fix
This commit is contained in:
@@ -0,0 +1,90 @@
|
||||
apiVersion: tekton.dev/v1beta1
|
||||
kind: Task
|
||||
metadata:
|
||||
name: kube-linter
|
||||
labels:
|
||||
app.kubernetes.io/version: "0.1"
|
||||
annotations:
|
||||
tekton.dev/pipelines.minVersion: "0.12.1"
|
||||
tekton.dev/categories: Code Quality
|
||||
tekton.dev/tags: Kubernetes, Misconfiguration
|
||||
tekton.dev/displayName: "Kube-Linter"
|
||||
tekton.dev/platforms: "linux/amd64"
|
||||
spec:
|
||||
description: >-
|
||||
This task makes it possible to use kube-linter within Tekton Pipeline.
|
||||
|
||||
The KubeLinter tool by StackRox is an open-source command-line interface to identify misconfigurations in Kubernetes objects.
|
||||
KubeLinter offers the ability to integrate checks on Kubernetes YAML files and Helm charts before deployment into a Kubernetes cluster.
|
||||
With 31 standard built-in checks and the room to configure your own, you get immediate feedback about misconfigurations and Kubernetes security violations.
|
||||
workspaces:
|
||||
- name: source
|
||||
description: A workspace that contains fetched git repo.
|
||||
params:
|
||||
- name: config_file_url
|
||||
type: string
|
||||
description: url from where the config file would be fetched.
|
||||
default: ""
|
||||
- name: config_file_path
|
||||
type: string
|
||||
description: path to config file.
|
||||
default: ""
|
||||
- name: manifest
|
||||
type: string
|
||||
description: path to manifest files or manifest directory to be checked.
|
||||
default: "."
|
||||
- name: includelist
|
||||
type: string
|
||||
description: "A string with comma separated checks to be included"
|
||||
default: ""
|
||||
- name: excludelist
|
||||
type: string
|
||||
description: "A string with comma separated checks to be excluded"
|
||||
default: ""
|
||||
- name: default_option
|
||||
type: string
|
||||
description: "provides two options (adding all built-in checks or disabling all default checks): add-all-built-in and/do-not-auto-add-defaults"
|
||||
default: ""
|
||||
- name: output_format
|
||||
type: string
|
||||
description: format in which report will be generated. (json|sarif|plain) (default:"json")
|
||||
default: json
|
||||
- name: args
|
||||
type: array
|
||||
description: "args"
|
||||
default: []
|
||||
steps:
|
||||
- name: fetch-config-file
|
||||
image: registry.access.redhat.com/ubi8/ubi-minimal:8.2
|
||||
workingDir: $(workspaces.source.path)
|
||||
script: |
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
|
||||
if [ -n "$(params.config_file_url)" ]
|
||||
then
|
||||
curl "$(params.config_file_url)" --output "$(params.config_file_path)"
|
||||
echo "Fetched the config file from given ($(params.config_file_url)) URL and successfully saved at $(workspaces.source.path)/$(params.config_file_path)"
|
||||
else
|
||||
echo "No config file url was set"
|
||||
fi
|
||||
|
||||
- name: lint-yaml
|
||||
image: docker.io/stackrox/kube-linter:0.2.2-2-g7d10a69154-alpine@sha256:e520e9d8d3a2dfa611914836536545b135845e7bda9f1df34b060e116232dbf0
|
||||
workingDir: $(workspaces.source.path)
|
||||
script: |
|
||||
mv ../../kube-linter ../../bin;
|
||||
|
||||
if [ -n "$(params.config_file_path)" ]
|
||||
then
|
||||
kube-linter lint "$(params.manifest)" --config "$(params.config_file_path)" --format "$(params.output_format)" "$@"
|
||||
else
|
||||
if [ -n "$(params.default_option)" ]
|
||||
then
|
||||
kube-linter lint "$(params.manifest)" --"$(params.default_option)" --include "$(params.includelist)" --exclude "$(params.excludelist)" --format "$(params.output_format)" "$@"
|
||||
else
|
||||
kube-linter lint "$(params.manifest)" --include "$(params.includelist)" --exclude "$(params.excludelist)" --format "$(params.output_format)" "$@"
|
||||
fi
|
||||
fi
|
||||
args:
|
||||
- $(params.args)
|
||||
Reference in New Issue
Block a user