From 5b08262197686b36fdca0acdf9878063d8f1a782 Mon Sep 17 00:00:00 2001 From: Khaled Emara Date: Fri, 15 Nov 2024 13:53:44 +0200 Subject: [PATCH] feat(ci): test upgrade conformance (#11498) Signed-off-by: Khaled Emara Co-authored-by: shuting --- .github/actions/run-tests/action.yaml | 134 +++++++++++++++++++++++++- .github/workflows/conformance.yaml | 121 ++++++++++++++++++----- scripts/config/kind/vap-v1beta1.yaml | 1 + 3 files changed, 227 insertions(+), 29 deletions(-) diff --git a/.github/actions/run-tests/action.yaml b/.github/actions/run-tests/action.yaml index f4e9fe12ad..a752e35cf0 100644 --- a/.github/actions/run-tests/action.yaml +++ b/.github/actions/run-tests/action.yaml @@ -28,6 +28,9 @@ inputs: shard-count: description: Shard count default: '0' + upgrade-scenario: + description: Determines which version to upgrade from + required: true runs: using: composite steps: @@ -58,17 +61,142 @@ runs: run: | set -e kind load image-archive kyverno.tar --name kind - - name: Install kyverno + - name: Determine Previous Version + id: determine-prev-version shell: bash run: | - set -e + set -ex + export HELM=${{ steps.helm.outputs.helm-path }} + + $HELM repo add kyverno https://kyverno.github.io/kyverno + $HELM repo update + + case "${{ inputs.upgrade-scenario }}" in + "patch") + export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel --versions | awk -F' +' '{print $2}' | awk '{$1=$1};1' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+(\.[0-9]+)?)?$' | awk -F. '!seen[$1"."$2"."$3]++' | head -2 | tail -1) + ;; + "minor") + export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel --versions | awk -F' +' '{print $2}' | awk '{$1=$1};1' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+(\.[0-9]+)?)?$' | awk -F. '!seen[$1"."$2]++' | head -2 | tail -1) + ;; + "latest") + export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel -o json | jq -r '.[0].version') + ;; + *) + export INSTALL_VERSION=none + ;; + esac + + echo "::set-output name=prev_version::$INSTALL_VERSION" + - name: Checkout Previous Version + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + if: ${{ steps.determine-prev-version.outputs.prev_version != 'none' }} + with: + repository: kyverno/kyverno + ref: kyverno-chart-${{ steps.determine-prev-version.outputs.prev_version }} + path: prev-version + - name: Install Kyverno from prev-version + if: ${{ steps.determine-prev-version.outputs.prev_version != 'none' }} + shell: bash + run: | + set -ex export HELM=${{ steps.helm.outputs.helm-path }} export USE_CONFIG=${{ inputs.kyverno-configs }} + + cd prev-version + + IFS=',' read -ra CONFIGS <<< "$USE_CONFIG" + for config in "${CONFIGS[@]}"; do + if [ ! -f ./scripts/config/$config/kyverno.yaml ]; then + echo "Skipping installation of Kyverno from prev-version for config: $config" + exit 0 + fi + done + + export INSTALL_VERSION=${{ steps.determine-prev-version.outputs.prev_version }} + echo "Installing Kyverno using Helm with Chart version $INSTALL_VERSION" + make -C .. kind-install-kyverno-from-repo + - name: Determine Next Version + id: determine-next-version + shell: bash + run: | + set -ex + export HELM=${{ steps.helm.outputs.helm-path }} + + $HELM repo add kyverno https://kyverno.github.io/kyverno + $HELM repo update + + case "${{ inputs.upgrade-scenario }}" in + "patch") + export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel --versions | awk -F' +' '{print $2}' | awk '{$1=$1};1' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+(\.[0-9]+)?)?$' | awk -F. '!seen[$1"."$2"."$3]++' | head -1) + ;; + "minor") + export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel --versions | awk -F' +' '{print $2}' | awk '{$1=$1};1' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+(\.[0-9]+)?)?$' | awk -F. '!seen[$1"."