36 | required: true 37 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | blank_issues_enabled: false 2 | contact_links: 3 | - name: GitHub Action "k8s-lint" Support 4 | url: https://github.com/Azure/k8s-lint 5 | security: https://github.com/Azure/k8s-lint/blob/main/SECURITY.md 6 | about: Please ask and answer questions here. 7 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/featureRequestForm.yml: -------------------------------------------------------------------------------- 1 | name: Feature Request 2 | description: File a Feature Request form, we will respond to this thread with any questions. 3 | title: 'Feature Request: ' 4 | labels: ['Feature'] 5 | assignees: '@Azure/aks-atlanta' 6 | body: 7 | - type: textarea 8 | id: Feature_request 9 | attributes: 10 | label: Feature request 11 | description: Provide example functionality and links to relevant docs 12 | validations: 13 | required: true 14 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: npm 4 | directory: / 5 | schedule: 6 | interval: weekly 7 | groups: 8 | actions: 9 | patterns: 10 | - '*' 11 | - package-ecosystem: github-actions 12 | directory: .github/workflows 13 | schedule: 14 | interval: weekly 15 | groups: 16 | actions: 17 | patterns: 18 | - '*' 19 | -------------------------------------------------------------------------------- /.github/workflows/codeql.yml: -------------------------------------------------------------------------------- 1 | # For most projects, this workflow file will not need changing; you simply need 2 | # to commit it to your repository. 3 | # 4 | # You may wish to alter this file to override the set of languages analyzed, 5 | # or to provide custom queries or build logic. 6 | # 7 | # ******** NOTE ******** 8 | # We have attempted to detect the languages in your repository. Please check 9 | # the `language` matrix defined below to confirm you have the correct set of 10 | # supported CodeQL languages. 11 | # 12 | name: 'CodeQL Advanced' 13 | 14 | on: 15 | push: 16 | branches: ['main'] 17 | pull_request: 18 | branches: ['main'] 19 | schedule: 20 | - cron: '15 9 * * 0' 21 | 22 | jobs: 23 | analyze: 24 | name: Analyze (${{ matrix.language }}) 25 | # Runner size impacts CodeQL analysis time. To learn more, please see: 26 | # - https://gh.io/recommended-hardware-resources-for-running-codeql 27 | # - https://gh.io/supported-runners-and-hardware-resources 28 | # - https://gh.io/using-larger-runners (GitHub.com only) 29 | # Consider using larger runners or machines with greater resources for possible analysis time improvements. 30 | runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} 31 | permissions: 32 | # required for all workflows 33 | security-events: write 34 | 35 | # required to fetch internal or private CodeQL packs 36 | packages: read 37 | 38 | # only required for workflows in private repositories 39 | actions: read 40 | contents: read 41 | 42 | strategy: 43 | fail-fast: false 44 | matrix: 45 | include: 46 | - language: javascript-typescript 47 | build-mode: none 48 | # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' 49 | # Use `c-cpp` to analyze code written in C, C++ or both 50 | # Use 'java-kotlin' to analyze code written in Java, Kotlin or both 51 | # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both 52 | # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, 53 | # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. 54 | # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how 55 | # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages 56 | steps: 57 | - name: Checkout repository 58 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 59 | 60 | # Initializes the CodeQL tools for scanning. 61 | - name: Initialize CodeQL 62 | uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 63 | with: 64 | languages: ${{ matrix.language }} 65 | build-mode: ${{ matrix.build-mode }} 66 | # If you wish to specify custom queries, you can do so here or in a config file. 67 | # By default, queries listed here will override any specified in a config file. 68 | # Prefix the list here with "+" to use these queries and those in the config file. 69 | 70 | # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs 71 | # queries: security-extended,security-and-quality 72 | 73 | # If the analyze step fails for one of the languages you are analyzing with 74 | # "We were unable to automatically build your code", modify the matrix above 75 | # to set the build mode to "manual" for that language. Then modify this step 76 | # to build your code. 77 | # ℹ️ Command-line programs to run using the OS shell. 