chore(deps): Bump zgosalvez/github-actions-ensure-sha-pinned-actions from 3.0.19 to 3.0.20 #904
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
name: Tests | |
permissions: {} | |
on: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
unit-tests: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Setup go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version-file: go.mod | |
cache-dependency-path: go.sum | |
- name: Run tests | |
run: | | |
set -e | |
make tests | |
- name: Upload coverage | |
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
with: | |
name: coverage.out | |
path: coverage.out | |
retention-days: 1 | |
if-no-files-found: error | |
upload-to-codecov: | |
needs: | |
- unit-tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download coverage | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: coverage.out | |
- name: Upload Report to Codecov | |
uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 | |
with: | |
files: ./coverage.out | |
fail_ci_if_error: true | |
verbose: true | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
prepare-images: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Setup go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version-file: go.mod | |
cache-dependency-path: go.sum | |
- name: Save image archive | |
shell: bash | |
run: | | |
set -e | |
make ko-build | |
make docker-save-image | |
- name: Upload image archive | |
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
with: | |
name: image.tar | |
path: image.tar | |
retention-days: 1 | |
if-no-files-found: error | |
e2e-sidecar-injector: | |
runs-on: ubuntu-latest | |
needs: [ prepare-images ] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Setup go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version-file: go.mod | |
cache-dependency-path: go.sum | |
- name: Install helm | |
id: helm | |
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 | |
- name: Install cosign | |
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 | |
- name: Install chainsaw | |
uses: kyverno/action-install-chainsaw@f2b47b97dc889c12702113753d713f01ec268de5 # v0.2.12 | |
with: | |
verify: true | |
- name: Download image archive | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: image.tar | |
- name: Create kind cluster | |
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 | |
with: | |
node_image: kindest/node:v1.29.2 | |
cluster_name: kind | |
- name: Load image archive | |
run: | | |
set -e | |
make kind-load-archive | |
- name: Setup cert-manager | |
run: | | |
set -e | |
export HELM=${{ steps.helm.outputs.helm-path }} | |
make install-cert-manager install-cluster-issuer | |
- name: Install chart | |
run: | | |
set -e | |
export HELM=${{ steps.helm.outputs.helm-path }} | |
make deploy-kyverno-sidecar-injector | |
- name: Run Chainsaw Tests | |
run: chainsaw test tests/e2e/sidecar-injector | |
e2e-authz-server: | |
runs-on: ubuntu-latest | |
needs: [ prepare-images ] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Setup go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version-file: go.mod | |
cache-dependency-path: go.sum | |
- name: Install helm | |
id: helm | |
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 | |
- name: Install cosign | |
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 | |
- name: Install chainsaw | |
uses: kyverno/action-install-chainsaw@f2b47b97dc889c12702113753d713f01ec268de5 # v0.2.12 | |
with: | |
verify: true | |
- name: Download image archive | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: image.tar | |
- name: Create kind cluster | |
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 | |
with: | |
node_image: kindest/node:v1.29.2 | |
cluster_name: kind | |
- name: Load image archive | |
run: | | |
set -e | |
make kind-load-archive | |
- name: Setup istio | |
run: | | |
set -e | |
export HELM=${{ steps.helm.outputs.helm-path }} | |
make install-istio | |
- name: Setup cert-manager | |
run: | | |
set -e | |
export HELM=${{ steps.helm.outputs.helm-path }} | |
make install-cert-manager install-cluster-issuer | |
- name: Install chart | |
run: | | |
set -e | |
export HELM=${{ steps.helm.outputs.helm-path }} | |
make deploy-kyverno-authz-server | |
- name: Install sample app | |
run: | | |
set -e | |
kubectl create ns app | |
kubectl label namespace app istio-injection=enabled | |
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.24/samples/httpbin/httpbin.yaml -n app | |
kubectl patch deploy httpbin -n app --type=merge -p='{ | |
"spec": { | |
"template": { | |
"metadata": { | |
"labels": { | |
"ext-authz": "enabled" | |
} | |
} | |
} | |
} | |
}' | |
- name: Run Chainsaw Tests (authz-server) | |
run: | | |
set -e | |
chainsaw test tests/e2e/authz-server | |
- name: Run Chainsaw Tests (validation-webhook) | |
run: | | |
set -e | |
chainsaw test tests/e2e/validation-webhook |