Skip to content

Commit

Permalink
fix: add separate workflow for CEL policies to unblock e2e tests (#1087)
Browse files Browse the repository at this point in the history
* add separate workflow file for CEL policies

Signed-off-by: Chandan-DK <[email protected]>

* clean commit to get E2E Tests for CEL and non CEL

Signed-off-by: Chandan-DK <[email protected]>

* install chainsaw in run-tests action

Signed-off-by: Chandan-DK <[email protected]>

* remove verify-git-repositories cel policy due to this error kyverno/kyverno#10313

Signed-off-by: Chandan-DK <[email protected]>

* revert removal of verify-git-repositories policy

Signed-off-by: Chandan-DK <[email protected]>

* rename test folder and chainsaw test file to avoid chainsaw test from running for verify-git-repositories policy

Signed-off-by: Chandan-DK <[email protected]>

* reference correct chainsaw test folder path in kyverno test

Signed-off-by: Chandan-DK <[email protected]>

---------

Signed-off-by: Chandan-DK <[email protected]>
  • Loading branch information
Chandan-DK authored Jul 30, 2024
1 parent 035fb4e commit 32371e4
Show file tree
Hide file tree
Showing 11 changed files with 141 additions and 67 deletions.
16 changes: 16 additions & 0 deletions .github/actions/run-tests/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
name: "Runs E2E Tests"
description: "Runs E2E tests using chainsaw"
inputs:
tests:
description: "Test regex"
required: true
runs:
using: "composite"
steps:
- name: Install Chainsaw
uses: kyverno/action-install-chainsaw@5d00c353f61f44f3b492c673420202d1b1374c3f # v0.2.6
- name: Test with Chainsaw
shell: bash
run: |
set -e
chainsaw test --config .chainsaw.yaml --include-test-regex '^chainsaw$/${{ inputs.tests }}' --no-color=false
51 changes: 51 additions & 0 deletions .github/actions/setup-env/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
name: "Setup Environment for E2E Tests"
description: "Sets up the environment for the E2E workflows"
inputs:
k8s-version:
description: "Kubernetes version"
required: true
runs:
using: "composite"
steps:
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ~1.21.1
- name: Install Tools
shell: bash
run: |
set -e
curl -LO "https://dl.k8s.io/release/${{ inputs.k8s-version }}/bin/linux/amd64/kubectl"
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
- name: Install kind
shell: bash
run: |
set -e
# For AMD64 / x86_64
[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64
# For ARM64
[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-arm64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
- name: Install latest Kyverno CLI
uses: kyverno/action-install-cli@fcee92fca5c883169ef9927acf543e0b5fc58289 # v0.2.0
- name: Create kind cluster
shell: bash
run: |
set -e
kind create cluster --image kindest/node:${{ inputs.k8s-version }} --config ./.github/kind.yml
- name: Install latest kyverno
shell: bash
run: |
set -e
kubectl create -f https://github.com/kyverno/kyverno/raw/main/config/install-latest-testing.yaml
- name: Wait for kyverno ready
shell: bash
run: |
set -e
kubectl wait --namespace kyverno --for=condition=ready pod --selector '!job-name' --timeout=60s
- name: Install CRDs
shell: bash
run: |
set -e
kubectl apply -f ./.chainsaw/crds
65 changes: 65 additions & 0 deletions .github/workflows/cel-test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
name: E2E Tests - CEL

permissions: {}

on:
workflow_dispatch: {}
pull_request:
branches:
- 'main'

