diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index fcc48a9d3..a50fac89e 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -65,22 +65,19 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - gatekeeper: [ "3.15.1", "3.16.3" ] + gatekeeper: [ "3.17.1", "3.18.1" ] engine: [ "cel", "rego" ] name: "Integration test on Gatekeeper ${{ matrix.gatekeeper }} for ${{ matrix.engine }} policies" steps: - name: Harden Runner - if: ${{ !(matrix.gatekeeper == '3.15.1' && matrix.engine == 'cel') }} # remove this condition once 3.17 is out uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit - name: Check out code into the Go module directory - if: ${{ !(matrix.gatekeeper == '3.15.1' && matrix.engine == 'cel') }} uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Bootstrap integration test - if: ${{ !(matrix.gatekeeper == '3.15.1' && matrix.engine == 'cel') }} run: | mkdir -p $GITHUB_WORKSPACE/bin echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH @@ -88,12 +85,10 @@ jobs: make deploy GATEKEEPER_VERSION=${{ matrix.gatekeeper }} POLICY_ENGINE=${{ matrix.engine }} - name: Run integration test - if: ${{ !(matrix.gatekeeper == '3.15.1' && matrix.engine == 'cel') }} run: | make test-integration - name: Save logs - if: ${{ !(matrix.gatekeeper == '3.15.1' && matrix.engine == 'cel') }} run: | kubectl logs -n gatekeeper-system -l control-plane=controller-manager --tail=-1 > logs-controller.json kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-audit.json @@ -136,18 +131,15 @@ jobs: strategy: matrix: engine: [ "cel", "rego" ] - gatekeeper: [ "3.15.1", "3.16.3" ] + gatekeeper: [ "3.17.1", "3.18.1" ] name: "Verify assertions in suite.yaml files for ${{ matrix.engine }} policies" steps: - name: Harden Runner - if: ${{ !(matrix.gatekeeper == '3.15.1' && matrix.engine == 'cel') }} # remove this condition once 3.17 is out uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - if: ${{ !(matrix.gatekeeper == '3.15.1' && matrix.engine == 'cel') }} - run: | make verify-gator-dockerized POLICY_ENGINE=${{ matrix.engine }} GATOR_VERSION=${{ matrix.gatekeeper }} - if: ${{ !(matrix.gatekeeper == '3.15.1' && matrix.engine == 'cel') }} diff --git a/Makefile b/Makefile index bc7908f22..064e6ec94 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ KUBERNETES_VERSION ?= 1.30.0 KUSTOMIZE_VERSION ?= 4.5.5 GATEKEEPER_VERSION ?= 3.16.3 BATS_VERSION ?= 1.8.2 -GATOR_VERSION ?= 3.16.3 +GATOR_VERSION ?= 3.17.0 GOMPLATE_VERSION ?= 3.11.6 POLICY_ENGINE ?= rego @@ -50,17 +50,17 @@ test-integration: .PHONY: verify-gator verify-gator: ifeq ($(POLICY_ENGINE), rego) - gator verify ./... --experimental-enable-k8s-native-validation=false + gator verify ./... --enable-k8s-native-validation=false else ifeq ($(POLICY_ENGINE), cel) - gator verify ./... --experimental-enable-k8s-native-validation=true + gator verify ./... --enable-k8s-native-validation=true endif .PHONY: verify-gator-dockerized verify-gator-dockerized: __build-gator ifeq ($(POLICY_ENGINE), rego) - $(docker) run -i -v $(shell pwd):/gatekeeper-library gator-container verify ./... --experimental-enable-k8s-native-validation=false + $(docker) run -i -v $(shell pwd):/gatekeeper-library gator-container verify ./... --enable-k8s-native-validation=false else ifeq ($(POLICY_ENGINE), cel) - $(docker) run -i -v $(shell pwd):/gatekeeper-library gator-container verify ./... --experimental-enable-k8s-native-validation=true + $(docker) run -i -v $(shell pwd):/gatekeeper-library gator-container verify ./... --enable-k8s-native-validation=true endif .PHONY: build-gator