directory only allows for one source, not multiple

[rlnrln]

Our orchestration repo is big. Really big. You just won't believe how vastly hugely mind-bogglingly big it is. I mean, you may think it's a long way down the road to the chemist, but that's just peanuts to our orchestration repo.

As such, we'd like to only test files that have actually changed in a PR.

I tried some (what I though) clever shell commands, and ended up at this:

  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - run: echo "CHANGED_FILES=$(git diff --name-only ${{ github.event.before }}..${{ github.event.after }} | grep 'k8s/.*\.y[a]*ml$' | tr '\n' ' ')" >> $GITHUB_ENV
 
      - name: Scan yaml files with kube-linter
        uses: stackrox/[email protected]
        id: kube-linter-action-scan
        with:
          directory: $CHANGED_FILES
          config: .kube-linter-config.yaml
          # Use plain output, because we don't have GitHub Enterprise which is required for SARIF upload
          format: plain
        continue-on-error: true

Sadly, this fails because directory is interpreted as a single file or directory; if multiple files has been changed, it will try to use "file1.yaml file2.yaml" as a single file, which will of course fail.

Suggestion: extend github action so it supports either directory or files, where the latter can take multiple files as input.

[homburg]

@rlnrln deployment.yaml? Mostly harmless :-D