conftest-helm Test
Description
Special Test type for validating helm deploys with conftest. This is necessary in addition to the conftest
Test type in order to be able to properly render the Helm chart ahead of validation, including all runtime values.
If the helm Deploy requires runtime outputs from other actions, you must list the corresponding dependencies with the dependencies
field.
Note: In most cases, you'll let the
conftest-kubernetes
provider create this Test automatically, but you may in some cases want or need to manually specify files to test.
See the conftest docs for details on how to configure policies.
Below is the full schema reference for the action. For an introduction to configuring Garden, please look at our Configuration guide.
conftest-helm
actions also export values that are available in template strings. See the Outputs section below for details.
Configuration Keys
type
type
The type of action, e.g. exec
, container
or kubernetes
. Some are built into Garden but mostly these will be defined by your configured providers.
string
Yes
name
name
A valid name for the action. Must be unique across all actions of the same kind in your project.
string
Yes
description
description
A description of the action.
string
No
source
source
By default, the directory where the action is defined is used as the source for the build context.
You can override this by setting either source.path
to another (POSIX-style) path relative to the action source directory, or source.repository
to get the source from an external repository.
If using source.path
, you must make sure the target path is in a git repository.
For source.repository
behavior, please refer to the Remote Sources guide.
object
No
source.path
source.path
source > path
A relative POSIX-style path to the source directory for this action. You must make sure this path exists and is in a git repository!
posixPath
No
source.repository
source.repository
source > repository
When set, Garden will import the action source from this repository, but use this action configuration (and not scan for configs in the separate repository).
object
No
source.repository.url
source.repository.url
source > repository > url
A remote repository URL. Currently only supports git servers. Must contain a hash suffix pointing to a specific branch or tag, with the format: #<branch|tag>
gitUrl | string
Yes
Example:
dependencies[]
dependencies[]
A list of other actions that this action depends on, and should be built, deployed or run (depending on the action type) before processing this action.
Each dependency should generally be expressed as a "<kind>.<name>"
string, where is one of build
, deploy
, run
or test
, and is the name of the action to depend on.
You may also optionally specify a dependency as an object, e.g. { kind: "Build", name: "some-image" }
.
Any empty values (i.e. null or empty strings) are ignored, so that you can conditionally add in a dependency via template expressions.
array[actionReference]
[]
No
Example:
disabled
disabled
Set this to true
to disable the action. You can use this with conditional template strings to disable actions based on, for example, the current environment or other variables (e.g. disabled: ${environment.name == "prod"}
). This can be handy when you only need certain actions for specific environments, e.g. only for development.
For Build actions, this means the build is not performed unless it is declared as a dependency by another enabled action (in which case the Build is assumed to be necessary for the dependant action to be run or built).
For other action kinds, the action is skipped in all scenarios, and dependency declarations to it are ignored. Note however that template strings referencing outputs (i.e. runtime outputs) will fail to resolve when the action is disabled, so you need to make sure to provide alternate values for those if you're using them, using conditional expressions.
boolean
false
No
environments[]
environments[]
If set, the action is only enabled for the listed environment types. This is effectively a cleaner shorthand for the disabled
field with an expression for environments. For example, environments: ["prod"]
is equivalent to disabled: ${environment.name != "prod"}
.
array[string]
No
include[]
include[]
Specify a list of POSIX-style paths or globs that should be regarded as source files for this action, and thus will affect the computed version of the action.
For actions other than Build actions, this is usually not necessary to specify, or is implicitly inferred. An exception would be e.g. an exec
action without a build
reference, where the relevant files cannot be inferred and you want to define which files should affect the version of the action, e.g. to make sure a Test action is run when certain files are modified.
Build actions have a different behavior, since they generally are based on some files in the source tree, so please reference the docs for more information on those.
Note that you can also exclude files using the exclude
field or by placing .gardenignore
files in your source tree, which use the same format as .gitignore
files. See the Configuration Files guide for details.
array[posixPath]
No
Example:
exclude[]
exclude[]
Specify a list of POSIX-style paths or glob patterns that should be explicitly excluded from the action's version.
For actions other than Build actions, this is usually not necessary to specify, or is implicitly inferred. For Deploy, Run and Test actions, the exclusions specified here only applied on top of explicitly set include
paths, or such paths inferred by providers. See the Configuration Files guide for details.
