name: Runs E2E Tests description: Runs E2E tests using chainsaw inputs: k8s-version: description: Kubernetes version required: true kind-config: description: Kind cluster config default: ./scripts/config/kind/default.yaml kyverno-configs: description: Kyverno configs default: standard token: description: GH token required: true chainsaw-config: description: Chainsaw config default: ../../../.chainsaw.yaml tests-path: description: Tests path default: '.' chainsaw-tests: description: Test regex default: '' shard-index: description: Shard index default: '0' shard-count: description: Shard count default: '0' upgrade-scenario: description: Determines which version to upgrade from required: true runs: using: composite steps: # install tools - name: Install helm id: helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - name: Install Cosign uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - name: Install chainsaw uses: kyverno/action-install-chainsaw@f2b47b97dc889c12702113753d713f01ec268de5 # v0.2.12 with: verify: true # create cluster - name: Create kind cluster uses: helm/kind-action@ae94020eaf628e9b9b9f341a10cc0cdcf5c018fb # v1.11.0 with: node_image: kindest/node:${{ inputs.k8s-version }} cluster_name: kind config: ${{ inputs.kind-config }} # deploy kyverno - name: Download kyverno images archive uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: kyverno.tar - name: Load kyverno images archive in kind cluster shell: bash run: | set -e kind load image-archive kyverno.tar --name kind - name: Determine Previous Version id: determine-prev-version shell: bash run: | set -ex export HELM=${{ steps.helm.outputs.helm-path }} $HELM repo add kyverno https://kyverno.github.io/kyverno $HELM repo update case "${{ inputs.upgrade-scenario }}" in "patch") export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel --versions | awk -F' +' '{print $2}' | awk '{$1=$1};1' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+(\.[0-9]+)?)?$' | awk -F. '!seen[$1"."$2"."$3]++' | head -2 | tail -1) ;; "minor") export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel --versions | awk -F' +' '{print $2}' | awk '{$1=$1};1' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+(\.[0-9]+)?)?$' | awk -F. '!seen[$1"."$2]++' | head -2 | tail -1) ;; "latest") export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel -o json | jq -r '.[0].version') ;; *) export INSTALL_VERSION=none ;; esac echo "::set-output name=prev_version::$INSTALL_VERSION" - name: Checkout Previous Version uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: ${{ steps.determine-prev-version.outputs.prev_version != 'none' }} with: repository: kyverno/kyverno ref: kyverno-chart-${{ steps.determine-prev-version.outputs.prev_version }} path: prev-version - name: Install Kyverno from prev-version if: ${{ steps.determine-prev-version.outputs.prev_version != 'none' }} shell: bash run: | set -ex export HELM=${{ steps.helm.outputs.helm-path }} export USE_CONFIG=${{ inputs.kyverno-configs }} cd prev-version IFS=',' read -ra CONFIGS <<< "$USE_CONFIG" for config in "${CONFIGS[@]}"; do if [ ! -f ./scripts/config/$config/kyverno.yaml ]; then echo "Skipping installation of Kyverno from prev-version for config: $config" exit 0 fi done export INSTALL_VERSION=${{ steps.determine-prev-version.outputs.prev_version }} echo "Installing Kyverno using Helm with Chart version $INSTALL_VERSION" make -C .. kind-install-kyverno-from-repo - name: Determine Next Version id: determine-next-version shell: bash run: | set -ex export HELM=${{ steps.helm.outputs.helm-path }} $HELM repo add kyverno https://kyverno.github.io/kyverno $HELM repo update case "${{ inputs.upgrade-scenario }}" in "patch") export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel --versions | awk -F' +' '{print $2}' | awk '{$1=$1};1' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+(\.[0-9]+)?)?$' | awk -F. '!seen[$1"."$2"."$3]++' | head -1) ;; "minor") export INSTALL_VERSION=$($HELM search repo kyverno/kyverno --devel --versions | awk -F' +' '{print $2}' | awk '{$1=$1};1' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+(\.[0-9]+)?)?$' | awk -F. '!seen[$1"."$2]++' | head -1) ;; "latest") export INSTALL_VERSION=main ;; *) export INSTALL_VERSION=main ;; esac echo "::set-output name=next_version::$INSTALL_VERSION" - name: Checkout Next Version uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: ${{ steps.determine-next-version.outputs.next_version != 'main' }} with: repository: kyverno/kyverno ref: kyverno-chart-${{ steps.determine-next-version.outputs.next_version }} path: next-version - name: Install Kyverno from next-version if: ${{ steps.determine-next-version.outputs.next_version != 'main' }} shell: bash run: | set -ex export HELM=${{ steps.helm.outputs.helm-path }} export USE_CONFIG=${{ inputs.kyverno-configs }} cd next-version IFS=',' read -ra CONFIGS <<< "$USE_CONFIG" for config in "${CONFIGS[@]}"; do if [ ! -f ./scripts/config/$config/kyverno.yaml ]; then echo "Skipping installation of Kyverno from prev-version for config: $config" exit 0 fi done export INSTALL_VERSION=${{ steps.determine-next-version.outputs.next_version }} echo "Installing Kyverno using Helm with Chart version $INSTALL_VERSION" make -C .. kind-install-kyverno-from-repo - name: Install Kyverno from main if: ${{ steps.determine-next-version.outputs.next_version == 'main' }} shell: bash run: | set -ex export HELM=${{ steps.helm.outputs.helm-path }} export USE_CONFIG=${{ inputs.kyverno-configs }} echo "Installing Kyverno from main" make kind-install-kyverno - name: Wait for kyverno ready uses: ./.github/actions/kyverno-wait-ready # install kubectl-evict plugin needed for testing eviction subresource trigger - name: Install kubectl-evict shell: bash run: | set -e GOBIN=$(go env GOPATH)/bin go install github.com/ueokande/kubectl-evict@latest echo 'Adding kubectl-evict directory to PATH...' echo "${GOBIN}" >> "${GITHUB_PATH}" # run tests - name: Test with Chainsaw if: ${{ steps.determine-next-version.outputs.next_version != 'main' }} shell: bash env: GITHUB_TOKEN: ${{ inputs.token }} run: | set -e cd ./next-version/test/conformance/chainsaw chainsaw test ${{ inputs.tests-path }} \ --config ../${{ inputs.chainsaw-config }} \ --include-test-regex '^chainsaw$/${{ inputs.chainsaw-tests }}' \ --shard-index ${{ inputs.shard-index }} \ --shard-count ${{ inputs.shard-count }} - name: Test with Chainsaw if: ${{ steps.determine-next-version.outputs.next_version == 'main' }} shell: bash env: GITHUB_TOKEN: ${{ inputs.token }} run: | set -e cd ./test/conformance/chainsaw chainsaw test ${{ inputs.tests-path }} \ --config ${{ inputs.chainsaw-config }} \ --include-test-regex '^chainsaw$/${{ inputs.chainsaw-tests }}' \ --shard-index ${{ inputs.shard-index }} \ --shard-count ${{ inputs.shard-count }} # debug - name: Debug failure if: failure() uses: ./.github/actions/kyverno-logs