Sync Cluster Policies #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Sync Cluster Policies | |
| on: | |
| schedule: | |
| - cron: "0 0 * * *" # Runs daily at midnight | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'k8s/shared/infrastructure/cluster-policies/samples/**' | |
| jobs: | |
| sync-policies: | |
| runs-on: ubuntu-latest | |
| env: | |
| KYVERNO_POLICIES_DIR: k8s/shared/infrastructure/cluster-policies/samples/ | |
| KYVERNO_POLICIES_TEMP_DIR: /tmp/cluster-policies | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Download latest Cluster Policies | |
| run: | | |
| git clone --filter=blob:none --sparse https://github.com/kyverno/policies ${{ env.KYVERNO_POLICIES_TEMP_DIR }} | |
| cd ${{ env.KYVERNO_POLICIES_TEMP_DIR }} | |
| git sparse-checkout set --no-cone '*/' ':!.*' | |
| - name: Remove blacklisted policies | |
| run: | | |
| while IFS= read -r pattern; do | |
| find ${{ env.KYVERNO_POLICIES_TEMP_DIR }} -path "${{ env.KYVERNO_POLICIES_TEMP_DIR }}/$pattern" -exec rm -rf {} + | |
| done < .github/cluster-policies-ignore.txt | |
| - name: Copy Cluster Policies to the target directory | |
| run: | | |
| mkdir -p ${{ env.KYVERNO_POLICIES_DIR }} | |
| rm -rf ${{ env.KYVERNO_POLICIES_DIR }}/* | |
| cp -r ${{ env.KYVERNO_POLICIES_TEMP_DIR }}/* ${{ env.KYVERNO_POLICIES_DIR }} | |
| - name: Create PR with changes | |
| uses: peter-evans/create-pull-request@v7 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| commit-message: "chore: sync cluster policies" | |
| title: "chore: sync cluster policies" | |
| body: "Sync Cluster Policies from <https://github.com/kyverno/policies>" | |
| signoff: true |