Skip to content

Jmespath reuse interpreter #48

Jmespath reuse interpreter

Jmespath reuse interpreter #48

Workflow file for this run

name: Conformance tests
permissions: {}
on:
pull_request:
branches:
- 'main'
- 'release*'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
prepare-images:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Setup build env
uses: ./.github/actions/setup-build-env
timeout-minutes: 10
with:
build-cache-key: build-images
- name: ko build
shell: bash
run: |
set -e
VERSION=${{ github.ref_name }} make docker-save-image-all
- name: upload images archive
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: kyverno.tar
path: kyverno.tar
retention-days: 1
if-no-files-found: error
prepare-cli:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Setup build env
uses: ./.github/actions/setup-build-env
timeout-minutes: 10
with:
build-cache-key: build-cli
- name: Build CLI
shell: bash
run: |
set -e
VERSION=${{ github.ref_name }} make build-cli
- name: upload images archive
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: kubectl-kyverno
path: cmd/cli/kubectl-kyverno/kubectl-kyverno
retention-days: 1
if-no-files-found: error
# runs conformance test suites with configuration:
standard:
runs-on: ubuntu-latest
permissions:
packages: read
strategy:
fail-fast: false
matrix:
config:
- name: standard
values:
- standard
k8s-version:
- name: v1.25
version: v1.25.11
- name: v1.26
version: v1.26.6
- name: v1.27
version: v1.27.3
- name: v1.28
version: v1.28.0
tests:
- autogen
- background-only
- cleanup
- deferred
- events
- exceptions
- filter
- generate/clusterpolicy
- generate/policy
- generate/validation
- mutate
- policy-validation
- rangeoperators
- rbac
- reports
- validate
- verify-manifests
- verifyImages
- webhooks
needs: prepare-images
name: ${{ matrix.k8s-version.name }} - ${{ matrix.config.name }} - ${{ matrix.tests }}
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Setup build env
uses: ./.github/actions/setup-build-env
timeout-minutes: 10
with:
build-cache-key: run-conformance
- name: Create kind cluster
shell: bash
run: |
set -e
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }}
make kind-create-cluster
- name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: kyverno.tar
- name: Load kyverno images archive in kind cluster
shell: bash
run: |
set -e
make kind-load-image-archive
- name: Install kyverno
shell: bash
run: |
set -e
export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno
- name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready
- name: Test with kuttl
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -e
./.tools/kubectl-kuttl test ./test/conformance/kuttl/${{ matrix.tests }} --config ./test/conformance/kuttl/_config/common.yaml
- name: Debug failure
if: failure()
uses: ./.github/actions/kyverno-logs
# runs conformance test suites with configuration:
ttl:
runs-on: ubuntu-latest
permissions:
packages: read
strategy:
fail-fast: false
matrix:
config:
- name: ttl
values:
- standard
- ttl
k8s-version:
- name: v1.25
version: v1.25.11
- name: v1.26
version: v1.26.6
- name: v1.27
version: v1.27.3
- name: v1.28
version: v1.28.0
tests:
- ttl
needs: prepare-images
name: ${{ matrix.k8s-version.name }} - ${{ matrix.config.name }} - ${{ matrix.tests }}
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Setup build env
uses: ./.github/actions/setup-build-env
timeout-minutes: 10
with:
build-cache-key: run-conformance
- name: Create kind cluster
shell: bash
run: |
set -e
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }}
make kind-create-cluster
- name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: kyverno.tar
- name: Load kyverno images archive in kind cluster
shell: bash
run: |
set -e
make kind-load-image-archive
- name: Install kyverno
shell: bash
run: |
set -e
export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno
- name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready
- name: Test with kuttl
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -e
./.tools/kubectl-kuttl test ./test/conformance/kuttl/${{ matrix.tests }} --config ./test/conformance/kuttl/_config/common.yaml
- name: Debug failure
if: failure()
uses: ./.github/actions/kyverno-logs
# runs conformance test suites with configuration:
force-failure-policy-ignore:
runs-on: ubuntu-latest
permissions:
packages: read
strategy:
fail-fast: false
matrix:
config:
- name: force-failure-policy-ignore
values:
- standard
- force-failure-policy-ignore
k8s-version:
- name: v1.25
version: v1.25.11
- name: v1.26
version: v1.26.6
- name: v1.27
version: v1.27.3
- name: v1.28
version: v1.28.0
tests:
- force-failure-policy-ignore
- rbac
needs: prepare-images
name: ${{ matrix.k8s-version.name }} - ${{ matrix.config.name }} - ${{ matrix.tests }}
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Setup build env
uses: ./.github/actions/setup-build-env
