forked from open-policy-agent/gatekeeper
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Sertac Ozercan <[email protected]>
- Loading branch information
Showing
15 changed files
with
853 additions
and
884 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,53 +1,53 @@ | ||
| name: check-manifest | ||
| on: | ||
| push: | ||
| paths-ignore: | ||
| - ".github/workflows/website.yaml" | ||
| - "docs/**" | ||
| - "library/**" | ||
| - "demo/**" | ||
| - "deprecated/**" | ||
| - "example/**" | ||
| - "website/**" | ||
| - "**.md" | ||
| - "!cmd/build/helmify/static/README.md" | ||
| pull_request: | ||
| paths-ignore: | ||
| - ".github/workflows/website.yaml" | ||
| - "docs/**" | ||
| - "library/**" | ||
| - "demo/**" | ||
| - "deprecated/**" | ||
| - "example/**" | ||
| - "website/**" | ||
| - "**.md" | ||
| - "!cmd/build/helmify/static/README.md" | ||
| # name: check-manifest | ||
| # on: | ||
| # push: | ||
| # paths-ignore: | ||
| # - ".github/workflows/website.yaml" | ||
| # - "docs/**" | ||
| # - "library/**" | ||
| # - "demo/**" | ||
| # - "deprecated/**" | ||
| # - "example/**" | ||
| # - "website/**" | ||
| # - "**.md" | ||
| # - "!cmd/build/helmify/static/README.md" | ||
| # pull_request: | ||
| # paths-ignore: | ||
| # - ".github/workflows/website.yaml" | ||
| # - "docs/**" | ||
| # - "library/**" | ||
| # - "demo/**" | ||
| # - "deprecated/**" | ||
| # - "example/**" | ||
| # - "website/**" | ||
| # - "**.md" | ||
| # - "!cmd/build/helmify/static/README.md" | ||
|
|
||
| permissions: read-all | ||
| # permissions: read-all | ||
|
|
||
| jobs: | ||
| check_manifest: | ||
| name: "Check codegen and manifest" | ||
| runs-on: ubuntu-22.04 | ||
| timeout-minutes: 10 | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | ||
| with: | ||
| egress-policy: audit | ||
| # jobs: | ||
| # check_manifest: | ||
| # name: "Check codegen and manifest" | ||
| # runs-on: ubuntu-22.04 | ||
| # timeout-minutes: 10 | ||
| # steps: | ||
| # - name: Harden Runner | ||
| # uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | ||
| # with: | ||
| # egress-policy: audit | ||
|
|
||
| - name: Check out code into the Go module directory | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| # - name: Check out code into the Go module directory | ||
| # uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
|
|
||
| - name: Set up Go | ||
| uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | ||
| with: | ||
| go-version: "1.22" | ||
| check-latest: true | ||
| - name: Check go.mod and manifests | ||
| run: | | ||
| # there should be no additional manifest or go.mod changes | ||
| go mod tidy | ||
| git diff --exit-code | ||
| make generate manifests | ||
| git diff --exit-code | ||
| # - name: Set up Go | ||
| # uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | ||
| # with: | ||
| # go-version: "1.22" | ||
| # check-latest: true | ||
| # - name: Check go.mod and manifests | ||
| # run: | | ||
| # # there should be no additional manifest or go.mod changes | ||
| # go mod tidy | ||
| # git diff --exit-code | ||
| # make generate manifests | ||
| # git diff --exit-code |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,36 +1,36 @@ | ||
| name: "CodeQL" | ||
|
|
||
| on: | ||
| push: | ||
| branches: [master] | ||
| schedule: | ||
| - cron: "0 7 * * 1" # Mondays at 7:00 AM | ||
|
|
||
| permissions: read-all | ||
|
|
||
| jobs: | ||
| analyze: | ||
| name: Analyze | ||
| runs-on: ubuntu-22.04 | ||
| permissions: | ||
| security-events: write | ||
|
|
||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - name: Checkout repository | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | ||
|
|
||
| - name: Initialize CodeQL | ||
| uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd | ||
| with: | ||
| languages: go | ||
|
|
||
| - name: Autobuild | ||
| uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd | ||
|
|
||
| - name: Perform CodeQL Analysis | ||
| uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd | ||
| # name: "CodeQL" | ||
|
|
||
| # on: | ||
| # push: | ||
| # branches: [master] | ||
| # schedule: | ||
| # - cron: "0 7 * * 1" # Mondays at 7:00 AM | ||
|
|
||
| # permissions: read-all | ||
|
|
||
| # jobs: | ||
| # analyze: | ||
| # name: Analyze | ||
| # runs-on: ubuntu-22.04 | ||
| # permissions: | ||
| # security-events: write | ||
|
|
||
| # steps: | ||
| # - name: Harden Runner | ||
| # uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | ||
| # with: | ||
| # egress-policy: audit | ||
|
|
||
| # - name: Checkout repository | ||
| # uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | ||
|
|
||
| # - name: Initialize CodeQL | ||
| # uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd | ||
| # with: | ||
| # languages: go | ||
|
|
||
| # - name: Autobuild | ||
| # uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd | ||
|
|
||
| # - name: Perform CodeQL Analysis | ||
| # uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,69 +1,69 @@ | ||
| name: dapr-pubsub | ||
| on: | ||
| push: | ||
| paths: | ||
| - "pkg/pubsub/dapr" | ||
| - "test/pubsub/**" | ||
| pull_request: | ||
| paths: | ||
| - "pkg/pubsub/dapr" | ||
| - "test/pubsub/**" | ||
| permissions: read-all | ||
| # name: dapr-pubsub | ||
| # on: | ||
| # push: | ||
| # paths: | ||
| # - "pkg/pubsub/dapr" | ||
| # - "test/pubsub/**" | ||
| # pull_request: | ||
| # paths: | ||
| # - "pkg/pubsub/dapr" | ||
| # - "test/pubsub/**" | ||
| # permissions: read-all | ||
|
|
||
| jobs: | ||
| dapr_test: | ||
| name: "Dapr pubsub test" | ||
| runs-on: ubuntu-22.04 | ||
| timeout-minutes: 15 | ||
| strategy: | ||
| matrix: | ||
| DAPR_VERSION: ["1.12"] | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | ||
| with: | ||
| egress-policy: audit | ||
| # jobs: | ||
| # dapr_test: | ||
| # name: "Dapr pubsub test" | ||
| # runs-on: ubuntu-22.04 | ||
| # timeout-minutes: 15 | ||
| # strategy: | ||
| # matrix: | ||
| # DAPR_VERSION: ["1.12"] | ||
| # steps: | ||
| # - name: Harden Runner | ||
| # uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | ||
| # with: | ||
| # egress-policy: audit | ||
|
|
||
| - name: Check out code into the Go module directory | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | ||
| # - name: Check out code into the Go module directory | ||
| # uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | ||
|
|
||
| - name: Bootstrap e2e | ||
| run: | | ||
| mkdir -p $GITHUB_WORKSPACE/bin | ||
| mkdir .tmp | ||
| echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | ||
| make e2e-bootstrap | ||
| make e2e-helm-install | ||
| helm repo add dapr https://dapr.github.io/helm-charts/ | ||
| helm repo add bitnami https://charts.bitnami.com/bitnami | ||
| helm repo update | ||
| helm upgrade --install dapr dapr/dapr --version=${{ matrix.DAPR_VERSION }} --namespace dapr-system --create-namespace --wait --debug | ||
| helm upgrade --install redis bitnami/redis --namespace default --set image.tag=7.0-debian-11 --wait --debug | ||
| make e2e-subscriber-build-load-image | ||
| make e2e-subscriber-deploy | ||
| # - name: Bootstrap e2e | ||
| # run: | | ||
| # mkdir -p $GITHUB_WORKSPACE/bin | ||
| # mkdir .tmp | ||
| # echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | ||
| # make e2e-bootstrap | ||
| # make e2e-helm-install | ||
| # helm repo add dapr https://dapr.github.io/helm-charts/ | ||
| # helm repo add bitnami https://charts.bitnami.com/bitnami | ||
| # helm repo update | ||
| # helm upgrade --install dapr dapr/dapr --version=${{ matrix.DAPR_VERSION }} --namespace dapr-system --create-namespace --wait --debug | ||
| # helm upgrade --install redis bitnami/redis --namespace default --set image.tag=7.0-debian-11 --wait --debug | ||
| # make e2e-subscriber-build-load-image | ||
| # make e2e-subscriber-deploy | ||
|
|
||
| - name: Run e2e | ||
| run: | | ||
| make docker-buildx IMG=gatekeeper-e2e:latest | ||
| make e2e-build-load-externaldata-image | ||
