mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

feat(ci): test upgrade conformance (#11498)

Browse source 
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
This commit is contained in:
Khaled Emara 2024-11-15 13:53:44 +02:00 committed by GitHub
parent a574123e97
commit 5b08262197
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 227 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

134
.github/actions/run-tests/action.yaml vendored
View file

@ -28,6 +28,9 @@ inputs:
shard-count:
description: Shard count
default: '0'
upgrade-scenario:
description: Determines which version to upgrade from
required: true
runs:
using: composite
steps:
@ -58,17 +61,142 @@ runs:
run: |
set -e
kind load image-archive kyverno.tar --name kind
- name: Install kyverno
- name: Determine Previous Version
id: determine-prev-version
shell: bash
run: |
set -e
set -ex
export HELM=${{ steps.helm.outputs.helm-path }}
$HELM repo add kyverno https://kyverno.github.io/kyverno
$HELM repo update
case "${{ inputs.upgrade-scenario }}" in
"patch")
export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel --versions | awk -F' +' '{print $2}' | awk '{$1=$1};1' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+(\.[0-9]+)?)?$' | awk -F. '!seen[$1"."$2"."$3]++' | head -2 | tail -1)
;;
"minor")
export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel --versions | awk -F' +' '{print $2}' | awk '{$1=$1};1' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+(\.[0-9]+)?)?$' | awk -F. '!seen[$1"."$2]++' | head -2 | tail -1)
;;
"latest")
export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel -o json | jq -r '.[0].version')
;;
*)
export INSTALL_VERSION=none
;;
esac
echo "::set-output name=prev_version::$INSTALL_VERSION"
- name: Checkout Previous Version
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
if: ${{ steps.determine-prev-version.outputs.prev_version != 'none' }}
with:
repository: kyverno/kyverno
ref: kyverno-chart-${{ steps.determine-prev-version.outputs.prev_version }}
path: prev-version
- name: Install Kyverno from prev-version
if: ${{ steps.determine-prev-version.outputs.prev_version != 'none' }}
shell: bash
run: |
set -ex
export HELM=${{ steps.helm.outputs.helm-path }}
export USE_CONFIG=${{ inputs.kyverno-configs }}
cd prev-version
IFS=',' read -ra CONFIGS <<< "$USE_CONFIG"
for config in "${CONFIGS[@]}"; do
if [ ! -f ./scripts/config/$config/kyverno.yaml ]; then
echo "Skipping installation of Kyverno from prev-version for config: $config"
exit 0
fi
done
export INSTALL_VERSION=${{ steps.determine-prev-version.outputs.prev_version }}
echo "Installing Kyverno using Helm with Chart version $INSTALL_VERSION"
make -C .. kind-install-kyverno-from-repo
- name: Determine Next Version
id: determine-next-version
shell: bash
run: |
set -ex
export HELM=${{ steps.helm.outputs.helm-path }}
$HELM repo add kyverno https://kyverno.github.io/kyverno
$HELM repo update
case "${{ inputs.upgrade-scenario }}" in
"patch")
export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel --versions | awk -F' +' '{print $2}' | awk '{$1=$1};1' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+(\.[0-9]+)?)?$' | awk -F. '!seen[$1"."$2"."$3]++' | head -1)
;;
"minor")
export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel --versions | awk -F' +' '{print $2}' | awk '{$1=$1};1' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+(\.[0-9]+)?)?$' | awk -F. '!seen[$1"."$2]++' | head -1)
;;
"latest")
export INSTALL_VERSION=main
;;
*)
export INSTALL_VERSION=main
;;
esac
echo "::set-output name=next_version::$INSTALL_VERSION"
- name: Checkout Next Version
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
if: ${{ steps.determine-next-version.outputs.next_version != 'main' }}
with:
repository: kyverno/kyverno
ref: kyverno-chart-${{ steps.determine-next-version.outputs.next_version }}
path: next-version
- name: Install Kyverno from next-version
if: ${{ steps.determine-next-version.outputs.next_version != 'main' }}
shell: bash
run: |
set -ex
export HELM=${{ steps.helm.outputs.helm-path }}
export USE_CONFIG=${{ inputs.kyverno-configs }}
cd next-version
IFS=',' read -ra CONFIGS <<< "$USE_CONFIG"
for config in "${CONFIGS[@]}"; do
if [ ! -f ./scripts/config/$config/kyverno.yaml ]; then
echo "Skipping installation of Kyverno from prev-version for config: $config"
exit 0
fi
done
export INSTALL_VERSION=${{ steps.determine-next-version.outputs.next_version }}
echo "Installing Kyverno using Helm with Chart version $INSTALL_VERSION"
make -C .. kind-install-kyverno-from-repo
- name: Install Kyverno from main
if: ${{ steps.determine-next-version.outputs.next_version == 'main' }}
shell: bash
run: |
set -ex
export HELM=${{ steps.helm.outputs.helm-path }}
export USE_CONFIG=${{ inputs.kyverno-configs }}
echo "Installing Kyverno from main"
make kind-install-kyverno
- name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready
# run tests
- name: Test with Chainsaw
if: ${{ steps.determine-next-version.outputs.next_version != 'main' }}
shell: bash
env:
GITHUB_TOKEN: ${{ inputs.token }}
run: |
set -e
cd ./next-version/test/conformance/chainsaw
chainsaw test ${{ inputs.tests-path }} \
--config ../${{ inputs.chainsaw-config }} \
--include-test-regex '^chainsaw$/${{ inputs.chainsaw-tests }}' \
--shard-index ${{ inputs.shard-index }} \
--shard-count ${{ inputs.shard-count }}
- name: Test with Chainsaw
if: ${{ steps.determine-next-version.outputs.next_version == 'main' }}
shell: bash
env:
GITHUB_TOKEN: ${{ inputs.token }}
@ -83,4 +211,4 @@ runs:
# debug
- name: Debug failure
if: failure()
uses: ./.github/actions/kyverno-logs
uses: ./.github/actions/kyverno-logs

