mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

chore: bump chainsaw (#9114)

Browse source 
* chore: bump chainsaw

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* remove sleeps

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2023-12-08 00:14:23 +01:00 committed by GitHub
parent 2ceac72f62
commit b9b4b3e484
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
24 changed files with 70 additions and 145 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

108
.github/workflows/conformance.yaml vendored
View file

@ -125,7 +125,7 @@ jobs:
- name: Install chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.8
release: v0.0.9-alpha.4
# create cluster
- name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
@ -196,7 +196,7 @@ jobs:
- name: Install chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.8
release: v0.0.9-alpha.4
# create cluster
- name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
@ -267,7 +267,7 @@ jobs:
- name: Install chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.8
release: v0.0.9-alpha.4
# create cluster
- name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
@ -340,7 +340,7 @@ jobs:
- name: Install chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.8
release: v0.0.9-alpha.4
# create cluster
- name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
@ -411,7 +411,7 @@ jobs:
- name: Install chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.8
release: v0.0.9-alpha.4
# create cluster
- name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
@ -489,7 +489,7 @@ jobs:
- name: Install chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.8
release: v0.0.9-alpha.4
# create cluster
- name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
@ -566,7 +566,7 @@ jobs:
- name: Install chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.8
release: v0.0.9-alpha.4
# create cluster
- name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
@ -634,21 +634,21 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup caches
uses: ./.github/actions/setup-caches
timeout-minutes: 5
continue-on-error: true
# install tools
- name: Install helm
id: helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
build-cache-key: run-conformance
- name: Install kind
shell: bash
run: |
# For AMD64 / x86_64
[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64
# For ARM64
[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-arm64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install crane
uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c
- name: Install Cosign
uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8
- name: Install chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.9-alpha.4
# create cluster
- name: Create kind cluster and setup Sigstore Scaffolding
uses: sigstore/scaffolding/actions/setup@9e5583eaf47855103a9acd6eaa2b1da85f28e28e
with:
@ -657,9 +657,11 @@ jobs:
knative-version: '1.10.0'
- name: Create TUF values config map
run: |
set -e
kubectl create namespace kyverno
kubectl -n kyverno create configmap tufvalues --from-literal=TUF_MIRROR=$TUF_MIRROR --from-literal=FULCIO_URL=$FULCIO_URL --from-literal=REKOR_URL=$REKOR_URL --from-literal=CTLOG_URL=$CTLOG_URL --from-literal=ISSUER_URL=$ISSUER_URL
kubectl -n tuf-system get secrets tuf-root -oyaml | sed 's/namespace: .*/namespace: kyverno/' | kubectl create -f -
# deploy kyverno
- name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
@ -668,17 +670,17 @@ jobs:
shell: bash
run: |
set -e
make kind-load-image-archive
kind load image-archive kyverno.tar --name kind
- name: Install kyverno
shell: bash
run: |
set -e
export HELM=${{ steps.helm.outputs.helm-path }}
export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno
- name: Install crane
uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c
- name: Install Cosign
uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8
- name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready
# prepare test image
- name: Create test image
shell: bash
run: |
@ -689,12 +691,7 @@ jobs:
cosign initialize --mirror $TUF_MIRROR --root $TUF_MIRROR/root.json
COSIGN_EXPERIMENTAL=1 cosign sign --rekor-url $REKOR_URL --fulcio-url $FULCIO_URL $TEST_IMAGE_URL --identity-token `curl -s $ISSUER_URL` -y
echo "TEST_IMAGE_URL=$TEST_IMAGE_URL" >> $GITHUB_ENV
- name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready
- name: Install Chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.8
# run tests
- name: Test with Chainsaw
shell: bash
env:
@ -742,7 +739,7 @@ jobs:
- name: Install chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.8
release: v0.0.9-alpha.4
# create cluster
- name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
@ -844,25 +841,16 @@ jobs:
with:
repository: kyverno/policies
path: policies
- name: Setup caches
uses: ./.github/actions/setup-caches
timeout-minutes: 5
continue-on-error: true
# install tools
- name: Install helm
id: helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
build-cache-key: run-conformance
- name: Setup build env
uses: ./.github/actions/setup-build-env
timeout-minutes: 10
- name: Create kind cluster
shell: bash
run: |
set -e
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }}
make kind-create-cluster
- name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
name: kyverno.tar
release: v0.0.9-alpha.4
- name: Download kyverno CLI archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
@ -873,23 +861,33 @@ jobs:
set -e
chmod +x kubectl-kyverno && mv kubectl-kyverno ./cmd/cli/kubectl-kyverno/kyverno
echo "$PWD/cmd/cli/kubectl-kyverno" >> $GITHUB_PATH
# create cluster
- name: Create kind cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
with:
node_image: kindest/node:${{ matrix.k8s-version.version }}
cluster_name: kind
config: ./scripts/config/kind/default.yaml
# deploy kyverno
- name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: kyverno.tar
- name: Load kyverno images archive in kind cluster
shell: bash
run: |
set -e
make kind-load-image-archive
kind load image-archive kyverno.tar --name kind
- name: Install kyverno
shell: bash
run: |
set -e
export HELM=${{ steps.helm.outputs.helm-path }}
export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno
- name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready
- name: Install Chainsaw
uses: kyverno/chainsaw/.github/actions/install@5d6585b843b48eaf1940a8333bb828fd6a3385e3 # v0.0.8
with:
release: v0.0.9-alpha.3
# run tests
- name: Install CRDs
run: |
set -e

