├── hooks ├── __init__.py └── kustomize_build.py ├── dev-requirements.txt ├── .isort.cfg ├── tests ├── kustomize-pass │ ├── test-config.yaml │ ├── kustomize-config.yaml │ ├── service.yaml │ ├── kustomization.yaml │ ├── deployment.yaml │ └── secret.sops.yaml └── kustomize-fail │ ├── test-config.yaml │ ├── kustomize-config.yaml │ ├── service.yaml │ ├── kustomization.yaml │ └── deployment.yaml ├── .gitignore ├── pytest.ini ├── renovate.json ├── .pre-commit-hooks.yaml ├── .github ├── ISSUES_TEMPLATE │ ├── feature_request.md │ └── bug_report.md └── pull_request_template.md ├── setup.py ├── LICENSE ├── .pre-commit-config.yaml └── README.md /hooks/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /dev-requirements.txt: -------------------------------------------------------------------------------- 1 | pre-commit 2 | pytest -------------------------------------------------------------------------------- /.isort.cfg: -------------------------------------------------------------------------------- 1 | [settings] 2 | known_third_party = setuptools,yaml 3 | -------------------------------------------------------------------------------- /tests/kustomize-pass/test-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | key: values 3 | ley2: value2 4 | -------------------------------------------------------------------------------- /tests/kustomize-fail/test-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | key: values 3 | ley2: value2 4 | 5 | broken: key 6 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | __pycache__ 2 | .mypy_cache 3 | build 4 | .pytest_cache 5 | pre_commit_hooks.egg-info 6 | .vscode 7 | -------------------------------------------------------------------------------- /pytest.ini: -------------------------------------------------------------------------------- 1 | [pytest] 2 | minversion = 6.0 3 | addopts = -ra -q 4 | testpaths = 5 | hooks/kustomize_build.py 6 | -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": [ 3 | "config:base" 4 | ], 5 | "pre-commit": { 6 | "enabled": true 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /tests/kustomize-fail/kustomize-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /tests/kustomize-pass/kustomize-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /.pre-commit-hooks.yaml: -------------------------------------------------------------------------------- 1 | - id: kustomize_build 2 | name: Test building kustomizations 3 | description: Prevents invalid kustomize being commited 4 | entry: kustomize_build 5 | language: python 6 | types: [yaml] 7 | -------------------------------------------------------------------------------- /tests/kustomize-pass/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: my-service 6 | spec: 7 | selector: 8 | app: MyApp 9 | ports: 10 | - protocol: TCP 11 | port: 80 12 | targetPort: 9376 13 | -------------------------------------------------------------------------------- /tests/kustomize-fail/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: my-service 6 | spec: 7 | selector: 8 | app: MyApp 9 | ports: 10 | - protocol: TCP 11 | port: 80 12 | targetPort: 9376 13 | 14 | broken: key -------------------------------------------------------------------------------- /tests/kustomize-pass/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | namespace: testing 4 | kind: Kustomization 5 | resources: 6 | - ./deployment.yaml 7 | - ./service.yaml 8 | - ./secret.sops.yaml 9 | configurations: 10 | - ./kustomize-config.yaml 11 | configMapGenerator: 12 | - name: test-config 13 | files: 14 | - values.yaml=test-config.yaml 15 | -------------------------------------------------------------------------------- /tests/kustomize-fail/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | namespace: testing 4 | kind: Kustomization 5 | resources: 6 | - ./deployment.yaml 7 | - ./service.yaml 8 | configurations: 9 | - ./kustomize-config.yaml 10 | configMapGenerator: 11 | - name: test-config 12 | files: 13 | - values.yaml=test1-config.yaml 14 | broken-key: 15 | value: test 16 | -------------------------------------------------------------------------------- /tests/kustomize-pass/deployment.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: nginx-deployment 6 | labels: 7 | app: nginx 8 | spec: 9 | replicas: 3 10 | selector: 11 | matchLabels: 12 | app: nginx 13 | template: 14 | metadata: 15 | labels: 16 | app: nginx 17 | spec: 18 | containers: 19 | - name: nginx 20 | image: nginx:1.14.2 21 | ports: 22 | - containerPort: 80 23 | -------------------------------------------------------------------------------- /tests/kustomize-fail/deployment.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: nginx-deployment 6 | labels: 7 | app: nginx 8 | spec: 9 | replicas: 3 10 | selector: 11 | matchLabels: 12 | app: nginx 13 | template: 14 | metadata: 15 | labels: 16 | app: nginx 17 | spec: 18 | containers: 19 | - name: nginx 20 | image: nginx:1.14.2 21 | ports: 22 | - containerPort: 80 23 | 24 | bad-key: broken 25 | -------------------------------------------------------------------------------- /.github/ISSUES_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Submit a feature request for this repo. 4 | title: '' 5 | labels: enhancement 6 | assignees: '@Truxnell' 7 | 8 | --- 9 | 10 | **Describe the solution you'd like** 11 | A clear and concise description of what you want to happen. 12 | 13 | **Describe alternatives you've considered** 14 | A clear and concise description of any alternative solutions or features you've considered. 15 | 16 | **Additional context** 17 | Add any other context or screenshots about the feature request here. 18 | -------------------------------------------------------------------------------- /.github/ISSUES_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a bug report to help us improve. 4 | title: '' 5 | labels: bug 6 | assignees: '@Truxnell' 7 | 8 | --- 9 | 10 | 11 | **Describe the bug** 12 | A clear and concise description of what the bug is. 13 | 14 | **To Reproduce** 15 | Steps to reproduce the behavior including the any code snippets and module inputs you used. 16 | 17 | ```hcl 18 | // paste code snippets here 19 | ``` 20 | 21 | **Expected behavior** 22 | A clear and concise description of what you expected to happen. 23 | 24 | **Nice to have** 25 | 26 | - [ ] Terminal output 27 | - [ ] Link to the yaml that causes the isssue (permalink) 28 | - [ ] Alternatively a copy of the yaml that cause the issue if commit not possible. 29 | - [ ] Which files were attempted to commit. 