{"id":13740369,"url":"https://github.com/datreeio/action-datree","last_synced_at":"2025-07-07T11:06:50.226Z","repository":{"id":42572922,"uuid":"454014510","full_name":"datreeio/action-datree","owner":"datreeio","description":"Github action that runs the Datree CLI","archived":false,"fork":false,"pushed_at":"2023-11-28T10:00:52.000Z","size":24523,"stargazers_count":24,"open_issues_count":0,"forks_count":15,"subscribers_count":6,"default_branch":"main","last_synced_at":"2024-10-29T17:24:03.261Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/datreeio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2022-01-31T13:21:16.000Z","updated_at":"2024-03-04T12:31:10.000Z","dependencies_parsed_at":"2024-01-13T01:35:16.546Z","dependency_job_id":"ab12da34-d36b-4f3e-bdbb-e60adf0fc469","html_url":"https://github.com/datreeio/action-datree","commit_stats":{"total_commits":62,"total_committers":6,"mean_commits":"10.333333333333334","dds":"0.14516129032258063","last_synced_commit":"de67ae7a5133d719dc794e1b75682cd4c5f94d8a"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datreeio%2Faction-datree","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datreeio%2Faction-datree/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datreeio%2Faction-datree/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datreeio%2Faction-datree/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/datreeio","download_url":"https://codeload.github.com/datreeio/action-datree/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248497805,"owners_count":21113984,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T04:00:46.967Z","updated_at":"2025-04-12T00:00:31.934Z","avatar_url":"https://github.com/datreeio.png","language":"Shell","funding_links":[],"categories":["💻 Projects"],"sub_categories":[],"readme":"# Overview\nThe Datree CLI provides a policy enforcement solution to run automatic checks for rule violations in Kuberenetes configuration files.  \nThis action runs the Datree CLI against given k8s configuration file/s in your repository, featuring full **Helm** and **Kustomize** support.\u003cbr/\u003e\nTo learn more about Datree, visit the [datree website](https://www.datree.io/).\n\u003cbr/\u003e\u003cbr/\u003e\n# Setup\nGet started in 2 simple steps:\n* Obtain your Datree account token by following the instructions described [here](https://hub.datree.io/account-token).\n* Configure your token by setting DATREE_TOKEN as a [secret](https://docs.github.com/en/actions/reference/encrypted-secrets) or [environment](https://docs.github.com/en/actions/reference/environment-variables) variable (see \"Examples\" section of this readme).  \u003cbr/\u003e\u003cbr/\u003e\n\n\n# Usage\nIn your workflow, set this action as a step. For example:\n```yaml\n- name: Run Datree Policy Check\n  uses: datreeio/action-datree@main\n  with:\n    path: 'someDirectory/someFile.yaml'\n    cliArguments: '--schema-version 1.20.0'\n```\n| Input | Required | Description |\n| --- | ----------- | --- |\n| **path** | Yes | A path to the file/s you wish to run your Datree test against. This can be a single file or a [Glob pattern](https://www.digitalocean.com/community/tools/glob) signifying a directory. |\n| **cliArguments** | No | The desired [Datree CLI arguments](https://hub.datree.io/cli-arguments) for the policy check. In the above example, schema version 1.20.0 will be used.  |\n| **isHelmChart** | No | Specify whether the given path is a Helm chart. If this option is unused, the path will be considered as a regular yaml file. When `isHelmChart` is set, it will perform a recursive test for all helm charts inside the given path. |\n| **helmArguments** | No | The Helm arguments to be used, if the path is a Helm chart. |\n| **isKustomization** | No | Specify whether the given path is a directory containing a \"kustomization.yaml\" file. If this option is unused, the path will be considered as a regular yaml file. |\n| **kustomizeArguments** | No | The Kustomize arguments to be used, if the path is a Kustomization directory. |  \n\n*For more information and examples of using this action with Helm/Kustomize, see below*\n\u003cbr/\u003e\u003cbr/\u003e\n# Examples\nHere is an example workflow that uses this action to run a Datree policy check on all of the k8s manifest files under the current directory, on every push/pull request:\n```yaml\non:\n  push:\n    branches: [ main ]\n  pull_request:\n    branches: [ main ]\n    \nenv:\n  DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }} \n\njobs:\n  k8sPolicyCheck:\n    runs-on: ubuntu-latest\n\n    steps:\n      - name: Checkout\n        uses: actions/checkout@v2\n        \n      - name: Run Datree Policy Check\n        uses: datreeio/action-datree@main\n        with:\n          path: '**/*.yaml'\n          cliArguments: '--only-k8s-files'\n```  \nHere is another example that runs a policy check on a single file in the root of the repository on every push, using a policy named \"Staging\". The output will be in simple text, with no colors or emojis:\n```yaml\non:\n  push:\n    branches: [ main ]\n    \nenv:\n  DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }} \n\njobs:\n  k8sPolicyCheck:\n    runs-on: ubuntu-latest\n\n    steps:\n      - name: Checkout\n        uses: actions/checkout@v2\n        \n      - name: Run Datree Policy Check\n        uses: datreeio/action-datree@main\n        with:\n          path: 'file.yaml'\n          cliArguments: '--policy Staging --output simple'\n```  \n\u003cbr/\u003e\n\n# Using Helm\nThis action enables performing policy checks on Helm charts, by utilizing the [Datree Helm plugin](https://github.com/datreeio/helm-datree).  \nTo test a Helm chart, simply set the \"isHelmChart\" parameter to \"true\", and add any Helm arguments you wish to use to the \"helmArguments\" parameter, like so:\n```yaml\n- name: Run Datree Policy Check\n        uses: datreeio/action-datree@main\n        with:\n          path: 'myChartDirectory'\n          cliArguments: ''\n          isHelmChart: true\n          helmArguments: '--values values.yaml'\n```\n\u003cbr/\u003e\n\n# Using Kustomize\nThis action utilizes the Datree CLI's built-in Kustomize support. To use the plugin to test a kustomization, set \"isKustomization\" to 'true', and add any Kustomize arguments you wish to use to the \"kustomizeArguments\" setting, like so:\n```yaml\n- name: Run Datree Policy Check\n        uses: datreeio/action-datree@main\n        with:\n          path: 'my/kustomization/directory'\n          isKustomization: true\n          kustomizeArguments:\n```\n\n# Github Code Scanning (SARIF)\nYou can upload your policy check results to Github's code scanning to be displayed as security alerts by doing the following:\n* Set `-o sarif` in the CLI arguments of this action (this will automatically create a file named `datree.sarif` containing your test results)\n* Upload the SARIF file to Github by adding the following step to your workflow:\n```\n- name: Upload analysis results to GitHub\n  uses: github/codeql-action/upload-sarif@v2\n  with:\n    sarif_file: datree.sarif\n    wait-for-processing: true\n```\n\n# Output\nThe result of your policy checks will look like this:  \n\n![](/Resources/output.gif)\n\nIn addition to Datree's standard output, Github's job summary feature is now supported 📝  \nYour job summary will look like this:\n\n![](/Resources/jobsummary.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatreeio%2Faction-datree","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdatreeio%2Faction-datree","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatreeio%2Faction-datree/lists"}