78 | # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun 79 | - if: matrix.build-mode == 'manual' 80 | shell: bash 81 | run: | 82 | echo 'If you are using a "manual" build mode for one or more of the' \ 83 | 'languages you are analyzing, replace this with the commands to build' \ 84 | 'your code, for example:' 85 | echo ' make bootstrap' 86 | echo ' make release' 87 | exit 1 88 | 89 | - name: Perform CodeQL Analysis 90 | uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 91 | with: 92 | category: '/language:${{matrix.language}}' 93 | -------------------------------------------------------------------------------- /.github/workflows/default-labels.yml: -------------------------------------------------------------------------------- 1 | name: setting-default-labels 2 | 3 | # Controls when the action will run. 4 | on: 5 | schedule: 6 | - cron: '0 0/3 * * *' 7 | 8 | # A workflow run is made up of one or more jobs that can run sequentially or in parallel 9 | jobs: 10 | build: 11 | # The type of runner that the job will run on 12 | runs-on: ubuntu-latest 13 | permissions: 14 | contents: read 15 | # Steps represent a sequence of tasks that will be executed as part of the job 16 | steps: 17 | - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 18 | name: Setting issue as idle 19 | with: 20 | repo-token: ${{ secrets.GITHUB_TOKEN }} 21 | stale-issue-message: 'This issue is idle because it has been open for 14 days with no activity.' 22 | stale-issue-label: 'idle' 23 | days-before-stale: 14 24 | days-before-close: -1 25 | operations-per-run: 100 26 | exempt-issue-labels: 'backlog' 27 | 28 | - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 29 | name: Setting PR as idle 30 | with: 31 | repo-token: ${{ secrets.GITHUB_TOKEN }} 32 | stale-pr-message: 'This PR is idle because it has been open for 14 days with no activity.' 33 | stale-pr-label: 'idle' 34 | days-before-stale: 14 35 | days-before-close: -1 36 | operations-per-run: 100 37 | -------------------------------------------------------------------------------- /.github/workflows/integration-tests.yml: -------------------------------------------------------------------------------- 1 | name: 'Trigger Integration tests' 2 | on: 3 | pull_request: 4 | 5 | permissions: 6 | contents: read 7 | 8 | jobs: 9 | minikube-integration-tests: 10 | name: Minikube Integration Tests 11 | runs-on: ubuntu-22.04 12 | env: 13 | KUBECONFIG: /home/runner/.kube/config 14 | PR_BASE_REF: ${{ github.event.pull_request.base.ref }} 15 | steps: 16 | - id: setup-minikube 17 | name: Setup Minikube 18 | uses: medyagh/setup-minikube@5e71d7574bcbd0a3b04e7263b9cc4b47e2645bfb 19 | with: 20 | minikube-version: 1.33.0 21 | kubernetes-version: 1.29.1 22 | driver: 'none' 23 | timeout-minutes: 3 24 | 25 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 26 | - id: action-npm-build 27 | name: Npm install and build 28 | run: | 29 | echo $PR_BASE_REF 30 | if [[ $PR_BASE_REF != releases/* ]]; then 31 | npm ci 32 | npm run build 33 | fi 34 | 35 | # valid manifests 36 | - name: Execute k8s-lint with valid kubeconform 37 | uses: ./ 38 | with: 39 | manifests: | 40 | test/valid-ingress.yml 41 | test/valid-service.yml 42 | - name: Execute k8s-lint with valid dryrun 43 | uses: ./ 44 | with: 45 | lintType: dryrun 46 | manifests: | 47 | test/valid-ingress.yml 48 | test/valid-service.yml 49 | 50 | # invalid manifests 51 | - name: Execute k8s-lint with invalid kubeconform 52 | id: invalidKubeconform 53 | continue-on-error: true 54 | uses: ./ 55 | with: 56 | manifests: | 57 | test/invalid-ingress.yml 58 | test/invalid-service.yml 59 | - name: Execute k8s-lint with invalid dryrun 60 | id: invalidDryrun 61 | continue-on-error: true 62 | uses: ./ 63 | with: 64 | lintType: dryrun 65 | manifests: | 66 | test/invalid-ingress.yml 67 | test/invalid-service.yml 68 | - name: Verify invalid dryruns 69 | if: steps.invalidKubeconform.outcome != 'failure' || steps.invalidDryrun.outcome != 'failure' 70 | run: exit 1 71 | -------------------------------------------------------------------------------- /.github/workflows/prettify-code.yml: -------------------------------------------------------------------------------- 1 | name: 'Run Prettify' 2 | on: 3 | pull_request: 4 | push: 5 | branches: [main] 6 | 7 | jobs: 8 | prettier: 9 | name: Prettier Check 10 | runs-on: ubuntu-latest 11 | permissions: 12 | contents: read 13 | steps: 14 | - name: Checkout Repository 15 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 16 | 17 | - name: Setup Node.js 18 | uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 19 | with: 20 | node-version: 'lts/*' 21 | cache: 'npm' 22 | 23 | - name: Install Dependencies 24 | run: npm ci 25 | 26 | - name: Run Prettier Check 27 | run: npx prettier --check . 28 | -------------------------------------------------------------------------------- /.github/workflows/release-pr.yml: -------------------------------------------------------------------------------- 1 | name: Release Project 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - CHANGELOG.md 9 | workflow_dispatch: 10 | 11 | jobs: 12 | release: 13 | permissions: 14 | actions: read 15 | contents: write 16 | uses: Azure/action-release-workflows/.github/workflows/release_js_project.yaml@v1 17 | with: 18 | changelogPath: ./CHANGELOG.md 19 | -------------------------------------------------------------------------------- /.github/workflows/unit-tests.yml: -------------------------------------------------------------------------------- 1 | name: 'Run unit tests' 2 | on: # rebuild any PRs and main branch changes 3 | pull_request: 4 | branches: 5 | - main 6 | - 'releases/*' 7 | push: 8 | branches: 9 | - main 10 | - 'releases/*' 11 | 12 | jobs: 13 | build: # make sure build/ci works properly 14 | runs-on: ubuntu-latest 15 | steps: 16 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 17 | - name: Run L0 tests. 