This repository has been archived by the owner on Jan 18, 2024. It is now read-only.
Bump k8s.io/api from 0.28.4 to 0.29.1 #325
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright 2022 Chainguard, Inc. | |
# SPDX-License-Identifier: Apache-2.0 | |
name: Test proxy requests through the admission sidecar using release | |
on: | |
pull_request: | |
branches: | |
- 'main' | |
push: | |
defaults: | |
run: | |
shell: bash | |
permissions: read-all | |
jobs: | |
e2e: | |
name: Proxy e2e test using release | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
k8s-version: | |
- 1.24.x | |
- 1.25.x | |
- 1.26.x | |
env: | |
KNATIVE_VERSION: "1.10.1" | |
POLICY_CONTROLLER_VERSION: "v0.8.0" | |
KO_DOCKER_REPO: "registry.local:5000/proxy" | |
GO111MODULE: on | |
GOFLAGS: -ldflags=-s -ldflags=-w | |
KOCACHE: ~/ko | |
COSIGN_YES: true | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version: '1.21' | |
check-latest: true | |
- uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6 | |
- uses: imranismail/setup-kustomize@6691bdeb1b0a3286fb7f70fd1423c10e81e5375f # v2.0.0 | |
- name: Install yq | |
uses: mikefarah/yq@1c3d55106075bd37df197b4bc03cb4a413fdb903 # v4.40.4 | |
- name: Setup mirror | |
uses: chainguard-dev/actions/setup-mirror@main | |
with: | |
mirror: mirror.gcr.io | |
- uses: chainguard-dev/actions/setup-kind@main | |
with: | |
k8s-version: ${{ matrix.k8s-version}} | |
- name: Install policy-controller | |
run: | | |
kubectl apply -f https://github.com/sigstore/policy-controller/releases/download/${{ env.POLICY_CONTROLLER_VERSION }}/policy-controller-${{ env.POLICY_CONTROLLER_VERSION }}.yaml | |
# Wait little bit before waiting for the pods to get created | |
sleep 5 | |
kubectl wait pods -n cosign-system --for condition=Ready --timeout=90s --all | |
- name: Install proxy from release | |
run: | | |
kubectl apply -f https://github.com/chainguard-dev/admission-sidecar/releases/download/v0.0.1-rc.2/release-v0.0.1-rc.2.yaml | |
kubectl rollout status --timeout 2m --namespace chainguard-proxy deployments/proxy | |
sleep 10 | |
- name: Set up port-forward | |
run: | | |
POD=`kubectl -n chainguard-proxy get pods -oname` | |
kubectl -n chainguard-proxy port-forward $POD 8088:8088 & | |
# Just give port forward little time to start. | |
sleep 5 | |
# Make a note of this pod so we don't try to port forward to it again | |
# later. | |
echo "POD=$POD" >> $GITHUB_ENV | |
- name: Deploy CIPs | |
run: | | |
kubectl create -f ./test/testdata/cip-static-fail.yaml | |
kubectl create -f ./test/testdata/cip-static-pass.yaml | |
kubectl create -f ./test/testdata/cip-static-pass-fully-qualified.yaml | |
# Allow CIPs to propagate | |
sleep 5 | |
- name: Create test namespaces and label them appropriately | |
run: | | |
kubectl create ns test-labeled-include | |
kubectl label namespace test-labeled-include proxy.chainguard.dev/include=true | |
kubectl create ns test-labeled-do-not-include | |
kubectl label namespace test-labeled-do-not-include proxy.chainguard.dev/include=false | |
kubectl create ns test-not-labeled | |
- name: Run Proxy E2E Tests | |
timeout-minutes: 5 | |
run: | | |
go test -count=1 -v -race -tags=e2e ./test/e2e/... --require-label=true | |
- name: Then flip the enforcement label requirement to false | |
run: | | |
kubectl -n chainguard-proxy patch deployment proxy --type "json" -p '[{"op":"replace", "path":"/spec/template/spec/containers/0/env/0","value":{"name":"REQUIRE_LABEL","value":"false"}}]' | |
kubectl rollout status --timeout 2m --namespace chainguard-proxy deployments/proxy | |
sleep 5 | |
- name: Set up port-forward to our new pod | |
run: | | |
# Note that despite the deployment having rolled out, there's still | |
# the old pod hanging around for a bit, so grep it out of here so | |
# that we don't try to port-forward to it again :) | |
POD=`kubectl -n chainguard-proxy get pods -oname | grep -v ${{ env.POD }}` | |
kubectl -n chainguard-proxy port-forward $POD 8089:8088 & | |
# Just give port forward little time to start. | |
sleep 5 | |
- name: Run Proxy E2E Tests | |
timeout-minutes: 5 | |
run: | | |
go test -count=1 -v -race -tags=e2e ./test/e2e/... --url=http://localhost:8089 --require-label=false | |
- name: Collect diagnostics | |
if: ${{ failure() }} | |
uses: chainguard-dev/actions/kind-diag@84c993eaf02da1c325854fb272a4df9184bd80fc # main |