Merge pull request #193 from vvalderrv/add-stage-groups #238
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Validates Helm charts for Jenkins deployment across all environments. | |
| # Combines helm lint, template rendering, and kubeconform schema validation. | |
| name: Validate Helm Charts and Values | |
| "on": | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'base/jenkins/**' | |
| - 'staging/**' | |
| - 'production/**' | |
| - 'dev/**' | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - 'base/jenkins/**' | |
| - 'staging/**' | |
| - 'production/**' | |
| - 'dev/**' | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| helm-validate: | |
| name: Validate Helm - ${{ matrix.env }} | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 15 | |
| strategy: | |
| matrix: | |
| env: [dev, staging, production] | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 | |
| - name: Install Helm | |
| uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 | |
| with: | |
| version: v3.19.0 | |
| - name: Add Jenkins Helm repository | |
| run: helm repo add jenkins https://charts.jenkins.io | |
| - name: Build Helm dependencies | |
| run: | | |
| cd base/jenkins | |
| helm dependency build | |
| - name: Lint Helm chart | |
| run: | | |
| helm lint base/jenkins \ | |
| -f ${{ matrix.env }}/values.yaml | |
| - name: Template with values.yaml (${{ matrix.env }}) | |
| run: | | |
| helm template jenkins base/jenkins \ | |
| -f ${{ matrix.env }}/values.yaml > rendered-${{ matrix.env }}.yaml | |
| - name: Show rendered output | |
| run: cat rendered-${{ matrix.env }}.yaml | |
| - name: Validate rendered manifest with kubeconform | |
| run: | | |
| KUBECONFORM_VERSION=0.7.0 | |
| KUBECONFORM_TARBALL="kubeconform-linux-amd64.tar.gz" | |
| KUBECONFORM_URL="https://github.com/yannh/kubeconform/releases/download/v${KUBECONFORM_VERSION}/${KUBECONFORM_TARBALL}" | |
| # https://github.com/yannh/kubeconform/releases/download/v0.7.0/kubeconform-linux-amd64.tar.gz | |
| KUBECONFORM_SHA256="c31518ddd122663b3f3aa874cfe8178cb0988de944f29c74a0b9260920d115d3" | |
| curl -Lo "${KUBECONFORM_TARBALL}" "${KUBECONFORM_URL}" | |
| echo "${KUBECONFORM_SHA256} ${KUBECONFORM_TARBALL}" | sha256sum -c - | |
| tar -xzf "${KUBECONFORM_TARBALL}" | |
| # Skip ExternalSecret CRD validation - schemas not available in kubeconform | |
| # ExternalSecret resources are validated by external-secrets-operator at runtime | |
| ./kubeconform -strict -summary -skip ExternalSecret -kubernetes-version 1.33.5 rendered-${{ matrix.env }}.yaml |