121
.github/workflows/conformance.yaml vendored
View file

@ -9,12 +9,29 @@ on:
branches:
- "main"
- "release*"
schedule:
- cron: "43 0 * * 0"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
define-matrix:
runs-on: ubuntu-latest
outputs:
upgrades: ${{ steps.upgrades.outputs.upgrades }}
steps:
- name: Set Upgarde Scenarios
id: upgrades
run: |
set -e
if [[ ${{ github.event_name }} == 'pull_request' ]]; then
echo 'upgrades=["latest","minor","patch"]' >> $GITHUB_OUTPUT
else
echo 'upgrades=["none"]' >> $GITHUB_OUTPUT
fi
prepare-images:
runs-on: ubuntu-latest
steps:
@ -81,7 +98,8 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -90,6 +108,7 @@ jobs:
kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: assert
upgrade-scenario: ${{ matrix.upgrade }}
autogen:
runs-on: ubuntu-latest
@ -99,7 +118,8 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -108,6 +128,7 @@ jobs:
kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: autogen
upgrade-scenario: ${{ matrix.upgrade }}
background-only:
runs-on: ubuntu-latest
@ -117,7 +138,8 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -126,6 +148,7 @@ jobs:
kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: background-only
upgrade-scenario: ${{ matrix.upgrade }}
cleanup:
runs-on: ubuntu-latest
@ -135,7 +158,8 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -144,6 +168,7 @@ jobs:
kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: cleanup
upgrade-scenario: ${{ matrix.upgrade }}
deferred:
runs-on: ubuntu-latest
@ -153,7 +178,8 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -162,6 +188,7 @@ jobs:
kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: deferred
upgrade-scenario: ${{ matrix.upgrade }}
events:
runs-on: ubuntu-latest
@ -171,7 +198,8 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -180,6 +208,7 @@ jobs:
kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: events
upgrade-scenario: ${{ matrix.upgrade }}
exceptions:
runs-on: ubuntu-latest
@ -189,8 +218,9 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
shard-index: [0,1]
needs: [ prepare-images ]
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -201,6 +231,7 @@ jobs:
tests-path: exceptions
shard-index: ${{ matrix.shard-index }}
shard-count: 2
upgrade-scenario: ${{ matrix.upgrade }}
filter:
runs-on: ubuntu-latest
@ -210,7 +241,8 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -219,6 +251,7 @@ jobs:
kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: filter
upgrade-scenario: ${{ matrix.upgrade }}
force-failure-policy-ignore:
runs-on: ubuntu-latest
@ -228,7 +261,8 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -237,6 +271,7 @@ jobs:
kyverno-configs: standard,force-failure-policy-ignore
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: force-failure-policy-ignore
upgrade-scenario: ${{ matrix.upgrade }}
generate:
runs-on: ubuntu-latest
@ -246,8 +281,9 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
shard-index: [0,1,2,3,4,5,6,7]
needs: [ prepare-images ]
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -258,6 +294,7 @@ jobs:
tests-path: generate
shard-index: ${{ matrix.shard-index }}
shard-count: 8
upgrade-scenario: ${{ matrix.upgrade }}
generate-validating-admission-policy:
runs-on: ubuntu-latest
@ -267,7 +304,8 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -277,6 +315,7 @@ jobs:
kyverno-configs: standard,generate-validating-admission-policy
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: generate-validating-admission-policy
upgrade-scenario: ${{ matrix.upgrade }}
globalcontext:
runs-on: ubuntu-latest
@ -286,7 +325,8 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -295,6 +335,7 @@ jobs:
kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: globalcontext
upgrade-scenario: ${{ matrix.upgrade }}
lease:
runs-on: ubuntu-latest
@ -304,7 +345,8 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -313,6 +355,7 @@ jobs:
kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: lease
upgrade-scenario: ${{ matrix.upgrade }}
mutate:
runs-on: ubuntu-latest
@ -322,8 +365,9 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
shard-index: [0,1,2]
needs: [ prepare-images ]
