Skip to content

chore(deps): Bump github/codeql-action from 3.26.7 to 3.27.9 #331

chore(deps): Bump github/codeql-action from 3.26.7 to 3.27.9

chore(deps): Bump github/codeql-action from 3.26.7 to 3.27.9 #331

name: Migration Tests
permissions: {}
on:
workflow_dispatch: {}
pull_request:
branches:
- "main"
push:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
required:
strategy:
fail-fast: false
matrix:
k8s-version:
- name: v1.26
version: v1.26.13
- name: v1.27
version: v1.27.10
- name: v1.28
version: v1.28.6
- name: v1.29
version: v1.29.1
tests:
- ^reports$
runs-on: ubuntu-latest
name: ${{ matrix.k8s-version.name }} - ${{ matrix.tests }}
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Checkout kyverno/kyverno
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
repository: kyverno/kyverno
path: kyverno
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ~1.22.2
- name: Install helm
id: helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install Tools
run: |
set -e
curl -LO "https://dl.k8s.io/release/${{ matrix.k8s-version.version }}/bin/linux/amd64/kubectl"
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
- name: Install kind
shell: bash
run: |
set -e
# For AMD64 / x86_64
[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64
# For ARM64
[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-arm64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
- name: Create kind cluster
run: |
set -e
kind create cluster --image kindest/node:${{ matrix.k8s-version.version }} --config ./.github/kind.yml
- name: Install kyverno
run: |
set -e
export HELM=${{ steps.helm.outputs.helm-path }}
curl https://raw.githubusercontent.com/kyverno/kyverno/refs/heads/main/scripts/config/standard/kyverno.yaml > values.yaml
helm install kyverno -n kyverno --create-namespace ./kyverno/charts/kyverno --wait --values values.yaml
- name: Wait for kyverno ready
run: |
set -e
kubectl wait --namespace kyverno --for=condition=ready pod --selector '!job-name' --timeout=120s
# - name: Install PSS policies
# run: |
# set -e
# export HELM=${{ steps.helm.outputs.helm-path }}
# make install-pss-policies
- name: API Service status before migation
run: |
set -e
kubectl get apiservices v1alpha2.wgpolicyk8s.io v1.reports.kyverno.io
- name: Install report server
run: |
set -e
kubectl create ns reports-server
export HELM=${{ steps.helm.outputs.helm-path }}
make kind-install
- name: Wait for report server ready
run: |
set -e
kubectl wait --namespace reports-server --for=condition=ready pod --selector '!job-name' --timeout=120s
kubectl wait --for condition="available" apiservices v1alpha2.wgpolicyk8s.io v1.reports.kyverno.io --timeout=120s
- name: Wait for kyverno to pick up the change
run: |
set -e
sleep 600
- name: API Service status post migration
run: |
set -e
kubectl get apiservices v1alpha2.wgpolicyk8s.io v1.reports.kyverno.io
- name: Install Chainsaw
uses: kyverno/action-install-chainsaw@d311eacde764f806c9658574ff64c9c3b21f8397 # v0.2.11
- name: Test with Chainsaw
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -e
cd ./kyverno/test/conformance/chainsaw/reports && chainsaw test --config ./../../../../../.chainsaw.yaml --exclude-test-regex '^chainsaw$/^admission$/^label'
- name: Debug failure
if: failure()
uses: ./.github/actions/failure-logs