1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-01-20 18:52:16 +00:00

feat(ci): test upgrade conformance (#11498)

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
This commit is contained in:
Khaled Emara 2024-11-15 13:53:44 +02:00 committed by GitHub
parent a574123e97
commit 5b08262197
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 227 additions and 29 deletions

View file

@ -28,6 +28,9 @@ inputs:
shard-count: shard-count:
description: Shard count description: Shard count
default: '0' default: '0'
upgrade-scenario:
description: Determines which version to upgrade from
required: true
runs: runs:
using: composite using: composite
steps: steps:
@ -58,17 +61,142 @@ runs:
run: | run: |
set -e set -e
kind load image-archive kyverno.tar --name kind kind load image-archive kyverno.tar --name kind
- name: Install kyverno - name: Determine Previous Version
id: determine-prev-version
shell: bash shell: bash
run: | run: |
set -e set -ex
export HELM=${{ steps.helm.outputs.helm-path }}
$HELM repo add kyverno https://kyverno.github.io/kyverno
$HELM repo update
case "${{ inputs.upgrade-scenario }}" in
"patch")
export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel --versions | awk -F' +' '{print $2}' | awk '{$1=$1};1' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+(\.[0-9]+)?)?$' | awk -F. '!seen[$1"."$2"."$3]++' | head -2 | tail -1)
;;
"minor")
export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel --versions | awk -F' +' '{print $2}' | awk '{$1=$1};1' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+(\.[0-9]+)?)?$' | awk -F. '!seen[$1"."$2]++' | head -2 | tail -1)
;;
"latest")
export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel -o json | jq -r '.[0].version')
;;
*)
export INSTALL_VERSION=none
;;
esac
echo "::set-output name=prev_version::$INSTALL_VERSION"
- name: Checkout Previous Version
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
if: ${{ steps.determine-prev-version.outputs.prev_version != 'none' }}
with:
repository: kyverno/kyverno
ref: kyverno-chart-${{ steps.determine-prev-version.outputs.prev_version }}
path: prev-version
- name: Install Kyverno from prev-version
if: ${{ steps.determine-prev-version.outputs.prev_version != 'none' }}
shell: bash
run: |
set -ex
export HELM=${{ steps.helm.outputs.helm-path }} export HELM=${{ steps.helm.outputs.helm-path }}
export USE_CONFIG=${{ inputs.kyverno-configs }} export USE_CONFIG=${{ inputs.kyverno-configs }}
cd prev-version
IFS=',' read -ra CONFIGS <<< "$USE_CONFIG"
for config in "${CONFIGS[@]}"; do
if [ ! -f ./scripts/config/$config/kyverno.yaml ]; then
echo "Skipping installation of Kyverno from prev-version for config: $config"
exit 0
fi
done
export INSTALL_VERSION=${{ steps.determine-prev-version.outputs.prev_version }}
echo "Installing Kyverno using Helm with Chart version $INSTALL_VERSION"
make -C .. kind-install-kyverno-from-repo
- name: Determine Next Version