30 | 31 | **Additional context** 32 | Add any other context about the problem here. 33 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | from setuptools import find_packages, setup 2 | 3 | setup( 4 | name="pre_commit_hooks", 5 | description="A collection of hooks for managing a k8s gitops repository", 6 | url="https://github.com/Truxnell/pre-commit", 7 | version="0.0.2", 8 | author="Nat Allan", 9 | author_email="nat@natallan.com", 10 | platforms="linux", 11 | install_requires=["kustomize"], 12 | classifiers=[ 13 | "License :: OSI Approved :: MIT License", 14 | "Programming Language :: Python :: 2", 15 | "Programming Language :: Python :: 2.6", 16 | "Programming Language :: Python :: 2.7", 17 | "Programming Language :: Python :: 3", 18 | "Programming Language :: Python :: 3.3", 19 | "Programming Language :: Python :: 3.4", 20 | "Programming Language :: Python :: Implementation :: CPython", 21 | "Programming Language :: Python :: Implementation :: PyPy", 22 | ], 23 | entry_points={ 24 | "console_scripts": [ 25 | "kustomize_build=hooks.kustomize_build:main", 26 | ], 27 | }, 28 | ) 29 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Truxnell 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | ## Description 2 | 3 | 4 | 5 | ### Documentation 6 | 7 | 15 | 16 | 17 | 18 | ## TODOs 19 | 20 | Please ensure all of these TODOs are completed before asking for a review. 21 | 22 | - [ ] Ensure the branch is named correctly with the issue number if applicable. e.g: `feature/new-vpc-endpoints-955` or `bug/missing-count-param-434`. 23 | - [ ] Update the docs. 24 | - [ ] Keep the changes backward compatible where possible. 25 | - [ ] Run the pre-commit checks successfully. 26 | - [ ] Run the relevant tests successfully. 27 | 28 | ## Related Issues 29 | 30 | 36 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | repos: 2 | - repo: https://github.com/pre-commit/pre-commit-hooks 3 | rev: v4.2.0 4 | hooks: 5 | - id: check-ast 6 | - id: check-byte-order-marker 7 | - id: check-case-conflict 8 | - id: check-docstring-first 9 | - id: check-executables-have-shebangs 10 | - id: check-json 11 | - id: debug-statements 12 | - id: mixed-line-ending 13 | - id: trailing-whitespace 14 | - id: check-merge-conflict 15 | - id: detect-private-key 16 | - id: end-of-file-fixer 17 | - id: check-added-large-files 18 | args: ["--maxkb=2000"] 19 | 20 | - repo: https://github.com/pre-commit/mirrors-mypy 21 | rev: v0.782 22 | hooks: 23 | - id: mypy 24 | args: [--ignore-missing-imports] 25 | 26 | - repo: https://github.com/asottile/seed-isort-config 27 | rev: v2.2.0 28 | hooks: 29 | - id: seed-isort-config 30 | 31 | - repo: https://github.com/pre-commit/mirrors-isort 32 | rev: v5.10.1 33 | hooks: 34 | - id: isort 35 | 36 | - repo: https://github.com/psf/black 37 | rev: 22.3.0 38 | hooks: 39 | - id: black 40 | 41 | - repo: https://github.com/asottile/pyupgrade 42 | rev: v2.32.1 43 | hooks: 44 | - id: pyupgrade 45 | args: [--py36-plus] 46 | 47 | - repo: https://github.com/asottile/blacken-docs 48 | rev: v1.12.1 49 | hooks: 50 | - id: blacken-docs 51 | additional_dependencies: [black==20.8b1] 52 | 53 | - repo: local 54 | hooks: 55 | - id: pytest-check 56 | name: pytest-check 57 | stages: [commit] 58 | types: [python] 59 | entry: pytest 60 | language: system 61 | pass_filenames: false 62 | always_run: true 63 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Pre-commit hooks 2 | 3 | This is a WIP repository for a few planned pre-commit hooks. These are aimed to make life easier with using k8s in a gitops fashion. 