I'm having some arguments with other developers (devs) on whether or not this is important. I'm gonna finally try to implement this for my own pipeline this week, hopefully.
I would much rather have devs double check/validate things locally before they edit changes.
Modifying config files by using the edit text feature in GitHub (GH), doesn't enable you to do that.
& Devs are lazy. I'm lazy. They want things easy. Me too.
So let's make it easy. Modify your CI/CD pipeline to validate YAML configs on any file changes (use GH hooks for example)
Now devs can do whatever they want - if their pre-deployment checks fail, go back and fix it!
This is a very sensible approach. One pro of having the checks automated instead of just having the developers check carefully their changes is that onboarding a new developer is easier, you will spend less time on very small and specific details and you won't forget to tell some detail.
This is a good approach because it focuses on the desired outcome ('no invalid configs get deployed'), and doesn't try to use a proxy ('you have to validate locally') to get there.
You're basically describing Sentinel for Terraform (https://www.hashicorp.com/sentinel/) or Datree for Kubernetes (https://www.datree.io). There are also a bunch of tools popping up in this space that focus on catching security issues rather than misconfigurations.
I would much rather have devs double check/validate things locally before they edit changes.
Modifying config files by using the edit text feature in GitHub (GH), doesn't enable you to do that.
& Devs are lazy. I'm lazy. They want things easy. Me too.
So let's make it easy. Modify your CI/CD pipeline to validate YAML configs on any file changes (use GH hooks for example)
Now devs can do whatever they want - if their pre-deployment checks fail, go back and fix it!