[release-3.14] Update net and crypto pkgs #823
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI-Tests | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - release-[0-9]+.[0-9]+ | |
| pull_request: | |
| branches: | |
| - main | |
| - release-[0-9]+.[0-9]+ | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| gosec: | |
| name: Run gosec scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Gatekeeper | |
| uses: actions/checkout@v4 | |
| - name: Run Gosec Security Scanner | |
| uses: securego/[email protected] | |
| with: | |
| args: -no-fail -fmt sonarqube -out gosec.json -stdout -exclude-dir=.go -exclude-dir=test ./... | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: artifacts | |
| path: gosec.json | |
| verify-and-unit-tests: | |
| name: Run verify and unit tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 # Fetch all history for all tags and branches | |
| - uses: actions/setup-go@v3 | |
| with: | |
| go-version-file: go.mod | |
| - name: Verify modules | |
| run: go mod verify | |
| - name: Verify format | |
| run: | | |
| make fmt | |
| git diff --exit-code | |
| - name: Verify manifests | |
| run: | | |
| make manifests | |
| git diff --exit-code | |
| - name: Verify imported manifests | |
| run: | | |
| make import-manifests | |
| git diff --exit-code | |
| - name: Verify bindata | |
| run: | | |
| make verify-bindata | |
| - name: Unit and Integration Tests | |
| run: | | |
| make test | |
| echo "::group::Test coverage" | |
| make test-coverage | |
| echo "::endgroup::" | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: artifacts | |
| path: coverage_unit.out | |
| e2e-tests: | |
| name: Run e2e tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 # Fetch all history for all tags and branches | |
| - uses: actions/setup-go@v3 | |
| with: | |
| go-version-file: go.mod | |
| - name: Download binaries | |
| run: | | |
| make download-binaries | |
| - name: Create K8s KinD Cluster | |
| run: | | |
| make test-cluster | |
| - name: Build and Push Test Container Image to KIND node | |
| run: | | |
| make docker-build IMG=localhost:5000/gatekeeper-operator:$GITHUB_SHA | |
| kind load docker-image localhost:5000/gatekeeper-operator:$GITHUB_SHA | |
| - name: E2E Tests | |
| run: | | |
| make deploy-ci NAMESPACE=gatekeeper-system IMG=localhost:5000/gatekeeper-operator:$GITHUB_SHA | |
| kubectl -n gatekeeper-system wait deployment/gatekeeper-operator-controller --for condition=Available --timeout=90s | |
| kubectl -n gatekeeper-system logs deployment/gatekeeper-operator-controller -c manager -f > operator.log & | |
| make test-e2e NAMESPACE=gatekeeper-system | |
| - name: Debug | |
| if: ${{ failure() }} | |
| run: | | |
| echo "::group::Operator Logs" | |
| cat operator.log | |
| echo "::endgroup::" | |
| e2e-openshift-tests: | |
| name: Run e2e Openshift tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-go@v3 | |
| with: | |
| go-version-file: go.mod | |
| - name: Download binaries | |
| run: | | |
| make download-binaries | |
| - name: Create K8s KinD Cluster | |
| run: | | |
| make test-cluster | |
| make test-openshift-setup | |
| - name: Build and Push Test Container Image to KIND node | |
| run: | | |
| make docker-build IMG=localhost:5000/gatekeeper-operator:$GITHUB_SHA | |
| kind load docker-image localhost:5000/gatekeeper-operator:$GITHUB_SHA | |
| - name: E2E Openshift Tests | |
| run: | | |
| make deploy-ci NAMESPACE=openshift-gatekeeper-system IMG=localhost:5000/gatekeeper-operator:$GITHUB_SHA | |
| kubectl -n openshift-gatekeeper-system patch deployment gatekeeper-operator-controller -p '{"spec" : {"template" :{"spec" : {"securityContext" :{"seccompProfile" : {"type": "RuntimeDefault"}}}}}}' | |
| kubectl -n openshift-gatekeeper-system wait deployment/gatekeeper-operator-controller --for condition=Available --timeout=90s | |
| kubectl -n openshift-gatekeeper-system logs deployment/gatekeeper-operator-controller -c manager -f > operator.log & | |
| make test-e2e-openshift | |
| - name: Debug | |
| if: ${{ failure() }} | |
| run: | | |
| echo "::group::Operator Logs" | |
| cat operator.log | |
| echo "::endgroup::" | |
| gatekeeper-e2e-tests: | |
| name: Run gatekeeper e2e tests | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: gatekeeper-operator | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| path: gatekeeper-operator | |
| fetch-depth: 0 # Fetch all history for all tags and branches | |
| - uses: actions/setup-go@v3 | |
| with: | |
| go-version-file: gatekeeper-operator/go.mod | |
| - name: Download binaries | |
| run: | | |
| make download-binaries | |
| - name: Create K8s KinD Cluster | |
| run: | | |
| make test-cluster | |
| - name: Build and Push Test Container Image to KIND node | |
| run: | | |
| make docker-build IMG=localhost:5000/gatekeeper-operator:$GITHUB_SHA | |
| kind load docker-image localhost:5000/gatekeeper-operator:$GITHUB_SHA | |
| - name: Set Up Environment Variables | |
| run: | | |
| GATEKEEPER_VERSION=v$(cat GATEKEEPER_VERSION || cat VERSION) | |
| echo "GATEKEEPER_VERSION=${GATEKEEPER_VERSION}" >> ${GITHUB_ENV} | |
| # Checkout a local copy of Gatekeeper to use its bats e2e tests. | |
| - name: Checkout Gatekeeper to verify imported manifests | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: open-policy-agent/gatekeeper | |
| ref: ${{ env.GATEKEEPER_VERSION }} | |
| path: gatekeeper | |
| fetch-depth: 0 # Fetch all history for all tags and branches | |
| - name: Gatekeeper E2E Tests | |
| env: | |
| NAMESPACE: gatekeeper-system | |
| run: | | |
| make download-binaries | |
| make deploy-ci IMG=localhost:5000/gatekeeper-operator:$GITHUB_SHA | |
| kubectl -n ${NAMESPACE} wait deployment/gatekeeper-operator-controller --for condition=Available --timeout=90s | |
| make test-gatekeeper-e2e | |
| export PATH=$PWD/ci-tools/bin:$PATH | |
| cd ../gatekeeper | |
| test/externaldata/dummy-provider/scripts/generate-tls-certificate.sh | |
| ( | |
| cd test/externaldata/dummy-provider | |
| go mod init github.com/open-policy-agent/gatekeeper/test/externaldata/dummy-provider | |
| go get github.com/open-policy-agent/frameworks/[email protected] | |
| sed -i 's/go mod init &&//' Dockerfile | |
| ) | |
| docker build -t dummy-provider:test -f test/externaldata/dummy-provider/Dockerfile test/externaldata/dummy-provider | |
| kind load docker-image --name kind dummy-provider:test | |
| make test-e2e GATEKEEPER_NAMESPACE=${NAMESPACE} ENABLE_MUTATION_TESTS=1 |