FluxCD Manifest Linting using pre-commit hooks

The Problem

A major annoyance when pushing changes to a FluxCD repo, are the kustomization failed or similar error messages. Even more annoying if the error doesn’t appear right away.

The Solution

Pre-commit hooks!

Check, lint and kustomize build the repo before letting the commit go through. If everything is fine, let the commit go through. It wont catch 100% of everything, especially if there are dependencies to kustomize scripts within the cluster not listed in the repo. But… Close enough.

The .pre-commit-config

Some ready made pre-commit hooks from gabe565, custom yamllint and custom kustomize build.

./.pre-commit-config.yaml

---
repos:
  - repo: https://github.com/gabe565/pre-commit-fluxcd
    rev: "v0.5.1"
    hooks:
      - id: check-charts-pinned
      - id: check-charts-support-renovate
      - id: check-secrets-encrypted

  - repo: https://github.com/adrienverge/yamllint.git
    rev: v1.37.0
    hooks:
      - id: yamllint
        name: YAML Lint
        entry: yamllint -c ./.yamllint.yaml
        args:
          [
            ./apps/[CLUSTERNAME],
            ./cronjobs/[CLUSTERNAME],
            ./infrastructure/[CLUSTERNAME],
          ]

  - repo: local
    hooks:
      - id: kustomize-build-check
        name: Validate Kustomize builds
        entry: bash -c 'command -v kustomize >/dev/null 2>&1 || { echo >&2 "kustomize command not found. Please install it first."; exit 1; }; find apps/[CLUSTERNAME] cronjobs/[CLUSTERNAME] infrastructure/[CLUSTERNAME] -type f -name kustomization.yaml -exec dirname {} \; | while read dir; do echo "Testing $dir"; kustomize build "$dir" > /dev/null || exit 1; done'
        language: system
        pass_filenames: false

./.yamllint.yaml

---
yaml-files:
  - '*.yaml'
  - '*.yml'
  - '.yamllint'

rules:
  anchors: enable
  braces: enable
  brackets: enable
  colons: enable
  commas: enable
  comments:
    level: warning
  comments-indentation: disable
  document-end: disable
  document-start: disable
  empty-lines: enable
  empty-values: disable
  float-values: disable
  hyphens: enable
  indentation: enable
  key-duplicates: enable
  key-ordering: disable
  line-length: disable
  new-line-at-end-of-file: enable
  new-lines: enable
  octal-values: disable
  quoted-strings: disable
  trailing-spaces: enable
  truthy:
    level: warning

ignore: |
  .github/

Remember to update the cluster name in the pre-commit config