Static Analysis #164
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Static Analysis | |
| on: | |
| push: | |
| branches: [ main ] | |
| paths-ignore: | |
| - '**/*.md' | |
| pull_request: | |
| branches: [ main ] | |
| paths-ignore: | |
| - '**/*.md' | |
| workflow_dispatch: | |
| jobs: | |
| kustomize: | |
| name: Kustomize YAML | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Generate kustomize YAML | |
| run: kubectl kustomize --enable-helm apps > kustomize.yaml | |
| - name: Upload YAML output | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: kustomize | |
| path: kustomize.yaml | |
| kubescape: | |
| name: Kubescape | |
| needs: kustomize | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install Kubescape | |
| run: curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash | |
| - name: Download Kustomize YAML | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: kustomize | |
| - name: Run Kubescape scan for DevOps issues | |
| run: kubescape scan framework devopsbest --exclude-namespaces kube-system,kube-public kustomize.yaml # --enable-host-scan --fail-threshold 0 | |
| kube-score: | |
| name: kube-score | |
| needs: kustomize | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Setup kube-score | |
| uses: tobbbles/setup-kubescore@v1.0.2 | |
| with: | |
| version: latest | |
| - name: Download Kustomize YAML | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: kustomize | |
| - name: Run kube-score static code analysis of the Kubernetes object definitions | |
| run: kube-score score kustomize.yaml || exit 0 |