1
test/conformance/chainsaw/.chainsaw.yaml
View file

@ -11,3 +11,4 @@ spec:
failFast: false
excludeTestRegex: '_.+'
forceTerminationGracePeriod: 5s
delayBeforeCleanup: 3s

4
test/conformance/chainsaw/cleanup/clusterpolicy/context-cleanup-pod/chainsaw-test.yaml
View file

@ -21,10 +21,6 @@ spec:
file: policy.yaml
- assert:
file: policy.yaml
- name: step-04
try:
- sleep:
duration: 5s
- name: step-05
try:
- error:

4
test/conformance/chainsaw/cleanup/policy/cleanup-pod/chainsaw-test.yaml
View file

@ -21,10 +21,6 @@ spec:
file: policy.yaml
- assert:
file: policy.yaml
- name: step-04
try:
- sleep:
duration: 1m5s
- name: step-05
try:
- error:

3
test/conformance/chainsaw/custom-sigstore/standard/basic/chainsaw-test.yaml
View file

@ -15,6 +15,3 @@ spec:
content: kubectl run -n $NAMESPACE test-sigstore --image=$TEST_IMAGE_URL
- assert:
file: pod-assert.yaml
finally:
- sleep:
duration: 3s

4
test/conformance/chainsaw/events/clusterpolicy/generate-events-upon-fail-generation/chainsaw-test.yaml
View file

@ -21,10 +21,6 @@ spec:
try:
- apply:
file: resource.yaml
- name: step-04
try:
- sleep:
duration: 3s
- name: step-05
try:
- assert:

4
test/conformance/chainsaw/events/clusterpolicy/generate-events-upon-successful-generation/chainsaw-test.yaml
View file

@ -15,10 +15,6 @@ spec:
try:
- apply:
file: resource.yaml
- name: step-03
try:
- sleep:
duration: 3s
- name: step-04
try:
- assert:

5
test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/chainsaw-test.yaml
View file

@ -27,9 +27,8 @@ spec:
namespace: exeter
- name: step-04
try:
- script:
content: sleep 6
timeout: 10s
- sleep:
duration: 6s
- name: step-05
try:
- assert:

4
test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-test.yaml
View file

@ -25,10 +25,6 @@ spec:
file: policy.yaml
- assert:
file: policy-assert.yaml
- name: step-03
try:
- sleep:
duration: 3s
- name: step-04
try:
- assert:

5
test/conformance/chainsaw/ttl/invalid-label/chainsaw-test.yaml
View file

@ -5,10 +5,7 @@ metadata:
name: invalid-label
spec:
steps:
- finally:
- sleep:
duration: 5s
name: step-01
- name: step-01
try:
- apply:
file: pod.yaml

5
test/conformance/chainsaw/ttl/past-timestamp/chainsaw-test.yaml
View file

@ -9,10 +9,7 @@ spec:
try:
- apply:
file: pod.yaml
- finally:
- sleep:
duration: 5s
name: step-02
- name: step-02
try:
- error:
file: pod-assert.yaml

5
test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/chainsaw-test.yaml
View file

