Add kubeconform scan (#18)

* add kubeconform scan

* fix kubeconform action

* re-add commented actions to pr-push

Author: LasseHels

.github/workflows/kubeconform.yml

@@ -0,0 +1,21 @@
+on:
+  workflow_call:
+
+jobs:
+  kubeconform:
+    name: Kubeconform
+    permissions:
+      contents: read
+    runs-on: ubuntu-22.04
+    steps:
+      # Deliberately set up Kubeconform before checking out the repository, as we might otherwise get name collisions
+      # between the kubeconform directory and kubeconform binary (which have the same name).
+      - name: Setup Kubeconform
+        run: |
+          curl -L -O https://github.com/yannh/kubeconform/releases/download/v0.6.7/kubeconform-linux-amd64.tar.gz
+          tar -xvf kubeconform-linux-amd64.tar.gz
+          mv kubeconform /usr/local/bin
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Run Kubeconform
+        run: make kubeconform

.github/workflows/main-push.yml

@@ -14,11 +14,14 @@ jobs:
   end-to-end:
     name: End-to-end
     uses: ./.github/workflows/test-end-to-end.yml
+  kubeconform:
+    name: Kubeconform
+    uses: ./.github/workflows/kubeconform.yml
   build:
     name: Build
     uses: ./.github/workflows/build.yml
     secrets: inherit
-    needs: [test, lint, end-to-end]
+    needs: [test, lint, end-to-end, kubeconform]
     with:
       version: '${{ github.sha }}'
       push: true

.github/workflows/pr-push.yml

@@ -13,3 +13,6 @@ jobs:
   end-to-end:
     name: End-to-end
     uses: ./.github/workflows/test-end-to-end.yml
+  kubeconform:
+    name: Kubeconform
+    uses: ./.github/workflows/kubeconform.yml

Makefile

@@ -49,3 +49,11 @@ image:
 .PHONY: run-image
 run-image:
 	docker run --volume "./settings:/settings" $(IMAGE_TAG) --config-file="/settings/tainter.toml"
+
+.PHONY: kubeconform
+kubeconform:
+	kubeconform \
+    -schema-location default \
+    -schema-location 'kubeconform/schemas/{{ .ResourceKind }}.json' \
+    -strict \
+    -summary deploy