4 | 5 | ## Installing 6 | 7 | To install, add the following to a file in the root of your repository `.pre-commit-config.yaml`, and run `pre-commit install` 8 | 9 | A example below. This runs the kustomize_build pre-commit hook, only for folders in the `k8s/` folder, with the optional 'dry-run' step in server mode. 10 | 11 | ```yaml 12 | - repo: https://github.com/Truxnell/pre-commit 13 | rev: v0.0.9 14 | hooks: 15 | - id: kustomize_build 16 | files: ^k8s/ 17 | args: [--dry-run=server] 18 | ``` 19 | 20 | This hook will then run each push. 21 | 22 | ## Hooks 23 | 24 | ### kustomize_build 25 | 26 | This hook will scan each yaml file in the folder, and check if that folder has a valid kustomization file. If it finds one, it will run `kustomize build .` on that path to check the kustomization will build, with any changes you have made. 27 | 28 | Note: This hook works best with the practice of having a kustomize in a folder, with its yaml in the same folder. The value of this hook diminishes if kustomize are calling in different folders, as this hook cannot calculate the multitute of links a kustomize could have. 29 | 30 | This hook can optionally run `kubectl dry-run` on the resulting build kustomize, for additional vaidation. This can be run in two modes: 31 | 32 | * --dry-run=client - A basic validation that the parsed YAML file(s) are valid against basic schema. 33 | * --dry-run=server - A powerful validation that connects to your cluster and validates that the server could apply the file. This is increidbly powerful, as it will reject invalid namespaces, 34 | 35 | ## Manual run / Run on entire repo 36 | 37 | Pre-commit only checks changed files in the current commit. It can be beneficial to run on all files at times: 38 | 39 | You can run 40 | 41 | ```bash 42 | pre-commit run -a # or --all-files 43 | ``` 44 | 45 | To run pre-commit on your entire repo with a single hook 46 | 47 | ```bash 48 | pre-commit kustomize_build -a 49 | ``` 50 | 51 | Alternatively, to run a single 52 | 53 | ## Pre-release 54 | 55 | * **kustomize-build** - Ensure modified kustomize files render, and optionally validate with `kubectl --dry-run` 56 | 57 | ## Planned 58 | 59 | * **helm-release-lint** - Lint a helm release file with values in file 60 | * **kubeconform-lint** - Lint each yaml with kubeconform 61 | -------------------------------------------------------------------------------- /tests/kustomize-pass/secret.sops.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: kube-prometheus-stack 6 | namespace: system-monitoring 7 | stringData: 8 | discord-webhook: ENC[AES256_GCM,data:ssKrloXnllaPL0Nasdiuoybrwqonvrsaoidsoiufvsovsapos3932u420uaoigdsUm6AJxQoGjj8vvIgWZqk+wh8vHPL7MI7No2quTdeIc8k3TBW/6ZVt+kg5G5xLC2FygCgNAA8/e2568CgqOHvBqUxkHh9EGVPPaHTGZDWLYLY2AMA6/ESNPbvm7u3HtECnHv03W0Wxz3m4nt2Ddl19pdXl,iv:Z3c8RwZzMRZadIp+EPwGcl36WfuFefSMk95mtDA7j/o=,tag:W0R0wV/7YetQIPqDKKj87g==,type:str] 9 | sops: 10 | kms: [] 11 | gcp_kms: [] 12 | azure_kv: [] 13 | hc_vault: [] 14 | age: 15 | - recipient: age12kzuwvvedndehkke84apwamungqrcavf2khwjvd46f6lkq0wqq5q3s3vth 16 | enc: | 17 | -----BEGIN AGE ENCRYPTED FILE----- 18 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdit5QWtCTDhVb2FIZFgx 19 | aodsfaonsdp9q4urawr9nuvqrnp0aw93u9432ri943re8vsun4r984qyr9832q4r 20 | afdsoesa9832qy40939tyesbvt75y3q9rnewjfdsiufrvt87y43t9843ur43vqer 21 | QmZGUUpIWXN3K2lEbVB3cVhabi9KUkEKcQiib0az52ksLfY4Ft6cKTxo9kJAMqXv 22 | xox+ScgH9sg4XABjca4j4zxM8b3nNL0VVZxUzKSQ08qRlq7O9Zw82w== 23 | -----END AGE ENCRYPTED FILE----- 24 | lastmodified: "2022-04-25T02:40:37Z" 25 | mac: ENC[AES256_GCM,data:6H+ZrQjYMknIIW0YSpSXsTKn6QNXP+QKFkV0f6/PaMDjeIAS1f5ZhtHRKFSKVSP0w6TaWpFgRmZ7N0mxml0lGd651VT0FKm2p9HCVKeVNa15Z9KwdD2w6aOSB96HtE9h1fzjVNUATLDuWNc9iCzgJCBdTdi0towmtVSHvKIjkIc=,iv:TpoJ7oAvPkvkZ3eIJz5U3EhqJi5r/FhDmFKqn6q8Z2w=,tag:ZYqdGnMk7dbAD/UwY37oGA==,type:str] 26 | pgp: [] 27 | encrypted_regex: ((?i)(pass|secret($|[^N])|key|token|^data$|^stringData)) 28 | version: 3.7.2 29 | --- 30 | apiVersion: v1 31 | kind: Secret 32 | metadata: 33 | name: kube-prometheus-stack-2 34 | namespace: system-monitoring 35 | stringData: 36 | discord-derp: ENC[AES256_GCM,data:ssKrloXnllaPL0Nasdiuoybrwqonvrsaoidsoiufvsovsapos3932u420uaoigdsUm6AJxQoGjj8vvIgWZqk+wh8vHPL7MI7No2quTdeIc8k3TBW/6ZVt+kg5G5xLC2FygCgNAA8/e2568CgqOHvBqUxkHh9EGVPPaHTGZDWLYLY2AMA6/ESNPbvm7u3HtECnHv03W0Wxz3m4nt2Ddl19pdXl,iv:Z3c8RwZzMRZadIp+EPwGcl36WfuFefSMk95mtDA7j/o=,tag:W0R0wV/7YetQIPqDKKj87g==,type:str] 37 | test: ENC[AES256_GCM,data:ssKrloXnllaPL0Nasdiuoybrwqonvrsaoidsoiufvsovsapos3932u420uaoigdsUm6AJxQoGjj8vvIgWZqk+wh8vHPL7MI7No2quTdeIc8k3TBW/6ZVt+kg5G5xLC2FygCgNAA8/e2568CgqOHvBqUxadsofiuaewfESNPbvm7u3HtECnHv03W0Wxz3m4nt2Ddl19pdXl,iv:Z3c8RwZzMRZadIp+EPwGcl36WfuFefSMk95mtDA7j/o=,tag:W0R0wV/7YetQIPqDKKj87g==,type:str] 38 | sops: 39 | kms: [] 40 | gcp_kms: [] 41 | azure_kv: [] 42 | hc_vault: [] 43 | age: 44 | - recipient: age12kzuwvvedndehkke84apwamungqrcavf2khwjvd46f6lkq0wqq5q3s3vth 45 | enc: | 46 | -----BEGIN AGE ENCRYPTED FILE----- 47 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdit5QWtCTDhVb2FIZFgx 48 | aodsfaonsdp9q4urawr9nuvqrnp0aw93u9432ri943re8vsun4r984qyr9832q4r 49 | afdsoesa9832qy40939tyesbvt75y3q9rnewjfdsiufrvt87y43t9843ur43vqer 50 | QmZGUUpIWXN3K2lEbVB3cVhabi9KUkEKcQiib0az52ksLfY4Ft6cKTxo9kJAMqXv 51 | xox+ScgH9sg4XABjca4j4zxM8b3nNL0VVZxUzKSQ08qRlq7O9Zw82w== 52 | -----END AGE ENCRYPTED FILE----- 53 | lastmodified: "2022-04-25T02:40:37Z" 54 | mac: ENC[AES256_GCM,data:6H+ZrQjYMknIIW0YSpSXsTKn6QNXP+QKFkV0f6/PaMDjeIAS1f5ZhtHRKFSKVSP0w6TaWpFgRmZ7N0mxml0lGd651VT0FKm2p9HCVKeVNa15Z9KwdD2w6aOSB96HtE9h1fzjVNUATLDuWNc9iCzgJCBdTdi0towmtVSHvKIjkIc=,iv:TpoJ7oAvPkvkZ3eIJz5U3EhqJi5r/FhDmFKqn6q8Z2w=,tag:ZYqdGnMk7dbAD/UwY37oGA==,type:str] 55 | pgp: [] 56 | encrypted_regex: ((?i)(pass|secret($|[^N])|key|token|^data$|^stringData)) 57 | version: 3.7.2 58 | -------------------------------------------------------------------------------- /hooks/kustomize_build.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import argparse 3 | import os 4 | import subprocess 5 | import sys 6 | 7 | import yaml 8 | from yaml.loader import SafeLoader 9 | 10 | 11 | def strip_sops(yaml_input): 12 | """Remove sops key from a pyyaml input""" 13 | yaml_file = [d for d in yaml.load_all(yaml_input, Loader=SafeLoader)] 14 | yaml_output = [] 15 | 16 | for file in yaml_file: 17 | if file.get("sops"): 18 | del file["sops"] 19 | yaml_output.append(file) 20 | 21 | return yaml.dump_all(yaml_output) 22 | 23 | 24 | def build_kustomize(pathname, dry_run_type=None): 25 | """ 26 | builds and optionally