id: determine-next-version
shell: bash
run: |
set -ex
export HELM=${{ steps.helm.outputs.helm-path }}
$HELM repo add kyverno https://kyverno.github.io/kyverno
$HELM repo update
case "${{ inputs.upgrade-scenario }}" in
"patch")
export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel --versions | awk -F' +' '{print $2}' | awk '{$1=$1};1' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+(\.[0-9]+)?)?$' | awk -F. '!seen[$1"."$2"."$3]++' | head -1)
;;
"minor")
export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel --versions | awk -F' +' '{print $2}' | awk '{$1=$1};1' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+(\.[0-9]+)?)?$' | awk -F. '!seen[$1"."$2]++' | head -1)
;;
"latest")
export INSTALL_VERSION=main
;;
*)
export INSTALL_VERSION=main
;;
esac
echo "::set-output name=next_version::$INSTALL_VERSION"
- name: Checkout Next Version
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
if: ${{ steps.determine-next-version.outputs.next_version != 'main' }}
with:
repository: kyverno/kyverno
ref: kyverno-chart-${{ steps.determine-next-version.outputs.next_version }}
path: next-version
- name: Install Kyverno from next-version
if: ${{ steps.determine-next-version.outputs.next_version != 'main' }}
shell: bash
run: |
set -ex
export HELM=${{ steps.helm.outputs.helm-path }}
export USE_CONFIG=${{ inputs.kyverno-configs }}
cd next-version
IFS=',' read -ra CONFIGS <<< "$USE_CONFIG"
for config in "${CONFIGS[@]}"; do
if [ ! -f ./scripts/config/$config/kyverno.yaml ]; then
echo "Skipping installation of Kyverno from prev-version for config: $config"
exit 0
fi
done
export INSTALL_VERSION=${{ steps.determine-next-version.outputs.next_version }}
echo "Installing Kyverno using Helm with Chart version $INSTALL_VERSION"
make -C .. kind-install-kyverno-from-repo
- name: Install Kyverno from main
if: ${{ steps.determine-next-version.outputs.next_version == 'main' }}
shell: bash
run: |
set -ex
export HELM=${{ steps.helm.outputs.helm-path }}
export USE_CONFIG=${{ inputs.kyverno-configs }}
echo "Installing Kyverno from main"
make kind-install-kyverno make kind-install-kyverno
- name: Wait for kyverno ready - name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready uses: ./.github/actions/kyverno-wait-ready
# run tests # run tests
- name: Test with Chainsaw - name: Test with Chainsaw
if: ${{ steps.determine-next-version.outputs.next_version != 'main' }}
shell: bash
env:
GITHUB_TOKEN: ${{ inputs.token }}
run: |
set -e
cd ./next-version/test/conformance/chainsaw
chainsaw test ${{ inputs.tests-path }} \
--config ../${{ inputs.chainsaw-config }} \
--include-test-regex '^chainsaw$/${{ inputs.chainsaw-tests }}' \
--shard-index ${{ inputs.shard-index }} \
--shard-count ${{ inputs.shard-count }}
- name: Test with Chainsaw
if: ${{ steps.determine-next-version.outputs.next_version == 'main' }}
shell: bash shell: bash
env: env:
GITHUB_TOKEN: ${{ inputs.token }} GITHUB_TOKEN: ${{ inputs.token }}

