diff --git a/.github/workflows/master.yaml b/.github/workflows/master.yaml
index aab40c4..152bef2 100644
--- a/.github/workflows/master.yaml
+++ b/.github/workflows/master.yaml
@@ -16,8 +16,7 @@ jobs:
name: Continous integration
runs-on: ubuntu-18.04
steps:
- - name: checkout
- uses: actions/checkout@v2
+ - uses: actions/checkout@v2
- uses: azure/setup-helm@v1
with:
version: "3.3.4"
@@ -27,10 +26,10 @@ jobs:
helm lint . --strict
helm lint . --strict -f test/linter/values-lint.yaml
helm dep up test/linter/subchart && helm lint test/linter/subchart --strict
- # - name: conftest
- # run: |
- # conftest --version
- # helm template . | conftest test --policy test/conftest/policy/ test --output table -
+ - name: conftest
+ run: |
+ helm template . > /tmp/cmak.yaml
+ conftest test /tmp/cmak.yaml -p test/conftest -o table --all-namespaces
- name: start k8s with k3d
uses: AbsaOSS/k3d-action@v1.3.1
with:
diff --git a/test/conftest/policy/deployment.rego b/test/conftest/deployment.rego
similarity index 58%
rename from test/conftest/policy/deployment.rego
rename to test/conftest/deployment.rego
index 63a0cba..a52ca2b 100644
--- a/test/conftest/policy/deployment.rego
+++ b/test/conftest/deployment.rego
@@ -1,9 +1,9 @@
-package main
+package main.deployment
deny[msg] {
input.kind == "Deployment"
not input.spec.selector.matchLabels["app.kubernetes.io/name"]
not input.spec.selector.matchLabels["app.kubernetes.io/instance"]
- msg := "Containers must provide app.kubernetes.io/name and app.kubernetes.io/instance labels for pod selectors"
+ msg := "Containers must provide predefined labels for pod selectors"
}
diff --git a/test/conftest/ingress.rego b/test/conftest/ingress.rego
new file mode 100644
index 0000000..8643c61
--- /dev/null
+++ b/test/conftest/ingress.rego
@@ -0,0 +1,6 @@
+package main.ingress
+
+deny[msg] {
+ input.kind == "Ingress"
+ msg := "Ingress must not be created by default"
+}