Skip to content

Update github/codeql-action action to v3.28.0 #668

Update github/codeql-action action to v3.28.0

Update github/codeql-action action to v3.28.0 #668

name: Run gatekeeper-k8s-integrationtests.sh
on: [push, pull_request]
# Declare default permissions as read only.
permissions: read-all
jobs:
kind:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Find test data to validate
shell: bash
id: data
run: |
echo "files=$(find policy/* -regex '.*test_data\/integration\/.*$' | xargs)" >> "$GITHUB_OUTPUT"
- name: Validate integration test data via kubeconform
env:
# renovate: datasource=github-releases depName=garethahealy/openshift-json-schema
OCP_SCHEMA_VERSION: "4.16.0"
uses: docker://ghcr.io/yannh/kubeconform:v0.6.7@sha256:0925177fb05b44ce18574076141b5c3d83235e1904d3f952182ac99ddc45762c
with:
args: -summary -kubernetes-version ${{ env.OCP_SCHEMA_VERSION }} -schema-location "https://raw.githubusercontent.com/garethahealy/openshift-json-schema/main/{{ .NormalizedKubernetesVersion }}/schemas/{{ .ResourceKind }}{{ .KindSuffix }}.json" ${{ steps.data.outputs.files }}
- name: Create k8s Kind Cluster
uses: helm/kind-action@ae94020eaf628e9b9b9f341a10cc0cdcf5c018fb # v1.11.0
- name: Setup confbatstest
uses: redhat-cop/github-actions/confbatstest@0c6e3b63690cfa917a0ddc162efdfda3da82d66c # v4.4
with:
raw: echo "Needed for next stage"
- name: Test against KinD
run: |
confbatstest=$(docker images --filter=label=com.github.actions.name=confbatstest --format "{{.Repository}}:{{.Tag}}")
docker run --rm --network host --workdir /conftest --volume "/home/runner/.kube/":"/opt/app-root/src/.kube/" --volume "/home/runner/work/rego-policies/rego-policies":"/conftest" --entrypoint .github/workflows/tests-entrypoint.sh ${confbatstest}
- name: Get pods and events if tests failed
if: ${{ failure() }}
run: |
echo "## nodes:"
kubectl get nodes
echo "## namespaces:"
kubectl get namespaces
echo "## deployments:"
kubectl get deployments --all-namespaces
echo "## pods:"
kubectl get pods --all-namespaces
echo "## events:"
kubectl get events --all-namespaces
echo "## api-versions:"
kubectl api-versions
echo "## describe deployment/gatekeeper-audit:"
kubectl describe deployment/gatekeeper-audit -n gatekeeper-system
echo "## logs deployment/gatekeeper-audit:"
kubectl logs deployment/gatekeeper-audit -n gatekeeper-system
echo "## describe deployment/gatekeeper-controller-manager:"
kubectl describe deployment/gatekeeper-controller-manager -n gatekeeper-system
echo "## logs deployment/gatekeeper-controller-manager:"
kubectl logs deployment/gatekeeper-controller-manager -n gatekeeper-system