Skip to main content
New to Monokle? Streamline your Kubernetes deployments with Monokle. Get Started >

GitHub Action

Run this GitHub action to validate your Kubernetes resources.

Overview

Monokle Action is a GitHub Action for the static analysis of Kubernetes resources. Use it to prevent misconfigurations within Kustomize, Helm or default Kubernetes resources. The action fits perfectly into your GitHub Action workflow by simplifying the CLI usage. Use it locally in your terminal or within any continuous integration provider.

You can checkout the repository here.

Basics

Configure the Action

The GitHub Action takes the following input:

  • path Relative path to a directory or a YAML file with Kubernetes resources.
  • config Relative path to the Monokle validation configuration file.

You can define your policy within a file and set the path. By default the action will look for ./monokle.validation.yaml. Learn more about Monokle Validation configuration.

Understanding the Action's Result

The action will find problems for you. You can configure the validator whether a problem is an error or a warning. The action fails when at least one error is found. Only warnings will not result in a failure and allow you to still merge. This allows for transition periods in your policies.

Recipes

With Kustomize

on: push

jobs:
  validate:
    name: Validate Kustomize with Monokle
    runs-on: ubuntu-latest
    steps:
      - id: checkout
        uses: actions/checkout@master
      - id: bake
        uses: azure/k8s-bake@v2.2
        with:
          renderEngine: "kustomize"
          kustomizationPath: "./kustomize-happy-cms/overlays/local"
      - id: validate
        uses: kubeshop/monokle-action@v0.2.0
        with:
          path: ${{ steps.bake.outputs.manifestsBundle }}

With Helm

on: push

jobs:
  validate:
    name: Validate Helm with Monokle
    runs-on: ubuntu-latest
    steps:
      - id: checkout
        uses: actions/checkout@master
      - id: bake
        uses: azure/k8s-bake@v2.2
        with:
          renderEngine: "helm"
          helmChart: "./helm-yellow-wordpress"
      - id: validate
        uses: kubeshop/monokle-action@v0.2.0
        with:
          path: ${{ steps.bake.outputs.manifestsBundle }}

With plain YAML

on: push

jobs:
  validate:
    name: Validate Kubernetes resources with Monokle
    runs-on: ubuntu-latest
    steps:
      - id: checkout
        uses: actions/checkout@master
      - id: validate
        uses: kubeshop/monokle-action@v0.2.0
        with:
          path: __path_to_file_or_directory_with_kubernetes_yaml_files__

Advanced

Upload to GitHub CodeScan

on: push

jobs:
  validate:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
    name: Validate Kustomize with Monokle
    steps:
      - id: checkout
        uses: actions/checkout@master
      - id: bake
        uses: azure/k8s-bake@v2.2
        with:
          renderEngine: "kustomize"
          kustomizationPath: "./kustomize-happy-cms/overlays/local"
      - id: validate
        uses: kubeshop/monokle-action@v0.2.0
        with:
          path: ${{ steps.bake.outputs.manifestsBundle }}
      - id: upload-sarif
        if: always()
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: ${{ steps.validate.outputs.sarif }}

FAQ

What is the difference with the GitHub Bot?

The [Monokle Action][monokle-action] is [a custom GitHub Action][gh-custom-action] and acts as a wrapper around the CLI which simplifies usage within [GitHub Actions workflows][gh-workflows]. On the other hand, the Monokle Bot is a [GitHub App][gh-action] which extends GitHub's functionality to give additional help on pull requests and an out-of-the-box experience.