1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-15 20:20:22 +00:00

chore: bump chainsaw (#9114)

* chore: bump chainsaw

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* remove sleeps

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2023-12-08 00:14:23 +01:00 committed by GitHub
parent 2ceac72f62
commit b9b4b3e484
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
24 changed files with 70 additions and 145 deletions

View file

@ -125,7 +125,7 @@ jobs:
- name: Install chainsaw - name: Install chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8 uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with: with:
release: v0.0.8 release: v0.0.9-alpha.4
# create cluster # create cluster
- name: Create kind cluster - name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
@ -196,7 +196,7 @@ jobs:
- name: Install chainsaw - name: Install chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8 uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with: with:
release: v0.0.8 release: v0.0.9-alpha.4
# create cluster # create cluster
- name: Create kind cluster - name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
@ -267,7 +267,7 @@ jobs:
- name: Install chainsaw - name: Install chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8 uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with: with:
release: v0.0.8 release: v0.0.9-alpha.4
# create cluster # create cluster
- name: Create kind cluster - name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
@ -340,7 +340,7 @@ jobs:
- name: Install chainsaw - name: Install chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8 uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with: with:
release: v0.0.8 release: v0.0.9-alpha.4
# create cluster # create cluster
- name: Create kind cluster - name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
@ -411,7 +411,7 @@ jobs:
- name: Install chainsaw - name: Install chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8 uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with: with:
release: v0.0.8 release: v0.0.9-alpha.4
# create cluster # create cluster
- name: Create kind cluster - name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
@ -489,7 +489,7 @@ jobs:
- name: Install chainsaw - name: Install chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8 uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with: with:
release: v0.0.8 release: v0.0.9-alpha.4
# create cluster # create cluster
- name: Create kind cluster - name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
@ -566,7 +566,7 @@ jobs:
- name: Install chainsaw - name: Install chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8 uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with: with:
release: v0.0.8 release: v0.0.9-alpha.4
# create cluster # create cluster
- name: Create kind cluster - name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
@ -634,21 +634,21 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup caches # install tools
uses: ./.github/actions/setup-caches - name: Install helm
timeout-minutes: 5 id: helm
continue-on-error: true uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with: with:
build-cache-key: run-conformance token: ${{ secrets.GITHUB_TOKEN }}
- name: Install kind - name: Install crane
shell: bash uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c
run: | - name: Install Cosign
# For AMD64 / x86_64 uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8
[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64 - name: Install chainsaw
# For ARM64 uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-arm64 with:
chmod +x ./kind release: v0.0.9-alpha.4
sudo mv ./kind /usr/local/bin/kind # create cluster
- name: Create kind cluster and setup Sigstore Scaffolding - name: Create kind cluster and setup Sigstore Scaffolding
uses: sigstore/scaffolding/actions/setup@9e5583eaf47855103a9acd6eaa2b1da85f28e28e uses: sigstore/scaffolding/actions/setup@9e5583eaf47855103a9acd6eaa2b1da85f28e28e
with: with:
@ -657,9 +657,11 @@ jobs:
knative-version: '1.10.0' knative-version: '1.10.0'
- name: Create TUF values config map - name: Create TUF values config map
run: | run: |
set -e
kubectl create namespace kyverno kubectl create namespace kyverno
kubectl -n kyverno create configmap tufvalues --from-literal=TUF_MIRROR=$TUF_MIRROR --from-literal=FULCIO_URL=$FULCIO_URL --from-literal=REKOR_URL=$REKOR_URL --from-literal=CTLOG_URL=$CTLOG_URL --from-literal=ISSUER_URL=$ISSUER_URL kubectl -n kyverno create configmap tufvalues --from-literal=TUF_MIRROR=$TUF_MIRROR --from-literal=FULCIO_URL=$FULCIO_URL --from-literal=REKOR_URL=$REKOR_URL --from-literal=CTLOG_URL=$CTLOG_URL --from-literal=ISSUER_URL=$ISSUER_URL
kubectl -n tuf-system get secrets tuf-root -oyaml | sed 's/namespace: .*/namespace: kyverno/' | kubectl create -f - kubectl -n tuf-system get secrets tuf-root -oyaml | sed 's/namespace: .*/namespace: kyverno/' | kubectl create -f -
# deploy kyverno
- name: Download kyverno images archive - name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
@ -668,17 +670,17 @@ jobs:
shell: bash shell: bash
run: | run: |
set -e set -e
make kind-load-image-archive kind load image-archive kyverno.tar --name kind
- name: Install kyverno - name: Install kyverno
shell: bash shell: bash
run: | run: |
set -e set -e
export HELM=${{ steps.helm.outputs.helm-path }}
export USE_CONFIG=${{ join(matrix.config.values, ',') }} export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno make kind-install-kyverno
- name: Install crane - name: Wait for kyverno ready
uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c uses: ./.github/actions/kyverno-wait-ready
- name: Install Cosign # prepare test image
uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8
- name: Create test image - name: Create test image
shell: bash shell: bash
run: | run: |
@ -689,12 +691,7 @@ jobs:
cosign initialize --mirror $TUF_MIRROR --root $TUF_MIRROR/root.json cosign initialize --mirror $TUF_MIRROR --root $TUF_MIRROR/root.json
COSIGN_EXPERIMENTAL=1 cosign sign --rekor-url $REKOR_URL --fulcio-url $FULCIO_URL $TEST_IMAGE_URL --identity-token `curl -s $ISSUER_URL` -y COSIGN_EXPERIMENTAL=1 cosign sign --rekor-url $REKOR_URL --fulcio-url $FULCIO_URL $TEST_IMAGE_URL --identity-token `curl -s $ISSUER_URL` -y
echo "TEST_IMAGE_URL=$TEST_IMAGE_URL" >> $GITHUB_ENV echo "TEST_IMAGE_URL=$TEST_IMAGE_URL" >> $GITHUB_ENV
- name: Wait for kyverno ready # run tests
uses: ./.github/actions/kyverno-wait-ready
- name: Install Chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.8
- name: Test with Chainsaw - name: Test with Chainsaw
shell: bash shell: bash
env: env:
@ -742,7 +739,7 @@ jobs:
- name: Install chainsaw - name: Install chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8 uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with: with:
release: v0.0.8 release: v0.0.9-alpha.4
# create cluster # create cluster
- name: Create kind cluster - name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
@ -844,25 +841,16 @@ jobs:
with: with:
repository: kyverno/policies repository: kyverno/policies
path: policies path: policies
- name: Setup caches # install tools
uses: ./.github/actions/setup-caches - name: Install helm
timeout-minutes: 5 id: helm
continue-on-error: true uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with: with:
build-cache-key: run-conformance token: ${{ secrets.GITHUB_TOKEN }}
- name: Setup build env - name: Install chainsaw
uses: ./.github/actions/setup-build-env uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
timeout-minutes: 10
- name: Create kind cluster
shell: bash
run: |
set -e
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }}
make kind-create-cluster
- name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
name: kyverno.tar release: v0.0.9-alpha.4
- name: Download kyverno CLI archive - name: Download kyverno CLI archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
@ -873,23 +861,33 @@ jobs:
set -e set -e
chmod +x kubectl-kyverno && mv kubectl-kyverno ./cmd/cli/kubectl-kyverno/kyverno chmod +x kubectl-kyverno && mv kubectl-kyverno ./cmd/cli/kubectl-kyverno/kyverno
echo "$PWD/cmd/cli/kubectl-kyverno" >> $GITHUB_PATH echo "$PWD/cmd/cli/kubectl-kyverno" >> $GITHUB_PATH
# create cluster
- name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
with:
node_image: kindest/node:${{ matrix.k8s-version.version }}
cluster_name: kind
config: ./scripts/config/kind/default.yaml
# deploy kyverno
- name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: kyverno.tar
- name: Load kyverno images archive in kind cluster - name: Load kyverno images archive in kind cluster
shell: bash shell: bash
run: | run: |
set -e set -e
make kind-load-image-archive kind load image-archive kyverno.tar --name kind
- name: Install kyverno - name: Install kyverno
shell: bash shell: bash
run: | run: |
set -e set -e
export HELM=${{ steps.helm.outputs.helm-path }}
export USE_CONFIG=${{ join(matrix.config.values, ',') }} export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno make kind-install-kyverno
- name: Wait for kyverno ready - name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready uses: ./.github/actions/kyverno-wait-ready
- name: Install Chainsaw # run tests
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.9-alpha.3
- name: Install CRDs - name: Install CRDs
run: | run: |
set -e set -e

