action fails with kustomize with refs

datreeio / action-datree

Github action that runs the Datree CLI

MIT License

24 stars 15 forks source link

action fails with kustomize with refs #26

Closed Plork closed 1 year ago

Plork commented 1 year ago

When running the cli with the following:

  - name: Run Datree Policy Check
    uses: datreeio/action-datree@main
    with:
      path: kubernetes/application/overlay/test
      cliArguments: '--ignore-missing-schemas'
      isKustomization: true

This fails when the kustomize has a ref to a git repo.

kubectl kustomize errored: error: accumulating resources: accumulation err='accumulating resources from 'ssh:: no such file or directory': no 'git' program on path: exec: "git": executable file not found in $PATH

I saw that the datree/datreecli docker image does not have git installed: https://github.com/datreeio/datree/blob/main/dockerfiles/image-datreeci/Dockerfile#L14

So easiest would be to add git to the container of the action: https://github.com/datreeio/action-datree/blob/main/Dockerfile#L3

hadar-co commented 1 year ago

@Plork thanks for opening an issue:) Can you share why you need git in your use-case?

Plork commented 1 year ago

I don't know what more I need to explain. When you have a Kustomize app and you are referencing a resource with a url instead of a path.

so in short running this:

datree kustomize test $inputpath $cliArguments -- $kustomizeArgs

and then the kustomization.yaml has:

resources:
  - git://github.com/repo/path/base

instead of

resources:
  - ../base

hadar-co commented 1 year ago

I see. This is a specific use-case, I don't think we should add git to the image just for this, in most cases it is not needed.

You can do one of the following:

Add a step in your workflow that installs git before running datree. OR
Check out the other git repo containing your desired resource and reference it with a path.

Plork commented 1 year ago

Oke ... but I do find it weird that it is functionality supported by the cli that won't work in the action. You support Kustomize via the cli .. but not all Kustomize?

I use this right before the datree action.

        uses: actions/checkout@v2

So as you can see the github runner already has git.

The problem is that the container you use with the installed kubectl does not have git. https://github.com/datreeio/datree/blob/main/dockerfiles/image-datreeci/Dockerfile#L10

This is not a specific use-case but common best practice to reference your bases via a repo. Otherwise all your overlays would change when you update your base. (not something you want with git-ops in a regulated environment.

hadar-co commented 1 year ago

@Plork We added git to the image, can you run again and let us know if it's resolved?

Plork commented 1 year ago

Awesome thnx will do asap 👍

Plork commented 1 year ago

you added it to the github action? Shouldnt you rebuilt the github action then for it to have affect.

hadar-co commented 1 year ago

There is nothing to build in the action itself, the action pulls the datreeci image on every run, and the image itself has been rebuilt

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.