bump werkzeug to 3.0.6 to fix cve on krkn-hub baseimage #662

Workflow file for this run

	name: Functional & Unit Tests
	on:
	pull_request:
	push:
	branches:
	- main
	jobs:
	tests:
	# Common steps
	name: Functional & Unit Tests
	runs-on: ubuntu-latest
	steps:
	- name: Check out code
	uses: actions/checkout@v3
	- name: Create multi-node KinD cluster
	uses: redhat-chaos/actions/kind@main
	- name: Install Helm & add repos
	run: \|
	curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 \| bash
	helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
	helm repo add stable https://charts.helm.sh/stable
	helm repo update
	- name: Deploy prometheus & Port Forwarding
	run: \|
	kubectl create namespace prometheus-k8s
	helm install \
	--wait --timeout 360s \
	kind-prometheus \
	prometheus-community/kube-prometheus-stack \
	--namespace prometheus-k8s \
	--set prometheus.service.nodePort=30000 \
	--set prometheus.service.type=NodePort \
	--set grafana.service.nodePort=31000 \
	--set grafana.service.type=NodePort \
	--set alertmanager.service.nodePort=32000 \
	--set alertmanager.service.type=NodePort \
	--set prometheus-node-exporter.service.nodePort=32001 \
	--set prometheus-node-exporter.service.type=NodePort

	SELECTOR=`kubectl -n prometheus-k8s get service kind-prometheus-kube-prome-prometheus -o wide --no-headers=true \| awk '{ print $7 }'`
	POD_NAME=`kubectl -n prometheus-k8s get pods --selector="$SELECTOR" --no-headers=true \| awk '{ print $1 }'`
	kubectl -n prometheus-k8s port-forward $POD_NAME 9090:9090 &
	sleep 5
	- name: Install Python
	uses: actions/setup-python@v4
	with:
	python-version: '3.9'
	architecture: 'x64'
	- name: Install environment
	run: \|
	sudo apt-get install build-essential python3-dev
	pip install --upgrade pip
	pip install -r requirements.txt

	- name: Deploy test workloads
	run: \|
	kubectl apply -f CI/templates/outage_pod.yaml
	kubectl wait --for=condition=ready pod -l scenario=outage --timeout=300s
	kubectl apply -f CI/templates/container_scenario_pod.yaml
	kubectl wait --for=condition=ready pod -l scenario=container --timeout=300s
	kubectl create namespace namespace-scenario
	kubectl apply -f CI/templates/time_pod.yaml
	kubectl wait --for=condition=ready pod -l scenario=time-skew --timeout=300s
	kubectl apply -f CI/templates/service_hijacking.yaml
	kubectl wait --for=condition=ready pod -l "app.kubernetes.io/name=proxy" --timeout=300s
	- name: Get Kind nodes
	run: \|
	kubectl get nodes --show-labels=true
	# Pull request only steps
	- name: Run unit tests
	if: github.event_name == 'pull_request'
	run: python -m coverage run -a -m unittest discover -s tests -v

	- name: Setup Pull Request Functional Tests
	if: \|
	github.event_name == 'pull_request'
	run: \|
	yq -i '.kraken.port="8081"' CI/config/common_test_config.yaml
	yq -i '.kraken.signal_address="0.0.0.0"' CI/config/common_test_config.yaml
	yq -i '.kraken.performance_monitoring="localhost:9090"' CI/config/common_test_config.yaml
	echo "test_service_hijacking" > ./CI/tests/functional_tests
	echo "test_app_outages" >> ./CI/tests/functional_tests
	echo "test_container" >> ./CI/tests/functional_tests
	echo "test_namespace" >> ./CI/tests/functional_tests
	echo "test_net_chaos" >> ./CI/tests/functional_tests
	echo "test_time" >> ./CI/tests/functional_tests
	echo "test_arca_cpu_hog" >> ./CI/tests/functional_tests
	echo "test_arca_memory_hog" >> ./CI/tests/functional_tests
	echo "test_arca_io_hog" >> ./CI/tests/functional_tests


