fix: ns exclusion audit from cache (#3129) #71
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: upgrade | |
on: | |
push: | |
paths: | |
- "manifest_staging/charts/**" | |
pull_request: | |
paths: | |
- "manifest_staging/charts/**" | |
permissions: | |
contents: read | |
env: | |
BASE_RELEASE: 3.9.2 | |
BASE_BRANCH: release-3.9 | |
jobs: | |
helm_upgrade: | |
name: "[Helm] Upgrade test" | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 15 | |
strategy: | |
matrix: | |
HELM_VERSION: ["3.7.2"] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 | |
with: | |
egress-policy: audit | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | |
- name: Bootstrap e2e | |
run: | | |
mkdir -p $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
make e2e-bootstrap KUBERNETES_VERSION=${{ env.KUBERNETES_VERSION }} | |
env: | |
KUBERNETES_VERSION: 1.24.4 | |
- name: Deploy Helm release | |
run: | | |
make e2e-helm-upgrade-init HELM_VERSION=${{ matrix.HELM_VERSION }} BASE_RELEASE=${{ env.BASE_RELEASE }} | |
- name: Run e2e after install | |
run: | | |
# running tests matching the base release | |
git clone https://github.com/open-policy-agent/gatekeeper.git -b ${{ env.BASE_BRANCH }} --sparse --depth 1 /tmp/gatekeeper-tests-${{ env.BASE_BRANCH }} | |
cd /tmp/gatekeeper-tests-${{ env.BASE_BRANCH }} | |
git sparse-checkout set test/bats | |
bats -t test/bats/test.bats | |
- name: Save logs | |
if: ${{ always() }} | |
run: | | |
kubectl logs -n gatekeeper-system -l control-plane=controller-manager --tail=-1 > logs-${{ matrix.HELM_VERSION }}-controller-pre-upgrade.json | |
kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-${{ matrix.HELM_VERSION }}-audit-pre-upgrade.json | |
- name: Cleanup | |
run: | | |
kubectl delete ns gatekeeper-test-playground gatekeeper-excluded-namespace || true | |
kubectl delete constrainttemplates --all || true | |
kubectl delete configs --all || true | |
- name: Upgrade Helm version | |
run: | | |
make docker-buildx \ | |
IMG=gatekeeper-e2e:latest \ | |
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }} | |
make docker-buildx-crds \ | |
CRD_IMG=gatekeeper-crds:latest \ | |
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }} | |
make e2e-build-load-externaldata-image \ | |
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }} | |
kind load docker-image --name kind \ | |
gatekeeper-e2e:latest \ | |
gatekeeper-crds:latest | |
make e2e-helm-upgrade \ | |
HELM_VERSION=${{ matrix.HELM_VERSION }} \ | |
HELM_REPO=gatekeeper-e2e \ | |
HELM_CRD_REPO=gatekeeper-crds \ | |
HELM_RELEASE=latest | |
- name: Run e2e after upgrade | |
run: | | |
make test-e2e | |
- name: Save logs | |
if: ${{ always() }} | |
run: | | |
kubectl logs -n gatekeeper-system -l control-plane=controller-manager --tail=-1 > logs-${{ matrix.HELM_VERSION }}-controller-post-upgrade.json | |
kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-${{ matrix.HELM_VERSION }}-audit-post-upgrade.json | |
kubectl logs -n gatekeeper-system -l run=dummy-provider --tail=-1 > logs-${{ matrix.HELM_VERSION }}-dummy-provider-post-upgrade.json | |
- name: Upload artifacts | |
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
if: ${{ always() }} | |
with: | |
name: logs | |
path: | | |
logs-*.json |