18 | run: | 19 | npm ci 20 | npm test 21 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | yarn-debug.log* 6 | yarn-error.log* 7 | 8 | # Runtime data 9 | pids 10 | *.pid 11 | *.seed 12 | *.pid.lock 13 | 14 | # Directory for instrumented libs generated by jscoverage/JSCover 15 | lib-cov 16 | 17 | # Coverage directory used by tools like istanbul 18 | coverage 19 | 20 | # nyc test coverage 21 | .nyc_output 22 | 23 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 24 | .grunt 25 | 26 | # Bower dependency directory (https://bower.io/) 27 | bower_components 28 | 29 | # node-waf configuration 30 | .lock-wscript 31 | 32 | # Compiled binary addons (https://nodejs.org/api/addons.html) 33 | build/Release 34 | 35 | # Dependency directories 36 | node_modules/ 37 | jspm_packages/ 38 | 39 | # TypeScript v1 declaration files 40 | typings/ 41 | 42 | # Optional npm cache directory 43 | .npm 44 | 45 | # Optional eslint cache 46 | .eslintcache 47 | 48 | # Optional REPL history 49 | .node_repl_history 50 | 51 | # Output of 'npm pack' 52 | *.tgz 53 | 54 | # Yarn Integrity file 55 | .yarn-integrity 56 | 57 | # dotenv environment variables file 58 | .env 59 | 60 | # next.js build output 61 | .next 62 | node_modules 63 | coverage 64 | 65 | lib/ -------------------------------------------------------------------------------- /.prettierignore: -------------------------------------------------------------------------------- 1 | # dependencies 2 | /node_modules 3 | coverage 4 | /lib -------------------------------------------------------------------------------- /.prettierrc.json: -------------------------------------------------------------------------------- 1 | { 2 | "trailingComma": "none", 3 | "bracketSpacing": false, 4 | "semi": false, 5 | "tabWidth": 3, 6 | "singleQuote": true, 7 | "printWidth": 80 8 | } 9 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## [3.0.0] - 2024-08-21 4 | 5 | ### Changed 6 | 7 | - Updated to Azure release workflows 8 | - Upgrade to node 20 from 16 9 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Microsoft Open Source Code of Conduct 2 | 3 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 4 | 5 | Resources: 6 | 7 | - [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/) 8 | - [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) 9 | - Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns 10 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) Microsoft Corporation. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Kubernetes lint action 2 | 3 | Use this action to lint/validate your manifest files. Refer to the action metadata file for details about all the inputs [action.yml](./action.yml). 4 | 5 | ## Lint using kubeconform 6 | 7 | ```yaml 8 | - uses: azure/k8s-lint@v3 9 | with: 10 | manifests: | 11 | manifests/deployment.yml 12 | manifests/service.yml 13 | kubeconformOpts: -summary 14 | ``` 15 | 16 | ## Lint using kubernetes server dryrun 17 | 18 | Requires Kubectl to be installed (you can use the [Azure/setup-kubectl](https://github.com/Azure/setup-kubectl) action). Server dryrun will communicate with the kuberenetes server, so ensure that KUBECONFIG is available in the context. This works only for kubernetes versions >=1.12 19 | 20 | ```yaml 21 | - uses: azure/setup-kubectl@v4 22 | - uses: azure/k8s-lint@v3 23 | with: 24 | lintType: dryrun 25 | manifests: | 26 | manifests/deployment.yml 27 | manifests/service.yml 28 | ``` 29 | 30 | ## Contributing 31 | 32 | This project welcomes contributions and suggestions. Most contributions require you to agree to a 33 | Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us 34 | the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com. 35 | 36 | When you submit a pull request, a CLA bot will automatically determine whether you need to provide 37 | a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions 38 | provided by the bot. You will only need to do this once across all repos using our CLA. 39 | 40 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 41 | For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or 42 | contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. 43 | 44 | ## Support 45 | 46 | k8s-lint is an open source project that is [**not** covered by the Microsoft Azure support policy](https://support.microsoft.com/en-us/help/2941892/support-for-linux-and-open-source-technology-in-azure). [Please search open issues here](https://github.com/Azure/k8s-lint/issues), and if your issue isn't already represented please [open a new one](https://github.com/Azure/k8s-lint/issues/new/choose). The project maintainers will respond to the best of their abilities. 47 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ## Security 4 | 5 | Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/). 6 | 7 | If you believe you have found a security vulnerability in any Microsoft-owned repository that meets Microsoft's [Microsoft's definition of a security vulnerability]() of a security vulnerability, please report it to us as described below. 8 | 9 | ## Reporting Security Issues 10 | 11 | **Please do not report security vulnerabilities through public GitHub issues.** 12 | 13 | Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report). 14 | 15 | If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc). 