	# Push on main only steps + all other functional to collect coverage
	# for the badge
	- name: Configure AWS Credentials
	if: github.ref == 'refs/heads/main' && github.event_name == 'push'
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region : ${{ secrets.AWS_REGION }}
	- name: Setup Post Merge Request Functional Tests
	if: github.ref == 'refs/heads/main' && github.event_name == 'push'
	run: \|
	yq -i '.kraken.port="8081"' CI/config/common_test_config.yaml
	yq -i '.kraken.signal_address="0.0.0.0"' CI/config/common_test_config.yaml
	yq -i '.kraken.performance_monitoring="localhost:9090"' CI/config/common_test_config.yaml
	yq -i '.telemetry.username="${{secrets.TELEMETRY_USERNAME}}"' CI/config/common_test_config.yaml
	yq -i '.telemetry.password="${{secrets.TELEMETRY_PASSWORD}}"' CI/config/common_test_config.yaml
	echo "test_telemetry" > ./CI/tests/functional_tests
	echo "test_service_hijacking" >> ./CI/tests/functional_tests
	echo "test_app_outages" >> ./CI/tests/functional_tests
	echo "test_container" >> ./CI/tests/functional_tests
	echo "test_namespace" >> ./CI/tests/functional_tests
	echo "test_net_chaos" >> ./CI/tests/functional_tests
	echo "test_time" >> ./CI/tests/functional_tests
	echo "test_arca_cpu_hog" >> ./CI/tests/functional_tests
	echo "test_arca_memory_hog" >> ./CI/tests/functional_tests
	echo "test_arca_io_hog" >> ./CI/tests/functional_tests

	# Final common steps
	- name: Run Functional tests
	env:
	AWS_BUCKET: ${{ secrets.AWS_BUCKET }}
	run: \|
	./CI/run.sh
	cat ./CI/results.markdown >> $GITHUB_STEP_SUMMARY
	echo >> $GITHUB_STEP_SUMMARY
	- name: Upload CI logs
	uses: actions/upload-artifact@v4
	with:
	name: ci-logs
	path: CI/out
	if-no-files-found: error
	- name: Collect coverage report
	run: \|
	python -m coverage html
	python -m coverage json
	- name: Publish coverage report to job summary
	run: \|
	pip install html2text
	html2text --ignore-images --ignore-links -b 0 htmlcov/index.html >> $GITHUB_STEP_SUMMARY
	- name: Upload coverage data
	uses: actions/upload-artifact@v4
	with:
	name: coverage
	path: htmlcov
	if-no-files-found: error
	- name: Upload json coverage
	uses: actions/upload-artifact@v4
	with:
	name: coverage.json
	path: coverage.json
	if-no-files-found: error
	- name: Check CI results
	run: grep Fail CI/results.markdown && false \|\| true
	badge:
	permissions:
	contents: write
	name: Generate Coverage Badge
	runs-on: ubuntu-latest
	needs:
	- tests
	if: github.ref == 'refs/heads/main' && github.event_name == 'push'
	steps:
	- name: Check out doc repo
	uses: actions/checkout@master
	with:
	repository: krkn-chaos/krkn-lib-docs
	path: krkn-lib-docs
	ssh-key: ${{ secrets.KRKN_LIB_DOCS_PRIV_KEY }}
	- name: Download json coverage
	uses: actions/download-artifact@v4
	with:
	name: coverage.json
	- name: Set up Python
	uses: actions/setup-python@v4
	with:
	python-version: 3.9
	- name: Copy badge on GitHub Page Repo
	env:
	COLOR: yellow
	run: \|
	# generate coverage badge on previously calculated total coverage
	# and copy in the docs page
	export TOTAL=$(python -c "import json;print(json.load(open('coverage.json'))['totals']['percent_covered_display'])")
	[[ $TOTAL > 40 ]] && COLOR=green
	echo "TOTAL: $TOTAL"
	echo "COLOR: $COLOR"
	curl "https://img.shields.io/badge/coverage-$TOTAL%25-$COLOR" > ./krkn-lib-docs/coverage_badge_krkn.svg
	- name: Push updated Coverage Badge
	run: \|
	cd krkn-lib-docs
	git add .
	git config user.name "krkn-chaos"
	git config user.email "<>"
	git commit -m "[KRKN] Coverage Badge ${GITHUB_REF##*/}" \|\| echo "no changes to commit"
	git push

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bump werkzeug to 3.0.6 to fix cve on krkn-hub baseimage #662

Workflow file

bump werkzeug to 3.0.6 to fix cve on krkn-hub baseimage #662

Jobs

Run details

Workflow file for this run