feat: Add CI pipeline to validate manifests and helm chart#3101
feat: Add CI pipeline to validate manifests and helm chart#3101juyterman1000 wants to merge 3 commits intokubeflow:masterfrom
Conversation
|
🎉 Welcome to the Kubeflow Trainer! 🎉 Thanks for opening your first PR! We're happy to have you as part of our community 🚀 Here's what happens next:
Join the community:
Feel free to ask questions in the comments if you need any help or clarification! |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Hi @jinchihe/ @kuizhiqing, |
1711d44 to
b2e789d
Compare
Pull Request Test Coverage Report for Build 21117199641Warning: This coverage report may be inaccurate.This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.
Details
💛 - Coveralls |
13d6f11 to
9194a5e
Compare
|
Hi @juyterman1000, thanks for creating this PR. I think there's a few extra details that need working out to make sure this extra check is going to be robust - I don't suppose you have bandwidth to look into them?
|
|
Hi @robert-bell. Happy to adjust based on your preference. |
|
Hi @robert-bell, I've addressed your first point by adding Makefile targets for local kube-linter:
|
…linter (Fixes kubeflow#3096) Signed-off-by: juyterman1000 <fastrunner10090@gmail.com>
Signed-off-by: juyterman1000 <fastrunner10090@gmail.com>
Adds "make kube-linter" to download the binary and "make lint-manifests" to run kube-linter on manifests and helm charts locally. Signed-off-by: juyterman1000 <fastrunner10090@gmail.com>
56c4f92 to
f915a1d
Compare
|
Hi @andreyvelich |
| @@ -0,0 +1,24 @@ | |||
| name: KubeLinter | |||
There was a problem hiding this comment.
@juyterman1000 @robert-bell Did we change the scope of this PR?
I thought we plan to run make helm-lint and helm-unittest as part of this PR?
There was a problem hiding this comment.
Just to clarify, I’ve added the helm lint and helm unit test checks in a separate PR (#3166) to keep the scope focused.
Happy to combine or adjust if that’s preferred.
There was a problem hiding this comment.
Sure, thanks for doing this!
| @@ -0,0 +1,24 @@ | |||
| name: KubeLinter | |||
There was a problem hiding this comment.
Let's rename this action to something like:
| name: KubeLinter | |
| name: Code Quality Checks |
I would love all our Lints & Static checks go to this action eventually (Helm, KubeLinter, Go, Py, etc.), that will allow trigger unit tests even if lint fails.
Does it sound good @kubeflow/kubeflow-trainer-team @Goku2099 ?
There was a problem hiding this comment.
Yes, that sounds good to me.
I agree with grouping kube-linter, helm lint, and helm unit tests under a single “Code Quality Checks” workflow going forward.
For now I kept helm checks in a separate PR to keep scope small, but I’m happy to follow this structure and align my PR accordingly.
There was a problem hiding this comment.
Sure, let's make changes in the followup PRs!
There was a problem hiding this comment.
Rename this file to: code-quality-check.yaml
| on: | ||
| push: | ||
| branches: [ master, main ] | ||
| pull_request: |
There was a problem hiding this comment.
| on: | |
| push: | |
| branches: [ master, main ] | |
| pull_request: | |
| on: | |
| - push | |
| - pull_request |
| pull_request: | ||
|
|
||
| jobs: | ||
| scan: |
There was a problem hiding this comment.
| scan: | |
| check-kubelinter: |
| @@ -0,0 +1,24 @@ | |||
| # KubeLinter configuration file | |||
| # For more information, see https://docs.kubelinter.io/#/usage/configuration | |||
There was a problem hiding this comment.
| # For more information, see https://docs.kubelinter.io/#/usage/configuration | |
| # For more information, see https://docs.kubelinter.io/#/configuring-kubelinter |
| - "no-read-only-root-fs" | ||
| - "no-anti-affinity" |
There was a problem hiding this comment.
Do we need to exclude these?
| - name: Scan manifests (base) | ||
| uses: stackrox/kube-linter-action@v1 | ||
| with: | ||
| directory: manifests/base | ||
| config: .kube-linter.yaml | ||
|
|
||
| - name: Scan charts | ||
| uses: stackrox/kube-linter-action@v1 | ||
| with: | ||
| directory: charts/kubeflow-trainer | ||
| config: .kube-linter.yaml |
There was a problem hiding this comment.
Instead of using their github actions, can we just simple run in a single step:
make lint-manifests
| - "latest-tag" | ||
| - "liveness-port" | ||
| - "readiness-port" |
There was a problem hiding this comment.
Also, what about liveness and readiness ports?
|
/ok-to-test |
|
@juyterman1000 Please also rebase your PR, it should fix the pre-commits. |
|
@Goku2099 @juyterman1000 Please can some of you finalize this PR, so we can move forward? |
|
Sorry @andreyvelich @Goku2099 got occupied due to personal stuff,will push this today. |
|
No worries |
|
Thank you, folks! |
|
@andreyvelich Once this PR is finalized, we can gradually align with the proposed “Code Quality Checks” structure in follow-up changes. Also, if there’s anything I can help with here or in other areas feel free to let me know. |
|
Hi @juyterman1000 just checking in so we can keep this moving. Let me know if you'd like any help with the rebase. |
|
Hi @Goku2099 ,seeing lot of issues on code quality check after rebase,fixing those. |
Added a new GitHub Actions workflow to automatically validate Kubernetes manifests and Helm charts using kube-linter. This ensures that all changes to the deployment configurations adhere to best practices for production readiness and security.