Родитель
70295c1836
Коммит
d8bc03507f
|
@ -16,6 +16,20 @@
|
|||
"clear": true,
|
||||
"panel": "dedicated"
|
||||
}
|
||||
},
|
||||
{
|
||||
"label": "build",
|
||||
"type": "shell",
|
||||
"command": "Invoke-Build Build",
|
||||
"group": {
|
||||
"kind": "build",
|
||||
"isDefault": true
|
||||
},
|
||||
"problemMatcher": [ "$pester" ],
|
||||
"presentation": {
|
||||
"clear": true,
|
||||
"panel": "dedicated"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
@ -38,6 +38,12 @@ Invoke-PSRule -Module PSRule.Rules.Kubernetes -InputPath .\service.yaml;
|
|||
Invoke-PSRule -Module PSRule.Rules.Kubernetes -InputObject (kubectl get services -o yaml | Out-String) -Format Yaml -ObjectPath items;
|
||||
```
|
||||
|
||||
## Rule reference
|
||||
|
||||
The following rules are included in the `PSRule.Rules.Kubernetes` module:
|
||||
|
||||
- [PSRule.Rules.Kubernetes](docs/rules/en-US/Kubernetes.md)
|
||||
|
||||
## Changes and versioning
|
||||
|
||||
Modules in this repository will use the [semantic versioning](http://semver.org/) model to declare breaking changes from v1.0.0. Prior to v1.0.0, breaking changes may be introduced in minor (0.x.0) version increments. For a list of module changes please see the [change log](CHANGELOG.md).
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
|
||||
Document 'Kubernetes' {
|
||||
Title 'Kubernetes rules'
|
||||
|
||||
Metadata @{
|
||||
'generated-by' = 'PSDocs'
|
||||
}
|
||||
|
||||
Get-PSRule | Table -Property RuleName, Description
|
||||
}
|
|
@ -0,0 +1,78 @@
|
|||
# Azure DevOps
|
||||
# Build pipeline for PSRule.Rules.Kubernetes
|
||||
|
||||
strategy:
|
||||
matrix:
|
||||
Linux:
|
||||
imageName: 'ubuntu-16.04'
|
||||
MacOS:
|
||||
imageName: 'macos-10.13'
|
||||
Windows:
|
||||
imageName: 'vs2017-win2016'
|
||||
publishModule: 'true'
|
||||
analysis: 'true'
|
||||
coverage: 'true'
|
||||
|
||||
variables:
|
||||
buildConfiguration: 'Release'
|
||||
version: '0.1.0'
|
||||
|
||||
# Use build number format, i.e. 0.1.0-B181101
|
||||
name: $(version)-B$(date:yyMM)$(rev:rr)
|
||||
|
||||
trigger:
|
||||
- master
|
||||
|
||||
pool:
|
||||
vmImage: $(imageName)
|
||||
|
||||
steps:
|
||||
|
||||
# Install pipeline dependencies and build module
|
||||
- powershell: ./scripts/pipeline-build.ps1 -File ./PSRule.build.ps1 -Configuration $(buildConfiguration) -ModuleVersion $(Build.BuildNumber) -ReleaseVersion "$(Release.Version)"
|
||||
displayName: 'Build module'
|
||||
|
||||
# Pester test results
|
||||
- task: PublishTestResults@2
|
||||
displayName: 'Publish Pester results'
|
||||
inputs:
|
||||
testRunTitle: 'Pester on $(imageName)'
|
||||
testRunner: NUnit
|
||||
testResultsFiles: 'reports/pester-unit.xml'
|
||||
mergeTestResults: true
|
||||
platform: $(imageName)
|
||||
configuration: $(buildConfiguration)
|
||||
publishRunAttachments: true
|
||||
condition: succeededOrFailed()
|
||||
|
||||
# PSRule results
|
||||
# - task: PublishTestResults@2
|
||||
# displayName: 'Publish PSRule results'
|
||||
# inputs:
|
||||
# testRunTitle: 'PSRule on $(imageName)'
|
||||
# testRunner: NUnit
|
||||
# testResultsFiles: 'reports/rule.report.xml'
|
||||
# mergeTestResults: true
|
||||
# platform: $(imageName)
|
||||
