This commit is contained in:
parent
265da7d159
commit
af701c3a1b
GPG Key ID:
4E692A2EAECC03C0
@ -27,7 +27,7 @@ ENV KUBECONFORM_VERSION="${KUBECONFORM_VERSION:-v0.6.2}"
|
|||||||
# renovate: datasource=github-releases depName=FairwindsOps/polaris
|
# renovate: datasource=github-releases depName=FairwindsOps/polaris
|
||||||
ENV POLARIS_VERSION="${POLARIS_VERSION:-8.2.3}"
|
ENV POLARIS_VERSION="${POLARIS_VERSION:-8.2.3}"
|
||||||
|
|
||||||
RUN apk --update add curl tar bash python3 py3-yaml && \
|
RUN apk --update add curl tar bash python3 py3-yaml findutils && \
|
||||||
curl -SsfL -o /usr/local/bin/kubectl "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \
|
curl -SsfL -o /usr/local/bin/kubectl "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \
|
||||||
curl -SsfL -o /usr/local/bin/kubectl-convert "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl-convert" && \
|
curl -SsfL -o /usr/local/bin/kubectl-convert "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl-convert" && \
|
||||||
curl -SsfL -o /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" && \
|
curl -SsfL -o /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" && \
|
||||||
|
|||||||
@ -5,9 +5,11 @@ KUSTOMIZE_FLAGS=("--load-restrictor=LoadRestrictionsNone")
|
|||||||
KUSTOMIZE_CONFIG="**/overlays/**/kustomization.yaml"
|
KUSTOMIZE_CONFIG="**/overlays/**/kustomization.yaml"
|
||||||
|
|
||||||
FLUX_PATH="${1:-.}"
|
FLUX_PATH="${1:-.}"
|
||||||
POLARIS_EXCLUDE_PATHS=(
|
|
||||||
"flux/clusters/cloud-infra/flux-system/"
|
# shellcheck disable=SC2128
|
||||||
)
|
IFS=', ' read -r -a POLARIS_EXCLUDE_PATHS <<<"$POLARIS_EXCLUDE_PATHS"
|
||||||
|
|
||||||
|
echo "${POLARIS_EXCLUDE_PATHS[@]}"
|
||||||
|
|
||||||
if [ -z "$POLARIS_CONFIG" ]; then
|
if [ -z "$POLARIS_CONFIG" ]; then
|
||||||
POLARIS_CONFIG=(
|
POLARIS_CONFIG=(
|
||||||
@ -23,15 +25,19 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
printf "\nINFO - Auditing kustomize overlays\n"
|
printf "\nINFO - Auditing kustomize overlays\n"
|
||||||
find "${FLUX_PATH%/}" -type f -name $KUSTOMIZE_CONFIG -print0 | while IFS= read -r -d $'\0' file; do
|
find "${FLUX_PATH%/}" -type f -iwholename "$KUSTOMIZE_CONFIG" -print0 | while IFS= read -r -d $'\0' file; do
|
||||||
printf "INFO - Auditing kustomization %s\n" "${file/%$KUSTOMIZE_CONFIG/}"
|
KUSTOMIZE_BASENAME=$(basename "$KUSTOMIZE_CONFIG")
|
||||||
|
KUSTOMIZE_BUILD="${file/%$KUSTOMIZE_BASENAME/}"
|
||||||
|
|
||||||
for EXCLUDE in "${POLARIS_EXCLUDE_PATHS[@]}"; do
|
for EXCLUDE in "${POLARIS_EXCLUDE_PATHS[@]}"; do
|
||||||
if [ "$EXCLUDE" == "${file/%$KUSTOMIZE_CONFIG/}" ]; then
|
if [ "$EXCLUDE" == "$KUSTOMIZE_BUILD" ]; then
|
||||||
|
printf "INFO - Skipping kustomization %s\n" "$KUSTOMIZE_BUILD"
|
||||||
continue 2
|
continue 2
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
kustomize build "${file/%$KUSTOMIZE_CONFIG/}" "${KUSTOMIZE_FLAGS[@]}" |
|
printf "INFO - Auditing kustomization %s\n" "$KUSTOMIZE_BUILD"
|
||||||
|
kustomize build "$KUSTOMIZE_BUILD" "${KUSTOMIZE_FLAGS[@]}" |
|
||||||
polaris audit "${POLARIS_CONFIG[@]}"
|
polaris audit "${POLARIS_CONFIG[@]}"
|
||||||
echo
|
echo
|
||||||
if [[ ${PIPESTATUS[0]} != 0 ]]; then
|
if [[ ${PIPESTATUS[0]} != 0 ]]; then
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user