GitHub Action
kube-score check
This action executes kube-score with selected manifests (with support for YAML, Helm or Kustomize manifests).
💻 Compatible with Windows, Linux and Darwin Operating Systems.
🏗 Supported architectures: ARMv6, ARM64, x64.
📂 Multiple folders and files supported within one run of the action (with wildcards support).
📤 Export all analysis results to an output file.
🔢 All versions of kube-score can be selected and used.
⚡ Support for caching kube-score tool to improve speed in subsequent runs.
(Optional): The version of kube-score to use. Defaults to the latest available.
Required: An array of relative paths containing manifests to analyze with kube-score (separated with commas). It is mandatory to establish a wildcard for the files or the concrete filename.
Example: ./manifests/*.yml,./other/manifests/*.yml
(Optional): Will ignore the exit code provided by kube-score, will always pass the check. This could be useful in case of using the action in an information way.
(Optional): Generate an output file with the results of kube-score analysis for each manifest file (instead of printing in the standard output).
Each analysis is separated by a text block.
This action does not contain outputs. Only if output-file is provided, then a file will be generated but no handled as an output.
Note: it is necessary to perform a checkout of the repository before running the action.
- name: Checkout
uses: actions/checkout@v2
- name: kube-score check
uses: piraces/[email protected]
with:
manifests-folders: './manifests/*.yml'
This action and kube-score itself can work with the output of helm and kustomize, some examples are provided in the workflows .github/workflows/test-action-helm.yml and .github/workflows/test-action-kustomize.yml which runs can be seen clicking in the badges above.
It is important to note that kube-score only parses static yaml. Nevertheless, since helm and kustomize produce them, we can use the tool to scan them.
In the case for Helm, we can previously build the desired template, redirect the output to a file and then executing the action. For example:
- name: Checkout
uses: actions/checkout@v2
- uses: azure/setup-helm@v3
name: Setup Helm
with:
token: ${{ secrets.GITHUB_TOKEN }} # only needed if version is 'latest'
id: install
- name: Make temporal output directory
run: mkdir -p out/helm
- name: Helm Template to standard template
run: helm template .\sample-manifests\helm\example-chart > ./out/helm/sample-helm.yaml
- name: kube-score check
uses: piraces/[email protected]
with:
manifests-folders: './out/helm/*.yml'
In this case we are doing the same behaviour of the following command:
helm template .\sample-manifests\helm\example-chart | kube-score score -The case for Kustomize is mostly the same as Helm, we can previously build the desired template, redirect the output to a file and then executing the action. For example:
- name: Checkout
uses: actions/checkout@v2
- uses: azure/setup-kubectl@v3
id: install
- name: Make temporal output directory
run: mkdir -p out/kustomize
- name: kustomize build to standard template
run: kubectl kustomize sample-manifests/kustomize/overlays/production > ./out/kustomize/sample-kustomize.yaml
- name: kube-score check
uses: piraces/[email protected]
with:
manifests-folders: './out/kustomize/*.yml'
In this case we are doing the same behaviour of the following command:
kustomize build sample-manifests/kustomize/overlays/production | kube-score score -Or with kubectl:
kubectl kustomize sample-manifests/kustomize/overlays/production | kube-score score -