dry-run tests a kustomize folder 27 | any sops keys are removed if a dry-run test is performed 28 | """ 29 | command = ["kustomize", "build", pathname] 30 | if dry_run_type: 31 | try: 32 | kustomize_cmd = ("kustomize", "build", pathname) 33 | kubectl_cmd = ("kubectl", f"--dry-run={dry_run_type}", "apply", "-f", "-") 34 | kustomize = subprocess.check_output(kustomize_cmd) 35 | kustomize = strip_sops(kustomize.decode()) 36 | result = subprocess.run(kubectl_cmd, input=kustomize.encode("ascii")) 37 | except: 38 | return 1 39 | else: 40 | result = subprocess.run( 41 | command, 42 | stdout=subprocess.DEVNULL, 43 | stderr=subprocess.DEVNULL, 44 | ) 45 | 46 | return result.returncode 47 | 48 | 49 | def folder_kustomize(path): 50 | """check if a path has a valid kustomization file present""" 51 | if not path: 52 | return False 53 | 54 | kustomize_files = ["kustomization.yaml", "kustomization.yml", "Kustomization"] 55 | files = os.listdir(path) 56 | 57 | if any(f in kustomize_files for f in files): 58 | return True 59 | 60 | return False 61 | 62 | 63 | def main(argv=None): 64 | """ 65 | parse program imputs and perform kustomize build/kubectl dry-run (optional) 66 | """ 67 | parser = argparse.ArgumentParser( 68 | description="Validates kustomization files and optionally runs kubectl --dry-run on result" 69 | ) 70 | 71 | parser.add_argument( 72 | "filenames", 73 | nargs="*", 74 | help="Filenames pre-commit believes are changed.", 75 | ) 76 | 77 | parser.add_argument( 78 | "-d", 79 | "--dry-run", 80 | nargs="?", 81 | type=str, 82 | help="Runs kubectl --dry-run across built kustomize with the specified mode. Defualts to 'client'. Options 'client','server'", 83 | ) 84 | 85 | args = parser.parse_args(argv) 86 | 87 | if not args.filenames: 88 | parser.print_help() 89 | return 1 90 | 91 | if args.dry_run: 92 | if args.dry_run.lower() not in ["client", "server"]: 93 | print( 94 | f"--dry-run passed, but type '{args.dry_run}' is not valid, must be 'client' or 'server'" 95 | ) 96 | return 1 97 | 98 | # Strip filename from paths 99 | # as kustomize must be run against base dir 100 | paths = [os.path.dirname(f) for f in args.filenames] 101 | 102 | # remove any potential duplicates 103 | paths = list(set(paths)) 104 | 105 | # Remove paths without kustomization file 106 | paths = [f for f in paths if folder_kustomize(f)] 107 | if not len(paths): 108 | print("No paths with a kustomize file passed") 109 | return 0 110 | 111 | return_code = 0 112 | 113 | build_results = [f for f in paths if build_kustomize(f, args.dry_run)] 114 | 115 | for error_file in build_results: 116 | print(f"Kustomize build failed in folder: {error_file}") 117 | return_code = True 118 | 119 | return return_code 120 | 121 | 122 | if __name__ == "__main__": 123 | raise SystemExit(main(sys.argv[1:])) 124 | 125 | 126 | def test_kustomize_pass(): 127 | assert main(["./tests/kustomize-pass/"]) == 0 128 | 129 | 130 | def test_kustomize_fail(): 131 | assert main(["./tests/kustomize-fail/"]) == 1 132 | 133 | 134 | def test_kustomize_dryrun_pass(): 135 | assert main(["./tests/kustomize-pass/", "--dry-run=client"]) == 0 136 | 137 | 138 | def test_kustomize_dryrun_fail(): 139 | assert main(["./tests/kustomize-fail/", "--dry-run=client"]) == 1 140 | --------------------------------------------------------------------------------