Merge branch 'main' into simplify-cel-host-ports

kyverno · Oct 1, 2024 · 5045ac9 · 5045ac9
2 parents a50b82a + 72901e6
commit 5045ac9
Show file tree

Hide file tree

Showing 1,667 changed files with 10,877 additions and 7,928 deletions.
diff --git a/.chainsaw.yaml b/.chainsaw.yaml
@@ -16,3 +16,4 @@ spec:
   fullName: true
   forceTerminationGracePeriod: 5s
   delayBeforeCleanup: 3s
+
diff --git a/.github/actions/run-tests/action.yaml b/.github/actions/run-tests/action.yaml
@@ -7,8 +7,12 @@ inputs:
 runs:
   using: "composite"
   steps:
+    - name: Install Cosign
+      uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
     - name: Install Chainsaw
-      uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
+      uses: kyverno/action-install-chainsaw@d1a61148c0437a66760d11d8575332305c2234cb # v0.2.10
+      with:
+        verify: true
     - name: Test with Chainsaw
       shell: bash
       run: |

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,6 +1,8 @@
 version: 2
 updates:
   - package-ecosystem: github-actions
-    directory: /
+    directories:
+      - /
+      - /.github/actions/*/
     schedule:
       interval: daily
diff --git a/.github/workflows/cel-test.yml b/.github/workflows/cel-test.yml
@@ -3,10 +3,10 @@ name: E2E Tests - CEL
 permissions: {}
 
 on:
-  workflow_dispatch: {}
   pull_request:
     branches:
-      - 'main'
+      - main
+      - release-*
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -18,16 +18,14 @@ jobs:
       fail-fast: false
       matrix:
         k8s-version:
-          - name: v1.25
-            version: v1.25.16
-          - name: v1.26
-            version: v1.26.14
-          - name: v1.27
-            version: v1.27.11
           - name: v1.28
-            version: v1.28.7
+            version: v1.28.13
           - name: v1.29
-            version: v1.29.2
+            version: v1.29.8
+          - name: v1.30
+            version: v1.30.4
+          - name: v1.31
+            version: v1.31.0
         tests:
           - ^argo-cel$
           - ^aws-cel$
@@ -49,7 +47,10 @@ jobs:
           - ^other-cel$/^[s-z]
           - ^pod-security-cel$
           - ^psa-cel$
+          - ^psp-migration-cel$
           - ^traefik-cel$
+          - ^tekton-cel$
+          - ^velero-cel$
     runs-on: ubuntu-latest
     name: ${{ matrix.k8s-version.name }} - ${{ matrix.tests }}
     steps:

diff --git a/.github/workflows/check-actions.yaml b/.github/workflows/check-actions.yaml
@@ -3,13 +3,10 @@ name: Check actions
 permissions: {}
 
 on:
-  push:
-    branches:
-      - '*'
   pull_request:
     branches:
-      - 'main'
-      - 'release*'
+      - main
+      - release-*
 
 jobs:
   check:
@@ -18,7 +15,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Ensure SHA pinned actions
-        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@b88cd0aad2c36a63e42c71f81cb1958fed95ac87 # v3.0.10
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@b8f9a25a51fe633d9215ac7734854dc11cd299cb # v3.0.13
         with:
           allowlist: |
             kyverno/chainsaw
diff --git a/.github/workflows/check-codegen.yml b/.github/workflows/check-codegen.yml
@@ -0,0 +1,34 @@
+name: Verify codegen
+
+permissions: {}
+
+on:
+  pull_request:
+    branches:
+      - main
+      - release-*
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  verify-e2e-workflow:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - name: Set up Go 
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+          go-version-file: .hack/chainsaw-matrix/go.mod
+          cache-dependency-path: .hack/chainsaw-matrix/go.sum
+      - name: Generate workflow
+        run: |
+          set -e
+          (cd .hack/chainsaw-matrix && go run . > ../../.github/workflows/test.yml)
+      - name: Check diff
+        run: |
+          set -e
+          git --no-pager diff .
+          git diff --quiet --exit-code .
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -3,13 +3,10 @@ name: Policy Test
 permissions: {}
 
 on:
-  push:
-    branches:
-      - '*'
   pull_request:
     branches:
       - main
-      - release*
+      - release-*
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -29,6 +26,7 @@ jobs:
       - name: Run ah lint
         working-directory: .
         run: ah lint -k kyverno
+
   test:
     runs-on: ubuntu-latest
     steps:
Original file line number	Diff line number	Diff line change
Expand Up		@@ -16,3 +16,4 @@ spec:
		fullName: true
		forceTerminationGracePeriod: 5s
		delayBeforeCleanup: 3s