Migrate to kubeconform

Dockerfile

@@ -13,8 +13,8 @@ COPY .yamllint.yaml /usr/local/share/yamllint/config.yaml
 # renovate: datasource=github-releases depName=kustomize lookupName=kubernetes-sigs/kustomize
 ARG KUSTOMIZE_VERSION="v5.4.3"
 
-# renovate: datasource=github-releases depName=kubeval lookupName=instrumenta/kubeval
-ARG KUBEVAL_VERSION="v0.16.1"
+# renovate: datasource=github-releases depName=kubeconform lookupName=yannh/kubeconform
+ARG KUBECONFORM_VERSION="v0.6.7"
 
 # renovate: datasource=github-releases depName=flux2 lookupName=fluxcd/flux2
 ARG FLUX2_VERSION="v2.4.0"
@@ -34,10 +34,10 @@ RUN apk add \
   ; curl -sL https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz \
       | tar xz -C /usr/local/bin \
   ; chmod +x /usr/local/bin/kustomize \
-### kubeval
-  ; curl -sL https://github.com/instrumenta/kubeval/releases/download/${KUBEVAL_VERSION}/kubeval-linux-amd64.tar.gz \
+### kubeconform
+  ; curl -sL https://github.com/yannh/kubeconform/releases/download/${KUBECONFORM_VERSION}/kubeconform-linux-amd64.tar.gz \
       | tar xz -C /usr/local/bin \
-  ; chmod +x /usr/local/bin/kubeval \
+  ; chmod +x /usr/local/bin/kubeconform \
 ### flux2 crd schemas
   ; mkdir -p /usr/local/share/schemas/master-standalone-strict \
   ; curl -sL https://github.com/fluxcd/flux2/releases/download/${FLUX2_VERSION}/crd-schemas.tar.gz \

README.md

@@ -7,4 +7,6 @@ This image **v**alidates f**lux** repos in CI.
 
 ## How to use
 
-Run `vlux <directory>` in the container to search for .yaml files recursively. All files will be validated with `yamllint` and `kubeval`. `kustomization.yaml` files will be built with `kustomize` and the result will be validated again with `kubeval`.
+Run `vlux <directory>` in the container to search for .yaml files recursively. All files will be validated with `yamllint` and `kubeconform`. `kustomization.yaml` files will be built with `kustomize` and the result will be validated again with `kubeconform`.
+
+Extra arguments to the script will be passed to `kubeconform`, e.g. `vlux <directory> -ignore-filename-pattern="kustomizeconfig.yaml"`

test/invalid/input/namespace.yaml

@@ -1,4 +1,3 @@
 apiVersion: v1
-kind: Namespace
 metadata:
   name: test

test/invalid/kustomization/kustomization.yaml

@@ -3,7 +3,7 @@ kind: Kustomization
 namespace: test
 resources:
 - namespace.yaml
-patchesJSON6902:
+patches:
 - target:
     version: v1
     kind: Namespace

test/valid/kustomization.yaml

@@ -3,3 +3,5 @@ kind: Kustomization
 namespace: test
 resources:
 - namespace.yaml
+configurations:
+- kustomizeconfig.yaml

test/valid/kustomizeconfig.yaml

@@ -0,0 +1,6 @@
+nameReference:
+  - kind: ConfigMap
+    version: v1
+    fieldSpecs:
+      - path: spec/volume/configMap/name
+        kind: Deployment

test/vlux.bats

@@ -1,26 +1,32 @@
 #!/usr/bin/env bats
 PATH="./tools:$PATH"
 
+bats_require_minimum_version 1.5.0
+
 @test "vlux passes without input files" {
   run -0 vlux test/empty
 }
 
 @test "vlux passes" {
-  run -0 vlux test/valid
+  run -0 vlux test/valid -ignore-filename-pattern="kustomizeconfig.yaml"
+}
+
+@test "vlux fails without ignoring kustomizeconfig.yaml" {
+  run -123 vlux test/valid
 }
 
 @test "vlux fails with yamllint" {
   run -1 vlux test/invalid/yamllint
 }
 
-@test "vlux fails with kubeval on input files" {
+@test "vlux fails with kubeconform on input files" {
   run -123 vlux test/invalid/input
 }
 
 @test "vlux fails when kustomize fails" {
   run -1 vlux test/invalid/kustomize
 }
 
-@test "vlux fails with kubeval on built kustomization" {
-  run -123 vlux test/invalid/kustomization
+@test "vlux fails with kubeconform on built kustomization" {
+  run -1 vlux test/invalid/kustomization
 }

tools/vlux

@@ -2,25 +2,31 @@
 set -Eeuo pipefail
 
 dir="$1"
+shift
 
 echo "Running yamllint ..."
 YAMLLINT_CONFIG_FILE=/usr/local/share/yamllint/config.yaml \
   yamllint "$dir"
 
-echo "Running kubeval on input files ..."
+echo "Running kubeconform on input files ..."
 find "$dir" -iname '*.yaml' -print0 \
-  | xargs -0 -r kubeval --strict \
-                     --schema-location="https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master" \
-                     --additional-schema-locations="file:///usr/local/share/schemas" \
-                     --ignore-missing-schemas
+  | xargs -0 -r kubeconform -strict \
+                         -schema-location="https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master" \
+                         -schema-location="file:///usr/local/share/schemas" \
+                         -ignore-missing-schemas \
+                         "$@"
 
-echo "Running kubeval on built kustomizations ..."  
+echo "Running kubeconform on built kustomizations ..."
 find "$dir" -iname 'kustomization.yaml' -print0 \
   | sed -z -e 's|/kustomization.yaml$||g' \
-  | xargs -0 -r -n1 -I{} kustomization {} \
-                      kubeval - \
-                              --strict \
-                              --schema-location="https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master" \
-                              --additional-schema-locations="file:///usr/local/share/schemas" \
-                              --ignore-missing-schemas \
-                              --filename {}
+  | while IFS= read -r -d $'\0' kustomization_dir; do
+      echo "Processing kustomization in: $kustomization_dir"
+      kustomize build \
+                --load-restrictor=LoadRestrictionsNone \
+                "$kustomization_dir" \
+        | kubeconform -strict \
+                      -schema-location="https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master" \
+                      -schema-location="file:///usr/local/share/schemas" \
+                      -ignore-missing-schemas \
+                      "$@"
+    done