# configuration: $(buildConfiguration)
|
||||
# publishRunAttachments: true
|
||||
# condition: succeededOrFailed()
|
||||
|
||||
# Publish Code Coverage Results
|
||||
- task: PublishCodeCoverageResults@1
|
||||
displayName: 'Publish Pester code coverage'
|
||||
inputs:
|
||||
codeCoverageTool: 'JaCoCo'
|
||||
summaryFileLocation: 'reports/pester-coverage.xml'
|
||||
#reportDirectory: # Optional
|
||||
#additionalCodeCoverageFiles: # Optional
|
||||
#failIfCoverageEmpty: false # Optional
|
||||
condition: eq(variables['coverage'], 'true')
|
||||
|
||||
# Generate artifacts
|
||||
- task: PublishBuildArtifacts@1
|
||||
displayName: 'Publish module'
|
||||
inputs:
|
||||
PathtoPublish: out/modules/PSRule.Rules.Kubernetes
|
||||
ArtifactName: PSRule.Rules.Kubernetes
|
||||
condition: and(succeeded(), eq(variables['publishModule'], 'true'))
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
generated-by: PSDocs
|
||||
---
|
||||
|
||||
# Kubernetes rules
|
||||
|
||||
RuleName | Description
|
||||
-------- | -----------
|
||||
Kubernetes.AKS.PublicLoadBalancer | Services should not include a public load balancer
|
||||
Kubernetes.Deployment.PrivilegeEscalation | Containers should deny privilege escalation
|
||||
Kubernetes.Deployment.NotLatestImage | Containers should use specific tags instead of latest
|
||||
Kubernetes.Deployment.ResourcesSet | Resource requirements are set for each container
|
||||
Kubernetes.Metadata | Must have the app.kubernetes.io/name label
|
|
@ -1,9 +1,30 @@
|
|||
|
||||
[CmdletBinding()]
|
||||
param (
|
||||
[Parameter(Mandatory = $False)]
|
||||
[String]$ModuleVersion,
|
||||
|
||||
[Parameter(Mandatory = $False)]
|
||||
[AllowNull()]
|
||||
[String]$ReleaseVersion,
|
||||
|
||||
[Parameter(Mandatory = $False)]
|
||||
[String]$Configuration = 'Debug',
|
||||
|
||||
[Parameter(Mandatory = $False)]
|
||||
[String]$NuGetApiKey,
|
||||
|
||||
[Parameter(Mandatory = $False)]
|
||||
[Switch]$CodeCoverage = $False,
|
||||
|
||||
[Parameter(Mandatory = $False)]
|
||||
[String]$ArtifactPath = (Join-Path -Path $PWD -ChildPath out/modules)
|
||||
)
|
||||
|
||||
if ($Env:Coverage -eq 'true') {
|
||||
$CodeCoverage = $True;
|
||||
}
|
||||
|
||||
# Copy the PowerShell modules files to the destination path
|
||||
function CopyModuleFiles {
|
||||
|
||||
|
@ -34,6 +55,51 @@ function CopyModuleFiles {
|
|||
}
|
||||
}
|
||||
|
||||
task VersionModule {
|
||||
if (![String]::IsNullOrEmpty($ReleaseVersion)) {
|
||||
Write-Verbose -Message "[VersionModule] -- ReleaseVersion: $ReleaseVersion";
|
||||
$ModuleVersion = $ReleaseVersion;
|
||||
}
|
||||
|
||||
if (![String]::IsNullOrEmpty($ModuleVersion)) {
|
||||
Write-Verbose -Message "[VersionModule] -- ModuleVersion: $ModuleVersion";
|
||||
|
||||
$version = $ModuleVersion;
|
||||
$revision = [String]::Empty;
|
||||
|
||||
Write-Verbose -Message "[VersionModule] -- Using Version: $version";
|
||||
Write-Verbose -Message "[VersionModule] -- Using Revision: $revision";
|
||||
|
||||
if ($version -like '*-*') {
|
||||
[String[]]$versionParts = $version.Split('-', [System.StringSplitOptions]::RemoveEmptyEntries);
|
||||
$version = $versionParts[0];
|
||||
|
||||
if ($versionParts.Length -eq 2) {
|
||||
