From b5870864b822681158c4f7c89439cbbfe7f2966c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 08:07:12 +0000 Subject: [PATCH 01/12] chore(deps): bump cbrgm/cleanup-stale-branches-action (#10969) Bumps [cbrgm/cleanup-stale-branches-action](https://github.com/cbrgm/cleanup-stale-branches-action) from 1.1.20 to 1.1.21. - [Release notes](https://github.com/cbrgm/cleanup-stale-branches-action/releases) - [Commits](https://github.com/cbrgm/cleanup-stale-branches-action/compare/3a038290b56a3936cb9666a3f48adb3b6af7e583...07d311426eed2eff32c70ca5f8b47297ce7469e9) --- updated-dependencies: - dependency-name: cbrgm/cleanup-stale-branches-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/clean-stale-branches.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/clean-stale-branches.yaml b/.github/workflows/clean-stale-branches.yaml index 12d4852d8dff..94119a3b561a 100644 --- a/.github/workflows/clean-stale-branches.yaml +++ b/.github/workflows/clean-stale-branches.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Cleanup Stale Branches - uses: cbrgm/cleanup-stale-branches-action@3a038290b56a3936cb9666a3f48adb3b6af7e583 # v1.1.20 + uses: cbrgm/cleanup-stale-branches-action@07d311426eed2eff32c70ca5f8b47297ce7469e9 # v1.1.21 with: token: ${{ secrets.GITHUB_TOKEN }} repository: ${{ github.repository }} From 43e59104723f3105b5dd10f27b5f3947d3d3073e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Mon, 2 Sep 2024 16:27:10 +0200 Subject: [PATCH 02/12] chore: simplify e2e matrix (#10972) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché --- .github/workflows/conformance.yaml | 171 ++++++++--------------------- 1 file changed, 47 insertions(+), 124 deletions(-) diff --git a/.github/workflows/conformance.yaml b/.github/workflows/conformance.yaml index 8631e475d9ba..60612321a7d8 100644 --- a/.github/workflows/conformance.yaml +++ b/.github/workflows/conformance.yaml @@ -80,19 +80,11 @@ jobs: strategy: fail-fast: false matrix: - config: - - name: standard - values: - - standard k8s-version: - - name: v1.28 - version: v1.28.13 - - name: v1.29 - version: v1.29.8 - - name: v1.30 - version: v1.30.4 - - name: v1.31 - version: v1.31.0 + - v1.28.13 + - v1.29.8 + - v1.30.4 + - v1.31.0 tests: - ^assert$ - ^autogen$ @@ -119,7 +111,6 @@ jobs: - ^webhooks$ needs: - prepare-images - name: ${{ matrix.k8s-version.name }} - ${{ matrix.config.name }} - ${{ matrix.tests }} steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -135,7 +126,7 @@ jobs: - name: Create kind cluster uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: - node_image: kindest/node:${{ matrix.k8s-version.version }} + node_image: kindest/node:${{ matrix.k8s-version }} cluster_name: kind config: ./scripts/config/kind/default.yaml # deploy kyverno @@ -153,7 +144,7 @@ jobs: run: | set -e export HELM=${{ steps.helm.outputs.helm-path }} - export USE_CONFIG=${{ join(matrix.config.values, ',') }} + export USE_CONFIG=standard make kind-install-kyverno - name: Wait for kyverno ready uses: ./.github/actions/kyverno-wait-ready @@ -177,25 +168,15 @@ jobs: strategy: fail-fast: false matrix: - config: - - name: specific-tests-above-1-28 - values: - - standard - - generate-validating-admission-policy k8s-version: - - name: v1.28 - version: v1.28.13 - - name: v1.29 - version: v1.29.8 - - name: v1.30 - version: v1.30.4 - - name: v1.31 - version: v1.31.0 + - v1.28.13 + - v1.29.8 + - v1.30.4 + - v1.31.0 tests: - generate-validating-admission-policy - webhook-configurations needs: prepare-images - name: ${{ matrix.k8s-version.name }} - ${{ matrix.config.name }} - ${{ matrix.tests }} steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -211,7 +192,7 @@ jobs: - name: Create kind cluster uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: - node_image: kindest/node:${{ matrix.k8s-version.version }} + node_image: kindest/node:${{ matrix.k8s-version }} cluster_name: kind config: ./scripts/config/kind/vap-v1beta1.yaml # deploy kyverno @@ -229,7 +210,7 @@ jobs: run: | set -e export HELM=${{ steps.helm.outputs.helm-path }} - export USE_CONFIG=${{ join(matrix.config.values, ',') }} + export USE_CONFIG=standard,generate-validating-admission-policy make kind-install-kyverno - name: Wait for kyverno ready uses: ./.github/actions/kyverno-wait-ready @@ -253,24 +234,14 @@ jobs: strategy: fail-fast: false matrix: - config: - - name: validating-admission-policy-reports - values: - - standard - - validating-admission-policy-reports k8s-version: - - name: v1.28 - version: v1.28.13 - - name: v1.29 - version: v1.29.8 - - name: v1.30 - version: v1.30.4 - - name: v1.31 - version: v1.31.0 + - v1.28.13 + - v1.29.8 + - v1.30.4 + - v1.31.0 tests: - validating-admission-policy-reports needs: prepare-images - name: ${{ matrix.k8s-version.name }} - ${{ matrix.config.name }} - ${{ matrix.tests }} steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -286,7 +257,7 @@ jobs: - name: Create kind cluster uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: - node_image: kindest/node:${{ matrix.k8s-version.version }} + node_image: kindest/node:${{ matrix.k8s-version }} cluster_name: kind config: ./scripts/config/kind/vap-v1beta1.yaml # deploy kyverno @@ -304,7 +275,7 @@ jobs: run: | set -e export HELM=${{ steps.helm.outputs.helm-path }} - export USE_CONFIG=${{ join(matrix.config.values, ',') }} + export USE_CONFIG=standard,validating-admission-policy-reports make kind-install-kyverno - name: Wait for kyverno ready uses: ./.github/actions/kyverno-wait-ready @@ -328,25 +299,15 @@ jobs: strategy: fail-fast: false matrix: - config: - - name: force-failure-policy-ignore - values: - - standard - - force-failure-policy-ignore k8s-version: - - name: v1.28 - version: v1.28.13 - - name: v1.29 - version: v1.29.8 - - name: v1.30 - version: v1.30.4 - - name: v1.31 - version: v1.31.0 + - v1.28.13 + - v1.29.8 + - v1.30.4 + - v1.31.0 tests: - force-failure-policy-ignore - rbac needs: prepare-images - name: ${{ matrix.k8s-version.name }} - ${{ matrix.config.name }} - ${{ matrix.tests }} steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -362,7 +323,7 @@ jobs: - name: Create kind cluster uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: - node_image: kindest/node:${{ matrix.k8s-version.version }} + node_image: kindest/node:${{ matrix.k8s-version }} cluster_name: kind config: ./scripts/config/kind/default.yaml # deploy kyverno @@ -380,7 +341,7 @@ jobs: run: | set -e export HELM=${{ steps.helm.outputs.helm-path }} - export USE_CONFIG=${{ join(matrix.config.values, ',') }} + export USE_CONFIG=standard,force-failure-policy-ignore make kind-install-kyverno - name: Wait for kyverno ready uses: ./.github/actions/kyverno-wait-ready @@ -404,24 +365,14 @@ jobs: strategy: fail-fast: false matrix: - config: - - name: ttl - values: - - standard - - ttl k8s-version: - - name: v1.28 - version: v1.28.13 - - name: v1.29 - version: v1.29.8 - - name: v1.30 - version: v1.30.4 - - name: v1.31 - version: v1.31.0 + - v1.28.13 + - v1.29.8 + - v1.30.4 + - v1.31.0 tests: - ttl needs: prepare-images - name: ${{ matrix.k8s-version.name }} - ${{ matrix.config.name }} - ${{ matrix.tests }} steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -437,7 +388,7 @@ jobs: - name: Create kind cluster uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: - node_image: kindest/node:${{ matrix.k8s-version.version }} + node_image: kindest/node:${{ matrix.k8s-version }} cluster_name: kind config: ./scripts/config/kind/default.yaml # deploy kyverno @@ -455,7 +406,7 @@ jobs: run: | set -e export HELM=${{ steps.helm.outputs.helm-path }} - export USE_CONFIG=${{ join(matrix.config.values, ',') }} + export USE_CONFIG=standard,ttl make kind-install-kyverno - name: Wait for kyverno ready uses: ./.github/actions/kyverno-wait-ready @@ -479,22 +430,13 @@ jobs: strategy: fail-fast: false matrix: - config: - - name: custom-sigstore - values: - - standard - - custom-sigstore k8s-version: - - name: v1.28 - version: v1.28.x - - name: v1.29 - version: v1.29.x - - name: v1.30 - version: v1.30.x + - v1.28.x + - v1.29.x + - v1.30.x tests: - custom-sigstore needs: prepare-images - name: ${{ matrix.k8s-version.name }} - ${{ matrix.config.name }} - ${{ matrix.tests }} steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -515,7 +457,7 @@ jobs: uses: sigstore/scaffolding/actions/setup@fd2699d622d15b39c2bf7bc7ca4e005d4dda0e24 with: version: main - k8s-version: ${{ matrix.k8s-version.version }} + k8s-version: ${{ matrix.k8s-version }} knative-version: "1.10.0" - name: Create TUF values config map run: | @@ -538,7 +480,7 @@ jobs: run: | set -e export HELM=${{ steps.helm.outputs.helm-path }} - export USE_CONFIG=${{ join(matrix.config.values, ',') }} + export USE_CONFIG=standard,custom-sigstore make kind-install-kyverno - name: Wait for kyverno ready uses: ./.github/actions/kyverno-wait-ready @@ -572,23 +514,14 @@ jobs: strategy: fail-fast: false matrix: - config: - - name: default - values: - - default k8s-version: - - name: v1.28 - version: v1.28.13 - - name: v1.29 - version: v1.29.8 - - name: v1.30 - version: v1.30.4 - - name: v1.31 - version: v1.31.0 + - v1.28.13 + - v1.29.8 + - v1.30.4 + - v1.31.0 tests: - rbac needs: prepare-images - name: ${{ matrix.k8s-version.name }} - ${{ matrix.config.name }} - ${{ matrix.tests }} steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -604,7 +537,7 @@ jobs: - name: Create kind cluster uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: - node_image: kindest/node:${{ matrix.k8s-version.version }} + node_image: kindest/node:${{ matrix.k8s-version }} cluster_name: kind config: ./scripts/config/kind/default.yaml # deploy kyverno @@ -622,7 +555,7 @@ jobs: run: | set -e export HELM=${{ steps.helm.outputs.helm-path }} - export USE_CONFIG=${{ join(matrix.config.values, ',') }} + export USE_CONFIG=default make kind-install-kyverno - name: Wait for kyverno ready uses: ./.github/actions/kyverno-wait-ready @@ -644,19 +577,11 @@ jobs: strategy: fail-fast: false matrix: - config: - - name: policy-library - values: - - standard k8s-version: - - name: v1.28 - version: v1.28.13 - - name: v1.29 - version: v1.29.8 - - name: v1.30 - version: v1.30.4 - - name: v1.31 - version: v1.31.0 + - v1.28.13 + - v1.29.8 + - v1.30.4 + - v1.31.0 tests: - ^argo$ - ^aws$ @@ -692,7 +617,6 @@ jobs: needs: - prepare-images - prepare-cli - name: ${{ matrix.k8s-version.name }} - ${{ matrix.config.name }} - ${{ matrix.tests }} steps: - name: Checkout kyverno/kyverno uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -723,7 +647,7 @@ jobs: - name: Create kind cluster uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: - node_image: kindest/node:${{ matrix.k8s-version.version }} + node_image: kindest/node:${{ matrix.k8s-version }} cluster_name: kind config: ./scripts/config/kind/default.yaml # deploy kyverno @@ -741,7 +665,7 @@ jobs: run: | set -e export HELM=${{ steps.helm.outputs.helm-path }} - export USE_CONFIG=${{ join(matrix.config.values, ',') }} + export USE_CONFIG=standard make kind-install-kyverno - name: Wait for kyverno ready uses: ./.github/actions/kyverno-wait-ready @@ -823,7 +747,6 @@ jobs: - ^cli$ needs: - prepare-cli - name: ${{ matrix.tests }} - chainsaw steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 From f89eca87da28c44c41ed57b54baba1ff58ff5cbf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Mon, 2 Sep 2024 17:36:02 +0200 Subject: [PATCH 03/12] chore: use dynamic matrix (#10973) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore: simplify e2e matrix Signed-off-by: Charles-Edouard Brétéché * chore: use dynamic matrix Signed-off-by: Charles-Edouard Brétéché --------- Signed-off-by: Charles-Edouard Brétéché --- .github/e2e-matrix.json | 184 +++++++++++++++++++++++++++++ .github/workflows/conformance.yaml | 61 ++++++---- 2 files changed, 219 insertions(+), 26 deletions(-) create mode 100644 .github/e2e-matrix.json diff --git a/.github/e2e-matrix.json b/.github/e2e-matrix.json new file mode 100644 index 000000000000..701b1d685139 --- /dev/null +++ b/.github/e2e-matrix.json @@ -0,0 +1,184 @@ +{ + "assert": [ + "^assert$/^(old-object-exists)\\[.*\\]$" + ], + "autogen": [ + "^autogen$/^(assert-autogen|conditions|conditions-deprecated|deployment-cronjob|deployment-cronjob-deprecated|deployment-statefulset-job|foreach-jsonpatch|none|none-deprecated|only-cronjob|only-deployment|restrict-image-registries)\\[.*\\]$", + "^autogen$/^(should-autogen|should-autogen-deprecated|should-not-autogen|should-not-autogen-deprecated)\\[.*\\]$" + ], + "background-only": [ + "^background-only$/^cluster-policy$/^(no-admission-event|no-admission-event-deprecated|no-admission-report|no-admission-report-deprecated|not-rejected|not-rejected-deprecated)\\[.*\\]$", + "^background-only$/^policy$/^(no-admission-event|no-admission-event-deprecated|no-admission-report|no-admission-report-deprecated|not-rejected|not-rejected-deprecated)\\[.*\\]$" + ], + "cleanup": [ + "^cleanup$/^v2$/^clusterpolicy$/^(cleanup-pod|context-cleanup-pod)\\[.*\\]$", + "^cleanup$/^v2$/^policy$/^(cleanup-pod)\\[.*\\]$", + "^cleanup$/^v2$/^validation$/^(cron-format|no-user-info-in-match|not-supported-attributes-in-context)\\[.*\\]$", + "^cleanup$/^v2beta1$/^clusterpolicy$/^(cleanup-pod|context-cleanup-pod)\\[.*\\]$", + "^cleanup$/^v2beta1$/^policy$/^(cleanup-pod)\\[.*\\]$", + "^cleanup$/^v2beta1$/^validation$/^(cron-format|no-user-info-in-match|not-supported-attributes-in-context)\\[.*\\]$" + ], + "cli": [ + "^cli$/^apply$/^(apply-exception-with-ns-selector|apply-on-cluster-scoped-resources|warn-exit-code)\\[.*\\]$" + ], + "custom-sigstore": [ + "^custom-sigstore$/^standard$/^(basic|basic-deprecated)\\[.*\\]$" + ], + "deferred": [ + "^deferred$/^(dependencies|dependencies-deprecated|foreach|recursive|resolve-overriden-variable|two-rules)\\[.*\\]$" + ], + "events": [ + "^events$/^clusterpolicy$/^(generate-events-upon-fail-generation|generate-events-upon-successful-generation|generate-events-upon-successful-mutation|message-exceeds-1024-characters|no-events-upon-skip-generation)\\[.