-
Notifications
You must be signed in to change notification settings - Fork 93
35 lines (31 loc) · 1.36 KB
/
helm_check-values-schema.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# thanks to https://github.com/giantswarm/devctl/blob/v5.9.0/pkg/gen/input/workflows/internal/file/check_values_schema.yaml.template for the idea
name: 'Check if values schema file has been updated'
on:
pull_request:
branches:
- master
paths:
- 'chart/k8gb/values.yaml'
- 'chart/k8gb/values.schema.json'
permissions: # added using https://github.com/step-security/secure-workflows
contents: read
jobs:
check:
name: 'Check values.yaml and its schema in PR'
runs-on: ubuntu-22.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@951b48540b429070694bc8abd82fd6901eb123ca
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: 'Checkout'
uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
- name: 'Check if values.schema.json was updated'
run: |
VALUES_FILE=chart/k8gb/values.yaml
SCHEMA_FILE=chart/k8gb/values.schema.json
# check if the values.json is covered by the schema
pip3 install json-spec
yq -o=json eval ${VALUES_FILE} > /tmp/values.json
json validate --schema-file=${SCHEMA_FILE} --document-file=/tmp/values.json
echo "PASSED: values.yaml and values.schema.json both appear to have been updated and the document is valid against the schema"