View file

@ -9,12 +9,29 @@ on:
branches: branches:
- "main" - "main"
- "release*" - "release*"
schedule:
- cron: "43 0 * * 0"
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
define-matrix:
runs-on: ubuntu-latest
outputs:
upgrades: ${{ steps.upgrades.outputs.upgrades }}
steps:
- name: Set Upgarde Scenarios
id: upgrades
run: |
set -e
if [[ ${{ github.event_name }} == 'pull_request' ]]; then
echo 'upgrades=["latest","minor","patch"]' >> $GITHUB_OUTPUT
else
echo 'upgrades=["none"]' >> $GITHUB_OUTPUT
fi
prepare-images: prepare-images:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@ -81,7 +98,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -90,6 +108,7 @@ jobs:
kyverno-configs: standard kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: assert tests-path: assert
upgrade-scenario: ${{ matrix.upgrade }}
autogen: autogen:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -99,7 +118,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -108,6 +128,7 @@ jobs:
kyverno-configs: standard kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: autogen tests-path: autogen
upgrade-scenario: ${{ matrix.upgrade }}
background-only: background-only:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -117,7 +138,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -126,6 +148,7 @@ jobs:
kyverno-configs: standard kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: background-only tests-path: background-only
upgrade-scenario: ${{ matrix.upgrade }}
cleanup: cleanup:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -135,7 +158,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -144,6 +168,7 @@ jobs:
kyverno-configs: standard kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: cleanup tests-path: cleanup
upgrade-scenario: ${{ matrix.upgrade }}
deferred: deferred:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -153,7 +178,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -162,6 +188,7 @@ jobs:
kyverno-configs: standard kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: deferred tests-path: deferred
upgrade-scenario: ${{ matrix.upgrade }}
events: events:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -171,7 +198,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -180,6 +208,7 @@ jobs:
kyverno-configs: standard kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: events tests-path: events
upgrade-scenario: ${{ matrix.upgrade }}
exceptions: exceptions:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -189,8 +218,9 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
shard-index: [0,1] shard-index: [0,1]
needs: [ prepare-images ] needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -201,6 +231,7 @@ jobs:
tests-path: exceptions tests-path: exceptions
shard-index: ${{ matrix.shard-index }} shard-index: ${{ matrix.shard-index }}
shard-count: 2 shard-count: 2
upgrade-scenario: ${{ matrix.upgrade }}
filter: filter:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -210,7 +241,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -219,6 +251,7 @@ jobs:
kyverno-configs: standard kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: filter tests-path: filter
upgrade-scenario: ${{ matrix.upgrade }}
force-failure-policy-ignore: force-failure-policy-ignore:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -228,7 +261,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -237,6 +271,7 @@ jobs:
kyverno-configs: standard,force-failure-policy-ignore kyverno-configs: standard,force-failure-policy-ignore
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: force-failure-policy-ignore tests-path: force-failure-policy-ignore
upgrade-scenario: ${{ matrix.upgrade }}
generate: generate:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -246,8 +281,9 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
shard-index: [0,1,2,3,4,5,6,7] shard-index: [0,1,2,3,4,5,6,7]
needs: [ prepare-images ] needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -258,6 +294,7 @@ jobs:
tests-path: generate tests-path: generate
shard-index: ${{ matrix.shard-index }} shard-index: ${{ matrix.shard-index }}
shard-count: 8 shard-count: 8
upgrade-scenario: ${{ matrix.upgrade }}
generate-validating-admission-policy: generate-validating-admission-policy:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -267,7 +304,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -277,6 +315,7 @@ jobs:
kyverno-configs: standard,generate-validating-admission-policy kyverno-configs: standard,generate-validating-admission-policy
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: generate-validating-admission-policy tests-path: generate-validating-admission-policy
upgrade-scenario: ${{ matrix.upgrade }}
globalcontext: globalcontext:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -286,7 +325,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -295,6 +335,7 @@ jobs:
kyverno-configs: standard kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: globalcontext tests-path: globalcontext
upgrade-scenario: ${{ matrix.upgrade }}
lease: lease:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -304,7 +345,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -313,6 +355,7 @@ jobs:
kyverno-configs: standard kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: lease tests-path: lease
upgrade-scenario: ${{ matrix.upgrade }}
mutate: mutate:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -322,8 +365,9 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
shard-index: [0,1,2] shard-index: [0,1,2]
needs: [ prepare-images ] needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -334,6 +378,7 @@ jobs:
tests-path: mutate tests-path: mutate
shard-index: ${{ matrix.shard-index }} shard-index: ${{ matrix.shard-index }}
shard-count: 3 shard-count: 3
upgrade-scenario: ${{ matrix.upgrade }}
