188 commits

Author	SHA1	Message	Date
Naman Lakhwani	fd7addd2fa	add separate step for digest (#3321) ... Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>	2022-03-01 20:05:14 +05:30
Naman Lakhwani	985e2cc158	adding check for digest and update git command ... Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>	2022-03-01 18:36:16 +05:30
Naman Lakhwani	378a1d6b95	Fix workflow using regex in main (#3306) ... * using regex Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * added condition Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>	2022-02-25 08:48:11 +00:00
Naman Lakhwani	af98c00724	arranging permissions (#3293) ... Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-02-25 08:11:22 +00:00
Sambhav Kothari	c4075af3d1	Improve CLI test times by instantiating openapi controller once (#3297) ... Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-02-24 23:34:12 +08:00
skuethe	bf662b1ed4	fix: add support for other platforms before executing docker buildx (#3296)	2022-02-24 11:36:10 +00:00
Sambhav Kothari	e9e96e7b1c	Run E2E tests on all supported k8s versions (#3256)	2022-02-23 15:52:08 +00:00
Naman Lakhwani	a9c9b25bb5	latest will point to main (#3285) ... Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-02-23 15:30:49 +00:00
Naman Lakhwani	81ab535433	update trivy scanning (#3284) ... Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>	2022-02-23 10:40:07 +08:00
treydock	99efd8136f	Fix Helm releasing to preserve creation timestamps (#3268)	2022-02-21 15:50:42 +00:00
Sambhav Kothari	8c7f037c72	Improve E2E test CI timings (#3250) ... Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-02-17 17:47:35 -08:00
treydock	4e0d8ca612	Update kyverno-policies chart with latest pod-security policies (#3126) ... * Update kyverno-policies chart with latest pod-security policies Fixes #3063 Fixes #2277 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update README to have better example Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use chart testing during e2e to test against ci values Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix e2e tests for Helm chart Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix Kyverno chart testing to actually test values, and fix networkpolicy template Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update README for exclusion Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Allow adding 'other' policies via Helm Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update Chart.yaml for kyverno-policies Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Bump minimum Kubernetes version in charts Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update kyverno-policies chart readme Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use version that should catch all pre-releases Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use version that should catch all pre-releases (part 2) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use same logic to get git tag by using Makefile target for updating Helm values Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>	2022-02-04 14:47:36 +08:00
shuting	ae4d148318	Update dev image tag in Make targets (#3159) ... * - update dev images tag; - update chart testing Signed-off-by: ShutingZhao <shuting@nirmata.com> * update to use dev tag when setting up e2e tests infra Signed-off-by: ShutingZhao <shuting@nirmata.com> * default chart test image tag for busybox to latest Signed-off-by: ShutingZhao <shuting@nirmata.com> * set image tag to latest for chart testing Signed-off-by: ShutingZhao <shuting@nirmata.com> * correct tag Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove test tag in e2e.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-02-03 15:41:58 +08:00
shuting	c479b41d34	update workflow configurations to fix CI failure (#3060) ... Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-24 04:39:15 +00:00
Mritunjay Kumar Sharma	cdedf11a1c	bumps k8s libraries for k8s v1.23 upgrade for kyverno (#3043) ... * bumps k8s libraries for k8s v1.23 upgrade for kyverno Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes kustomize version Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * updates golang to v1.17 to test fails Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * updates logr package to 1.2.2 Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * Fixed tests for `pkg/cosign` and `pkg/webhooks/generation` Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * fix go-logr deps version issue Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> * fix kube-openapi commit hash Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: Abhinav Sinha <abhinav@nirmata.com> Co-authored-by: prateekpandey14 <prateekpandey14@gmail.com>	2022-01-22 20:26:53 +08:00
Naman Lakhwani	73a02a5df3	fixing bildx version (#3023) ... Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>	2022-01-19 22:14:48 +08:00
Sambhav Kothari	8ddfcacd79	Fix permissions for image publish workflows (#3021) ... All of the jobs in this workflow use the same set of permissions and this workflow is only run on pushes to master. Adding the appropriate permissions to read repository contents, publish packages and ID token for cosign. Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-19 11:39:51 +00:00
Naman Lakhwani	1580837526	refactoring github actions to remove duplication and enhancement for versioned sbom's (#2979) ... * initial commit Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * adding docker-buildx-builder to makefile Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * reverting git describe in makefile Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * uploading sbom for each kyverno image Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * small nits Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * scanning image before pushing and removed cosign.pub Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>	2022-01-18 15:07:59 -08:00
Roee Landesman	665d2022d8	add top level permissions to remaining github workflows (#2995) ... Signed-off-by: Roee Landesman <roee.landesman@gmail.com>	2022-01-16 03:57:35 +00:00
Roee Landesman	3e524b5586	Add github token permissions to improve ossf scorecard (#2992) ... * Fix autogen issue with cronjob generator and foreach pod generator (#2989) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Signed-off-by: Roee Landesman <roee.landesman@gmail.com> * Add baseline read-all permissions Signed-off-by: Roee Landesman <roee.landesman@gmail.com> * remove extra read-all Signed-off-by: Roee Landesman <roee.landesman@gmail.com> * Add arm64 goarch to go releaser (#2991) Signed-off-by: Roee Landesman <roee.landesman@gmail.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-15 17:14:22 -08:00
Shubham Palriwala	1257388b97	feat: pin dependencies in gh actions (#2952) ... Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-13 05:23:05 +00:00
Naman Lakhwani	8350aadc58	Fix: CI job to release images (#2929) ... * making required changes in images workflow Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * making required changes in release workflow Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-10 14:10:44 +00:00
