The Datree CLI provides a policy enforcement solution to run automatic checks for rule violations in Kuberenetes configuration files.
This action runs the Datree CLI against given k8s configuration file/s in your repository, featuring full Helm and Kustomize support.
To learn more about Datree, visit the datree website.
Get started in 2 simple steps:
- Obtain your Datree account token by following the instructions described here.
- Configure your token by setting DATREE_TOKEN as a secret or environment variable (see "Examples" section of this readme).
In your workflow, set this action as a step. For example:
- name: Run Datree Policy Check
uses: datreeio/action-datree@main
with:
path: 'someDirectory/someFile.yaml'
cliArguments: '--schema-version 1.20.0'| Input | Required | Description |
|---|---|---|
| path | Yes | A path to the file/s you wish to run your Datree test against. This can be a single file or a Glob pattern signifying a directory. When isHelmChart is set, it will be recursive auto search in specified folder for all available helm projects. |
| cliArguments | No | The desired Datree CLI arguments for the policy check. In the above example, schema version 1.20.0 will be used. |
| isHelmChart | No | Specify whether the given path is a Helm chart. If this option is unused, the path will be considered as a regular yaml file. |
| helmArguments | No | The Helm arguments to be used, if the path is a Helm chart. |
| isKustomization | No | Specify whether the given path is a directory containing a "kustomization.yaml" file. If this option is unused, the path will be considered as a regular yaml file. |
| kustomizeArguments | No | The Kustomize arguments to be used, if the path is a Kustomization directory. |
For more information and examples of using this action with Helm/Kustomize, see below
Here is an example workflow that uses this action to run a Datree policy check on all of the k8s manifest files under the current directory, on every push/pull request:
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
env:
DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }}
jobs:
k8sPolicyCheck:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Run Datree Policy Check
uses: datreeio/action-datree@main
with:
path: '**/*.yaml'
cliArguments: '--only-k8s-files'Here is another example that runs a policy check on a single file in the root of the repository on every push, using a policy named "Staging". The output will be in simple text, with no colors or emojis:
on:
push:
branches: [ main ]
env:
DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }}
jobs:
k8sPolicyCheck:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Run Datree Policy Check
uses: datreeio/action-datree@main
with:
path: 'file.yaml'
cliArguments: '--policy Staging --output simple'This action enables performing policy checks on Helm charts, by utilizing the Datree Helm plugin.
To test a Helm chart, simply set the "isHelmChart" parameter to "true", and add any Helm arguments you wish to use to the "helmArguments" parameter, like so:
- name: Run Datree Policy Check
uses: datreeio/action-datree@main
with:
path: 'myChartDirectory'
cliArguments: ''
isHelmChart: true
helmArguments: '--values values.yaml'This action utilizes the Datree CLI's built-in Kustomize support. To use the plugin to test a kustomization, set "isKustomization" to 'true', and add any Kustomize arguments you wish to use to the "kustomizeArguments" setting, like so:
- name: Run Datree Policy Check
uses: datreeio/action-datree@main
with:
path: 'my/kustomization/directory'
isKustomization: true
kustomizeArguments:The result of your policy checks will look like this:
In addition to Datree's standard output, Github's job summary feature is now supported 📝
Your job summary will look like this:
