feat: add support for emit k8s events for allowed requests #8384
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build_test | |
on: | |
push: | |
paths-ignore: | |
- ".github/workflows/website.yaml" | |
- "docs/**" | |
- "library/**" | |
- "demo/**" | |
- "deprecated/**" | |
- "example/**" | |
- "website/**" | |
- "**.md" | |
- "!cmd/build/helmify/static/README.md" | |
pull_request: | |
paths-ignore: | |
- ".github/workflows/website.yaml" | |
- "docs/**" | |
- "library/**" | |
- "demo/**" | |
- "deprecated/**" | |
- "example/**" | |
- "website/**" | |
- "**.md" | |
- "!cmd/build/helmify/static/README.md" | |
permissions: read-all | |
jobs: | |
build_test: | |
name: "Build and Test" | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 15 | |
strategy: | |
fail-fast: false | |
matrix: | |
KUBERNETES_VERSION: ["1.26.3", "1.27.1", "1.28.0", "1.29.0"] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
with: | |
egress-policy: audit | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Set up Go | |
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | |
with: | |
go-version: "1.22" | |
check-latest: true | |
- name: Bootstrap e2e | |
run: | | |
mkdir -p $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
make e2e-bootstrap KUBERNETES_VERSION=${{ matrix.KUBERNETES_VERSION }} | |
- name: Run e2e | |
run: | | |
make docker-buildx \ | |
IMG=gatekeeper-e2e:latest | |
make e2e-build-load-externaldata-image | |
kind load docker-image --name kind \ | |
gatekeeper-e2e:latest | |
make deploy \ | |
IMG=gatekeeper-e2e:latest \ | |
USE_LOCAL_IMG=true | |
make test-e2e KUBERNETES_VERSION=${{ matrix.KUBERNETES_VERSION }} ENABLE_VAP_TESTS=1 | |
- name: Save logs | |
if: ${{ always() }} | |
run: | | |
kubectl logs -n gatekeeper-system -l control-plane=controller-manager --tail=-1 > logs-controller.json | |
kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-audit.json | |
- name: Upload artifacts | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
if: ${{ always() }} | |
with: | |
name: logs-${{ matrix.KUBERNETES_VERSION }} | |
path: | | |
logs-*.json | |
helm_build_test: | |
name: "[Helm] Build and Test" | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 15 | |
strategy: | |
fail-fast: false | |
matrix: | |
HELM_VERSION: ["3.14.1"] | |
GATEKEEPER_NAMESPACE: ["gatekeeper-system", "custom-namespace"] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
with: | |
egress-policy: audit | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Bootstrap e2e | |
run: | | |
mkdir -p $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
make e2e-bootstrap | |
- name: Run e2e | |
# TODO(ritazh): add helm chart values for vap feature before alpha release | |
run: | | |
make docker-buildx \ | |
IMG=gatekeeper-e2e:latest \ | |
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }} | |
make docker-buildx-crds \ | |
CRD_IMG=gatekeeper-crds:latest \ | |
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }} | |
make e2e-build-load-externaldata-image \ | |
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }} | |
kind load docker-image --name kind \ | |
gatekeeper-e2e:latest \ | |
gatekeeper-crds:latest | |
make e2e-helm-deploy \ | |
HELM_REPO=gatekeeper-e2e \ | |
HELM_CRD_REPO=gatekeeper-crds \ | |
HELM_RELEASE=latest \ | |
HELM_VERSION=${{ matrix.HELM_VERSION }} \ | |
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }} \ | |
LOG_LEVEL=DEBUG | |
make test-e2e \ | |
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }} \ | |
ENABLE_VAP_TESTS=1 | |
- name: Save logs | |
if: ${{ always() }} | |
run: | | |
kubectl logs -n ${{ matrix.GATEKEEPER_NAMESPACE }} -l control-plane=controller-manager --tail=-1 > logs-helm-${{ matrix.HELM_VERSION }}-${{ matrix.GATEKEEPER_NAMESPACE }}-controller.json | |
kubectl logs -n ${{ matrix.GATEKEEPER_NAMESPACE }} -l control-plane=audit-controller --tail=-1 > logs-helm-${{ matrix.HELM_VERSION }}-${{ matrix.GATEKEEPER_NAMESPACE }}-audit.json | |
kubectl logs -n ${{ matrix.GATEKEEPER_NAMESPACE }} -l run=dummy-provider --tail=-1 > logs-helm-${{ matrix.HELM_VERSION }}-${{ matrix.GATEKEEPER_NAMESPACE }}-dummy-provider.json | |
- name: Upload artifacts | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
if: ${{ always() }} | |
with: | |
name: helm-logs-${{ matrix.HELM_VERSION }}-${{ matrix.GATEKEEPER_NAMESPACE }} | |
path: | | |
logs-*.json | |
build_test_generator_expansion: | |
name: "[Generator Resource Expansion] Build and Test" | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 15 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
with: | |
egress-policy: audit | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Set up Go | |
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | |
with: | |
go-version: "1.22" | |
check-latest: true | |
- name: Bootstrap e2e | |
run: | | |
mkdir -p $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
make e2e-bootstrap | |
- name: Run e2e | |
run: | | |
make docker-buildx \ | |
IMG=gatekeeper-e2e:latest | |
make e2e-build-load-externaldata-image | |
kind load docker-image --name kind \ | |
gatekeeper-e2e:latest | |
make deploy \ | |
IMG=gatekeeper-e2e:latest \ | |
USE_LOCAL_IMG=true \ | |
ENABLE_GENERATOR_EXPANSION=true | |
make test-e2e ENABLE_GENERATOR_EXPANSION_TESTS=1 | |
- name: Save logs | |
if: ${{ always() }} | |
run: | | |
kubectl logs -n gatekeeper-system -l control-plane=controller-manager --tail=-1 > logs-generatorexpansion-controller.json | |
kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-generatorexpansion-audit.json | |
- name: Upload artifacts | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
if: ${{ always() }} | |
with: | |
name: generatorexpansion-logs | |
path: | | |
logs-*.json |