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -334,6 +378,7 @@ jobs:
tests-path: mutate
shard-index: ${{ matrix.shard-index }}
shard-count: 3
upgrade-scenario: ${{ matrix.upgrade }}
policy-validation:
runs-on: ubuntu-latest
@ -343,7 +388,8 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -352,6 +398,7 @@ jobs:
kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: policy-validation
upgrade-scenario: ${{ matrix.upgrade }}
rangeoperators:
runs-on: ubuntu-latest
@ -361,7 +408,8 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -370,6 +418,7 @@ jobs:
kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: rangeoperators
upgrade-scenario: ${{ matrix.upgrade }}
rbac:
runs-on: ubuntu-latest
@ -380,7 +429,8 @@ jobs:
matrix:
kyverno-configs: [ standard, default, 'standard,force-failure-policy-ignore' ]
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -389,6 +439,7 @@ jobs:
kyverno-configs: ${{ matrix.kyverno-configs }}
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: rbac
upgrade-scenario: ${{ matrix.upgrade }}
reports:
runs-on: ubuntu-latest
@ -398,8 +449,9 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
shard-index: [0,1]
needs: [ prepare-images ]
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -410,6 +462,7 @@ jobs:
tests-path: reports
shard-index: ${{ matrix.shard-index }}
shard-count: 2
upgrade-scenario: ${{ matrix.upgrade }}
ttl:
runs-on: ubuntu-latest
@ -419,7 +472,8 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -428,6 +482,7 @@ jobs:
kyverno-configs: standard,ttl
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: ttl
upgrade-scenario: ${{ matrix.upgrade }}
validate:
runs-on: ubuntu-latest
@ -437,8 +492,9 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
shard-index: [0,1,2,3,4,5]
needs: [ prepare-images ]
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -449,6 +505,7 @@ jobs:
tests-path: validate
shard-index: ${{ matrix.shard-index }}
shard-count: 6
upgrade-scenario: ${{ matrix.upgrade }}
validating-admission-policy-reports:
runs-on: ubuntu-latest
@ -458,7 +515,8 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -468,6 +526,7 @@ jobs:
kyverno-configs: standard,validating-admission-policy-reports
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: validating-admission-policy-reports
upgrade-scenario: ${{ matrix.upgrade }}
verify-manifests:
runs-on: ubuntu-latest
@ -477,7 +536,8 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -486,6 +546,7 @@ jobs:
kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: verify-manifests
upgrade-scenario: ${{ matrix.upgrade }}
verifyImages:
runs-on: ubuntu-latest
@ -495,8 +556,9 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
shard-index: [0,1]
needs: [ prepare-images ]
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -507,6 +569,7 @@ jobs:
tests-path: verifyImages
shard-index: ${{ matrix.shard-index }}
shard-count: 2
upgrade-scenario: ${{ matrix.upgrade }}
webhook-configurations:
runs-on: ubuntu-latest
@ -516,7 +579,8 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -526,6 +590,7 @@ jobs:
kyverno-configs: standard,generate-validating-admission-policy
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: webhook-configurations
upgrade-scenario: ${{ matrix.upgrade }}
webhooks:
runs-on: ubuntu-latest
@ -535,7 +600,8 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -544,6 +610,7 @@ jobs:
kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: webhooks
upgrade-scenario: ${{ matrix.upgrade }}
sigstore-custom-tuf:
runs-on: ubuntu-latest
@ -553,7 +620,8 @@ jobs:
fail-fast: false
matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests
@ -563,6 +631,7 @@ jobs:
kyverno-configs: standard,sigstore-custom-tuf
token: ${{ secrets.GITHUB_TOKEN }}
tests-path: sigstore-custom-tuf
upgrade-scenario: ${{ matrix.upgrade }}
custom-sigstore:
runs-on: ubuntu-latest

1
scripts/config/kind/vap-v1beta1.yaml
View file

@ -3,6 +3,7 @@ apiVersion: kind.x-k8s.io/v1alpha4
featureGates:
ValidatingAdmissionPolicy: true
runtimeConfig:
admissionregistration.k8s.io/v1alpha1: true # Needed only for the upgrade conformance tests
admissionregistration.k8s.io/v1beta1: true
kubeadmConfigPatches:
- |-