Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chart linting git-crypt issue #8

Closed
Mykolaichenko opened this issue Aug 9, 2018 · 6 comments
Closed

Chart linting git-crypt issue #8

Mykolaichenko opened this issue Aug 9, 2018 · 6 comments

Comments

@Mykolaichenko
Copy link

Mykolaichenko commented Aug 9, 2018
edited

Hi!

We currently use git-crypt for storing creds.
How can we prevent ecnrypted files from validating?

Olegs-MacBook-Pro:k8s mukolaich$ docker run --rm -v "$(pwd):/workdir" --workdir /workdir gcr.io/kubernetes-charts-ci/chart-testing:v1.0.2 chart_test.sh --no-install --config .conf

--------------------------------------------------------------------------------
 Environment:
 REMOTE=origin
 TARGET_BRANCH=SRE100-500k8s_for_sat
 CHART_DIRS=sat/
 EXCLUDED_CHARTS=sat/s3sync/
 CHART_REPOS=
 TIMEOUT=300
 LINT_CONF=/testing/etc/lintconf.yaml
 CHART_YAML_SCHEMA=/testing/etc/chart_schema.yaml
 VALIDATE_MAINTAINERS=true
--------------------------------------------------------------------------------

"git-crypt" clean: line 1: git-crypt: not found
error: external filter '"git-crypt" clean' failed 127
error: external filter '"git-crypt" clean' failed
fatal: sat/blah/blah/blah/blah.yaml: clean filter 'git-crypt' failed

.conf

CHART_DIRS=sat/charts/blah-nginx
EXCLUDED_CHARTS=sat/s3sync/
TARGET_BRANCH=SRE100-500k8s_for_sat
@mattfarina
Copy link
Collaborator

I'm not a user of git-crypt so this is a bit of a guess... I think you'll need to create a derivative image from the chart-testing one that knows how to deal with your git-crypt setup.

@unguiculus
Copy link
Member

Can't you git crypt unlock before you do the linting and git crypt lock afterwards?

@Mykolaichenko
Copy link
Author

@unguiculus of course I'm using chart-testing in the same way. Error appears to unlocked files.

@unguiculus
Copy link
Member

OK, I see what the problem is. git-crypt is called by Git because it is added as a filter in .gitattributes. You need to create your own Docker image that exends from the chart-testing image and install git-crypt in it.

@Mykolaichenko
Copy link
Author

@unguiculus yep, I see this solution but it a little bit dirty, because I will care about creating/deploying/storing and updating new docker image which is simply extended by git-crypt.
Could we have flag like --ignore-gitattributes and logic inside chart-testing for preventing this issue?

@unguiculus
Copy link
Member

Closing this for now. I'm not aware of any way to tell Git to ignore .gitattributes. Anyways, I think this is a custom use case. You should really extend the Docker image.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mattfarina @unguiculus @Mykolaichenko