Skip to content

release: v0.2.0 (#303) #891

release: v0.2.0 (#303)

release: v0.2.0 (#303) #891

Workflow file for this run

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: Tests
permissions: {}
on:
pull_request:
branches:
- main
push:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
unit-tests:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version-file: go.mod
cache-dependency-path: go.sum
- name: Run tests
run: |
set -e
make tests
- name: Upload coverage
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: coverage.out
path: coverage.out
retention-days: 1
if-no-files-found: error
upload-to-codecov:
needs:
- unit-tests
runs-on: ubuntu-latest
steps:
- name: Download coverage
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: coverage.out
- name: Upload Report to Codecov
uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
with:
files: ./coverage.out
fail_ci_if_error: true
verbose: true
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
prepare-images:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version-file: go.mod
cache-dependency-path: go.sum
- name: Save image archive
shell: bash
run: |
set -e
make ko-build
make docker-save-image
- name: Upload image archive
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: image.tar
path: image.tar
retention-days: 1
if-no-files-found: error
e2e-sidecar-injector:
runs-on: ubuntu-latest
needs: [ prepare-images ]
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version-file: go.mod
cache-dependency-path: go.sum
- name: Install helm
id: helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
- name: Install cosign
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- name: Install chainsaw
uses: kyverno/action-install-chainsaw@f2b47b97dc889c12702113753d713f01ec268de5 # v0.2.12
with:
verify: true
- name: Download image archive
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: image.tar
- name: Create kind cluster
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
with:
node_image: kindest/node:v1.29.2
cluster_name: kind
- name: Load image archive
run: |
set -e
make kind-load-archive
- name: Setup cert-manager
run: |
set -e
export HELM=${{ steps.helm.outputs.helm-path }}
make install-cert-manager install-cluster-issuer
- name: Install chart
run: |
set -e
export HELM=${{ steps.helm.outputs.helm-path }}
make deploy-kyverno-sidecar-injector
- name: Run Chainsaw Tests
run: chainsaw test tests/e2e/sidecar-injector
e2e-authz-server:
runs-on: ubuntu-latest
needs: [ prepare-images ]
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version-file: go.mod
cache-dependency-path: go.sum
- name: Install helm
id: helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
- name: Install cosign
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- name: Install chainsaw
uses: kyverno/action-install-chainsaw@f2b47b97dc889c12702113753d713f01ec268de5 # v0.2.12
with:
verify: true
- name: Download image archive
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: image.tar
- name: Create kind cluster
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
with:
node_image: kindest/node:v1.29.2
cluster_name: kind
- name: Load image archive
run: |
set -e
make kind-load-archive
- name: Setup istio
run: |
set -e
export HELM=${{ steps.helm.outputs.helm-path }}
make install-istio
- name: Setup cert-manager
run: |
set -e
export HELM=${{ steps.helm.outputs.helm-path }}
make install-cert-manager install-cluster-issuer
- name: Install chart
run: |
set -e
export HELM=${{ steps.helm.outputs.helm-path }}
make deploy-kyverno-authz-server
- name: Install sample app
run: |
set -e
kubectl create ns app
kubectl label namespace app istio-injection=enabled
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.24/samples/httpbin/httpbin.yaml -n app
kubectl patch deploy httpbin -n app --type=merge -p='{
"spec": {
"template": {
"metadata": {
"labels": {
"ext-authz": "enabled"
}
}
}
}
}'
- name: Run Chainsaw Tests (authz-server)
run: |
set -e
chainsaw test tests/e2e/authz-server
- name: Run Chainsaw Tests (validation-webhook)
run: |
set -e
chainsaw test tests/e2e/validation-webhook