$2]++' | head -1) + ;; + "latest") + export INSTALL_VERSION=main + ;; + *) + export INSTALL_VERSION=main + ;; + esac + + echo "::set-output name=next_version::$INSTALL_VERSION" + - name: Checkout Next Version + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + if: ${{ steps.determine-next-version.outputs.next_version != 'main' }} + with: + repository: kyverno/kyverno + ref: kyverno-chart-${{ steps.determine-next-version.outputs.next_version }} + path: next-version + - name: Install Kyverno from next-version + if: ${{ steps.determine-next-version.outputs.next_version != 'main' }} + shell: bash + run: | + set -ex + export HELM=${{ steps.helm.outputs.helm-path }} + export USE_CONFIG=${{ inputs.kyverno-configs }} + + cd next-version + + IFS=',' read -ra CONFIGS <<< "$USE_CONFIG" + for config in "${CONFIGS[@]}"; do + if [ ! -f ./scripts/config/$config/kyverno.yaml ]; then + echo "Skipping installation of Kyverno from prev-version for config: $config" + exit 0 + fi + done + + export INSTALL_VERSION=${{ steps.determine-next-version.outputs.next_version }} + echo "Installing Kyverno using Helm with Chart version $INSTALL_VERSION" + make -C .. kind-install-kyverno-from-repo + - name: Install Kyverno from main + if: ${{ steps.determine-next-version.outputs.next_version == 'main' }} + shell: bash + run: | + set -ex + export HELM=${{ steps.helm.outputs.helm-path }} + export USE_CONFIG=${{ inputs.kyverno-configs }} + + echo "Installing Kyverno from main" make kind-install-kyverno - name: Wait for kyverno ready uses: ./.github/actions/kyverno-wait-ready # run tests - name: Test with Chainsaw + if: ${{ steps.determine-next-version.outputs.next_version != 'main' }} + shell: bash + env: + GITHUB_TOKEN: ${{ inputs.token }} + run: | + set -e + cd ./next-version/test/conformance/chainsaw + chainsaw test ${{ inputs.tests-path }} \ + --config ../${{ inputs.chainsaw-config }} \ + --include-test-regex '^chainsaw$/${{ inputs.chainsaw-tests }}' \ + --shard-index ${{ inputs.shard-index }} \ + --shard-count ${{ inputs.shard-count }} + - name: Test with Chainsaw + if: ${{ steps.determine-next-version.outputs.next_version == 'main' }} shell: bash env: GITHUB_TOKEN: ${{ inputs.token }} @@ -83,4 +211,4 @@ runs: # debug - name: Debug failure if: failure() - uses: ./.github/actions/kyverno-logs \ No newline at end of file + uses: ./.github/actions/kyverno-logs diff --git a/.github/workflows/conformance.yaml b/.github/workflows/conformance.yaml index d825707a31..eb0069fc20 100644 --- a/.github/workflows/conformance.yaml +++ b/.github/workflows/conformance.yaml @@ -9,12 +9,29 @@ on: branches: - "main" - "release*" + schedule: + - cron: "43 0 * * 0" concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: + define-matrix: + runs-on: ubuntu-latest + outputs: + upgrades: ${{ steps.upgrades.outputs.upgrades }} + steps: + - name: Set Upgarde Scenarios + id: upgrades + run: | + set -e + if [[ ${{ github.event_name }} == 'pull_request' ]]; then + echo 'upgrades=["latest","minor","patch"]' >> $GITHUB_OUTPUT + else + echo 'upgrades=["none"]' >> $GITHUB_OUTPUT + fi + prepare-images: runs-on: ubuntu-latest steps: @@ -81,7 +98,8 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -90,6 +108,7 @@ jobs: kyverno-configs: standard token: ${{ secrets.GITHUB_TOKEN }} tests-path: assert + upgrade-scenario: ${{ matrix.upgrade }} autogen: runs-on: ubuntu-latest @@ -99,7 +118,8 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -108,6 +128,7 @@ jobs: kyverno-configs: standard token: ${{ secrets.GITHUB_TOKEN }} tests-path: autogen + upgrade-scenario: ${{ matrix.upgrade }} background-only: runs-on: ubuntu-latest @@ -117,7 +138,8 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -126,6 +148,7 @@ jobs: kyverno-configs: standard token: ${{ secrets.GITHUB_TOKEN }} tests-path: background-only + upgrade-scenario: ${{ matrix.upgrade }} cleanup: runs-on: ubuntu-latest @@ -135,7 +158,8 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -144,6 +168,7 @@ jobs: kyverno-configs: standard token: ${{ secrets.GITHUB_TOKEN }} tests-path: cleanup + upgrade-scenario: ${{ matrix.upgrade }} deferred: runs-on: ubuntu-latest @@ -153,7 +178,8 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -162,6 +188,7 @@ jobs: kyverno-configs: standard token: ${{ secrets.GITHUB_TOKEN }} tests-path: deferred + upgrade-scenario: ${{ matrix.upgrade }} events: runs-on: ubuntu-latest @@ -171,7 +198,8 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -180,6 +208,7 @@ jobs: kyverno-configs: standard token: ${{ secrets.GITHUB_TOKEN }} tests-path: events + upgrade-scenario: ${{ matrix.upgrade }} exceptions: runs-on: ubuntu-latest @@ -189,8 +218,9 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} shard-index: [0,1] - needs: [ prepare-images ] + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -201,6 +231,7 @@ jobs: tests-path: exceptions shard-index: ${{ matrix.shard-index }} shard-count: 2 + upgrade-scenario: ${{ matrix.upgrade }} filter: runs-on: ubuntu-latest @@ -210,7 +241,8 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -219,6 +251,7 @@ jobs: kyverno-configs: standard token: ${{ secrets.GITHUB_TOKEN }} tests-path: filter + upgrade-scenario: ${{ matrix.upgrade }} force-failure-policy-ignore: runs-on: ubuntu-latest @@ -228,7 +261,8 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -237,6 +271,7 @@ jobs: kyverno-configs: standard,force-failure-policy-ignore token: ${{ secrets.GITHUB_TOKEN }} tests-path: force-failure-policy-ignore + upgrade-scenario: ${{ matrix.upgrade }} generate: runs-on: ubuntu-latest @@ -246,8 +281,9 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} shard-index: [0,1,2,3,4,5,6,7] - needs: [ prepare-images ] + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -258,6 +294,7 @@ jobs: tests-path: generate shard-index: ${{ matrix.shard-index }} shard-count: 8 + upgrade-scenario: ${{ matrix.upgrade }} generate-validating-admission-policy: runs-on: ubuntu-latest @@ -267,7 +304,8 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -277,6 +315,7 @@ jobs: kyverno-configs: standard,generate-validating-admission-policy token: ${{ secrets.GITHUB_TOKEN }} tests-path: generate-validating-admission-policy + upgrade-scenario: ${{ matrix.upgrade }} globalcontext: runs-on: ubuntu-latest @@ -286,7 +325,8 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -295,6 +335,7 @@ jobs: kyverno-configs: standard token: ${{ secrets.GITHUB_TOKEN }} tests-path: globalcontext + upgrade-scenario: ${{ matrix.upgrade }} lease: runs-on: ubuntu-latest @@ -304,7 +345,8 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -313,6 +355,7 @@ jobs: kyverno-configs: standard token: ${{ secrets.GITHUB_TOKEN }} tests-path: lease + upgrade-scenario: ${{ matrix.upgrade }} mutate: runs-on: ubuntu-latest @@ -322,8 +365,9 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} shard-index: [0,1,2] - needs: [ prepare-images ] + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -334,6 +378,7 @@ jobs: tests-path: mutate shard-index: ${{ matrix.shard-index }} shard-count: 3 + upgrade-scenario: ${{ matrix.upgrade }} policy-validation: runs-on: ubuntu-latest @@ -343,7 +388,8 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -352,6 +398,7 @@ jobs: kyverno-configs: standard token: ${{ secrets.GITHUB_TOKEN }} tests-path: policy-validation + upgrade-scenario: ${{ matrix.upgrade }} rangeoperators: runs-on: ubuntu-latest @@ -361,7 +408,8 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -370,6 +418,7 @@ jobs: kyverno-configs: standard token: ${{ secrets.GITHUB_TOKEN }} tests-path: rangeoperators + upgrade-scenario: ${{ matrix.upgrade }} rbac: runs-on: ubuntu-latest @@ -380,7 +429,8 @@ jobs: matrix: kyverno-configs: [ standard, default, 'standard,force-failure-policy-ignore' ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -389,6 +439,7 @@ jobs: kyverno-configs: ${{ matrix.kyverno-configs }} token: ${{ secrets.GITHUB_TOKEN }} tests-path: rbac + upgrade-scenario: ${{ matrix.upgrade }} reports: runs-on: ubuntu-latest @@ -398,8 +449,9 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} shard-index: [0,1] - needs: [ prepare-images ] + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -410,6 +462,7 @@ jobs: tests-path: reports shard-index: ${{ matrix.shard-index }} shard-count: 2 + upgrade-scenario: ${{ matrix.upgrade }} ttl: runs-on: ubuntu-latest @@ -419,7 +472,8 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -428,6 +482,7 @@ jobs: kyverno-configs: standard,ttl token: ${{ secrets.GITHUB_TOKEN }} tests-path: ttl + upgrade-scenario: ${{ matrix.upgrade }} validate: runs-on: ubuntu-latest @@ -437,8 +492,9 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} shard-index: [0,1,2,3,4,5] - needs: [ prepare-images ] + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -449,6 +505,7 @@ jobs: tests-path: validate shard-index: ${{ matrix.shard-index }} shard-count: 6 + upgrade-scenario: ${{ matrix.upgrade }} validating-admission-policy-reports: runs-on: ubuntu-latest @@ -458,7 +515,8 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -468,6 +526,7 @@ jobs: kyverno-configs: standard,validating-admission-policy-reports token: ${{ secrets.GITHUB_TOKEN }} tests-path: validating-admission-policy-reports + upgrade-scenario: ${{ matrix.upgrade }} verify-manifests: runs-on: ubuntu-latest @@ -477,7 +536,8 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -486,6 +546,7 @@ jobs: kyverno-configs: standard token: ${{ secrets.GITHUB_TOKEN }} tests-path: verify-manifests + upgrade-scenario: ${{ matrix.upgrade }} verifyImages: runs-on: ubuntu-latest @@ -495,8 +556,9 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} shard-index: [0,1] - needs: [ prepare-images ] + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -507,6 +569,7 @@ jobs: tests-path: verifyImages shard-index: ${{ matrix.shard-index }} shard-count: 2 + upgrade-scenario: ${{ matrix.upgrade }} webhook-configurations: runs-on: ubuntu-latest @@ -516,7 +579,8 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -526,6 +590,7 @@ jobs: kyverno-configs: standard,generate-validating-admission-policy token: ${{ secrets.GITHUB_TOKEN }} tests-path: webhook-configurations + upgrade-scenario: ${{ matrix.upgrade }} webhooks: runs-on: ubuntu-latest @@ -535,7 +600,8 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -544,6 +610,7 @@ jobs: kyverno-configs: standard token: ${{ secrets.GITHUB_TOKEN }} tests-path: webhooks + upgrade-scenario: ${{ matrix.upgrade }} sigstore-custom-tuf: runs-on: ubuntu-latest @@ -553,7 +620,8 @@ jobs: fail-fast: false matrix: k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] - needs: [ prepare-images ] + upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }} + needs: [ define-matrix, prepare-images ] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/run-tests @@ -563,6 +631,7 @@ jobs: kyverno-configs: standard,sigstore-custom-tuf token: ${{ secrets.GITHUB_TOKEN }} tests-path: sigstore-custom-tuf + upgrade-scenario: ${{ matrix.upgrade }} custom-sigstore: runs-on: ubuntu-latest diff --git a/scripts/config/kind/vap-v1beta1.yaml b/scripts/config/kind/vap-v1beta1.yaml index 41a46d8211..02529f35a3 100644 --- a/scripts/config/kind/vap-v1beta1.yaml +++ b/scripts/config/kind/vap-v1beta1.yaml @@ -3,6 +3,7 @@ apiVersion: kind.x-k8s.io/v1alpha4 featureGates: ValidatingAdmissionPolicy: true runtimeConfig: + admissionregistration.k8s.io/v1alpha1: true # Needed only for the upgrade conformance tests admissionregistration.k8s.io/v1beta1: true kubeadmConfigPatches: - |-