Unlike the scan.exclude
field in the project config, the filters here have no effect on which files and directories are watched for changes when watching is enabled. Use the project scan.exclude
field to affect those, if you have large directories that should not be watched for changes.
array[posixPath]
No
Example:
variables
variables
A map of variables scoped to this particular action. These are resolved before any other parts of the action configuration and take precedence over group-scoped variables (if applicable) and project-scoped variables, in that order. They may reference group-scoped and project-scoped variables, and generally can use any template strings normally allowed when resolving the action.
object
No
varfiles[]
varfiles[]
Specify a list of paths (relative to the directory where the action is defined) to a file containing variables, that we apply on top of the action-level variables
field, and take precedence over group-level variables (if applicable) and project-level variables, in that order.
If you specify multiple paths, they are merged in the order specified, i.e. the last one takes precedence over the previous ones.
The format of the files is determined by the configured file's extension:
.yaml
/.yml
- YAML. The file must consist of a YAML document, which must be a map (dictionary). Keys may contain any value type. YAML format is used by default..env
- Standard "dotenv" format, as defined by dotenv..json
- JSON. Must contain a single JSON object (not an array).
NOTE: The default varfile format was changed to YAML in Garden v0.13, since YAML allows for definition of nested objects and arrays.
To use different varfiles in different environments, you can template in the environment name to the varfile name, e.g. varfile: "my-action.${environment.name}.env"
(this assumes that the corresponding varfiles exist).
If a listed varfile cannot be found, throwing an error. To add optional varfiles, you can use a list item object with a path
and an optional optional
boolean field.
array[alternatives]
[]
No
Example:
varfiles[].path
varfiles[].path
varfiles > path
Path to a file containing a path.
posixPath
Yes
varfiles[].optional
varfiles[].optional
varfiles > optional
Whether the varfile is optional.
boolean
No
build
build
Specify a Build action, and resolve this action from the context of that Build.
For example, you might create an exec
Build which prepares some manifests, and then reference that in a kubernetes
Deploy action, and the resulting manifests from the Build.
This would mean that instead of looking for manifest files relative to this action's location in your project structure, the output directory for the referenced exec
Build would be the source.
string
No
kind
kind
string
"Test"
Yes
timeout
timeout
Set a timeout for the test to complete, in seconds.
number
600
No
spec
spec
object
No
spec.policyPath
spec.policyPath
spec > policyPath
POSIX-style path to a directory containing the policies to match the config against, or a specific .rego file, relative to the action root. Must be a relative path, and should in most cases be within the project root. Defaults to the policyPath
set in the provider config.
posixPath
No
spec.namespace
spec.namespace
spec > namespace
The policy namespace in which to find deny and warn rules.
string
"main"
No
spec.combine
spec.combine
spec > combine
Set to true to use the conftest --combine flag
boolean
false
No
spec.build
spec.build
spec > build
Specify a build whose files we want to test.
string
No
spec.files[]
spec.files[]
spec > files
A list of files to test with the given policy. Must be POSIX-style paths, and may include wildcards.
array[posixPath]
Yes
spec.helmDeploy
spec.helmDeploy
spec > helmDeploy
The Helm Deploy action to validate.
actionReference
Yes
Outputs
The following keys are available via the ${actions.test.<name>}
template string key for conftest-helm
action.
${actions.test.<name>.name}
${actions.test.<name>.name}
The name of the action.
string
${actions.test.<name>.disabled}
${actions.test.<name>.disabled}
Whether the action is disabled.
boolean
Example:
${actions.test.<name>.buildPath}
${actions.test.<name>.buildPath}
The local path to the action build directory.
string
Example:
${actions.test.<name>.sourcePath}
${actions.test.<name>.sourcePath}
The local path to the action source directory.
string
Example:
${actions.test.<name>.mode}
${actions.test.<name>.mode}
The mode that the action should be executed in (e.g. 'sync' or 'local' for Deploy actions). Set to 'default' if no special mode is being used.
Build actions inherit the mode from Deploy actions that depend on them. E.g. If a Deploy action is in 'sync' mode and depends on a Build action, the Build action will inherit the 'sync' mode setting from the Deploy action. This enables installing different tools that may be necessary for different development modes.
string
"default"
Example:
${actions.test.<name>.var.*}
${actions.test.<name>.var.*}
The variables configured on the action.
object
{}
${actions.test.<name>.var.<name>}
${actions.test.<name>.var.<name>}
string | number | boolean | link | array[link]
Last updated