16 | 17 | You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). 18 | 19 | Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: 20 | 21 | - Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) 22 | - Full paths of source file(s) related to the manifestation of the issue 23 | - The location of the affected source code (tag/branch/commit or direct URL) 24 | - Any special configuration required to reproduce the issue 25 | - Step-by-step instructions to reproduce the issue 26 | - Proof-of-concept or exploit code (if possible) 27 | - Impact of the issue, including how an attacker might exploit the issue 28 | 29 | This information will help us triage your report more quickly. 30 | 31 | If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs. 32 | 33 | ## Preferred Languages 34 | 35 | We prefer all communications to be in English. 36 | 37 | ## Policy 38 | 39 | Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd). 40 | 41 | 42 | -------------------------------------------------------------------------------- /action.yml: -------------------------------------------------------------------------------- 1 | name: 'Lint k8s manifest files' 2 | description: 'Lint k8s manifest files' 3 | inputs: 4 | # Please ensure you have used either azure/k8s-actions/aks-set-context or azure/k8s-actions/k8s-set-context in the workflow before this action if using dryrun 5 | manifests: 6 | description: 'Path to the manifest files which will be used for deployment.' 7 | required: true 8 | lintType: 9 | description: 'Acceptable values: kubeconform, dryrun' 10 | required: true 11 | default: 'kubeconform' 12 | kubeconformOpts: 13 | description: 'Options that are passed to kubeconform e.g. -schema-location' 14 | required: false 15 | default: '-summary' 16 | namespace: 17 | description: 'Target Kubernetes namespace. If the namespace is not provided, commands will run in the default namespace.' 18 | required: false 19 | default: 'default' 20 | 21 | branding: 22 | color: 'green' # optional, decorates the entry in the GitHub Marketplace 23 | runs: 24 | using: 'node20' 25 | main: 'lib/index.js' 26 | -------------------------------------------------------------------------------- /jest.config.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | clearMocks: true, 3 | moduleFileExtensions: ['js', 'ts'], 4 | testEnvironment: 'node', 5 | testMatch: ['**/*.test.ts'], 6 | transform: { 7 | '^.+\\.ts$': 'ts-jest' 8 | }, 9 | verbose: true, 10 | coverageThreshold: { 11 | global: { 12 | branches: 0, 13 | functions: 14, 14 | lines: 27, 15 | statements: 27 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "k8s-lint-action", 3 | "version": "0.0.0", 4 | "private": true, 5 | "main": "lib/run.js", 6 | "scripts": { 7 | "prebuild": "npm i @vercel/ncc", 8 | "build": "ncc build src/run.ts -o lib", 9 | "test": "jest", 10 | "test-coverage": "jest --coverage", 11 | "format": "prettier --write .", 12 | "format-check": "prettier --check ." 13 | }, 14 | "keywords": [ 15 | "actions" 16 | ], 17 | "author": "GitHub", 18 | "license": "MIT", 19 | "dependencies": { 20 | "@actions/core": "^1.11.1", 21 | "@actions/exec": "^1.1.1", 22 | "@actions/tool-cache": "2.0.2" 23 | }, 24 | "devDependencies": { 25 | "@types/jest": "^29.5.14", 26 | "@types/node": "^22.15.29", 27 | "@vercel/ncc": "^0.38.3", 28 | "jest": "^29.5.12", 29 | "prettier": "^3.5.3", 30 | "ts-jest": "^29.3.4", 31 | "typescript": "5.8.3" 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /src/kubeconform/kubeconform.test.ts: -------------------------------------------------------------------------------- 1 | import * as kubeconform from './kubeconform' 2 | import * as core from '@actions/core' 3 | import * as fs from 'fs' 4 | import * as toolCache from '@actions/tool-cache' 5 | import * as io from '@actions/io' 6 | import * as os from 'os' 7 | import * as path from 'path' 8 | import * as util from 'util' 9 | import {ToolRunner} from '@actions/exec/lib/toolrunner' 10 | 11 | var mockStatusCode: number 12 | const mockExecFn = jest.fn().mockImplementation(() => mockStatusCode) 13 | jest.mock('@actions/exec/lib/toolrunner', () => { 14 | return { 15 | ToolRunner: jest.fn().mockImplementation(() => { 16 | return { 17 | exec: mockExecFn 18 | } 19 | }) 20 | } 21 | }) 22 | 23 | describe('Kubeconform', () => { 24 | beforeEach(() => { 25 | jest.clearAllMocks() 26 | }) 27 | 28 | test.each([ 29 | ['arm64', 'arm64'], 30 | ['x64', 'amd64'] 31 | ])( 32 | 'getKubeconformArch() - return on %s os arch %s kubeconform arch', 33 | (osArch, kubeconformArch) => { 34 | jest.spyOn(os, 'arch').mockReturnValue(osArch) 35 | 36 | expect(kubeconform.getKubeconformArch()).toBe(kubeconformArch) 37 | expect(os.arch).toBeCalled() 38 | } 39 | ) 40 | 41 | test.each([['arm64'], ['amd64']])( 42 | 'returns url to download kubeconform for Linux %s', 43 | (arch) => { 44 | jest.spyOn(os, 'type').mockReturnValue('Linux') 45 | const kubeconformLinuxUrl = util.format( 46 | 'https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-%s.tar.gz', 47 | arch 48 | ) 49 | expect(kubeconform.getKubeconformDownloadUrl(arch)).toBe( 50 | kubeconformLinuxUrl 51 | ) 52 | expect(os.type).toBeCalled() 53 | } 54 | ) 55 | 56 | test.each([['arm64'], ['amd64']])( 57 | 'returns url