Naman Lakhwani	68c8790139	adding permissions in jobs (#2924) ... Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>	2022-01-06 19:35:45 +00:00
Naman Lakhwani	2f8bfc78b1	removing spaces (#2923) ... Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>	2022-01-06 17:12:11 +00:00
Naman Lakhwani	cda6310249	fix in image workflow (#2921) ... Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>	2022-01-06 22:48:20 +08:00
Naman Lakhwani	f330886af7	fixing cosign command (#2915) ... Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>	2022-01-05 13:02:17 -08:00
Naman Lakhwani	d126280184	keyless signing kyverno images with digest (#2896) ... * signing with digest Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * keyless signing Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * adding annotations Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * keyless image signing with digest in release workflow Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>	2022-01-04 08:08:28 -08:00
Abhinav Sinha	2076f07b9f	added support for --git-branch flag and directory in git path for kyverno test cmd (#2763) ... * added support for --git-branch flag and directory in git path for kyverno test cmd Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * added cli tests Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * replaced hard-coded Makefile test-cmd branch names with var GIT_BRANCH Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * moved `test-cmd` job from Makefile to github workflow Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * added `release*` branch to `e2e` workflow Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-20 14:09:53 +08:00
shuting	f4614213e5	Test publishing dev-test images (#2848) ... * publish dev-* images Signed-off-by: ShutingZhao <shuting@nirmata.com> * add LD_FLAGS_DEV Signed-off-by: ShutingZhao <shuting@nirmata.com> * add IMAGE_TAG_LATEST_DEV Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove test statement Signed-off-by: ShutingZhao <shuting@nirmata.com>	2021-12-17 02:46:59 +00:00
Shubham Palriwala	ea3529f2d0	Trivy now scans local images (#2744) ... * fix: trivy now scans entire container Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com> * update github.com/docker/cli package for vulnerabilities Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix go.mod vulnerabilities Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-11-22 20:57:51 +08:00
Jose Armesto	831a9826d1	Restructure project to follow standards (#2632) ... Signed-off-by: Jose Armesto <github@armesto.net>	2021-10-29 18:13:20 +02:00
Marcus Noble	a923dce631	Cleanup imports (#2635) ... Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>	2021-10-29 12:24:26 +02:00
Vinod Anandan	a07274f234	Update gh-gomod-generate-sbom ... Signed-off-by: Vinod Anandan <vinod@owasp.org>	2021-10-23 14:41:05 +01:00
ShubhamPalriwala	5417b9d3c1	feat: shift sigs and sbom ... Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>	2021-10-13 21:34:04 +05:30
NoSkillGirl	0ff18dca6f	removed log for e2e test ... Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-10-11 16:21:32 +05:30
NoSkillGirl	37b91245cb	corrected metric server name ... Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-10-11 15:48:53 +05:30
NoSkillGirl	d1a78e14f3	debugging ... Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-10-11 15:48:53 +05:30
Shubham Palriwala	ae4fb488bf	fix: sign kyverno-cli (#2480) ... Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>	2021-10-05 22:28:40 -07:00
Jim Bugwadia	8437582622	Merge branch 'main' into sign-and-generate-sbom	2021-10-05 14:49:06 -07:00
ShubhamPalriwala	92ca609c7c	ci: scan kyverno-image on each build ... Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>	2021-10-05 16:38:55 +05:30
ShubhamPalriwala	187f054809	feat: add SBOM using cosign ... Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>	2021-09-27 15:26:11 +05:30
ShubhamPalriwala	f3318767d8	feat: sign images using cosign on release ... Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>	2021-09-27 15:26:11 +05:30
ShubhamPalriwala	614975b1c6	feat: sign images using cosign on build ... Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>	2021-09-27 15:26:11 +05:30
treydock	e1daf2085d	Switch Helm CRDs back to kyverno chart and move Policies to dedicated chart (#2357) ... * Switch Helm CRDs back to kyverno chart and move Policies to dedicate chart Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix policies chart labels Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Remove README items moved to kyverno-policies chart Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2021-09-22 13:56:10 -07:00
Pooja Singh	adb785831f	fix | e2e test cases are failing with busybox image (#2422) ... * removing charts from push and pull ignore Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * updated tag replace logic Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * linting fix Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-09-21 13:07:46 -07:00
Anita-ihuman	afae554a7b	Fixed a typo in config file (#2407) ... * create configuration for behaviour bot Signed-off-by: Anita-ihuman <charlesanita403@gmail.com> * adding contributor images Signed-off-by: Anita-ihuman <charlesanita403@gmail.com> * fixed typo in config.yml Signed-off-by: Anita-ihuman <charlesanita403@gmail.com> * including config file to ignore. Signed-off-by: Anita-ihuman <charlesanita403@gmail.com>	2021-09-20 15:04:16 -07:00
shuting	e288ed7fd2	Fix upgrade issue from 1.4.2 to 1.4.3-rc1 (#2387) ... * update git command to get tag in 'v*' format Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add label "appVersion" to report change request Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix linter issue Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update git hash Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-09-14 01:06:56 -07:00
treydock	1f756c37ac	Only release Helm charts on tags (#2281) ... Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2021-08-20 15:06:58 -07:00
treydock	45e95c2217	Make Kyverno CRDs a seperate Helm chart capable of being updated/deleted (#2218) ... * Make Kyverno CRDs a seperate Helm chart capable of being updated/deleted Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Make E2E tests work with new chart Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Seems Helm lint needs values.yaml Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Can't use ct install for the CRDs because will end up getting uninstalled after test Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Ensure helm release accounts for new CRD chart Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update CRD chart versions Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Make CRD chart version match main kyverno chart version Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Bump chart versions Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2021-08-12 13:54:17 -07:00
shuting	6ba341ff9b	- update Make target; - update release workflow config; - update PR template (#2257) ... Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-08-12 09:58:25 -07:00