Skip to content

feat: add support for emit k8s events for allowed requests #8384

feat: add support for emit k8s events for allowed requests

feat: add support for emit k8s events for allowed requests #8384

Workflow file for this run

name: build_test
on:
push:
paths-ignore:
- ".github/workflows/website.yaml"
- "docs/**"
- "library/**"
- "demo/**"
- "deprecated/**"
- "example/**"
- "website/**"
- "**.md"
- "!cmd/build/helmify/static/README.md"
pull_request:
paths-ignore:
- ".github/workflows/website.yaml"
- "docs/**"
- "library/**"
- "demo/**"
- "deprecated/**"
- "example/**"
- "website/**"
- "**.md"
- "!cmd/build/helmify/static/README.md"
permissions: read-all
jobs:
build_test:
name: "Build and Test"
runs-on: ubuntu-22.04
timeout-minutes: 15
strategy:
fail-fast: false
matrix:
KUBERNETES_VERSION: ["1.26.3", "1.27.1", "1.28.0", "1.29.0"]
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: Check out code into the Go module directory
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: "1.22"
check-latest: true
- name: Bootstrap e2e
run: |
mkdir -p $GITHUB_WORKSPACE/bin
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
make e2e-bootstrap KUBERNETES_VERSION=${{ matrix.KUBERNETES_VERSION }}
- name: Run e2e
run: |
make docker-buildx \
IMG=gatekeeper-e2e:latest
make e2e-build-load-externaldata-image
kind load docker-image --name kind \
gatekeeper-e2e:latest
make deploy \
IMG=gatekeeper-e2e:latest \
USE_LOCAL_IMG=true
make test-e2e KUBERNETES_VERSION=${{ matrix.KUBERNETES_VERSION }} ENABLE_VAP_TESTS=1
- name: Save logs
if: ${{ always() }}
run: |
kubectl logs -n gatekeeper-system -l control-plane=controller-manager --tail=-1 > logs-controller.json
kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-audit.json
- name: Upload artifacts
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
if: ${{ always() }}
with:
name: logs-${{ matrix.KUBERNETES_VERSION }}
path: |
logs-*.json
helm_build_test:
name: "[Helm] Build and Test"
runs-on: ubuntu-22.04
timeout-minutes: 15
strategy:
fail-fast: false
matrix:
HELM_VERSION: ["3.14.1"]
GATEKEEPER_NAMESPACE: ["gatekeeper-system", "custom-namespace"]
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: Check out code into the Go module directory
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Bootstrap e2e
run: |
mkdir -p $GITHUB_WORKSPACE/bin
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
make e2e-bootstrap
- name: Run e2e
# TODO(ritazh): add helm chart values for vap feature before alpha release
run: |
make docker-buildx \
IMG=gatekeeper-e2e:latest \
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }}
make docker-buildx-crds \
CRD_IMG=gatekeeper-crds:latest \
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }}
make e2e-build-load-externaldata-image \
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }}
kind load docker-image --name kind \
gatekeeper-e2e:latest \
gatekeeper-crds:latest
make e2e-helm-deploy \
HELM_REPO=gatekeeper-e2e \
HELM_CRD_REPO=gatekeeper-crds \
HELM_RELEASE=latest \
HELM_VERSION=${{ matrix.HELM_VERSION }} \
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }} \
LOG_LEVEL=DEBUG
make test-e2e \
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }} \
ENABLE_VAP_TESTS=1
- name: Save logs
if: ${{ always() }}
run: |
kubectl logs -n ${{ matrix.GATEKEEPER_NAMESPACE }} -l control-plane=controller-manager --tail=-1 > logs-helm-${{ matrix.HELM_VERSION }}-${{ matrix.GATEKEEPER_NAMESPACE }}-controller.json
kubectl logs -n ${{ matrix.GATEKEEPER_NAMESPACE }} -l control-plane=audit-controller --tail=-1 > logs-helm-${{ matrix.HELM_VERSION }}-${{ matrix.GATEKEEPER_NAMESPACE }}-audit.json
kubectl logs -n ${{ matrix.GATEKEEPER_NAMESPACE }} -l run=dummy-provider --tail=-1 > logs-helm-${{ matrix.HELM_VERSION }}-${{ matrix.GATEKEEPER_NAMESPACE }}-dummy-provider.json
- name: Upload artifacts
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
if: ${{ always() }}
with:
name: helm-logs-${{ matrix.HELM_VERSION }}-${{ matrix.GATEKEEPER_NAMESPACE }}
path: |
logs-*.json
build_test_generator_expansion:
name: "[Generator Resource Expansion] Build and Test"
runs-on: ubuntu-22.04
timeout-minutes: 15
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: Check out code into the Go module directory
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: "1.22"
check-latest: true
- name: Bootstrap e2e
run: |
mkdir -p $GITHUB_WORKSPACE/bin
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
make e2e-bootstrap
- name: Run e2e
run: |
make docker-buildx \
IMG=gatekeeper-e2e:latest
make e2e-build-load-externaldata-image
kind load docker-image --name kind \
gatekeeper-e2e:latest
make deploy \
IMG=gatekeeper-e2e:latest \
USE_LOCAL_IMG=true \
ENABLE_GENERATOR_EXPANSION=true
make test-e2e ENABLE_GENERATOR_EXPANSION_TESTS=1
- name: Save logs
if: ${{ always() }}
run: |
kubectl logs -n gatekeeper-system -l control-plane=controller-manager --tail=-1 > logs-generatorexpansion-controller.json
kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-generatorexpansion-audit.json
- name: Upload artifacts
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
if: ${{ always() }}
with:
name: generatorexpansion-logs
path: |
logs-*.json