policy-validation: policy-validation:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -343,7 +388,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -352,6 +398,7 @@ jobs:
kyverno-configs: standard kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: policy-validation tests-path: policy-validation
upgrade-scenario: ${{ matrix.upgrade }}
rangeoperators: rangeoperators:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -361,7 +408,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -370,6 +418,7 @@ jobs:
kyverno-configs: standard kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: rangeoperators tests-path: rangeoperators
upgrade-scenario: ${{ matrix.upgrade }}
rbac: rbac:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -380,7 +429,8 @@ jobs:
matrix: matrix:
kyverno-configs: [ standard, default, 'standard,force-failure-policy-ignore' ] kyverno-configs: [ standard, default, 'standard,force-failure-policy-ignore' ]
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -389,6 +439,7 @@ jobs:
kyverno-configs: ${{ matrix.kyverno-configs }} kyverno-configs: ${{ matrix.kyverno-configs }}
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: rbac tests-path: rbac
upgrade-scenario: ${{ matrix.upgrade }}
reports: reports:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -398,8 +449,9 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
shard-index: [0,1] shard-index: [0,1]
needs: [ prepare-images ] needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -410,6 +462,7 @@ jobs:
tests-path: reports tests-path: reports
shard-index: ${{ matrix.shard-index }} shard-index: ${{ matrix.shard-index }}
shard-count: 2 shard-count: 2
upgrade-scenario: ${{ matrix.upgrade }}
ttl: ttl:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -419,7 +472,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -428,6 +482,7 @@ jobs:
kyverno-configs: standard,ttl kyverno-configs: standard,ttl
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: ttl tests-path: ttl
upgrade-scenario: ${{ matrix.upgrade }}
validate: validate:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -437,8 +492,9 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
shard-index: [0,1,2,3,4,5] shard-index: [0,1,2,3,4,5]
needs: [ prepare-images ] needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -449,6 +505,7 @@ jobs:
tests-path: validate tests-path: validate
shard-index: ${{ matrix.shard-index }} shard-index: ${{ matrix.shard-index }}
shard-count: 6 shard-count: 6
upgrade-scenario: ${{ matrix.upgrade }}
validating-admission-policy-reports: validating-admission-policy-reports:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -458,7 +515,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -468,6 +526,7 @@ jobs:
kyverno-configs: standard,validating-admission-policy-reports kyverno-configs: standard,validating-admission-policy-reports
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: validating-admission-policy-reports tests-path: validating-admission-policy-reports
upgrade-scenario: ${{ matrix.upgrade }}
verify-manifests: verify-manifests:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -477,7 +536,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -486,6 +546,7 @@ jobs:
kyverno-configs: standard kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: verify-manifests tests-path: verify-manifests
upgrade-scenario: ${{ matrix.upgrade }}
verifyImages: verifyImages:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -495,8 +556,9 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
shard-index: [0,1] shard-index: [0,1]
needs: [ prepare-images ] needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -507,6 +569,7 @@ jobs:
tests-path: verifyImages tests-path: verifyImages
shard-index: ${{ matrix.shard-index }} shard-index: ${{ matrix.shard-index }}
shard-count: 2 shard-count: 2
upgrade-scenario: ${{ matrix.upgrade }}
webhook-configurations: webhook-configurations:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -516,7 +579,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -526,6 +590,7 @@ jobs:
kyverno-configs: standard,generate-validating-admission-policy kyverno-configs: standard,generate-validating-admission-policy
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: webhook-configurations tests-path: webhook-configurations
upgrade-scenario: ${{ matrix.upgrade }}
webhooks: webhooks:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -535,7 +600,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -544,6 +610,7 @@ jobs:
kyverno-configs: standard kyverno-configs: standard
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: webhooks tests-path: webhooks
upgrade-scenario: ${{ matrix.upgrade }}
sigstore-custom-tuf: sigstore-custom-tuf:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -553,7 +620,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
needs: [ prepare-images ] upgrade: ${{ fromJSON(needs.define-matrix.outputs.upgrades) }}
needs: [ define-matrix, prepare-images ]
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/run-tests - uses: ./.github/actions/run-tests
@ -563,6 +631,7 @@ jobs:
kyverno-configs: standard,sigstore-custom-tuf kyverno-configs: standard,sigstore-custom-tuf
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
tests-path: sigstore-custom-tuf tests-path: sigstore-custom-tuf
upgrade-scenario: ${{ matrix.upgrade }}
custom-sigstore: custom-sigstore:
runs-on: ubuntu-latest runs-on: ubuntu-latest

View file

@ -3,6 +3,7 @@ apiVersion: kind.x-k8s.io/v1alpha4
featureGates: featureGates:
ValidatingAdmissionPolicy: true ValidatingAdmissionPolicy: true
runtimeConfig: runtimeConfig:
admissionregistration.k8s.io/v1alpha1: true # Needed only for the upgrade conformance tests
admissionregistration.k8s.io/v1beta1: true admissionregistration.k8s.io/v1beta1: true
kubeadmConfigPatches: kubeadmConfigPatches:
- |- - |-