Skip to content

chore: bump the all group with 4 updates #1590

chore: bump the all group with 4 updates

chore: bump the all group with 4 updates #1590

Workflow file for this run

name: CI
on:
push:
paths-ignore:
- ".github/workflows/website.yaml"
- "website/**"
branches: [master]
pull_request:
paths-ignore:
- ".github/workflows/website.yaml"
- "website/**"
branches: [master]
permissions:
contents: read
jobs:
website_script_unit_test:
runs-on: ubuntu-latest
name: "Test scripts"
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Unit test
run: |
make unit-test
generate:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Generate templates and docs
run: |
make generate generate-website-docs generate-artifacthub-artifacts
git diff --exit-code || (echo "Please run 'make generate generate-website-docs generate-artifacthub-artifacts' to generate the templates and docs" && exit 1)
- name: Validation
run: |
make validate
build:
needs: generate
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ "ubuntu-latest", "macos-latest" ]
opa: [ "v0.44.0", "v0.57.1" ]
name: Unit test on ${{ matrix.os }} opa ${{ matrix.opa }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- run: |
binary=$([[ "$OSTYPE" == "darwin"* ]] && echo "opa_darwin_amd64" || echo "opa_linux_amd64")
sudo curl -L -o /usr/local/bin/opa https://github.com/open-policy-agent/opa/releases/download/${{ matrix.opa }}/$binary
sudo chmod +x /usr/local/bin/opa
sh test.sh
build_test:
needs: generate
runs-on: ubuntu-latest
strategy:
matrix:
gatekeeper: [ "release-3.13", "release-3.14" ]
name: "Integration test on Gatekeeper ${{ matrix.gatekeeper }}"
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- name: Check out code into the Go module directory
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Bootstrap integration test
run: |
mkdir -p $GITHUB_WORKSPACE/bin
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
make integration-bootstrap
make deploy GATEKEEPER_VERSION=${{ matrix.gatekeeper }}
- name: Run integration test
run: |
make test-integration
- name: Save logs
run: |
kubectl logs -n gatekeeper-system -l control-plane=controller-manager --tail=-1 > logs-controller.json
kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-audit.json
- name: Upload artifacts
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
if: ${{ always() }}
with:
name: logs-int-test-${{ matrix.gatekeeper }}
path: |
logs-*.json
require_suites:
runs-on: ubuntu-latest
name: "Require a suite.yaml file alongside every template.yaml"
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Run script
run: |
make require-suites
require_sync:
runs-on: ubuntu-latest
name: "Require a sync.yaml file and metadata.gatekeeper.sh/requires-sync-data annotation for every template.yaml using data.inventory"
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Run script
run: |
make require-sync
gator-verify:
runs-on: ubuntu-latest
name: "Verify assertions in suite.yaml files"
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- run: |
make verify-gator-dockerized