{"id":20865725,"url":"https://github.com/idsulik/helm-cel","last_synced_at":"2025-04-09T21:21:37.980Z","repository":{"id":262968624,"uuid":"888932524","full_name":"idsulik/helm-cel","owner":"idsulik","description":"A Helm plugin that uses Common Expression Language (CEL) to validate values. Instead of using JSON Schema in values.schema.json, you can write more expressive validation rules using CEL in values.cel.yaml.","archived":false,"fork":false,"pushed_at":"2024-12-08T06:19:11.000Z","size":71,"stargazers_count":81,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-02T19:08:06.297Z","etag":null,"topics":["golang","helm","helm-plugin","kubernetes"],"latest_commit_sha":null,"homepage":"https://pkg.go.dev/github.com/idsulik/helm-cel","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/idsulik.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-15T09:31:12.000Z","updated_at":"2025-03-24T05:19:06.000Z","dependencies_parsed_at":"2024-11-15T10:34:46.047Z","dependency_job_id":"502566ad-b956-4c39-949e-a28b864453be","html_url":"https://github.com/idsulik/helm-cel","commit_stats":null,"previous_names":["idsulik/helm-cel"],"tags_count":15,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/idsulik%2Fhelm-cel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/idsulik%2Fhelm-cel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/idsulik%2Fhelm-cel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/idsulik%2Fhelm-cel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/idsulik","download_url":"https://codeload.github.com/idsulik/helm-cel/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248112477,"owners_count":21049663,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","helm","helm-plugin","kubernetes"],"created_at":"2024-11-18T05:54:21.642Z","updated_at":"2025-04-09T21:21:37.974Z","avatar_url":"https://github.com/idsulik.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"[![License](https://img.shields.io/github/license/idsulik/helm-cel.svg)](https://github.com/idsulik/helm-cel/blob/main/LICENSE)\n[![Current Release](https://img.shields.io/github/release/idsulik/helm-cel.svg?logo=github)](https://github.com/idsulik/helm-cel/releases/latest)\n[![GitHub Repo stars](https://img.shields.io/github/stars/idsulik/helm-cel?style=flat\u0026logo=github)](https://github.com/idsulik/helm-cel/stargazers)\n[![GitHub issues](https://img.shields.io/github/issues/idsulik/helm-cel.svg)](https://github.com/idsulik/helm-cel/issues)\n[![GitHub pull requests](https://img.shields.io/github/issues-pr/idsulik/helm-cel.svg)](https://github.com/idsulik/helm-cel/pulls)\n[![codecov](https://codecov.io/gh/idsulik/helm-cel/branch/main/graph/badge.svg?token=4qAukyB2yX)](https://codecov.io/gh/idsulik/helm-cel)\n[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/cel)](https://artifacthub.io/packages/helm-plugin/cel/cel)\n# Helm CEL Plugin\n\nA Helm plugin that uses Common Expression Language (CEL) to validate values. Instead of using JSON Schema in `values.schema.json`, you can write more expressive validation rules using CEL in `values.cel.yaml`.\n\n## Installation\n\n### Using Helm Plugin Manager\n```bash\nhelm plugin install https://github.com/idsulik/helm-cel\n```\n\n### Using Docker\n```bash\n# Pull the image\ndocker pull idsulik/helm-cel:latest # main branch\ndocker pull idsulik/helm-cel:2.1.2  # specific version\n\n# Run validation\ndocker run --rm -v $(pwd):/charts idsulik/helm-cel validate /charts/mychart\n\n# Generate validation rules\ndocker run --rm -v $(pwd):/charts idsulik/helm-cel generate /charts/mychart\n```\n\n### Building from Source\n```bash\ngit clone https://github.com/idsulik/helm-cel\ncd helm-cel\nmake