$revision = $versionParts[1];
|
||||
}
|
||||
}
|
||||
|
||||
# Update module version
|
||||
if (![String]::IsNullOrEmpty($version)) {
|
||||
Write-Verbose -Message "[VersionModule] -- Updating module manifest ModuleVersion";
|
||||
Update-ModuleManifest -Path (Join-Path -Path $ArtifactPath -ChildPath PSRule.Rules.Kubernetes/PSRule.Rules.Kubernetes.psd1) -ModuleVersion $version;
|
||||
}
|
||||
|
||||
# Update pre-release version
|
||||
if (![String]::IsNullOrEmpty($revision)) {
|
||||
Write-Verbose -Message "[VersionModule] -- Updating module manifest Prerelease";
|
||||
Update-ModuleManifest -Path (Join-Path -Path $ArtifactPath -ChildPath PSRule.Rules.Kubernetes/PSRule.Rules.Kubernetes.psd1) -Prerelease $revision;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
task ReleaseModule VersionModule, {
|
||||
if (![String]::IsNullOrEmpty($NuGetApiKey)) {
|
||||
# Publish to PowerShell Gallery
|
||||
Publish-Module -Path (Join-Path -Path $ArtifactPath -ChildPath PSRule.Rules.Kubernetes) -NuGetApiKey $NuGetApiKey;
|
||||
}
|
||||
}
|
||||
|
||||
# Synopsis: Install NuGet provider
|
||||
task NuGet {
|
||||
if ($Null -eq (Get-PackageProvider -Name NuGet -ErrorAction Ignore)) {
|
||||
|
@ -65,6 +131,14 @@ task PSRule NuGet, {
|
|||
Import-Module -Name PSRule -Verbose:$False;
|
||||
}
|
||||
|
||||
# Synopsis: Install PSDocs
|
||||
task PSDocs NuGet, {
|
||||
if ($Null -eq (Get-InstalledModule -Name PSDocs -MinimumVersion 0.6.1 -ErrorAction Ignore)) {
|
||||
Install-Module -Name PSDocs -MinimumVersion 0.6.1 -Scope CurrentUser -Force;
|
||||
}
|
||||
Import-Module -Name PSDocs -Verbose:$False;
|
||||
}
|
||||
|
||||
task CopyModule {
|
||||
CopyModuleFiles -Path src/PSRule.Rules.Kubernetes -DestinationPath out/modules/PSRule.Rules.Kubernetes;
|
||||
|
||||
|
@ -95,13 +169,20 @@ task TestRules PSRule, Pester, PSScriptAnalyzer, {
|
|||
}
|
||||
}
|
||||
|
||||
# Synopsis: Build table of content for rules
|
||||
task BuildRuleDocs PSDocs, {
|
||||
Invoke-PSDocument -Name Kubernetes -OutputPath .\docs\rules\en-US\ -Path .\RuleToc.Document.ps1
|
||||
}
|
||||
|
||||
# Synopsis: Remove temp files.
|
||||
task Clean {
|
||||
Remove-Item -Path out,reports -Recurse -Force -ErrorAction SilentlyContinue;
|
||||
}
|
||||
|
||||
task Build Clean, BuildModule
|
||||
task Build Clean, BuildModule, BuildRuleDocs
|
||||
|
||||
task Test Build, TestRules
|
||||
|
||||
task Release ReleaseModule
|
||||
|
||||
task . Build
|
||||
|
|
|
@ -8,7 +8,26 @@ param (
|
|||
[String]$File,
|
||||
|
||||
[Parameter(Mandatory = $False)]
|
||||
[String]$Task
|
||||
[String]$Task,
|
||||
|
||||
[Parameter(Mandatory = $False)]
|
||||
[String]$ModuleVersion,
|
||||
|
||||
[Parameter(Mandatory = $False)]
|
||||
[AllowNull()]
|
||||
[String]$ReleaseVersion,
|
||||
|
||||
[Parameter(Mandatory = $False)]
|
||||
[String]$Configuration,
|
||||
|
||||
[Parameter(Mandatory = $False)]
|
||||
[String]$NuGetApiKey,
|
||||
|
||||
[Parameter(Mandatory = $False)]
|
||||
[Switch]$CodeCoverage = $False,
|
||||
|
||||
[Parameter(Mandatory = $False)]
|
||||
[String]$ArtifactPath
|
||||
)
|
||||
|
||||
if ($Null -eq (Get-PackageProvider -Name NuGet -ErrorAction Ignore)) {
|
||||
|
|
Загрузка…
Ссылка в новой задаче