-
Notifications
You must be signed in to change notification settings - Fork 248
Expand file tree
/
Copy path.yamllint
More file actions
84 lines (72 loc) · 2.07 KB
/
.yamllint
File metadata and controls
84 lines (72 loc) · 2.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
---
# ==============================================================================
# yamllint Configuration for Security-Focused YAML Validation
# ==============================================================================
#
# PURPOSE:
# Validates YAML syntax and style for Kubernetes manifests to catch deployment-
# breaking errors before they reach production. Strict truthy checking prevents
# common Kubernetes misconfigurations (yes/no vs true/false).
#
# USED BY:
# - CodeRabbit: PR-level validation on changed YAML files
# - GitHub Actions: Full codebase validation weekly
#
# KEY SECURITY CHECKS:
# - truthy: Enforces K8s-style booleans (true/false only, not yes/no/on/off)
# - empty-values: Prevents accidental empty values in manifests
# - key-duplicates: Catches copy-paste errors that override critical settings
#
# EXECUTION:
# yamllint -c .yamllint .
# ==============================================================================
extends: default
rules:
# Line length - relaxed for readability
line-length:
max: 120
level: warning
# Indentation - enforce consistency
indentation:
spaces: 2
indent-sequences: true
check-multi-line-strings: false
# Comments - require spacing
comments:
min-spaces-from-content: 1
# Trailing spaces - enforce clean files
trailing-spaces: enable
# Document start - optional for flexibility
document-start: disable
# Truthy values - enforce K8s-style booleans only
truthy:
allowed-values: ['true', 'false']
check-keys: true
# Empty values - security check
empty-values:
forbid-in-block-mappings: true
forbid-in-flow-mappings: true
# Key duplicates - prevent configuration errors
key-duplicates: enable
# Brackets and braces - enforce consistency
brackets:
min-spaces-inside: 0
max-spaces-inside: 0
braces:
min-spaces-inside: 0
max-spaces-inside: 0
ignore: |
**/examples/
**/contrib/
**/scripts/
**/testdata/
**/test/
**/tests/
**/docs/
**/bin/
**/.github/workflows/
**/node_modules/
**/vendor/
.git/
**/*.pb.go
**/*.generated.yaml