Context
Sub-issue of the linting and formatting parent. Covers linting and schema validation for Helm charts and Kustomize overlays.
Current usage: prescient-platform-applications maintains Helm charts under charts/. Kustomize overlays are a target ecosystem.
Both stages must be generic — the same workflow call works regardless of Kubernetes version or cloud provider.
Two stages
| Stage |
Tool |
Trigger |
| Pre-commit CI enforcement |
pre-commit |
on: pull_request; runs the consuming repo's pre-commit hooks in CI |
| PR lint gate |
kubeconform |
on: pull_request; renders charts/overlays and validates output against Kubernetes API schemas |
Stage 1 — Pre-commit CI enforcement (pre-commit)
Runs the consuming repo's .pre-commit-config.yaml hooks in CI against changed files. For Helm/Kustomize repos, standard hooks include helm lint and kubeconform on rendered output. The reusable workflow is the same lint-precommit.yml used for other ecosystems.
Consuming repos add Helm/Kustomize hooks to .pre-commit-config.yaml:
repos:
- repo: https://github.com/gruntwork-io/pre-commit
rev: v0.x.x
hooks:
- id: helmlintStage 2 — PR lint gate (kubeconform)
kubeconform validates Kubernetes manifests against the official API schemas for a configured Kubernetes version. For Helm charts, the workflow renders each chart with helm template before validating. For Kustomize overlays, it runs kustomize build before validating. This catches invalid field names, missing required fields, and deprecated API versions before they reach a cluster.
Findings are posted as PR annotations. PRs are blocked on any schema validation error.
Consuming repos call the workflow with:
uses: sparkgeo/github-actions/.github/workflows/lint-helm.yml@main
with:
charts-dir: charts # default 'charts'; path to Helm charts root
kustomize-dir: '' # optional; path to Kustomize overlays root
kubernetes-version: '1.32.0' # target cluster version for schema validation
Acceptance criteria
References
Context
Sub-issue of the linting and formatting parent. Covers linting and schema validation for Helm charts and Kustomize overlays.
Current usage:
prescient-platform-applicationsmaintains Helm charts undercharts/. Kustomize overlays are a target ecosystem.Both stages must be generic — the same workflow call works regardless of Kubernetes version or cloud provider.
Two stages
pre-commiton: pull_request; runs the consuming repo's pre-commit hooks in CIkubeconformon: pull_request; renders charts/overlays and validates output against Kubernetes API schemasStage 1 — Pre-commit CI enforcement (
pre-commit)Runs the consuming repo's
.pre-commit-config.yamlhooks in CI against changed files. For Helm/Kustomize repos, standard hooks includehelm lintandkubeconformon rendered output. The reusable workflow is the samelint-precommit.ymlused for other ecosystems.Consuming repos add Helm/Kustomize hooks to
.pre-commit-config.yaml:Stage 2 — PR lint gate (
kubeconform)kubeconformvalidates Kubernetes manifests against the official API schemas for a configured Kubernetes version. For Helm charts, the workflow renders each chart withhelm templatebefore validating. For Kustomize overlays, it runskustomize buildbefore validating. This catches invalid field names, missing required fields, and deprecated API versions before they reach a cluster.Findings are posted as PR annotations. PRs are blocked on any schema validation error.
Consuming repos call the workflow with:
Acceptance criteria
lint-helm.ymlworkflow: for each chart undercharts-dir, runshelm lintthenhelm template | kubeconform; for each overlay underkustomize-dir, runskustomize build | kubeconform; posts findings as PR annotations; blocks on any schema validation errorcharts-dir,kustomize-dir, andkubernetes-versioninputs allow consuming repos to customise scope and target schema versionprescient-platform-applications/charts/(pgadmin, stac-api, titiler, etc.)--ignore-missing-schemasflag for CRDs not covered by the official schema registryReferences
kubeconform: https://github.com/yannh/kubeconformhelm lint: https://helm.sh/docs/helm/helm_lint/prescient-platform-applicationscharts:charts/directory