@ -11,10 +11,7 @@ spec:
file: policy.yaml
- assert:
file: policy-assert.yaml
- finally:
- sleep:
duration: 5s
name: step-02
- name: step-02
try:
- apply:
file: pod-pass.yaml

4
test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/chainsaw-test.yaml
View file

@ -26,7 +26,3 @@ spec:
- check:
($error != null): true
file: deployments-fail.yaml
- name: step-04
try:
- sleep:
duration: 3s

5
test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/chainsaw-test.yaml
View file

@ -17,10 +17,7 @@ spec:
file: policy.yaml
- assert:
file: policy-assert.yaml
- finally:
- sleep:
duration: 5s
name: step-03
- name: step-03
try:
- apply:
file: statefulset-pass.yaml

5
test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/chainsaw-test.yaml
View file

@ -29,10 +29,7 @@ spec:
file: policy.yaml
- assert:
file: policy-assert.yaml
- finally:
- sleep:
duration: 5s
name: step-05
- name: step-05
try:
- apply:
file: deployment-pass.yaml

5
test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/chainsaw-test.yaml
View file

@ -29,10 +29,7 @@ spec:
file: policy.yaml
- assert:
file: policy-assert.yaml
- finally:
- sleep:
duration: 5s
name: step-05
- name: step-05
try:
- apply:
file: statefulset-pass.yaml

8
test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-test.yaml
View file

@ -15,14 +15,10 @@ spec:
file: chainsaw-step-01-apply-1-3.yaml
- assert:
file: chainsaw-step-01-assert-1-1.yaml
- finally:
- name: step-02
try:
- sleep:
duration: 5s
name: step-02
try:
- script:
content: sleep 5
timeout: 10s
- script:
content: ./api-initiated-eviction.sh
timeout: 30s

5
test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-test.yaml
View file

@ -15,10 +15,7 @@ spec:
file: chainsaw-step-01-apply-1-3.yaml
- assert:
file: chainsaw-step-01-assert-1-1.yaml
- finally:
- sleep:
duration: 5s
name: step-02
- name: step-02
try:
- script:
content: "if kubectl -n test-validate exec nginx -it -- sh 2>&1 | grep -q

5
test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-test.yaml
View file

@ -21,10 +21,7 @@ spec:
file: chainsaw-step-01-assert-1-2.yaml
- assert:
file: chainsaw-step-01-assert-1-3.yaml
- finally:
- sleep:
duration: 5s
name: step-02
- name: step-02
try:
- script:
content: "if kubectl scale deployment nginx-test --replicas=1 -n test-validate

5
test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-test.yaml
View file

@ -17,10 +17,7 @@ spec:
file: chainsaw-step-01-assert-1-1.yaml
- assert:
file: chainsaw-step-01-assert-1-2.yaml
- finally:
- sleep:
duration: 5s
name: step-02
- name: step-02
try:
- script:
content: "if kubectl scale deployment nginx-test --replicas=1 -n test-validate

5
test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-fail/chainsaw-test.yaml
View file

@ -5,10 +5,7 @@ metadata:
name: validating-admission-policy-fail
spec:
steps:
- finally:
- sleep:
duration: 5s
name: step-01
- name: step-01
try:
- apply:
file: deployment.yaml

5
test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-pass/chainsaw-test.yaml
View file

@ -5,10 +5,7 @@ metadata:
name: validating-admission-policy-pass
spec:
steps:
- finally:
- sleep:
duration: 5s
name: step-01
- name: step-01
try:
- apply:
file: deployment.yaml

5
test/conformance/chainsaw/validating-admission-policy-reports/events/chainsaw-test.yaml
View file

@ -5,10 +5,7 @@ metadata:
name: events
spec:
steps:
- finally:
- sleep:
duration: 5s
name: step-01
- name: step-01
try:
- apply:
file: deployment.yaml

6
test/conformance/chainsaw/verifyImages/clusterpolicy/standard/rollback-image-verification/chainsaw-test.yaml
View file

@ -21,16 +21,10 @@ spec:
file: deployment_new.yaml
- assert:
file: deployment-assert.yaml
finally:
- sleep:
duration: 5s
- name: step-03
try:
- script:
content: kubectl -n verify-images rollout undo deployment nginx-deployment
finally:
- sleep:
duration: 5s
- name: step-04
try:
- assert: