Skip to content
This repository has been archived by the owner on Jan 18, 2024. It is now read-only.

Bump mikefarah/yq from 4.40.4 to 4.40.5 #348

Bump mikefarah/yq from 4.40.4 to 4.40.5

Bump mikefarah/yq from 4.40.4 to 4.40.5 #348

Workflow file for this run

# Copyright 2022 Chainguard, Inc.
# SPDX-License-Identifier: Apache-2.0
name: Test proxy requests through the admission sidecar
on:
pull_request:
branches:
- 'main'
push:
defaults:
run:
shell: bash
permissions: read-all
jobs:
e2e:
name: Proxy e2e test
runs-on: ubuntu-latest
strategy:
matrix:
k8s-version:
- 1.24.x
- 1.25.x
- 1.26.x
env:
KNATIVE_VERSION: "1.10.1"
POLICY_CONTROLLER_VERSION: "v0.8.0"
KO_DOCKER_REPO: "registry.local:5000/proxy"
GO111MODULE: on
GOFLAGS: -ldflags=-s -ldflags=-w
KOCACHE: ~/ko
COSIGN_YES: true
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: '1.21'
check-latest: true
- uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6
- uses: imranismail/setup-kustomize@6691bdeb1b0a3286fb7f70fd1423c10e81e5375f # v2.0.0
- name: Install yq
uses: mikefarah/yq@dd648994340a5d03225d97abf19c9bf1086c3f07 # v4.40.5
- name: Setup mirror
uses: chainguard-dev/actions/setup-mirror@main
with:
mirror: mirror.gcr.io
- uses: chainguard-dev/actions/setup-kind@main
with:
k8s-version: ${{ matrix.k8s-version}}
- name: Install policy-controller
run: |
kubectl apply -f https://github.com/sigstore/policy-controller/releases/download/${{ env.POLICY_CONTROLLER_VERSION }}/policy-controller-${{ env.POLICY_CONTROLLER_VERSION }}.yaml
# Wait little bit before waiting for the pods to get created
sleep 5
kubectl wait pods -n cosign-system --for condition=Ready --timeout=90s --all
- name: Install proxy
run: |
make ko-apply
kubectl rollout status --timeout 2m --namespace chainguard-proxy deployments/proxy
sleep 10
- name: Set up port-forward
run: |
POD=`kubectl -n chainguard-proxy get pods -oname`
kubectl -n chainguard-proxy port-forward $POD 8088:8088 &
# Just give port forward little time to start.
sleep 5
# Make a note of this pod so we don't try to port forward to it again
# later.
echo "POD=$POD" >> $GITHUB_ENV
- name: Deploy CIPs
run: |
kubectl create -f ./test/testdata/cip-static-fail.yaml
kubectl create -f ./test/testdata/cip-static-pass.yaml
kubectl create -f ./test/testdata/cip-static-pass-fully-qualified.yaml
# Allow CIPs to propagate
sleep 5
- name: Create test namespaces and label them appropriately
run: |
kubectl create ns test-labeled-include
kubectl label namespace test-labeled-include proxy.chainguard.dev/include=true
kubectl create ns test-labeled-do-not-include
kubectl label namespace test-labeled-do-not-include proxy.chainguard.dev/include=false
kubectl create ns test-not-labeled
- name: Run Proxy E2E Tests
timeout-minutes: 5
run: |
go test -count=1 -v -race -tags=e2e ./test/e2e/... --require-label=true
- name: Then flip the enforcement label requirement to false
run: |
kubectl -n chainguard-proxy patch deployment proxy --type "json" -p '[{"op":"replace", "path":"/spec/template/spec/containers/0/env/0","value":{"name":"REQUIRE_LABEL","value":"false"}}]'
kubectl rollout status --timeout 2m --namespace chainguard-proxy deployments/proxy
sleep 5
- name: Set up port-forward to our new pod
run: |
# Note that despite the deployment having rolled out, there's still
# the old pod hanging around for a bit, so grep it out of here so
# that we don't try to port-forward to it again :)
POD=`kubectl -n chainguard-proxy get pods -oname | grep -v ${{ env.POD }}`
kubectl -n chainguard-proxy port-forward $POD 8089:8088 &
# Just give port forward little time to start.
sleep 5
- name: Run Proxy E2E Tests
timeout-minutes: 5
run: |
go test -count=1 -v -race -tags=e2e ./test/e2e/... --url=http://localhost:8089 --require-label=false
- name: Collect diagnostics
if: ${{ failure() }}
uses: chainguard-dev/actions/kind-diag@84c993eaf02da1c325854fb272a4df9184bd80fc # main