timeout-minutes: 10
with:
build-cache-key: run-conformance
- name: Create kind cluster
shell: bash
run: |
set -e
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }}
make kind-create-cluster
- name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: kyverno.tar
- name: Load kyverno images archive in kind cluster
shell: bash
run: |
set -e
make kind-load-image-archive
- name: Install kyverno
shell: bash
run: |
set -e
export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno
- name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready
- name: Test with kuttl
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -e
./.tools/kubectl-kuttl test ./test/conformance/kuttl/${{ matrix.tests }} --config ./test/conformance/kuttl/_config/common.yaml
- name: Debug failure
if: failure()
uses: ./.github/actions/kyverno-logs
# runs conformance test suites with configuration:
validating-admission-policies-v1alpha1:
runs-on: ubuntu-latest
permissions:
packages: read
strategy:
fail-fast: false
matrix:
config:
- name: validating-admission-policies
values:
- standard
- generate-validating-admission-policy
k8s-version:
- name: v1.27
version: v1.27.3
tests:
- generate-validating-admission-policy
needs: prepare-images
name: ${{ matrix.k8s-version.name }} - ${{ matrix.config.name }} - ${{ matrix.tests }}
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Setup build env
uses: ./.github/actions/setup-build-env
with:
build-cache-key: run-conformance
- name: Create kind cluster
run: |
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }}
export KIND_CONFIG=vap-v1alpha1
make kind-create-cluster
- name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: kyverno.tar
- name: Load kyverno images archive in kind cluster
run: make kind-load-image-archive
- name: Install kyverno
run: |
export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno
- name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready
- name: Test with kuttl
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
./.tools/kubectl-kuttl test ./test/conformance/kuttl/${{ matrix.tests }} \
--config ./test/conformance/kuttl/_config/common.yaml
- name: Debug failure
if: failure()
uses: ./.github/actions/kyverno-logs
# runs conformance test suites with configuration:
validating-admission-policies-v1beta1:
runs-on: ubuntu-latest
permissions:
packages: read
strategy:
fail-fast: false
matrix:
config:
- name: validating-admission-policies
values:
- standard
- generate-validating-admission-policy
k8s-version:
- name: v1.28
version: v1.28.0
tests:
- generate-validating-admission-policy
needs: prepare-images
name: ${{ matrix.k8s-version.name }} - ${{ matrix.config.name }} - ${{ matrix.tests }}
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Setup build env
uses: ./.github/actions/setup-build-env
with:
build-cache-key: run-conformance
- name: Create kind cluster
run: |
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }}
export KIND_CONFIG=vap-v1beta1
make kind-create-cluster
- name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: kyverno.tar
- name: Load kyverno images archive in kind cluster
run: make kind-load-image-archive
- name: Install kyverno
run: |
export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno
- name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready
- name: Test with kuttl
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
./.tools/kubectl-kuttl test ./test/conformance/kuttl/${{ matrix.tests }} \
--config ./test/conformance/kuttl/_config/common.yaml
- name: Debug failure
if: failure()
uses: ./.github/actions/kyverno-logs
# runs conformance test suites with configuration:
validating-admission-policy-reports-v1alpha1:
runs-on: ubuntu-latest
permissions:
packages: read
strategy:
fail-fast: false
matrix:
config:
- name: validating-admission-policy-reports
values:
- standard
- validating-admission-policy-reports
k8s-version:
- name: v1.26
version: v1.26.6
- name: v1.27
version: v1.27.3
tests:
- validating-admission-policy-reports
needs: prepare-images
name: ${{ matrix.k8s-version.name }} - ${{ matrix.config.name }} - ${{ matrix.tests }}
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Setup build env
uses: ./.github/actions/setup-build-env
with:
build-cache-key: run-conformance
- name: Create kind cluster
run: |
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }}
export KIND_CONFIG=vap-v1alpha1
make kind-create-cluster
- name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: kyverno.tar
- name: Load kyverno images archive in kind cluster
run: make kind-load-image-archive
- name: Install kyverno
run: |
export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno
- name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready
- name: Test with kuttl
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
./.tools/kubectl-kuttl test ./test/conformance/kuttl/${{ matrix.tests }} \
