A collection of Pre-Commit hooks for FluxCD GitOps repos.
Add the following snippet to .pre-commit-config.yaml
.
hooks:
- repo: https://github.com/gabe565/pre-commit-fluxcd
rev: '' # Use the sha / tag you want to point at
hooks:
- id: check-charts-pinned
- id: check-charts-support-renovate
- id: check-drift-detection-enabled
- id: check-secrets-encrypted
- check-charts-pinned
- check-charts-support-renovate
- check-drift-detection-enabled
- check-secrets-encrypted
This hook ensures HelmRelease
Kubernetes manifests have a version pinned at .spec.chart.spec.version
.
Renovate will only update HelmRelease
versions if the following conditions are satisfied:
- The
HelmRelease
resource hasmetadata.namespace
orspec.chart.spec.sourceRef.namespace
set - The referenced
HelmRepository
hasmetadata.namespace
set.
This hook ensures these conditions are satisfied.
This hook ensures HelmRelease
manifests have drift detection enabled.
If you would like to allow warn
mode, add the --allow-warn
arg:
- id: check-drift-detection-enabled
args:
- --allow-warn
This hook ensures .env
files, and Secret
Kubernetes manifests are encrypted using SOPS.