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
chainsaw:
strategy:
fail-fast: false
matrix:
k8s-version:
- name: v1.25
version: v1.25.16
- name: v1.26
version: v1.26.14
- name: v1.27
version: v1.27.11
- name: v1.28
version: v1.28.7
- name: v1.29
version: v1.29.2
tests:
- ^argo-cel$
- ^aws-cel$
- ^best-practices-cel$
- ^consul-cel$
- ^flux-cel$
- ^istio-cel$
- ^kasten-cel$
- ^kubecost-cel$
- ^linkerd-cel$
- ^nginx-ingress-cel$
- ^openshift-cel$
- ^other-cel$/^a
- ^other-cel$/^[b-d]
- ^other-cel$/^[e-l]
- ^other-cel$/^[m-q]
- ^other-cel$/^re[c-q]
- ^other-cel$/^res
- ^other-cel$/^[s-z]
- ^pod-security-cel$
- ^psa-cel$
- ^traefik-cel$
runs-on: ubuntu-latest
name: ${{ matrix.k8s-version.name }} - ${{ matrix.tests }}
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Environment
uses: ./.github/actions/setup-env
with:
k8s-version: ${{ matrix.k8s-version.version }}
- name: Run CEL Tests
uses: ./.github/actions/run-tests
with:
tests: ${{ matrix.tests }}
72 changes: 7 additions & 65 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,104 +30,46 @@ jobs:
version: v1.29.2
tests:
- ^argo$
- ^argo-cel$
- ^aws$
- ^aws-cel$
- ^best-practices$
- ^best-practices-cel$
- ^castai$
- ^cert-manager$
- ^cleanup$
- ^consul$
- ^consul-cel$
- ^external-secret-operator$
- ^flux$
- ^flux-cel$
- ^istio$
- ^istio-cel$
- ^karpenter$
- ^kasten$
- ^kasten-cel$
- ^kubecost$
- ^kubecost-cel$
- ^kubeops$
- ^kubevirt$
- ^linkerd$
- ^linkerd-cel$
- ^nginx-ingress$
- ^nginx-ingress-cel$
- ^openshift$
- ^openshift-cel$
- ^other$/^a
- ^other-cel$/^a
- ^other$/^[b-d]
- ^other-cel$/^[b-d]
- ^other$/^[e-l]
- ^other-cel$/^[e-l]
- ^other$/^[m-q]
- ^other-cel$/^[m-q]
- ^other$/^re[c-q]
- ^other-cel$/^re[c-q]
- ^other$/^res
- ^other-cel$/^res
- ^other$/^[s-z]
- ^other-cel$/^[s-z]
- ^pod-security$
- ^pod-security-cel$
- ^psa$
- ^psa-cel$
- ^psp-migration$
- ^tekton$
- ^traefik$
- ^traefik-cel$
- ^velero$
runs-on: ubuntu-latest
name: ${{ matrix.k8s-version.name }} - ${{ matrix.tests }}
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
- name: Setup Environment
uses: ./.github/actions/setup-env
with:
go-version: ~1.21.1
- name: Install Tools
run: |
set -e
curl -LO "https://dl.k8s.io/release/${{ matrix.k8s-version.version }}/bin/linux/amd64/kubectl"
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
- name: Install kind
shell: bash
run: |
set -e
# For AMD64 / x86_64
[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64
# For ARM64
[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-arm64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
- name: Install latest Kyverno CLI
uses: kyverno/action-install-cli@fcee92fca5c883169ef9927acf543e0b5fc58289 # v0.2.0
- name: Create kind cluster
run: |
set -e
kind create cluster --image kindest/node:${{ matrix.k8s-version.version }} --config ./.github/kind.yml
- name: Install latest kyverno
run: |
set -e
kubectl create -f https://github.com/kyverno/kyverno/raw/main/config/install-latest-testing.yaml
- name: Wait for kyverno ready
run: |
set -e
kubectl wait --namespace kyverno --for=condition=ready pod --selector '!job-name' --timeout=60s
- name: Install CRDs
run: |
set -e
kubectl apply -f ./.chainsaw/crds
- name: Install Chainsaw
uses: kyverno/action-install-chainsaw@5d00c353f61f44f3b492c673420202d1b1374c3f # v0.2.6
- name: Test with Chainsaw
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -e
chainsaw test --config .chainsaw.yaml --include-test-regex '^chainsaw$/${{ matrix.tests }}' --no-color=false
k8s-version: ${{ matrix.k8s-version.version }}
- name: Run Tests
uses: ./.github/actions/run-tests
with:
tests: ${{ matrix.tests }}
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ metadata:
policies:
- ../verify-git-repositories.yaml
resources:
- ../.chainsaw-test/good-gitrepositories.yaml
- ../.chainsaw-test/bad-gitrepositories.yaml
- ../.chainsaw-test-rename-after-issue-10313-fix/good-gitrepositories.yaml
- ../.chainsaw-test-rename-after-issue-10313-fix/bad-gitrepositories.yaml
results:
- policy: verify-git-repositories
rule: github-repositories-only
Expand Down

0 comments on commit 32371e4

Please sign in to comment.