Skip to content

feat(coco): Add cvm-adapter and rolling update #28

feat(coco): Add cvm-adapter and rolling update

feat(coco): Add cvm-adapter and rolling update #28

Workflow file for this run

# SPDX-License-Identifier: Apache-2.0
# Copyright 2023 Authors of Nimbus
name: PR checks
on:
pull_request:
types: [ opened, reopened, synchronize, ready_for_review ]
paths-ignore:
- '**.md'
- '**.sh'
- 'docs/**'
- 'LICENSE'
permissions: read-all
jobs:
license:
name: License
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- name: Check License Header
uses: apache/skywalking-eyes@a790ab8dd23a7f861c18bd6aaa9b012e3a234bce
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
static-checks:
name: Static checks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup go
uses: actions/setup-go@v4
with:
go-version: '1.22'
- name: go fmt
run: make fmt
- name: Lint
id: lint
uses: golangci/golangci-lint-action@v3
with:
version: v1.54
args: --deadline=30m --out-format=line-number
skip-cache: true # https://github.com/golangci/golangci-lint-action/issues/244#issuecomment-1052197778
go-sec:
runs-on: ubuntu-latest
permissions:
security-events: write
env:
GO111MODULE: on
steps:
- name: Checkout Source
uses: actions/checkout@v3
- name: Run Gosec Security Scanner
uses: securego/gosec@master
with:
# we let the report trigger content trigger a failure using the GitHub Security features.
args: '-no-fail -fmt sarif -out results.sarif ./...'
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
build-nimbus-image:
name: Build Nimbus Operator image
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- name: Checkout source code
uses: actions/checkout@v3
- name: Build image
run: make docker-build
build-adapters-image:
strategy:
matrix:
adapters: [ "nimbus-kubearmor", "nimbus-netpol", "nimbus-kyverno" ]
name: Build ${{ matrix.adapters }} adapter's image
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- name: Checkout source code
uses: actions/checkout@v3
- name: Build image
working-directory: ./pkg/adapter/${{ matrix.adapters }}
run: make docker-build
chainsaw-integration-tests:
name: Integration-Test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Install helm
id: helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Create k8s Kind Cluster
uses: helm/kind-action@v1
with:
cluster_name: testing
- name: Build image and load in the kind cluster
run: |
make docker-build
kind load docker-image 5gsec/nimbus:latest --name=testing
- name: Install Nimbus
run: |
helm upgrade --install nimbus-operator deployments/nimbus -n nimbus --create-namespace --set image.pullPolicy=Never
- name: Wait for Nimbus to start
run: |
kubectl wait --for=condition=ready --timeout=5m -n nimbus pod -l app.kubernetes.io/name=nimbus
kubectl get pods -A
- name: Run Tests
run: make integration-test
chainsaw-e2e-tests:
name: E2E-Test
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@v3
- name: Install helm
id: helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Create k8s Kind Cluster
uses: helm/kind-action@v1
with:
cluster_name: testing
- name: Build nimbus image and load in the kind cluster
run: |
make docker-build
kind load docker-image 5gsec/nimbus:latest --name=testing
- name: Build nimbus-netpol image and load in the kind cluster
working-directory: ./pkg/adapter/nimbus-netpol
run: |
make docker-build
kind load docker-image 5gsec/nimbus-netpol:latest --name=testing
- name: Build nimbus-kubearmor image and load in the kind cluster
working-directory: ./pkg/adapter/nimbus-kubearmor
run: |
make docker-build
kind load docker-image 5gsec/nimbus-kubearmor:latest --name=testing
- name: Build nimbus-kyverno image and load in the kind cluster
working-directory: ./pkg/adapter/nimbus-kyverno
run: |
make docker-build
kind load docker-image 5gsec/nimbus-kyverno:latest --name=testing
- name: Install Kubearmor CRDs
run: |
kubectl create -f https://raw.githubusercontent.com/kubearmor/KubeArmor/main/deployments/CRD/KubeArmorPolicy.yaml
- name: Install Kyverno CRDs
run: |
kubectl create -f https://raw.githubusercontent.com/kyverno/kyverno/main/config/crds/kyverno/kyverno.io_clusterpolicies.yaml
kubectl create -f https://raw.githubusercontent.com/kyverno/kyverno/main/config/crds/kyverno/kyverno.io_policies.yaml
- name: Install Nimbus
run: |
helm upgrade --install nimbus-operator deployments/nimbus -n nimbus --create-namespace --set image.pullPolicy=Never
- name: Wait for Nimbus to start
run: |
kubectl wait --for=condition=ready --timeout=5m -n nimbus pod -l app.kubernetes.io/name=nimbus
kubectl get pods -A
- name: Install nimbus-netpol
working-directory: deployments/nimbus-netpol/
run: |
helm upgrade --install nimbus-netpol . -n nimbus --set image.pullPolicy=Never
- name: Wait for nimbus-netpol to start
run: |
kubectl wait --for=condition=ready --timeout=5m -n nimbus pod -l app.kubernetes.io/name=nimbus-netpol
kubectl get pods -A
- name: Install nimbus-kubearmor
working-directory: deployments/nimbus-kubearmor/
run: |
helm upgrade --install nimbus-kubearmor . -n nimbus --set image.pullPolicy=Never
- name: Wait for nimbus-kubearmor to start
run: |
kubectl wait --for=condition=ready --timeout=5m -n nimbus pod -l app.kubernetes.io/name=nimbus-kubearmor
kubectl get pods -A
- name: Install nimbus-kyverno
working-directory: deployments/nimbus-kyverno/
run: |
helm upgrade --install nimbus-kyverno . -n nimbus --set image.pullPolicy=Never
- name: Wait for nimbus-kyverno to start
run: |
kubectl wait --for=condition=ready --timeout=5m -n nimbus pod -l app.kubernetes.io/name=nimbus-kyverno
kubectl get pods -A
- name: Run Tests
run: make e2e-test