CI — Kubernetes
Validates Kubernetes manifests with kubeconform and optionally checks .env.example completeness. Supports the Datree CRDs-catalog for CRD-backed resources (cert-manager, Traefik, …).
Usage
yaml
jobs:
ci:
uses: KevinDeBenedetti/github-workflows/.github/workflows/ci-kubernetes.yml@main
with:
kubeconform-paths: kubernetes/
kubeconform-include-crds-catalog: trueInputs
| Input | Type | Default | Description |
|---|---|---|---|
run-kubeconform | boolean | true | Validate Kubernetes manifests with kubeconform |
kubeconform-paths | string | kubernetes/ | Directory containing manifests to validate |
kubeconform-exclude | string | '.*-values\.yaml' | Filename pattern to exclude from validation |
kubeconform-include-crds-catalog | boolean | true | Also validate against the Datree CRDs-catalog (cert-manager, Traefik, …) |
kubeconform-ignore-missing-schemas | boolean | false | Skip resources with no schema in any configured location (custom CRDs) |
run-env-example | boolean | false | Check that .env.example contains all required keys |
env-example-required-keys | string | '' | Space-separated list of keys that must be present in .env.example |
env-example-file | string | .env.example | Path to the .env.example file |
runner | string | '"ubuntu-latest"' | Runner labels as JSON — '"ubuntu-latest"' or a label array |
Steps
- (kubeconform, if
run-kubeconform) Checkout → run thekubeconformaction overkubeconform-paths - (env-example, if
run-env-example) Checkout → verify every key inenv-example-required-keysis present inenv-example-file
Notes
- The two jobs are independent:
kubeconformis gated byrun-kubeconform,env-examplebyrun-env-example. - Enable
kubeconform-ignore-missing-schemasfor custom CRDs not in the catalog (e.g. TetragonTracingPolicy, KyvernoClusterPolicy). - The
.env.examplecheck fails listing any missing keys (matched as^KEY=).