From 388d12f513bbbce75934dfdb21070e0f8d9b96a1 Mon Sep 17 00:00:00 2001 From: Matthias Bertschy Date: Tue, 19 Sep 2023 08:35:29 +0200 Subject: [PATCH 1/2] fix cron schedules in test Signed-off-by: Matthias Bertschy --- .../tests/__snapshot__/snapshot_test.yaml.snap | 8 ++++---- charts/kubescape-operator/tests/snapshot_test.yaml | 2 ++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap index c7a3549e..7b84b387 100644 --- a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap +++ b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap @@ -594,7 +594,7 @@ matches the snapshot: - configMap: name: kubescape-scheduler name: kubescape-scheduler - schedule: 27 14 * * * + schedule: 1 2 3 4 5 17: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -1218,7 +1218,7 @@ matches the snapshot: - configMap: name: kubevuln-scheduler name: kubevuln-scheduler - schedule: 37 11 * * * + schedule: 1 2 3 4 5 30: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -1896,7 +1896,7 @@ matches the snapshot: 45: | apiVersion: v1 data: - cronjobTemplate: "apiVersion: batch/v1\nkind: CronJob\nmetadata:\n name: kubescape-scheduler\n namespace: kubescape\n labels:\n app: kubescape-scheduler\n tier: ks-control-plane\n armo.tier: \"kubescape-scan\"\nspec:\n schedule: \"0 8 * * *\"\n jobTemplate:\n spec:\n template:\n metadata:\n labels:\n armo.tier: \"kubescape-scan\"\n spec:\n containers:\n - name: kubescape-scheduler\n image: \"quay.io/kubescape/http-request:v0.0.14\"\n imagePullPolicy: IfNotPresent\n securityContext:\n allowPrivilegeEscalation: false\n readOnlyRootFilesystem: true\n runAsNonRoot: true\n runAsUser: 100\n resources:\n limits:\n cpu: 10m\n memory: 20Mi\n requests:\n cpu: 1m\n memory: 10Mi\n args: \n - -method=post\n - -scheme=http\n - -host=operator:4002\n - -path=v1/triggerAction\n - -headers=\"Content-Type:application/json\"\n - -path-body=/home/ks/request-body.json\n volumeMounts:\n - name: \"request-body-volume\"\n mountPath: /home/ks/request-body.json\n subPath: request-body.json\n readOnly: true\n restartPolicy: Never\n automountServiceAccountToken: false\n volumes:\n - name: \"request-body-volume\" # placeholder\n configMap:\n name: kubescape-scheduler" + cronjobTemplate: "apiVersion: batch/v1\nkind: CronJob\nmetadata:\n name: kubescape-scheduler\n namespace: kubescape\n labels:\n app: kubescape-scheduler\n tier: ks-control-plane\n armo.tier: \"kubescape-scan\"\nspec:\n schedule: \"1 2 3 4 5\"\n jobTemplate:\n spec:\n template:\n metadata:\n labels:\n armo.tier: \"kubescape-scan\"\n spec:\n containers:\n - name: kubescape-scheduler\n image: \"quay.io/kubescape/http-request:v0.0.14\"\n imagePullPolicy: IfNotPresent\n securityContext:\n allowPrivilegeEscalation: false\n readOnlyRootFilesystem: true\n runAsNonRoot: true\n runAsUser: 100\n resources:\n limits:\n cpu: 10m\n memory: 20Mi\n requests:\n cpu: 1m\n memory: 10Mi\n args: \n - -method=post\n - -scheme=http\n - -host=operator:4002\n - -path=v1/triggerAction\n - -headers=\"Content-Type:application/json\"\n - -path-body=/home/ks/request-body.json\n volumeMounts:\n - name: \"request-body-volume\"\n mountPath: /home/ks/request-body.json\n subPath: request-body.json\n readOnly: true\n restartPolicy: Never\n automountServiceAccountToken: false\n volumes:\n - name: \"request-body-volume\" # placeholder\n configMap:\n name: kubescape-scheduler" kind: ConfigMap metadata: labels: @@ -1907,7 +1907,7 @@ matches the snapshot: 46: | apiVersion: v1 data: - cronjobTemplate: "apiVersion: batch/v1\nkind: CronJob\nmetadata:\n name: kubevuln-scheduler\n namespace: kubescape\n labels:\n app: kubevuln-scheduler\n