{"id":33566884,"url":"https://github.com/jorisdejosselin/pre-commit-helm","last_synced_at":"2026-05-25T03:01:46.599Z","repository":{"id":304043530,"uuid":"1016076344","full_name":"jorisdejosselin/pre-commit-helm","owner":"jorisdejosselin","description":"🚀 Pre-commit hooks for Helm charts - automated validation, security scanning, and testing","archived":false,"fork":false,"pushed_at":"2026-05-22T01:01:41.000Z","size":218,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-22T10:43:06.782Z","etag":null,"topics":["chart","devtools","helm","hooks","kubernetes","linting","pre-commit","yaml"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jorisdejosselin.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-07-08T13:02:38.000Z","updated_at":"2026-03-17T13:32:06.000Z","dependencies_parsed_at":"2026-03-05T04:04:49.996Z","dependency_job_id":"4c66e3d9-3848-4551-b21f-75d9fe2798f9","html_url":"https://github.com/jorisdejosselin/pre-commit-helm","commit_stats":null,"previous_names":["jorisdejosselin/pre-commit-helm"],"tags_count":49,"template":false,"template_full_name":null,"purl":"pkg:github/jorisdejosselin/pre-commit-helm","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorisdejosselin%2Fpre-commit-helm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorisdejosselin%2Fpre-commit-helm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorisdejosselin%2Fpre-commit-helm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorisdejosselin%2Fpre-commit-helm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jorisdejosselin","download_url":"https://codeload.github.com/jorisdejosselin/pre-commit-helm/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorisdejosselin%2Fpre-commit-helm/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33458463,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-25T02:24:28.008Z","status":"ssl_error","status_checked_at":"2026-05-25T02:23:23.339Z","response_time":57,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chart","devtools","helm","hooks","kubernetes","linting","pre-commit","yaml"],"created_at":"2025-11-28T04:04:35.103Z","updated_at":"2026-05-25T03:01:46.544Z","avatar_url":"https://github.com/jorisdejosselin.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# pre-commit-helm\n\n[![Tests](https://github.com/jorisdejosselin/pre-commit-helm/actions/workflows/test-hooks.yml/badge.svg)](https://github.com/jorisdejosselin/pre-commit-helm/actions/workflows/test-hooks.yml)\n[![Release](https://github.com/jorisdejosselin/pre-commit-helm/actions/workflows/release.yml/badge.svg)](https://github.com/jorisdejosselin/pre-commit-helm/actions/workflows/release.yml)\n[![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/jorisdejosselin/pre-commit-helm?sort=semver\u0026logo=github)](https://github.com/jorisdejosselin/pre-commit-helm/releases)\n[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit)](https://github.com/pre-commit/pre-commit)\n[![Conventional Commits](https://img.shields.io/badge/Conventional%20Commits-1.0.0-%23FE5196?logo=conventionalcommits\u0026logoColor=white)](https://conventionalcommits.org)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n\nA collection of Git hooks for Helm to use with the [pre-commit](https://pre-commit.com/) framework.\n\n## Features\n\n- **helm-lint**: Validates Helm chart syntax and best practices\n- **helm-template**: Tests chart template rendering without installation\n- **helm-unittest**: Runs Helm unit tests using helm-unittest plugin\n- **helm-docs**: Generates/updates chart documentation\n- **helm-security**: Security scanning with Trivy\n- **helm-dependency-update**: Updates chart dependencies\n- **helm-kubeconform**: Validates Kubernetes manifests\n\n## Installation\n\n### Option 1: Using the Pre-built Container (Recommended)\n\nThe easiest way to use these hooks is with our pre-built container that includes all dependencies:\n\n```yaml\n# .pre-commit-config.yaml\nrepos:\n  - repo: https://github.com/jorisdejosselin/pre-commit-helm\n    rev: v1.0.1  # Use the latest stable version\n    hooks:\n      - id: helm-lint-docker\n      - id: helm-template-docker\n      - id: helm-unittest-docker\n      - id: helm-docs-docker\n      - id: helm-security-docker\n      - id: helm-dependency-update-docker\n      - id: helm-kubeconform-docker\n```\n\n\u003e **Note**: For testing pre-release features, you can use a pre-release tag like `v1.5.0-beta.1`.\n\u003e The Docker hooks will automatically use the corresponding container tag.\n\n**Benefits:**\n- ✅ No need to install Helm, trivy, kubeconform, or other dependencies\n- ✅ Consistent environment across all developers\n- ✅ Faster setup and execution\n- ✅ Supports both AMD64 and ARM64 architectures\n\n### Option 2: Local Installation\n\n### 1. Install pre-commit\n\n```bash\n# Using pip\npip install pre-commit\n\n# Using conda\nconda install -c conda-forge pre-commit\n\n# Using homebrew\nbrew install pre-commit\n```\n\n### 2. Add to your `.pre-commit-config.yaml`\n\n```yaml\nrepos:\n  - repo: https://github.com/jorisdejosselin/pre-commit-helm\n    rev: v1.0.0  # Use the ref you want to point at\n    hooks:\n      - id: helm-lint\n      - id: helm-template\n      - id: helm-unittest\n      - id: helm-docs\n      - id: helm-security\n      - id: helm-dependency-update\n      - id: helm-kubeconform\n```\n\n### 3. Install the git hook scripts\n\n```bash\npre-commit install\n```\n\n## Semantic Versioning \u0026 Releases\n\nThis project uses [semantic-release](https://semantic-release.gitbook.io/) for automated versioning and GitHub releases. Releases are automatically created when commits are pushed to the `main` branch following the [Conventional Commits](https://www.conventionalcommits.org/) specification.\n\n### Commit Message Format\n\nWe use the [Angular Commit Message Conventions](https://github.com/angular/angular/blob/master/CONTRIBUTING.md#-commit-message-format):\n\n```text\n\u003ctype\u003e(\u003cscope\u003e): \u003cshort summary\u003e\n  │       │             │\n  │       │             └─⫸ Summary in present tense. Not capitalized. No period at the end.\n  │       │\n  │       └─⫸ Commit Scope: Optional contextual information\n  │\n  └─⫸ Commit Type: feat|fix|docs|style|refactor|test|chore|perf|ci|build|revert\n```\n\n### Commit Types\n\n- **feat**: A new feature (triggers minor version bump)\n- **fix**: A bug fix (triggers patch version bump)\n- **docs**: Documentation only changes (triggers patch version bump)\n- **style**: Changes that do not affect the meaning of the code (triggers patch version bump)\n- **refactor**: A code change that neither fixes a bug nor adds a feature (triggers patch version bump)\n- **test**: Adding missing tests or correcting existing tests (triggers patch version bump)\n- **chore**: Changes to the build process or auxiliary tools (triggers patch version bump)\n- **perf**: A code change that improves performance (triggers patch version bump)\n- **ci**: Changes to CI configuration files and scripts (triggers patch version bump)\n- **build**: Changes that affect the build system or external dependencies (triggers patch version bump)\n- **revert**: Reverts a previous commit (triggers patch version bump)\n\n### Breaking Changes\n\nTo trigger a major version bump, include `BREAKING CHANGE:` in the commit body:\n\n```bash\nfeat: remove support for helm v2\n\nBREAKING CHANGE: helm v2 is no longer supported\n```\n\nor\n\n```bash\nfeat: add new validation rules\n\nBREAKING CHANGE: The validation rules have been updated and may cause existing charts to fail validation.\n```\n\n### Development Workflow\n\n1. **Making commits**: Use `npm run commit` to create properly formatted commit messages:\n\n   ```bash\n   npm install  # Install dependencies\n   npm run commit  # Interactive commit tool\n   ```\n\n2. **Automatic releases**: When you push to `main`, GitHub Actions will:\n   - Analyze commits since the last release\n   - Generate a changelog\n   - Create a new release with semantic version\n   - Update the CHANGELOG.md file\n\n3. **Pre-release versions**: Commits to `develop` branch will create pre-release versions (e.g., `v1.2.0-beta.1`)\n\n### Available Versions\n\nYou can always use the latest release by specifying:\n\n```yaml\nrepos:\n  - repo: https://github.com/jorisdejosselin/pre-commit-helm\n    rev: v1.0.0  # or use a specific version like v1.2.3\n```\n\nOr use the latest main branch (not recommended for production):\n\n```yaml\nrepos:\n  - repo: https://github.com/jorisdejosselin/pre-commit-helm\n    rev: main\n```\n\n## Prerequisites\n\nMake sure you have the following tools installed:\n\n- [Helm](https://helm.sh/docs/intro/install/) \u003e= 3.0.0\n- [helm-unittest](https://github.com/helm-unittest/helm-unittest) plugin (for helm-unittest hook)\n- [helm-docs](https://github.com/norwoodj/helm-docs) (for helm-docs hook)\n- [Trivy](https://aquasecurity.github.io/trivy/) (for helm-security hook)\n- [kubeconform](https://github.com/yannh/kubeconform) (for helm-kubeconform hook)\n\n## Hook Configuration\n\n### helm-lint\n\nRuns `helm lint` on your Helm charts to validate syntax and best practices.\n\n```yaml\n- id: helm-lint\n  args: ['--strict']  # Optional: fail on warnings\n```\n\n### helm-template\n\nRenders chart templates to validate they generate valid Kubernetes manifests.\n\n```yaml\n- id: helm-template\n  args: ['--debug']  # Optional: show debug output\n```\n\n### helm-unittest\n\nRuns unit tests for your Helm charts using the helm-unittest plugin.\n\n```yaml\n- id: helm-unittest\n  args: ['--color', '--output-type', 'JUnit']\n```\n\n### helm-docs\n\nGenerates documentation for your Helm charts.\n\n```yaml\n- id: helm-docs\n  args: ['--sort-values-order', 'file']\n```\n\n### helm-security\n\nScans your Helm charts for security vulnerabilities using Trivy.