Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/gabe565/pre-commit-fluxcd
Pre-Commit hooks for FluxCD GitOps repos
https://github.com/gabe565/pre-commit-fluxcd
fluxcd gitops pre-commit
Last synced: about 1 month ago
JSON representation
Pre-Commit hooks for FluxCD GitOps repos
- Host: GitHub
- URL: https://github.com/gabe565/pre-commit-fluxcd
- Owner: gabe565
- License: mit
- Created: 2023-12-18T15:59:31.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2024-07-02T21:18:34.000Z (6 months ago)
- Last Synced: 2024-07-03T20:25:03.612Z (6 months ago)
- Topics: fluxcd, gitops, pre-commit
- Language: Go
- Homepage:
- Size: 63.5 KB
- Stars: 10
- Watchers: 2
- Forks: 0
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# Pre-Commit Hooks for FluxCD
A collection of [Pre-Commit](https://pre-commit.com) hooks for FluxCD GitOps repos.
## Installation
Add the following snippet to `.pre-commit-config.yaml`.
```yaml
hooks:
- repo: https://github.com/gabe565/pre-commit-fluxcd
rev: '' # Use the sha / tag you want to point at
hooks:
- id: check-charts-pinned
- id: check-charts-support-renovate
- id: check-drift-detection-enabled
- id: check-secrets-encrypted
```## Hooks
- [check-charts-pinned](#check-charts-pinned)
- [check-charts-support-renovate](#check-charts-support-renovate)
- [check-drift-detection-enabled](#check-drift-detection-enabled)
- [check-secrets-encrypted](#check-secrets-encrypted)### check-charts-pinned
This hook ensures `HelmRelease` Kubernetes manifests have a version pinned at `.spec.chart.spec.version`.### check-charts-support-renovate
[Renovate](https://docs.renovatebot.com/) will only update `HelmRelease` versions if [the following conditions are satisfied](https://docs.renovatebot.com/modules/manager/flux/#helmrelease-support):
- The `HelmRelease` resource has `metadata.namespace` or `spec.chart.spec.sourceRef.namespace` set
- The referenced `HelmRepository` has `metadata.namespace` set.This hook ensures these conditions are satisfied.
### check-drift-detection-enabled
This hook ensures `HelmRelease` manifests have [drift detection](https://fluxcd.io/flux/components/helm/helmreleases/#drift-detection) enabled.
If you would like to allow `warn` mode, add the `--allow-warn` arg:
```yaml
- id: check-drift-detection-enabled
args:
- --allow-warn
```### check-secrets-encrypted
This hook ensures `.env` files, and `Secret` Kubernetes manifests are encrypted using [SOPS](https://github.com/getsops/sops).