to download kubeconform for Darwin %s', 58 | (arch) => { 59 | jest.spyOn(os, 'type').mockReturnValue('Darwin') 60 | const kubeconformLinuxUrl = util.format( 61 | 'https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-darwin-%s.tar.gz', 62 | arch 63 | ) 64 | expect(kubeconform.getKubeconformDownloadUrl(arch)).toBe( 65 | kubeconformLinuxUrl 66 | ) 67 | expect(os.type).toBeCalled() 68 | } 69 | ) 70 | 71 | test.each([['arm64'], ['amd64']])( 72 | 'returns url to download kubeconform for Windows %s', 73 | (arch) => { 74 | jest.spyOn(os, 'type').mockReturnValue('Windows_NT') 75 | const kubeconformLinuxUrl = util.format( 76 | 'https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-windows-%s.zip', 77 | arch 78 | ) 79 | expect(kubeconform.getKubeconformDownloadUrl(arch)).toBe( 80 | kubeconformLinuxUrl 81 | ) 82 | expect(os.type).toBeCalled() 83 | } 84 | ) 85 | 86 | test('downloads kubeconform, extract zip, and returns path to it', async () => { 87 | jest.spyOn(os, 'type').mockReturnValue('Windows_NT') 88 | jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool') 89 | jest 90 | .spyOn(toolCache, 'extractZip') 91 | .mockResolvedValue('pathToExtractedTool') 92 | jest.spyOn(fs, 'chmodSync').mockImplementation() 93 | jest.spyOn(core, 'addPath').mockImplementation() 94 | 95 | expect(await kubeconform.downloadKubeconform()).toBe( 96 | path.join('pathToExtractedTool', 'kubeconform.exe') 97 | ) 98 | expect(os.type).toBeCalled() 99 | expect(toolCache.downloadTool).toBeCalled() 100 | expect(toolCache.extractZip).toBeCalledWith('pathToTool') 101 | expect(fs.chmodSync).toBeCalledWith( 102 | path.join('pathToExtractedTool', 'kubeconform.exe'), 103 | '755' 104 | ) 105 | expect(core.addPath).toBeCalledWith('pathToExtractedTool') 106 | }) 107 | 108 | test('downloads kubeconform, extract tar, and returns path to it', async () => { 109 | jest.spyOn(os, 'type').mockReturnValue('Linux') 110 | jest 111 | .spyOn(toolCache, 'downloadTool') 112 | .mockResolvedValue(path.join('pathToToolDir', 'tool')) 113 | jest.spyOn(io, 'cp').mockImplementation() 114 | jest 115 | .spyOn(toolCache, 'extractTar') 116 | .mockResolvedValue('pathToExtractedTool') 117 | jest.spyOn(fs, 'chmodSync').mockImplementation() 118 | jest.spyOn(core, 'addPath').mockImplementation() 119 | 120 | expect(await kubeconform.downloadKubeconform()).toBe( 121 | path.join('pathToExtractedTool', 'kubeconform') 122 | ) 123 | expect(os.type).toBeCalled() 124 | expect(toolCache.downloadTool).toBeCalled() 125 | expect(io.cp).toBeCalledWith( 126 | path.join('pathToToolDir', 'tool'), 127 | path.join('pathToToolDir', 'tool.tar.gz') 128 | ) 129 | expect(toolCache.extractTar).toBeCalledWith( 130 | path.join('pathToToolDir', 'tool.tar.gz') 131 | ) 132 | expect(fs.chmodSync).toBeCalledWith( 133 | path.join('pathToExtractedTool', 'kubeconform'), 134 | '755' 135 | ) 136 | expect(core.addPath).toBeCalledWith('pathToExtractedTool') 137 | }) 138 | 139 | test('throws error if download tool fails', async () => { 140 | jest.spyOn(os, 'type').mockReturnValue('Windows_NT') 141 | jest 142 | .spyOn(toolCache, 'downloadTool') 143 | .mockRejectedValue(new Error('Unable to download')) 144 | 145 | await expect(kubeconform.downloadKubeconform()).rejects.toThrow() 146 | expect(os.type).toBeCalled() 147 | expect(toolCache.downloadTool).toBeCalled() 148 | }) 149 | 150 | test('Gets path to kubeconform and uses it on manifests', async () => { 151 | jest.spyOn(io, 'which').mockResolvedValue('pathToTool') 152 | mockStatusCode = 0 153 | 154 | const kubeconformOpts = '-summary' 155 | const sampleManifests = [ 156 | 'manifest1.yaml', 157 | 'manifest2.yaml', 158 | 'manifest3.yaml' 159 | ] 160 | expect( 161 | await kubeconform.kubeconformLint(sampleManifests, kubeconformOpts) 162 | ).toBeUndefined() 163 | expect(io.which).toBeCalledWith('kubeconform', false) 164 | expect(ToolRunner).toBeCalledWith('pathToTool', [ 165 | '-summary', 166 | 'manifest1.yaml' 167 | ]) 168 | expect(ToolRunner).toBeCalledWith('pathToTool', [ 169 | '-summary', 170 | 'manifest2.yaml' 171 | ]) 172 | expect(ToolRunner).toBeCalledWith('pathToTool', [ 173 | '-summary', 174 | 'manifest3.yaml' 175 | ]) 176 | expect(mockExecFn).toBeCalledTimes(3) 177 | }) 178 | 179 | test('check if kubeconform is already installed, else download, and use it on manifests', async () => { 180 | jest.spyOn(io, 'which').mockReturnValue(Promise.resolve('')) 181 | jest.spyOn(os, 'type').mockReturnValue('Windows_NT') 182 | jest.spyOn(toolCache, 'downloadTool').mockResolvedValue('pathToTool') 183 | jest 184 | .spyOn(toolCache, 'extractZip') 185 | .mockResolvedValue('pathToExtractedTool') 186 | jest.spyOn(fs, 'chmodSync').mockImplementation() 187 | jest.spyOn(core, 'addPath').mockImplementation() 188 | mockStatusCode = 0 189 | 190 | const kubeconformOpts = '-summary' 191 | const sampleManifests = [ 192 | 'manifest1.yaml', 193 | 'manifest2.yaml', 194 | 'manifest3.yaml' 195 | ] 196 | expect( 197 | await kubeconform.kubeconformLint(sampleManifests, kubeconformOpts) 198 | ).toBeUndefined() 199 | expect(io.which).toBeCalledWith('kubeconform', false) 200 | expect(ToolRunner).toBeCalledWith( 201 | path.join('pathToExtractedTool', 'kubeconform.exe'), 202 | ['-summary', 'manifest1.yaml'] 203 | ) 204 | expect(ToolRunner).toBeCalledWith( 205 | path.join('pathToExtractedTool', 'kubeconform.exe'), 206 | ['-summary', 'manifest2.yaml'] 207 | ) 208 | expect(ToolRunner).toBeCalledWith( 209 | path.join('pathToExtractedTool', 'kubeconform.exe'), 210 | ['-summary', 'manifest3.yaml'] 211 | ) 212 | expect(mockExecFn).toBeCalledTimes(3) 213 | }) 214 | 215 | test('throw if kubeconform fails on a manifest', async () => { 216 | jest.spyOn(io, 'which').mockResolvedValue('pathToTool') 217 | mockStatusCode = 1 218 | 219 | const kubeconformOpts = '-summary' 220 | const sampleManifests = ['manifest1.yaml'] 221 | await expect( 222 | kubeconform.kubeconformLint(sampleManifests, kubeconformOpts) 223 | ).rejects.toThrow() 224 | expect(io.which).toBeCalledWith('kubeconform', false) 225 | expect(ToolRunner).toBeCalledWith('pathToTool', [ 226 | '-summary', 227 | 'manifest1.yaml' 228 | ]) 229 | expect(mockExecFn).toBeCalledTimes(1) 230 | }) 231 | }) 232 | -------------------------------------------------------------------------------- /src/kubeconform/kubeconform.ts: -------------------------------------------------------------------------------- 1 | import * as os from 'os' 2 | import * as path from 'path' 3 | import * as fs from 'fs' 4 | import * as toolCache from '@actions/tool-cache' 5 | import * as core from '@actions/core' 6 | import * as io from '@actions/io' 7 | import {ToolRunner} from '@actions/exec/lib/toolrunner' 8 | import {getExecutableExtension} from '../utils' 9 | 10 | const TOOL_NAME = 'kubeconform' 11 | 12 | export function getKubeconformArch(): string { 13 | const arch = os.arch() 14 | if (arch === 'x64') { 15 | return 'amd64' 16 | } 17 | return arch 18 | } 19 | 20 | export async function kubeconformLint( 21 | manifests: string[], 22 | kubeconformOptions: string 23 | ) { 24 | const toolPath = 25 | (await io.which(TOOL_NAME, false)) || (await downloadKubeconform()) 26 | for (const manifest of manifests) { 27 | const toolRunner = new ToolRunner(toolPath, [ 28 | kubeconformOptions, 29 | manifest 30 | ]) 31 | const code = await toolRunner.exec() 32 | 33 | if (code != 0) { 34 | throw Error('Your manifest has errors') 35 | } 36 | } 37 | } 38 | 39 | export async function downloadKubeconform(): Promise { 40 | const runnerArch = getKubeconformArch() 41 | const downloadPath = await toolCache.downloadTool( 42 | getKubeconformDownloadUrl(runnerArch) 43 | ) 44 | 45 | // extract from download 46 | let extractedPath 47 | switch (os.type()) { 48 | case 'Linux': 49 | case 'Darwin': 50 | const newPath = path.join(path.dirname(downloadPath), 'tool.tar.gz') 51 | await io.cp(downloadPath, newPath) 52 | extractedPath = await toolCache.extractTar(newPath) 53 | break 54 | case 'Windows_NT': 55 | default: 56 | extractedPath = await toolCache.extractZip(downloadPath) 57 | } 58 | 59 | // get and make executable 60 | const kubeconformPath = path.join( 61 | extractedPath, 62 | TOOL_NAME + getExecutableExtension() 63 | ) 64 | fs.chmodSync(kubeconformPath, '755') 65 | core.addPath(extractedPath) 66 | return kubeconformPath 67 | } 68 | 69 | export function getKubeconformDownloadUrl(arch: string): string { 70 | switch (os.type()) { 71 | case 'Linux': 72 | return `https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-${arch}.tar.gz` 73 | 74 | case 'Darwin': 75 | return `https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-darwin-${arch}.tar.gz` 76 | 77 | case 'Windows_NT': 78 | default: 79 | return `https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-windows-${arch}.zip` 80 | } 81 | } 82 | -------------------------------------------------------------------------------- /src/kubectl/kubectl.test.ts: -------------------------------------------------------------------------------- 1 | import * as kubectl from './kubectl' 2 | import * as io from '@actions/io' 3 | import * as path from 'path' 4 | import {ToolRunner} from '@actions/exec/lib/toolrunner' 5 | 6 | var mockStatusCode: number 7 | const mockExecFn = jest.fn().mockImplementation(() => mockStatusCode) 8 | jest.mock('@actions/exec/lib/toolrunner', () => { 9 | return { 10 | ToolRunner: jest.fn().mockImplementation(() => { 11 | return { 12 | exec: mockExecFn 13 | } 14 | }) 15 | } 16 | }) 17 | 18 | describe('Kubectl', () => { 19 | test('throws if kubeconfig not set', async () => { 20 | await expect(kubectl.kubectlLint([], 'default')).rejects.toThrow() 21 | }) 22 | 23 | test("throws if kubectl can't be found", async () => { 24 | process.env['KUBECONFIG'] = 'kubeconfig' 25 | jest.spyOn(io, 'which').mockReturnValue(Promise.resolve('')) 26 | await expect(kubectl.kubectlLint([], 'default')).rejects.toThrow() 27 | }) 28 | 29 | test('gets kubectl, validates kubeconfig, and lints the manifests', async () => { 30 | process.env['KUBECONFIG'] = 'kubeconfig' 31 | const pathToTool = 'pathToTool' 32 | jest 33 | .spyOn(io, 'which') 34 | .mockResolvedValue(path.join(pathToTool, 'kubectl.exe')) 35 | mockStatusCode = 0 36 | 37 | const sampleManifests = [ 38 | 'manifest1.yaml', 39 | 'manifest2.yaml', 40 | 'manifest3.yaml' 41 | ] 42 | expect(await kubectl.kubectlLint(sampleManifests, 'default')) 43 | expect(ToolRunner).toBeCalledWith(path.join(pathToTool, 'kubectl.exe'), [ 44 | 'apply', 45 | '-f', 46 | 'manifest1.yaml', 47 | '--dry-run=server', 48 | '--namespace', 