\n\n```yaml\n- id: helm-security\n  args: ['--severity', 'HIGH,CRITICAL']\n```\n\n### helm-dependency-update\n\nUpdates chart dependencies when Chart.yaml changes.\n\n```yaml\n- id: helm-dependency-update\n  args: ['--skip-refresh']  # Optional: skip repository refresh\n```\n\n### helm-kubeconform\n\nValidates Kubernetes manifests generated by Helm templates using kubeconform.\n\n```yaml\n- id: helm-kubeconform\n  args: ['--kubernetes-version', '1.28.0']\n```\n\n## Usage Examples\n\n### Basic Configuration\n\n```yaml\nrepos:\n  - repo: https://github.com/jorisdejosselin/pre-commit-helm\n    rev: v1.0.0\n    hooks:\n      - id: helm-lint\n      - id: helm-template\n```\n\n### Advanced Configuration\n\n```yaml\nrepos:\n  - repo: https://github.com/jorisdejosselin/pre-commit-helm\n    rev: v1.0.0\n    hooks:\n      - id: helm-lint\n        args: ['--strict']\n      - id: helm-template\n        args: ['--debug']\n      - id: helm-unittest\n        args: ['--color']\n      - id: helm-docs\n      - id: helm-security\n        args: ['--severity', 'HIGH,CRITICAL']\n      - id: helm-dependency-update\n      - id: helm-kubeconform\n        args: ['--kubernetes-version', '1.28.0']\n```\n\n## Chart Structure\n\nThis tool works best with charts following the standard Helm structure:\n\n```text\nmychart/\n├── Chart.yaml\n├── values.yaml\n├── templates/\n│   ├── deployment.yaml\n│   ├── service.yaml\n│   └── ...\n├── tests/\n│   └── *_test.yaml\n└── README.md\n```\n\n## Using the Container Directly\n\nYou can also use the container directly for testing or CI/CD:\n\n```bash\n# Pull the stable container\ndocker pull ghcr.io/jorisdejosselin/pre-commit-helm:stable\n\n# Or pull a specific version\ndocker pull ghcr.io/jorisdejosselin/pre-commit-helm:v1.5.0\n\n# Or pull the latest pre-release for testing\ndocker pull ghcr.io/jorisdejosselin/pre-commit-helm:develop\n\n# Run hooks directly\ndocker run --rm -v $(pwd):/workspace ghcr.io/jorisdejosselin/pre-commit-helm:stable \\\n  -c \"cd /workspace \u0026\u0026 /usr/local/bin/helm-lint.sh\"\n\n# Interactive shell with all tools available\ndocker run -it --rm -v $(pwd):/workspace ghcr.io/jorisdejosselin/pre-commit-helm:stable\n\n# Using docker-compose for development\ndocker-compose up -d\ndocker-compose exec pre-commit-helm bash\n```\n\n### Available Container Tags\n\n**Stable Releases:**\n- `stable`/`latest` - Latest stable release (recommended for production)\n- `v1.2.3` - Specific stable version tags (e.g., `v1.5.0`, `v2.0.0`)\n- `v1.2` - Major.minor version tags (automatically updated for stable releases)\n- `v1` - Major version tags (automatically updated for stable releases)\n\n**Pre-releases:**\n- `develop` - Latest pre-release version (recommended for testing new features)\n- `v1.2.3-beta.1` - Specific pre-release version tags (e.g., `v1.5.0-beta.1`)\n\n\u003e **Tip**: Pre-release containers are automatically built and tagged when semantic-release creates a new pre-release version.\n\n**Development:**\n- `main`/`develop` - Latest commit from respective branches (for CI/testing)\n- `sha-abc123` - Specific commit builds (includes commit SHA for identification)\n\n\u003e **Note**: Container builds are automatically triggered after semantic-release creates new releases using GitHub Actions workflow dependencies. This ensures containers get proper version tags instead of just SHA-based tags.\n\n## Troubleshooting\n\n### Common Issues\n\n1. **helm-unittest not found**: Install the plugin with `helm plugin install https://github.com/helm-unittest/helm-unittest`\n2. **helm-docs not found**: Install with `go install github.com/norwoodj/helm-docs/cmd/helm-docs@latest`\n3. **Trivy not found**: Install from [official docs](https://aquasecurity.github.io/trivy/latest/getting-started/installation/)\n4. **kubeconform not found**: Install from [GitHub releases](https://github.com/yannh/kubeconform/releases)\n\n### Environment Variables\n\nYou can configure tool behavior using environment variables:\n\n- `HELM_LINT_STRICT`: Set to `true` to enable strict mode for helm-lint\n- `HELM_TEMPLATE_DEBUG`: Set to `true` to enable debug output for helm-template\n- `TRIVY_SEVERITY`: Set severity levels for security scanning (default: HIGH,CRITICAL)\n\n## Contributing\n\nContributions are welcome! Please feel free to submit a Pull Request.\n\n## License\n\nThis project is licensed under the MIT License - see the LICENSE file for details.\n\n## Credits\n\nInspired by [pre-commit-terraform](https://github.com/antonbabenko/pre-commit-terraform) by Anton Babenko.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjorisdejosselin%2Fpre-commit-helm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjorisdejosselin%2Fpre-commit-helm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjorisdejosselin%2Fpre-commit-helm/lists"}