--config ./test/conformance/kuttl/_config/common.yaml
- name: Debug failure
if: failure()
uses: ./.github/actions/kyverno-logs
# runs conformance test suites with configuration:
validating-admission-policy-reports-v1beta1:
runs-on: ubuntu-latest
permissions:
packages: read
strategy:
fail-fast: false
matrix:
config:
- name: validating-admission-policy-reports
values:
- standard
- validating-admission-policy-reports
k8s-version:
- name: v1.28
version: v1.28.0
tests:
- validating-admission-policy-reports
needs: prepare-images
name: ${{ matrix.k8s-version.name }} - ${{ matrix.config.name }} - ${{ matrix.tests }}
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Setup build env
uses: ./.github/actions/setup-build-env
with:
build-cache-key: run-conformance
- name: Create kind cluster
run: |
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }}
export KIND_CONFIG=vap-v1beta1
make kind-create-cluster
- name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: kyverno.tar
- name: Load kyverno images archive in kind cluster
run: make kind-load-image-archive
- name: Install kyverno
run: |
export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno
- name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready
- name: Test with kuttl
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
./.tools/kubectl-kuttl test ./test/conformance/kuttl/${{ matrix.tests }} \
--config ./test/conformance/kuttl/_config/common.yaml
- name: Debug failure
if: failure()
uses: ./.github/actions/kyverno-logs
# runs conformance test suites with configuration:
custom-sigstore:
runs-on: ubuntu-latest
permissions:
packages: read
strategy:
fail-fast: false
matrix:
config:
- name: custom-sigstore
values:
- standard
- custom-sigstore
k8s-version:
- name: v1.25
version: v1.25.11
- name: v1.26
version: v1.26.6
- name: v1.27
version: v1.27.3
- name: v1.28
version: v1.28.0
tests:
- custom-sigstore
needs: prepare-images
name: ${{ matrix.k8s-version.name }} - ${{ matrix.config.name }} - ${{ matrix.tests }}
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Setup build env
uses: ./.github/actions/setup-build-env
timeout-minutes: 10
with:
build-cache-key: run-conformance
- name: Create kind cluster and setup Sigstore Scaffolding
uses: sigstore/scaffolding/actions/setup@d21c412f3c2f95421413f43741c2e62c19241dfe
- name: Create TUF values config map
run: |
kubectl create namespace kyverno
kubectl -n kyverno create configmap tufvalues --from-literal=TUF_MIRROR=$TUF_MIRROR --from-literal=FULCIO_URL=$FULCIO_URL --from-literal=REKOR_URL=$REKOR_URL --from-literal=CTLOG_URL=$CTLOG_URL --from-literal=ISSUER_URL=$ISSUER_URL
kubectl -n tuf-system get secrets tuf-root -oyaml | sed 's/namespace: .*/namespace: kyverno/' | kubectl create -f -
- name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: kyverno.tar
- name: Load kyverno images archive in kind cluster
shell: bash
run: |
set -e
make kind-load-image-archive
- name: Install kyverno
shell: bash
run: |
set -e
export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno
- name: Install crane
uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c
- name: Install Cosign
uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19
- name: Create test image
shell: bash
run: |
DIGEST=$(crane digest cgr.dev/chainguard/static)
IMAGE_NAME=$(uuidgen | tr "[:upper:]" "[:lower:]")
TEST_IMAGE_URL=ttl.sh/${IMAGE_NAME}:1h
crane copy cgr.dev/chainguard/static@$DIGEST $TEST_IMAGE_URL
cosign initialize --mirror $TUF_MIRROR --root $TUF_MIRROR/root.json
COSIGN_EXPERIMENTAL=1 cosign sign --rekor-url $REKOR_URL --fulcio-url $FULCIO_URL $TEST_IMAGE_URL --identity-token `curl -s $ISSUER_URL` -y
echo "TEST_IMAGE_URL=$TEST_IMAGE_URL" >> $GITHUB_ENV
- name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready
- name: Test with kuttl
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -e
./.tools/kubectl-kuttl test ./test/conformance/kuttl/${{ matrix.tests }} --config ./test/conformance/kuttl/_config/common.yaml
- name: Debug failure
if: failure()
uses: ./.github/actions/kyverno-logs
# runs conformance test suites with configuration:
default:
runs-on: ubuntu-latest
permissions:
packages: read
strategy:
fail-fast: false
matrix:
config:
- name: default
values:
- default
k8s-version:
- name: v1.25
version: v1.25.11
- name: v1.26
version: v1.26.6
- name: v1.27
version: v1.27.3
- name: v1.28
version: v1.28.0
tests:
- rbac
needs: prepare-images
name: ${{ matrix.k8s-version.name }} - ${{ matrix.config.name }} - ${{ matrix.tests }}
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Setup build env
uses: ./.github/actions/setup-build-env
timeout-minutes: 10
with:
build-cache-key: run-conformance
- name: Create kind cluster
shell: bash
run: |
set -e
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }}
make kind-create-cluster
- name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: kyverno.tar