tier: ks-control-plane\n armo.tier: \"vuln-scan\"\nspec:\n schedule: \"0 0 * * *\" \n jobTemplate:\n spec:\n template:\n metadata:\n labels:\n armo.tier: \"vuln-scan\"\n spec:\n containers:\n - name: kubevuln-scheduler\n image: \"quay.io/kubescape/http-request:v0.0.14\"\n imagePullPolicy: IfNotPresent\n securityContext:\n allowPrivilegeEscalation: false\n readOnlyRootFilesystem: true\n runAsNonRoot: true\n runAsUser: 100\n resources:\n limits:\n cpu: 10m\n memory: 20Mi\n requests:\n cpu: 1m\n memory: 10Mi\n args: \n - -method=post\n - -scheme=http\n - -host=operator:4002\n - -path=v1/triggerAction\n - -headers=\"Content-Type:application/json\"\n - -path-body=/home/ks/request-body.json\n volumeMounts:\n - name: \"request-body-volume\"\n mountPath: /home/ks/request-body.json\n subPath: request-body.json\n readOnly: true\n restartPolicy: Never\n automountServiceAccountToken: false\n volumes:\n - name: \"request-body-volume\" # placeholder\n configMap:\n name: kubevuln-scheduler" + cronjobTemplate: "apiVersion: batch/v1\nkind: CronJob\nmetadata:\n name: kubevuln-scheduler\n namespace: kubescape\n labels:\n app: kubevuln-scheduler\n tier: ks-control-plane\n armo.tier: \"vuln-scan\"\nspec:\n schedule: \"1 2 3 4 5\" \n jobTemplate:\n spec:\n template:\n metadata:\n labels:\n armo.tier: \"vuln-scan\"\n spec:\n containers:\n - name: kubevuln-scheduler\n image: \"quay.io/kubescape/http-request:v0.0.14\"\n imagePullPolicy: IfNotPresent\n securityContext:\n allowPrivilegeEscalation: false\n readOnlyRootFilesystem: true\n runAsNonRoot: true\n runAsUser: 100\n resources:\n limits:\n cpu: 10m\n memory: 20Mi\n requests:\n cpu: 1m\n memory: 10Mi\n args: \n - -method=post\n - -scheme=http\n - -host=operator:4002\n - -path=v1/triggerAction\n - -headers=\"Content-Type:application/json\"\n - -path-body=/home/ks/request-body.json\n volumeMounts:\n - name: \"request-body-volume\"\n mountPath: /home/ks/request-body.json\n subPath: request-body.json\n readOnly: true\n restartPolicy: Never\n automountServiceAccountToken: false\n volumes:\n - name: \"request-body-volume\" # placeholder\n configMap:\n name: kubevuln-scheduler" kind: ConfigMap metadata: labels: diff --git a/charts/kubescape-operator/tests/snapshot_test.yaml b/charts/kubescape-operator/tests/snapshot_test.yaml index 9b62bccd..0a44c30b 100644 --- a/charts/kubescape-operator/tests/snapshot_test.yaml +++ b/charts/kubescape-operator/tests/snapshot_test.yaml @@ -19,3 +19,5 @@ tests: proxySecretFile: foo grypeOfflineDB.enabled: true kubescape.serviceMonitor.enabled: true + kubescapeScheduler.scanSchedule: "1 2 3 4 5" + kubevulnScheduler.scanSchedule: "1 2 3 4 5" From 7cb87e9f99dbb8e2b737926506019655ba291625 Mon Sep 17 00:00:00 2001 From: Matthias Bertschy Date: Tue, 19 Sep 2023 11:34:17 +0200 Subject: [PATCH 2/2] add gh action to run unittest with docker Signed-off-by: Matthias Bertschy --- .github/workflows/pr-created.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/pr-created.yaml diff --git a/.github/workflows/pr-created.yaml b/.github/workflows/pr-created.yaml new file mode 100644 index 00000000..34b9e579 --- /dev/null +++ b/.github/workflows/pr-created.yaml @@ -0,0 +1,24 @@ +name: pull_request_created +on: + pull_request: + types: [opened, reopened, synchronize, ready_for_review] + paths-ignore: + - '*.md' + - '.github/workflows/*' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + pr-created: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Run Helm Unittests + run: docker run --rm --name unittest --volume "$(pwd)":/apps helmunittest/helm-unittest charts/kubescape-operator/