49 | 'default' 50 | ]) 51 | expect(ToolRunner).toBeCalledWith(path.join(pathToTool, 'kubectl.exe'), [ 52 | 'apply', 53 | '-f', 54 | 'manifest2.yaml', 55 | '--dry-run=server', 56 | '--namespace', 57 | 'default' 58 | ]) 59 | expect(ToolRunner).toBeCalledWith(path.join(pathToTool, 'kubectl.exe'), [ 60 | 'apply', 61 | '-f', 62 | 'manifest3.yaml', 63 | '--dry-run=server', 64 | '--namespace', 65 | 'default' 66 | ]) 67 | expect(mockExecFn).toBeCalledTimes(3) 68 | }) 69 | }) 70 | -------------------------------------------------------------------------------- /src/kubectl/kubectl.ts: -------------------------------------------------------------------------------- 1 | import {ToolRunner} from '@actions/exec/lib/toolrunner' 2 | import * as io from '@actions/io' 3 | 4 | const TOOL_NAME = 'kubectl' 5 | 6 | export async function kubectlLint(manifests: string[], namespace: string) { 7 | if (!process.env['KUBECONFIG']) 8 | throw Error('KUBECONFIG env is not explicitly set.') 9 | 10 | const kubectlPath = await io.which(TOOL_NAME, false) 11 | if (!kubectlPath) 12 | throw Error( 13 | 'Kubectl not found. You must install it before running this action.' 14 | ) 15 | 16 | for (const manifest of manifests) { 17 | const toolRunner = new ToolRunner(kubectlPath, [ 18 | 'apply', 19 | '-f', 20 | manifest, 21 | '--dry-run=server', 22 | '--namespace', 23 | namespace 24 | ]) 25 | await toolRunner.exec() 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/run.test.ts: -------------------------------------------------------------------------------- 1 | import * as run from '../src/run' 2 | import * as kubeconform from './kubeconform/kubeconform' 3 | import * as kubectl from './kubectl/kubectl' 4 | import * as core from '@actions/core' 5 | 6 | describe('run', () => { 7 | test('runs kubectl dry run based on input', async () => { 8 | jest.spyOn(core, 'getInput').mockImplementation((input) => { 9 | if (input == 'manifests') 10 | return 'manifest1.yaml\nmanifest2.yaml\nmanifest3.yaml' 11 | if (input == 'lintType') return 'dryrun' 12 | if (input == 'namespace') return 'sampleNamespace' 13 | }) 14 | jest.spyOn(kubectl, 'kubectlLint').mockImplementation() 15 | 16 | expect(await run.kubeconform()).toBeUndefined() 17 | expect(core.getInput).toBeCalledTimes(3) 18 | expect(kubectl.kubectlLint).toBeCalledWith( 19 | ['manifest1.yaml', 'manifest2.yaml', 'manifest3.yaml'], 20 | 'sampleNamespace' 21 | ) 22 | }) 23 | 24 | test('uses default namespace if input not given', async () => { 25 | jest.spyOn(core, 'getInput').mockImplementation((input) => { 26 | if (input == 'manifests') 27 | return 'manifest1.yaml\nmanifest2.yaml\nmanifest3.yaml' 28 | if (input == 'lintType') return 'dryrun' 29 | if (input == 'namespace') return '' 30 | }) 31 | jest.spyOn(kubectl, 'kubectlLint').mockImplementation() 32 | 33 | expect(await run.kubeconform()).toBeUndefined() 34 | expect(core.getInput).toBeCalledTimes(3) 35 | expect(kubectl.kubectlLint).toBeCalledWith( 36 | ['manifest1.yaml', 'manifest2.yaml', 'manifest3.yaml'], 37 | 'default' 38 | ) 39 | }) 40 | 41 | test('runs kubeconform on manifests based on input', async () => { 42 | jest.spyOn(core, 'getInput').mockImplementation((input) => { 43 | if (input == 'manifests') 44 | return 'manifest1.yaml\nmanifest2.yaml\nmanifest3.yaml' 45 | if (input == 'lintType') return 'kubeconform' 46 | if (input == 'kubeconformOpts') return '-summary' 47 | }) 48 | jest.spyOn(kubeconform, 'kubeconformLint').mockImplementation() 49 | 50 | expect(await run.kubeconform()).toBeUndefined() 51 | expect(core.getInput).toBeCalledTimes(3) 52 | expect(kubeconform.kubeconformLint).toBeCalledWith( 53 | ['manifest1.yaml', 'manifest2.yaml', 'manifest3.yaml'], 54 | '-summary' 55 | ) 56 | }) 57 | 58 | test('uses -summary option if input not given', async () => { 59 | jest.spyOn(core, 'getInput').mockImplementation((input) => { 60 | if (input == 'manifests') 61 | return 'manifest1.yaml\nmanifest2.yaml\nmanifest3.yaml' 62 | if (input == 'lintType') return 'kubeconform' 63 | if (input == 'kubeconformOpts') return '' 64 | }) 65 | jest.spyOn(kubeconform, 'kubeconformLint').mockImplementation() 66 | 67 | expect(await run.kubeconform()).toBeUndefined() 68 | expect(core.getInput).toBeCalledTimes(3) 69 | expect(kubeconform.kubeconformLint).toBeCalledWith( 70 | ['manifest1.yaml', 'manifest2.yaml', 'manifest3.yaml'], 71 | '-summary' 72 | ) 73 | }) 74 | }) 75 | -------------------------------------------------------------------------------- /src/run.ts: -------------------------------------------------------------------------------- 1 | import * as core from '@actions/core' 2 | 3 | import {kubeconformLint} from './kubeconform/kubeconform' 4 | import {kubectlLint} from './kubectl/kubectl' 5 | 6 | export async function kubeconform() { 7 | // get inputs 8 | const type = core.getInput('lintType', {required: true}) 9 | const manifestsInput = core.getInput('manifests', {required: true}) 10 | const manifests = manifestsInput.split('\n') 11 | 12 | if (type.toLocaleLowerCase() === 'dryrun') { 13 | const namespace = 14 | core.getInput('namespace', {required: false}) || 'default' 15 | await kubectlLint(manifests, namespace) 16 | } else { 17 | const kubeconformOpts = 18 | core.getInput('kubeconformOpts', {required: false}) || '-summary' 19 | await kubeconformLint(manifests, kubeconformOpts) 20 | } 21 | } 22 | 23 | kubeconform().catch(core.setFailed) 24 | -------------------------------------------------------------------------------- /src/utils.test.ts: -------------------------------------------------------------------------------- 1 | import * as utils from '../src/utils' 2 | import * as os from 'os' 3 | 4 | describe('Get executable extension', () => { 5 | test('returns .exe when os is Windows', () => { 6 | jest.spyOn(os, 'type').mockReturnValue('Windows_NT') 7 | expect(utils.getExecutableExtension()).toBe('.exe') 8 | expect(os.type).toBeCalled() 9 | }) 10 | 11 | test('returns empty string for non-windows OS', () => { 12 | jest.spyOn(os, 'type').mockReturnValue('Darwin') 13 | expect(utils.getExecutableExtension()).toBe('') 14 | expect(os.type).toBeCalled() 15 | 16 | jest.spyOn(os, 'type').mockReturnValue('Other') 17 | expect(utils.getExecutableExtension()).toBe('') 18 | expect(os.type).toBeCalled() 19 | }) 20 | }) 21 | -------------------------------------------------------------------------------- /src/utils.ts: -------------------------------------------------------------------------------- 1 | import * as os from 'os' 2 | 3 | export function getExecutableExtension(): string { 4 | if (os.type().match(/^Win/)) { 5 | return '.exe' 6 | } 7 | return '' 8 | } 9 | -------------------------------------------------------------------------------- /test/invalid-ingress.yml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | metadata: 3 | name: nginx-deployment 4 | labels: 5 | app: nginx 6 | spec: 7 | replicas: 1 8 | selector: 9 | matchLabels: 10 | app: nginx 11 | template: 12 | metadata: 13 | labels: 14 | app: nginx 15 | spec: 16 | containers: 17 | - name: nginx 18 | image: nginx:1.14.2 19 | ports: 20 | - containerPort: 80 21 | --- 22 | apiVersion: v1 23 | kind: Service 24 | metadata: 25 | name: nginx-service 26 | spec: 27 | selector: 28 | app: nginx 29 | ports: 30 | - protocol: TCP 31 | port: 80 32 | targetPort: 80 33 | --- 34 | apiVersion: networking.k8s.io/v1 35 | kind: Ingress 36 | metadata: 37 | name: nginx-ingress 38 | annotations: 39 | nginx.ingress.kubernetes.io/rewrite-target: / 40 | spec: 41 | rules: 42 | - http: 43 | paths: 44 | - path: /testpath 45 | pathType: Exact 46 | backend: 47 | service: 48 | name: nginx-service 49 | port: 50 | number: 80 51 | - path: /testpath2 52 | pathType: Exact 53 | backend: 54 | service: 55 | name: unrouted-service 56 | port: 57 | number: 80 58 | -------------------------------------------------------------------------------- /test/invalid-service.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | metadata: 3 | name: nginx-deployment 4 | labels: 5 | app: nginx 6 | spec: 7 | replicas: 1 8 | selector: 9 | matchLabels: 10 | app: nginx 11 | template: 12 | metadata: 13 | labels: 14 | app: nginx 15 | spec: 16 | containers: 17 | - name: nginx 18 | image: nginx:1.14.2 19 | ports: 20 | - containerPort: 80 21 | --- 22 | apiVersion: v1 23 | kind: Service 24 | metadata: 25 | name: nginx-service 26 | spec: 27 | selector: 28 | app: nginx 29 | ports: 30 | - protocol: TCP 31 | port: 80 32 | targetPort: 80 33 | -------------------------------------------------------------------------------- /test/valid-ingress.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx-deployment 5 | labels: 6 | app: nginx 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: nginx 12 | template: 13 | metadata: 14 | labels: 15 | app: nginx 16 | spec: 17 | containers: 18 | - name: nginx 19 | image: nginx:1.14.2 20 | ports: 21 | - containerPort: 80 22 | --- 23 | apiVersion: v1 24 | kind: Service 25 | metadata: 26 | name: nginx-service 27 | spec: 28 | selector: 29 | app: nginx 30 | ports: 31 | - protocol: TCP 32 | port: 80 33 | targetPort: 80 34 | --- 35 | apiVersion: networking.k8s.io/v1 36 | kind: Ingress 37 | metadata: 38 | name: nginx-ingress 39 | annotations: 40 | nginx.ingress.kubernetes.io/rewrite-target: / 41 | spec: 42 | rules: 43 | - http: 44 | paths: 45 | - path: /testpath 46 | pathType: Exact 47 | backend: 48 | service: 49 | name: nginx-service 50 | port: 51 | number: 80 52 | - path: /testpath2 53 | pathType: Exact 54 | backend: 55 | service: 56 | name: unrouted-service 57 | port: 58 | number: 80 59 | -------------------------------------------------------------------------------- /test/valid-service.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx-deployment 5 | labels: 6 | app: nginx 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: nginx 12 | template: 13 | metadata: 14 | labels: 15 | app: nginx 16 | spec: 17 | containers: 18 | - name: nginx 19 | image: nginx:1.14.2 20 | ports: 21 | - containerPort: 80 22 | --- 23 | apiVersion: v1 24 | kind: Service 25 | metadata: 26 | name: nginx-service 27 | spec: 28 | selector: 29 | app: nginx 30 | ports: 31 | - protocol: TCP 32 | port: 80 33 | targetPort: 80 34 | -------------------------------------------------------------------------------- /tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "target": "ES6", 4 | "module": "commonjs" 5 | }, 6 | "exclude": ["node_modules", "test", "src/**/*.test.ts"] 7 | } 8 | --------------------------------------------------------------------------------