View file

@ -11,3 +11,4 @@ spec:
failFast: false failFast: false
excludeTestRegex: '_.+' excludeTestRegex: '_.+'
forceTerminationGracePeriod: 5s forceTerminationGracePeriod: 5s
delayBeforeCleanup: 3s

View file

@ -21,10 +21,6 @@ spec:
file: policy.yaml file: policy.yaml
- assert: - assert:
file: policy.yaml file: policy.yaml
- name: step-04
try:
- sleep:
duration: 5s
- name: step-05 - name: step-05
try: try:
- error: - error:

View file

@ -21,10 +21,6 @@ spec:
file: policy.yaml file: policy.yaml
- assert: - assert:
file: policy.yaml file: policy.yaml
- name: step-04
try:
- sleep:
duration: 1m5s
- name: step-05 - name: step-05
try: try:
- error: - error:

View file

@ -15,6 +15,3 @@ spec:
content: kubectl run -n $NAMESPACE test-sigstore --image=$TEST_IMAGE_URL content: kubectl run -n $NAMESPACE test-sigstore --image=$TEST_IMAGE_URL
- assert: - assert:
file: pod-assert.yaml file: pod-assert.yaml
finally:
- sleep:
duration: 3s

View file

@ -21,10 +21,6 @@ spec:
try: try:
- apply: - apply:
file: resource.yaml file: resource.yaml
- name: step-04
try:
- sleep:
duration: 3s
- name: step-05 - name: step-05
try: try:
- assert: - assert:

View file

@ -15,10 +15,6 @@ spec:
try: try:
- apply: - apply:
file: resource.yaml file: resource.yaml
- name: step-03
try:
- sleep:
duration: 3s
- name: step-04 - name: step-04
try: try:
- assert: - assert:

View file

@ -27,9 +27,8 @@ spec:
namespace: exeter namespace: exeter
- name: step-04 - name: step-04
try: try:
- script: - sleep:
content: sleep 6 duration: 6s
timeout: 10s
- name: step-05 - name: step-05
try: try:
- assert: - assert:

View file

@ -25,10 +25,6 @@ spec:
file: policy.yaml file: policy.yaml
- assert: - assert:
file: policy-assert.yaml file: policy-assert.yaml
- name: step-03
try:
- sleep:
duration: 3s
- name: step-04 - name: step-04
try: try:
- assert: - assert:

View file

@ -5,10 +5,7 @@ metadata:
name: invalid-label name: invalid-label
spec: spec:
steps: steps:
- finally: - name: step-01
- sleep:
duration: 5s
name: step-01
try: try:
- apply: - apply:
file: pod.yaml file: pod.yaml

View file

@ -9,10 +9,7 @@ spec:
try: try:
- apply: - apply:
file: pod.yaml file: pod.yaml
- finally: - name: step-02
- sleep:
duration: 5s
name: step-02
try: try:
- error: - error:
file: pod-assert.yaml file: pod-assert.yaml

View file

@ -11,10 +11,7 @@ spec:
file: policy.yaml file: policy.yaml
- assert: - assert:
file: policy-assert.yaml file: policy-assert.yaml
- finally: - name: step-02
- sleep:
duration: 5s
name: step-02
try: try:
- apply: - apply:
file: pod-pass.yaml file: pod-pass.yaml

View file

@ -26,7 +26,3 @@ spec:
- check: - check:
($error != null): true ($error != null): true
file: deployments-fail.yaml file: deployments-fail.yaml
- name: step-04
try:
- sleep:
duration: 3s

View file

@ -17,10 +17,7 @@ spec:
file: policy.yaml file: policy.yaml
- assert: - assert:
file: policy-assert.yaml file: policy-assert.yaml
- finally: - name: step-03
- sleep:
duration: 5s
name: step-03
try: try:
- apply: - apply:
file: statefulset-pass.yaml file: statefulset-pass.yaml

View file

@ -29,10 +29,7 @@ spec:
file: policy.yaml file: policy.yaml
- assert: - assert:
file: policy-assert.yaml file: policy-assert.yaml
- finally: - name: step-05
- sleep:
duration: 5s
name: step-05
try: try:
- apply: - apply:
file: deployment-pass.yaml file: deployment-pass.yaml