install\n```\n\n## Usage\n\n### Validation\n\nValidate your chart values using the validate command:\n```bash\nhelm cel validate ./mychart\n```\n\nOptions:\n```bash\n--values-file, -v    Values files to validate (comma-separated or multiple flags)\n                     Defaults to values.yaml\n--rules-file, -r     Rules files to validate against (comma-separated or multiple flags)\n                     Defaults to values.cel.yaml\n--output, -o         Output format: text, json, or yaml\n                     Defaults to text\n```\n\nExample with custom files:\n```bash\n# Using single values and rules files\nhelm cel validate ./mychart --values-file prod.values.yaml --rules-file prod.cel.yaml\n\n# Using JSON output format\nhelm cel validate ./mychart -o json\n\n# Using multiple values files (later files take precedence)\nhelm cel validate ./mychart --values-file common.yaml --values-file prod.yaml\n\n# Using comma-separated values files\nhelm cel validate ./mychart --values-file common.yaml,prod.yaml,overrides.yaml\n\n# Using multiple rules files\nhelm cel validate ./mychart --rules-file global.cel.yaml --rules-file ingress.cel.yaml\n\n# Combining multiple values and rules files\nhelm cel validate ./mychart \\\n  --values-file common.yaml,prod.yaml \\\n  --rules-file global.cel.yaml,ingress.cel.yaml,deployment.cel.yaml\n```\n\n### Generating Rules\n\nYou can automatically generate validation rules based on your values file structure:\n```bash\nhelm cel generate ./mychart\n```\n\nOptions:\n```bash\n--force, -f          Force overwrite existing rules file\n--values-file, -v    Values file to generate rules from (defaults to values.yaml)\n--output-file, -o    Output file for generated rules (defaults to values.cel.yaml)\n```\n\nExample with custom files:\n```bash\nhelm cel generate ./mychart --values-file prod.values.yaml --output-file prod.cel.yaml --force\n```\n\n## Rule Organization\n\nYou can organize your validation rules into multiple files for better maintainability. Files must have the `.cel.yaml` extension. Example structure:\n\n```\nmychart/\n├── Chart.yaml\n├── values.yaml\n└── cel/\n    ├── global.cel.yaml     # Global configuration rules\n    ├── ingress.cel.yaml    # Ingress-specific rules\n    └── deployment.cel.yaml # Deployment-specific rules\n```\n\nWhen using multiple rule files, expressions are shared across all files but must be unique (no duplicate expression names allowed).\n\n## Rule Structure\n\nEach rule in `values.cel.yaml` consists of:\n- `expr`: A CEL expression that should evaluate to `true` for valid values\n- `desc`: A description of what the rule validates\n- `severity`: Optional severity level (\"error\" or \"warning\", defaults to \"error\")\n\nExample `values.cel.yaml`:\n```yaml\nrules:\n  - expr: \"has(values.service) \u0026\u0026 has(values.service.port)\"\n    desc: \"service port is required\"\n  \n  - expr: \"values.service.port \u003e= 1 \u0026\u0026 values.service.port \u003c= 65535\"\n    desc: \"service port must be between 1 and 65535\"\n    severity: warning\n  \n  - expr: \"!(has(values.replicaCount)) || values.replicaCount \u003e= 1\"\n    desc: \"if replicaCount is set, it must be at least 1\"\n```\n\n### Severity Levels\n\nRules can have two severity levels:\n- `error`: Validation fails if the rule is not satisfied (default)\n- `warning`: Shows a warning but allows validation to pass\n\n### Common Validation Patterns\n\n1. Required fields:\n```yaml\n- expr: \"has(values.fieldName)\"\n  desc: \"fieldName is required\"\n```\n\n2. Value constraints:\n```yaml\n- expr: \"values.number \u003e= 0 \u0026\u0026 values.number \u003c= 100\"\n  desc: \"number must be between 0 and 100\"\n```\n\n3. Type