Update kindest/node Docker tag to v1.31.2 #4434
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - "v*.*.*" | |
| pull_request: | |
| branches: | |
| - main | |
| - version-bumps | |
| jobs: | |
| checkout: | |
| name: Checkout | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| submodules: true | |
| - name: Tar files | |
| run: tar -cf checkout.tar ./ | |
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: checkout.tar | |
| path: checkout.tar | |
| js-get-deps: | |
| needs: checkout | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: checkout.tar | |
| - name: Untar files | |
| run: tar -xf checkout.tar ./ | |
| - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
| with: | |
| node-version-file: '.nvmrc' | |
| - run: npm install | |
| - name: Tar files | |
| run: tar -cf codebase.tar ./ | |
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: codebase.tar | |
| path: codebase.tar | |
| js-units: | |
| runs-on: ubuntu-latest | |
| needs: js-get-deps | |
| permissions: | |
| checks: write | |
| steps: | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: codebase.tar | |
| - name: Untar files | |
| run: tar -xf codebase.tar ./ | |
| - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
| with: | |
| node-version-file: '.nvmrc' | |
| - run: npm run ci-test | |
| - uses: tanmen/jest-reporter@b51194185b294febdbe6d848f31f15614a06e2e3 # v1 | |
| if: always() | |
| with: | |
| action-name: Jest Unit Test Results | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| build-web-ui: | |
| runs-on: ubuntu-latest | |
| needs: js-get-deps | |
| steps: | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: codebase.tar | |
| - name: Untar files | |
| run: tar -xf codebase.tar ./ | |
| - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
| with: | |
| node-version-file: '.nvmrc' | |
| - run: "npm run build:webpack" | |
| - name: Tar files | |
| run: tar -cf webui.tar dist | |
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: webui.tar | |
| path: webui.tar | |
| publish-web-ui: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| needs: | |
| - build-web-ui | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| steps: | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: webui.tar | |
| - name: Untar files | |
| run: tar -xf webui.tar dist | |
| - name: Deploy | |
| uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| publish_dir: ./dist | |
| js-build-binaries: | |
| runs-on: ubuntu-latest | |
| needs: js-get-deps | |
| steps: | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: codebase.tar | |
| - name: Untar files | |
| run: tar -xf codebase.tar ./ | |
| - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
| with: | |
| node-version-file: '.nvmrc' | |
| - uses: MOZGIII/install-ldid-action@d5ab465f3a66a4d60a59882b935eb30e18e8d043 # renovate: tag=v1 | |
| with: | |
| tag: v2.1.5-procursus2 | |
| - run: npm run build | |
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: psp-migration-alpine-arm64 | |
| path: dist/bin/psp-migration-alpine-arm64 | |
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: psp-migration-alpine-x64 | |
| path: dist/bin/psp-migration-alpine-x64 | |
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: psp-migration-linux-arm64 | |
| path: dist/bin/psp-migration-linux-arm64 | |
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: psp-migration-linux-x64 | |
| path: dist/bin/psp-migration-linux-x64 | |
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: psp-migration-linuxstatic-arm64 | |
| path: dist/bin/psp-migration-linuxstatic-arm64 | |
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: psp-migration-linuxstatic-x64 | |
| path: dist/bin/psp-migration-linuxstatic-x64 | |
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: psp-migration-win-arm64.exe | |
| path: dist/bin/psp-migration-win-arm64.exe | |
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: psp-migration-win-x64.exe | |
| path: dist/bin/psp-migration-win-x64.exe | |
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: psp-migration-macos-arm64 | |
| path: dist/bin/psp-migration-macos-arm64 | |
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: psp-migration-macos-x64 | |
| path: dist/bin/psp-migration-macos-x64 | |
| policytests: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - checkout | |
| - js-build-binaries | |
| permissions: | |
| checks: write | |
| timeout-minutes: 30 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| system: | |
| - psp | |
| - gatekeeper | |
| - kyverno | |
| - kubewarden | |
| - pss | |
| - krail | |
| e2e: ["fixtures"] | |
| include: | |
| - system: kubewarden | |
| e2e: "e2e" | |
| - system: gatekeeper | |
| e2e: "e2e" | |
| - system: kyverno | |
| e2e: "e2e" | |
| steps: | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: checkout.tar | |
| - name: Untar files | |
| run: tar -xf checkout.tar ./ | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| if: matrix.e2e == 'e2e' | |
| with: | |
| name: psp-migration-linuxstatic-x64 | |
| - if: matrix.e2e == 'e2e' | |
| run: chmod +x psp-migration-linuxstatic-x64 | |
| - uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 | |
| timeout-minutes: 5 | |
| with: | |