View file

@ -29,10 +29,7 @@ spec:
file: policy.yaml file: policy.yaml
- assert: - assert:
file: policy-assert.yaml file: policy-assert.yaml
- finally: - name: step-05
- sleep:
duration: 5s
name: step-05
try: try:
- apply: - apply:
file: statefulset-pass.yaml file: statefulset-pass.yaml

View file

@ -15,14 +15,10 @@ spec:
file: chainsaw-step-01-apply-1-3.yaml file: chainsaw-step-01-apply-1-3.yaml
- assert: - assert:
file: chainsaw-step-01-assert-1-1.yaml file: chainsaw-step-01-assert-1-1.yaml
- finally: - name: step-02
try:
- sleep: - sleep:
duration: 5s duration: 5s
name: step-02
try:
- script:
content: sleep 5
timeout: 10s
- script: - script:
content: ./api-initiated-eviction.sh content: ./api-initiated-eviction.sh
timeout: 30s timeout: 30s

View file

@ -15,10 +15,7 @@ spec:
file: chainsaw-step-01-apply-1-3.yaml file: chainsaw-step-01-apply-1-3.yaml
- assert: - assert:
file: chainsaw-step-01-assert-1-1.yaml file: chainsaw-step-01-assert-1-1.yaml
- finally: - name: step-02
- sleep:
duration: 5s
name: step-02
try: try:
- script: - script:
content: "if kubectl -n test-validate exec nginx -it -- sh 2>&1 | grep -q content: "if kubectl -n test-validate exec nginx -it -- sh 2>&1 | grep -q

View file

@ -21,10 +21,7 @@ spec:
file: chainsaw-step-01-assert-1-2.yaml file: chainsaw-step-01-assert-1-2.yaml
- assert: - assert:
file: chainsaw-step-01-assert-1-3.yaml file: chainsaw-step-01-assert-1-3.yaml
- finally: - name: step-02
- sleep:
duration: 5s
name: step-02
try: try:
- script: - script:
content: "if kubectl scale deployment nginx-test --replicas=1 -n test-validate content: "if kubectl scale deployment nginx-test --replicas=1 -n test-validate

View file

@ -17,10 +17,7 @@ spec:
file: chainsaw-step-01-assert-1-1.yaml file: chainsaw-step-01-assert-1-1.yaml
- assert: - assert:
file: chainsaw-step-01-assert-1-2.yaml file: chainsaw-step-01-assert-1-2.yaml
- finally: - name: step-02
- sleep:
duration: 5s
name: step-02
try: try:
- script: - script:
content: "if kubectl scale deployment nginx-test --replicas=1 -n test-validate content: "if kubectl scale deployment nginx-test --replicas=1 -n test-validate

View file

@ -5,10 +5,7 @@ metadata:
name: validating-admission-policy-fail name: validating-admission-policy-fail
spec: spec:
steps: steps:
- finally: - name: step-01
- sleep:
duration: 5s
name: step-01
try: try:
- apply: - apply:
file: deployment.yaml file: deployment.yaml

View file

@ -5,10 +5,7 @@ metadata:
name: validating-admission-policy-pass name: validating-admission-policy-pass
spec: spec:
steps: steps:
- finally: - name: step-01
- sleep:
duration: 5s
name: step-01
try: try:
- apply: - apply:
file: deployment.yaml file: deployment.yaml

View file

@ -5,10 +5,7 @@ metadata:
name: events name: events
spec: spec:
steps: steps:
- finally: - name: step-01
- sleep:
duration: 5s
name: step-01
try: try:
- apply: - apply:
file: deployment.yaml file: deployment.yaml

View file

@ -21,16 +21,10 @@ spec:
file: deployment_new.yaml file: deployment_new.yaml
- assert: - assert:
file: deployment-assert.yaml file: deployment-assert.yaml
finally:
- sleep:
duration: 5s
- name: step-03 - name: step-03
try: try:
- script: - script:
content: kubectl -n verify-images rollout undo deployment nginx-deployment content: kubectl -n verify-images rollout undo deployment nginx-deployment
finally:
- sleep:
duration: 5s
- name: step-04 - name: step-04
try: try:
- assert: - assert: