claude/k8s-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
k8s-apps/.gitea/workflows/pr-checks.yaml
root 3aca0fcea7
All checks were successful
AI Review / AI Code Review (pull_request) Successful in 2s
Details
PR Checks / Validate & Security Scan (pull_request) Successful in 12s
Details
fix: use pre-installed yamllint from runner-tools image 
yamllint is now pre-installed in the runner-tools Docker image.
Removes fragile pip install step that was failing silently.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-22 14:31:44 +01:00

60 lines
1.7 KiB
YAML
Raw Blame History

name: PR Checks
on:
pull_request:
branches:
- main
jobs:
validate-and-scan:
name: Validate & Security Scan
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: YAML Lint
run: |
echo "=== YAML Lint ==="
yamllint -d "{extends: relaxed, rules: {line-length: {max: 200}}}" \
environments/ argocd-apps/ apps/
echo "YAML lint passed"
- name: Validate ArgoCD Manifests
run: |
echo "=== Validating ArgoCD app manifests ==="
kubeconform -summary -strict \
-skip Application,AppProject \
-ignore-missing-schemas \
argocd-apps/ 2>&1
echo "Manifest validation passed"
- name: Secret Detection (gitleaks)
run: |
echo "=== Secret Detection ==="
gitleaks detect --source . --verbose --no-git 2>&1 || {
echo "::error::Gitleaks found potential secrets!"
exit 1
}
- name: Helm Unit Tests
run: |
echo "=== Helm Unit Tests ==="
if command -v helm &>/dev/null && helm plugin list | grep -q unittest; then
helm unittest charts/web-app 2>&1
else
echo "helm-unittest not available, skipping (advisory)"
fi
- name: Trivy Config Scan
run: |
echo "=== Trivy K8s Config Scan ==="
trivy config . \
--severity HIGH,CRITICAL \
--exit-code 0 \
--format table \
--skip-check-update 2>&1
echo "Trivy config scan complete (advisory mode)"
Reference in New Issue View Git Blame Copy Permalink