-
Notifications
You must be signed in to change notification settings - Fork 253
135 lines (129 loc) · 4.21 KB
/
cel-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: E2E Tests - CEL
permissions: {}
on:
workflow_dispatch: {}
pull_request:
branches:
- 'main'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
chainsaw:
strategy:
fail-fast: false
matrix:
k8s-version:
- name: v1.25
version: v1.25.16
- name: v1.26
version: v1.26.14
- name: v1.27
version: v1.27.11
- name: v1.28
version: v1.28.7
- name: v1.29
version: v1.29.2
tests:
- ^argo-cel$
- ^aws-cel$
- ^best-practices-cel$
- ^consul-cel$
- ^flux-cel$
- ^istio-cel$
- ^kasten-cel$
- ^kubecost-cel$
- ^linkerd-cel$
- ^nginx-ingress-cel$
- ^openshift-cel$
- ^other-cel$/^a
- ^other-cel$/^[b-d]
- ^other-cel$/^[e-l]
- ^other-cel$/^[m-q]
- ^other-cel$/^re[c-q]
- ^other-cel$/^res
- ^other-cel$/^[s-z]
- ^pod-security-cel$
- ^psa-cel$
- ^traefik-cel$
runs-on: ubuntu-latest
name: ${{ matrix.k8s-version.name }} - ${{ matrix.tests }}
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Environment
uses: ./.github/actions/setup-env
with:
k8s-version: ${{ matrix.k8s-version.version }}
- name: Run CEL Tests
uses: ./.github/actions/run-tests
with:
tests: ${{ matrix.tests }}
validatingadmissionpolicies-v1alpha1:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
k8s-version:
- name: v1.27
version: v1.27.13
tests:
- ^pod-security-cel$
name: ${{ matrix.k8s-version.name }} - validating-admission-policies - ${{ matrix.tests }}
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Create kind cluster
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
with:
node_image: kindest/node:${{ matrix.k8s-version.version }}
cluster_name: kind
config: ./.github/scripts/config/kind/vap-v1alpha1.yaml
- name: Install latest kyverno with VAP generation enabled
run: ./.github/scripts/config/generate-validating-admission-policy/install-kyverno.sh
- name: Wait for kyverno ready
uses: ./.github/actions/wait-for-kyverno-ready
- name: Install CRDs
uses: ./.github/actions/install-crds
- name: Run VAP tests
uses: ./.github/actions/run-tests
with:
tests: ${{ matrix.tests }}
test-file: chainsaw-test-vap
k8s-version: ${{ matrix.k8s-version.version }}
validatingadmissionpolicies-tests-above-1-28:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
k8s-version:
- name: v1.28
version: v1.28.9
- name: v1.29
version: v1.29.4
- name: v1.30
version: v1.30.0
tests:
- ^pod-security-cel$
name: ${{ matrix.k8s-version.name }} - validating-admission-policies - ${{ matrix.tests }}
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Create kind cluster
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
with:
node_image: kindest/node:${{ matrix.k8s-version.version }}
cluster_name: kind
config: ./.github/scripts/config/kind/vap-v1beta1.yaml
- name: Install latest kyverno with VAP generation enabled
run: ./.github/scripts/config/generate-validating-admission-policy/install-kyverno.sh
- name: Wait for kyverno ready
uses: ./.github/actions/wait-for-kyverno-ready
- name: Install CRDs
uses: ./.github/actions/install-crds
- name: Run VAP tests
uses: ./.github/actions/run-tests
with:
tests: ${{ matrix.tests }}
test-file: chainsaw-test-vap
k8s-version: ${{ matrix.k8s-version.version }}