ada/agentguard-ci
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

notes about validation workflow

Browse Source
This commit is contained in:
Elizabeth W
2026-04-30 20:22:08 -06:00
parent e0e7018a55
commit 0d80215207
1 changed files with 20 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+20 -8
View File
@@ -44,18 +44,30 @@ The rendered reference reflects the default values in `helm/values.yaml`, so opt
For fast validation while wiring up infrastructure, use these tools together:
- `helm lint ./helm`
- `helm template agentguard-ci ./helm`
- `helm template agentguard-ci ./helm | kubectl apply --dry-run=client -f -`
- `helm template agentguard-ci ./helm | kubectl apply --dry-run=server -f -`
- `argo lint rendered.yaml`
- `./scripts/check-chart.sh`
- `RUN_KUBECTL_CLIENT_CHECK=1 ./scripts/check-chart.sh`
- `RUN_KUBECTL_SERVER_CHECK=1 ./scripts/check-chart.sh`
What each mode does:
- `./scripts/check-chart.sh` runs the fast offline checks used by the repo-managed pre-commit hook: `helm lint`, `helm template`, and `argo lint --offline`.
- `RUN_KUBECTL_CLIENT_CHECK=1 ./scripts/check-chart.sh` adds a client-side `kubectl` dry-run. This is optional because CRD-heavy manifests can still be environment-sensitive here.
- `RUN_KUBECTL_SERVER_CHECK=1 ./scripts/check-chart.sh` adds a server-side dry-run against your current cluster context, which is the strongest validation once the Argo and Infisical CRDs are installed.
Install the shared git hook once per clone:
```bash
git config core.hooksPath .githooks
```
Notes:
- `helm lint` catches Helm chart problems.
- `kubectl --dry-run=client` catches basic Kubernetes schema issues without talking to the cluster.
- `kubectl --dry-run=server` is better once the cluster already has the Argo and Infisical CRDs installed.
- `argo lint` is the most useful Argo-specific check once you have the Argo CLI installed.
- `helm template` proves the chart renders successfully with the current values.
- `argo lint --offline` is the most useful Argo-specific local check because it validates the rendered `ClusterWorkflowTemplate` without needing cluster access.
- `kubectl --dry-run=client` is weaker for CRDs than Argo lint, so it is included as an optional extra check instead of the default hook behavior.
- `kubectl --dry-run=server` is best once the cluster already has the Argo and Infisical CRDs installed.
- CI should still rerun the same baseline checks even if pre-commit already passed, because hooks are local and bypassable. The usual CI extra is the server-side `kubectl` dry-run once a cluster with the needed CRDs is available.
## Installation