| make docker-buildx-crds CRD_IMG=gatekeeper-crds:latest | ||
| kind load docker-image --name kind gatekeeper-e2e:latest gatekeeper-crds:latest | ||
| kubectl create ns gatekeeper-system | ||
| make e2e-publisher-deploy | ||
| make e2e-helm-deploy HELM_REPO=gatekeeper-e2e HELM_CRD_REPO=gatekeeper-crds HELM_RELEASE=latest ENABLE_PUBSUB=true LOG_LEVEL=DEBUG | ||
| make test-e2e ENABLE_PUBSUB_TESTS=1 | ||
| # - name: Run e2e | ||
| # run: | | ||
| # make docker-buildx IMG=gatekeeper-e2e:latest | ||
| # make e2e-build-load-externaldata-image | ||
| # make docker-buildx-crds CRD_IMG=gatekeeper-crds:latest | ||
| # kind load docker-image --name kind gatekeeper-e2e:latest gatekeeper-crds:latest | ||
| # kubectl create ns gatekeeper-system | ||
| # make e2e-publisher-deploy | ||
| # make e2e-helm-deploy HELM_REPO=gatekeeper-e2e HELM_CRD_REPO=gatekeeper-crds HELM_RELEASE=latest ENABLE_PUBSUB=true LOG_LEVEL=DEBUG | ||
| # make test-e2e ENABLE_PUBSUB_TESTS=1 | ||
|
|
||
| - name: Save logs | ||
| if: ${{ always() }} | ||
| run: | | ||
| kubectl logs -n fake-subscriber -l app=sub --tail=-1 > logs-audit-subscribe.json | ||
| kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-audit-publish.json | ||
| # - name: Save logs | ||
| # if: ${{ always() }} | ||
| # run: | | ||
| # kubectl logs -n fake-subscriber -l app=sub --tail=-1 > logs-audit-subscribe.json | ||
| # kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-audit-publish.json | ||
|
|
||
| - name: Upload artifacts | ||
| uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | ||
| if: ${{ always() }} | ||
| with: | ||
| name: pubsub-logs | ||
| path: | | ||
| logs-*.json | ||
| # - name: Upload artifacts | ||
| # uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | ||
| # if: ${{ always() }} | ||
| # with: | ||
| # name: pubsub-logs | ||
| # path: | | ||
| # logs-*.json | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,27 +1,27 @@ | ||
| # Dependency Review Action | ||
| # | ||
| # This Action will scan dependency manifest files that change as part of a Pull Request, | ||
| # surfacing known-vulnerable versions of the packages declared or updated in the PR. | ||
| # Once installed, if the workflow run is marked as required, | ||
| # PRs introducing known-vulnerable packages will be blocked from merging. | ||
| # | ||
| # Source repository: https://github.com/actions/dependency-review-action | ||
| name: 'Dependency Review' | ||
| on: [pull_request] | ||
| # # Dependency Review Action | ||
| # # | ||
| # # This Action will scan dependency manifest files that change as part of a Pull Request, | ||
| # # surfacing known-vulnerable versions of the packages declared or updated in the PR. | ||
| # # Once installed, if the workflow run is marked as required, | ||
| # # PRs introducing known-vulnerable packages will be blocked from merging. | ||
| # # | ||
| # # Source repository: https://github.com/actions/dependency-review-action | ||
| # name: 'Dependency Review' | ||
| # on: [pull_request] | ||
|
|
||
| permissions: | ||
| contents: read | ||
| # permissions: | ||
| # contents: read | ||
|
|
||
| jobs: | ||
| dependency-review: | ||
| runs-on: ubuntu-22.04 | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | ||
| with: | ||
| egress-policy: audit | ||
| # jobs: | ||
| # dependency-review: | ||
| # runs-on: ubuntu-22.04 | ||
| # steps: | ||
| # - name: Harden Runner | ||
| # uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | ||
| # with: | ||
| # egress-policy: audit | ||
|
|
||
| - name: 'Checkout Repository' | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3.5.2 | ||
| - name: 'Dependency Review' | ||
| uses: actions/dependency-review-action@a6993e2c61fd5dc440b409aa1d6904921c5e1894 # v4.3.5 | ||
| # - name: 'Checkout Repository' | ||
| # uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3.5.2 | ||
| # - name: 'Dependency Review' | ||
| # uses: actions/dependency-review-action@a6993e2c61fd5dc440b409aa1d6904921c5e1894 # v4.3.5 |
Oops, something went wrong.