validation:\n```yaml\n- expr: \"type(values.ports) == list\"\n  desc: \"ports must be a list\"\n```\n\n4. Resource validation:\n```yaml\n- expr: 'values.resources.requests.memory.matches(\"^[0-9]+(Mi|Gi)$\")'\n  desc: \"memory requests must be in Mi or Gi\"\n```\n\n5. Port validation:\n```yaml\n- expr: \"values.service.port \u003e= 1 \u0026\u0026 values.service.port \u003c= 65535\"\n  desc: \"port must be valid\"\n```\n\n### Reusable Expressions\n\nYou can define expressions to reuse across rules:\n```yaml\nexpressions:\n  portRange: 'values.service.port \u003e= 1 \u0026\u0026 values.service.port \u003c= 65535'\n  nodePortRange: 'values.service.nodePort \u003e= 30000 \u0026\u0026 values.service.nodePort \u003c= 32767'\n\nrules:\n  - expr: \"${portRange}\"\n    desc: \"Service port must be valid\"\n  \n  - expr: 'values.service.type == \"NodePort\" ? ${nodePortRange} : true'\n    desc: \"NodePort must be valid when type is NodePort\"\n```\n\n### Validation Results\n\nIf validation fails, you'll get a clear error message:\n```\n❌ Validation failed: replica count must be at least 1\n   Rule: values.replicaCount \u003e= 1\n   Path: replicaCount\n   Current value: 0\n```\n\nWith warnings:\n```\nFound 1 warning(s):\n\n⚠️ Service port must be between 1 and 65535\n   Rule: values.service.port \u003e= 1 \u0026\u0026 values.service.port \u003c= 65535\n   Path: service.port\n   Current value: 80801\n-------------------------------------------------\n⚠️✅ Values validation successful with warnings!\n```\n\nIf all rules pass, you'll see a success message:\n```\n✅ Values validation successful!\n```\n\n### Structured Output Formats\n\nYou can output validation results in JSON or YAML format for integration with CI/CD pipelines:\n\n```bash\n# JSON output\nhelm cel validate ./mychart -o json\n\n# YAML output\nhelm cel validate ./mychart -o yaml\n```\n\nJSON output example:\n```json\n{\n  \"has_errors\": true,\n  \"has_warnings\": true,\n  \"result\": {\n    \"errors\": [\n      {\n        \"description\": \"replicaCount must be at least 1\",\n        \"expression\": \"values.replicaCount \u003e= 1\",\n        \"value\": 0,\n        \"path\": \"replicaCount\"\n      }\n    ],\n    \"warnings\": [\n      {\n        \"description\": \"service port should be between 1 and 65535\",\n        \"expression\": \"values.service.port \u003e= 1 \u0026\u0026 values.service.port \u003c= 65535\",\n        \"value\": 80801,\n        \"path\": \"service.port\"\n      }\n    ]\n  }\n}\n```\n\nYAML output example:\n```yaml\nhas_errors: true\nhas_warnings: true\nresult:\n  errors:\n  - description: replicaCount must be at least 1\n    expression: values.replicaCount \u003e= 1\n    value: 0\n    path: replicaCount\n  warnings:\n  - description: service port should be between 1 and 65535\n    expression: values.service.port \u003e= 1 \u0026\u0026 values.service.port \u003c= 65535\n    value: 80801\n    path: service.port\n```\n\n## Development\n\nRequirements:\n- Go 1.22 or later\n\nBuild:\n```bash\nmake build\n```\n\nInstall locally:\n```bash\nmake install\n```\n\nRun tests:\n```bash\nmake test\n```\n\n## Contributing\n\n1. Fork the repository\n2. Create your feature branch (`git checkout -b feature/amazing-feature`)\n3. Commit your changes (`git commit -m 'Add some amazing feature'`)\n4. Push to the branch (`git push origin feature/amazing-feature`)\n5. Open a Pull Request\n\n## License\n\nDistributed under the MIT License. See `LICENSE` for more information.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fidsulik%2Fhelm-cel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fidsulik%2Fhelm-cel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fidsulik%2Fhelm-cel/lists"}