| config: tests/kind-config-${{matrix.system}}.yaml | |
| - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 | |
| with: | |
| version: 'v3.7.1' | |
| - if: matrix.system == 'gatekeeper' | |
| name: Install gatekeeper | |
| run: | | |
| kubectl apply --wait -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper/release-3.12/deploy/gatekeeper.yaml | |
| kubectl wait --for=condition=available --timeout=600s -n gatekeeper-system \ | |
| deployment/gatekeeper-audit \ | |
| deployment/gatekeeper-controller-manager | |
| kubectl apply --wait -k submodules/gatekeeper-library/library/pod-security-policy | |
| kubectl apply --wait -k patched_gatekeeper_templates | |
| until kubectl wait --for condition=established --timeout=60s \ | |
| crd/constrainttemplates.templates.gatekeeper.sh \ | |
| crd/k8spspvolumetypes.constraints.gatekeeper.sh | |
| do | |
| sleep 1 | |
| done | |
| - if: matrix.system == 'kubewarden' | |
| name: Install kubewarden | |
| run: | | |
| helm repo add jetstack https://charts.jetstack.io | |
| helm repo add kubewarden https://charts.kubewarden.io | |
| helm repo update | |
| helm install --wait \ | |
| cert-manager jetstack/cert-manager \ | |
| --namespace cert-manager \ | |
| --create-namespace \ | |
| --version v1.5.3 \ | |
| --set installCRDs=true | |
| helm install --create-namespace -n kubewarden kubewarden-crds kubewarden/kubewarden-crds | |
| helm install --wait -n \ | |
| kubewarden kubewarden-controller kubewarden/kubewarden-controller \ | |
| --set telemetry.enabled=False | |
| helm install --wait -n kubewarden kubewarden-defaults kubewarden/kubewarden-defaults \ | |
| --set policyServer.telemetry.enabled=False | |
| - if: matrix.system == 'kyverno' | |
| name: Install kyverno | |
| run: | | |
| helm repo add kyverno https://kyverno.github.io/kyverno/ | |
| helm repo update | |
| helm install kyverno kyverno/kyverno -n kyverno --create-namespace --version 3.0.9 | |
| kubectl wait --for=condition=available --timeout=600s -n kyverno \ | |
| deployment/kyverno-admission-controller | |
| - if: matrix.system == 'krail' | |
| name: Install k-rail | |
| run: | | |
| helm repo add k-rail https://cruise-automation.github.io/k-rail/ | |
| helm repo update | |
| kubectl create namespace k-rail | |
| kubectl label namespace k-rail k-rail/ignore=true | |
| helm install --wait --set webhookTimeout=30 --set replicaCount=1 k-rail k-rail/k-rail --namespace k-rail | |
| - name: BATS tests | |
| continue-on-error: false | |
| run: submodules/bats/bin/bats --report-formatter junit tests | |
| env: | |
| SYSTEM: ${{ matrix.system }} | |
| E2E_TEST: ${{ matrix.e2e == 'e2e' && './psp-migration-linuxstatic-x64' }} | |
| - name: Test Report | |
| uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1 | |
| if: always() | |
| with: | |
| name: Test results (${{ matrix.system }}) ${{ matrix.e2e == 'e2e' && 'end-to-end' || 'static policy'}} | |
| path: report.xml | |
| reporter: java-junit | |
| fail-on-error: true | |
| release-binaries: | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| runs-on: ubuntu-latest | |
| needs: | |
| - js-build-binaries | |
| - semver | |
| permissions: | |
| contents: write | |
| id-token: write | |
| steps: | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: psp-migration-alpine-arm64 | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: psp-migration-alpine-x64 | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: psp-migration-linux-arm64 | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: psp-migration-linux-x64 | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: psp-migration-linuxstatic-arm64 | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: psp-migration-linuxstatic-x64 | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: psp-migration-win-arm64.exe | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: psp-migration-win-x64.exe | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: psp-migration-macos-arm64 | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: psp-migration-macos-x64 | |
| - uses: marvinpinto/action-automatic-releases@919008cf3f741b179569b7a6fb4d8860689ab7f0 # tag=v1.2.1 | |
| with: | |
| repo_token: "${{ secrets.GITHUB_TOKEN }}" | |
| automatic_release_tag: v${{ needs.semver.outputs.semantic_version}} | |
| prerelease: false | |
| title: v${{ needs.semver.outputs.semantic_version}} | |
| files: "*" | |
| codeql: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write | |
| needs: checkout | |
| steps: | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: checkout.tar | |
| - name: Untar files | |
| run: tar -xf checkout.tar ./ | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 | |
| with: | |
| languages: javascript | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 | |
| semver: | |
| name: Generate a semantic version number | |
| runs-on: ubuntu-latest | |
| outputs: | |
| semantic_version: ${{ steps.semver.outputs.semantic_version }} | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| with: | |
| fetch-depth: '0' | |
| - name: Semver run | |
| id: semver | |
| uses: lukaszraczylo/semver-generator@d7f5610110d853be94c9db072e976c8d646c4d92 # 1.12.141 | |
| with: | |
| config_file: .github/semver.yaml | |
| repository_local: true |