- name: Load kyverno images archive in kind cluster
shell: bash
run: |
set -e
make kind-load-image-archive
- name: Install kyverno
shell: bash
run: |
set -e
export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno
- name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready
- name: Test with kuttl
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -e
./.tools/kubectl-kuttl test ./test/conformance/kuttl/${{ matrix.tests }} --config ./test/conformance/kuttl/_config/common.yaml
- name: Debug failure
if: failure()
uses: ./.github/actions/kyverno-logs
# runs conformance test suites with configuration:
policy-library:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
config:
- name: policy-library
values:
- standard
k8s-version:
- name: v1.25
version: v1.25.11
- name: v1.26
version: v1.26.6
- name: v1.27
version: v1.27.3
- name: v1.28
version: v1.28.0
tests:
- argo
- aws
- best-practices
- castai
- cert-manager
- consul
- external-secret-operator
- flux
- istio
- karpenter
- kasten
- kubecost
- kubeops
- kubevirt
- linkerd
- nginx-ingress
- openshift
# - other
- other/a
- other/b-d
- other/e-l
- other/m-q
- other/rec-req
- other/res
- other/s-z
# - pod-security
# - psa
- psp-migration
# - tekton
# - traefik
# - velero
needs:
- prepare-images
- prepare-cli
name: ${{ matrix.k8s-version.name }} - ${{ matrix.config.name }} - ${{ matrix.tests }}
steps:
- name: Checkout kyverno/kyverno
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Checkout kyverno/policies
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with:
repository: kyverno/policies
path: policies
- name: Setup build env
uses: ./.github/actions/setup-build-env
timeout-minutes: 10
with:
build-cache-key: run-conformance
- name: Create kind cluster
shell: bash
run: |
set -e
export KIND_IMAGE=kindest/node:${{ matrix.k8s-version.version }}
make kind-create-cluster
- name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: kyverno.tar
- name: Download kyverno CLI archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: kubectl-kyverno
- name: Install Kyverno CLI
shell: bash
run: |
set -e
chmod +x kubectl-kyverno && mv kubectl-kyverno ./cmd/cli/kubectl-kyverno/kyverno
echo "$PWD/cmd/cli/kubectl-kyverno" >> $GITHUB_PATH
- name: Load kyverno images archive in kind cluster
shell: bash
run: |
set -e
make kind-load-image-archive
- name: Install kyverno
shell: bash
run: |
set -e
export USE_CONFIG=${{ join(matrix.config.values, ',') }}
make kind-install-kyverno
- name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready
- name: Test policy library with kuttl
shell: bash
run: |
set -e
cd policies
../.tools/kubectl-kuttl test ./${{ matrix.tests }} --config ./kuttl-test.yaml
- name: Debug failure
if: failure()
uses: ./.github/actions/kyverno-logs
monitor-helm-secret-size:
runs-on: ubuntu-latest
permissions:
packages: read
needs: prepare-images
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Setup build env
uses: ./.github/actions/setup-build-env
timeout-minutes: 10
with:
build-cache-key: run-conformance
- name: Create kind cluster
shell: bash
run: |
set -e
make kind-create-cluster
- name: Download kyverno images archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: kyverno.tar
- name: Load kyverno images archive in kind cluster
shell: bash
run: |
set -e
make kind-load-image-archive
- name: Install kyverno
shell: bash
run: |
make kind-install-kyverno
- name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready
- name: Check secret size
shell: bash
run: |
set -e
set -u
SIZE=$(kubectl get secrets -n kyverno sh.helm.release.v1.kyverno.v1 -o jsonpath='{.data.release}' | base64 -d | wc -c | awk '{print $1}')
MAX_ALLOWED=1030000
if [ "$SIZE" -gt "$MAX_ALLOWED" ]; then
echo "Helm secret size ($SIZE bytes) is above the max allowed ($MAX_ALLOWED bytes)"
exit 1
else
echo "Helm secret size ($SIZE bytes) is below the max allowed ($MAX_ALLOWED bytes)"
fi
check-tests:
runs-on: ubuntu-latest
permissions:
packages: read
needs: prepare-cli
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Download kyverno CLI archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: kubectl-kyverno
- name: Install Kyverno CLI
shell: bash
run: |
set -e
chmod +x kubectl-kyverno && mv kubectl-kyverno ./cmd/cli/kubectl-kyverno/kyverno
echo "$PWD/cmd/cli/kubectl-kyverno" >> $GITHUB_PATH
- name: Fix test files
shell: bash
run: |
set -e
KYVERNO_EXPERIMENTAL=true kyverno fix test ./test/cli --save --compress
make verify-cli-tests
required:
needs:
- standard
- ttl
- force-failure-policy-ignore
- validating-admission-policies-v1alpha1
- validating-admission-policies-v1beta1
- validating-admission-policy-reports-v1alpha1
- validating-admission-policy-reports-v1beta1
- custom-sigstore
- default
- monitor-helm-secret-size
- check-tests
runs-on: ubuntu-latest
steps:
- run: echo "Required jobs success!"