*\\]$", + "^events$/^policy$/^(policy-applied|policy-applied-deprecated|policy-violation|policy-violation-deprecated)\\[.*\\]$" + ], + "exceptions": [ + "^exceptions$/^(allows-rejects-creation|applies-to-delete|conditions|events-creation|exclude-capabilities|exclude-ephemeral-containers|exclude-host-ports|exclude-host-process-and-host-namespaces|exclude-hostpath-volume|exclude-privilege-escalation|exclude-privileged-containers|exclude-restricted-capabilities)\\[.*\\]$", + "^exceptions$/^(exclude-restricted-seccomp|exclude-running-as-nonroot|exclude-running-as-nonroot-user|exclude-seccomp|exclude-selinux|exclude-sysctls|exclude-volume-types|good-bad-conditions|multiple-exceptions|multiple-exceptions-with-pod-security|only-for-specific-user|psa-run-as-non-root)\\[.*\\]$", + "^exceptions$/^(with-wildcard)\\[.*\\]$", + "^exceptions$/^background-mode$/^(standard)\\[.*\\]$" + ], + "filter": [ + "^filter$/^exclude$/^sa$/^(no-wildcard|wildcard)\\[.*\\]$", + "^filter$/^exclude$/^user$/^no-wildcard$/^(block|pass)\\[.*\\]$", + "^filter$/^exclude$/^user$/^wildcard$/^(block|pass)\\[.*\\]$", + "^filter$/^match$/^sa$/^(no-wildcard|wildcard)\\[.*\\]$", + "^filter$/^match$/^user$/^no-wildcard$/^(block|pass)\\[.*\\]$", + "^filter$/^match$/^user$/^wildcard$/^(block|pass)\\[.*\\]$" + ], + "flags": [ + "^flags$/^standard$/^(emit-events)\\[.*\\]$" + ], + "force-failure-policy-ignore": [ + "^force-failure-policy-ignore$/^cluster-policy$/^(fail|fail-deprecated)\\[.*\\]$" + ], + "generate": [ + "^generate$/^clusterpolicy$/^cornercases$/^(clone-list-sync-same-trigger-source-delete-source|clone-list-sync-same-trigger-source-update-source|clone-role-and-rolebinding|clone-source-name-exceeds-63-characters|clone-sync-same-trigger-source-delete-source|clone-sync-same-trigger-source-update-source|cpol-clone-create-on-trigger-deletion|cpol-clone-delete-ownerreferences-across-namespaces|cpol-clone-delete-ownerreferences-across-namespaces-deprecated|cpol-clone-sync-create-source-after-policy|cpol-clone-sync-reinstall-policy|cpol-clone-sync-reinstall-policy-deprecated)\\[.*\\]$", + "^generate$/^clusterpolicy$/^cornercases$/^(cpol-clone-sync-single-source-multiple-triggers-targets|cpol-clone-sync-single-source-multiple-triggers-targets-deprecated|cpol-clone-sync-single-trigger-source-multiple-targets|cpol-data-create-on-trigger-deletion|cpol-data-sync-create-upon-generated-resource|cpol-data-sync-no-creation-upon-generated-resource|cpol-data-sync-remove-list-element|cpol-data-sync-to-nosync-delete-rule|cpol-data-sync-to-nosync-delete-rule-deprecated|cpol-data-trigger-not-present|data-role-and-rolebinding|generate-event-upon-edit)\\[.*\\]$", + "^generate$/^clusterpolicy$/^cornercases$/^(pod-restart-on-cm-update|pod-restart-on-cm-update-deprecated|trigger-resource-name-exceeds-63-characters)\\[.*\\]$", + "^generate$/^clusterpolicy$/^standard$/^clone$/^multiple$/^sync$/^(basic-create)\\[.*\\]$", + "^generate$/^clusterpolicy$/^standard$/^clone$/^nosync$/^(cpol-clone-nosync-create|cpol-clone-nosync-delete-downstream|cpol-clone-nosync-delete-policy|cpol-clone-nosync-delete-rule|cpol-clone-nosync-delete-source|cpol-clone-nosync-delete-trigger|cpol-clone-nosync-modify-downstream|cpol-clone-nosync-modify-source|cpol-clone-nosync-update-trigger-no-match)\\[.*\\]$", + "^generate$/^clusterpolicy$/^standard$/^clone$/^sync$/^(cpol-clone-list-sync-create|cpol-clone-list-sync-create-deprecated|cpol-clone-list-sync-delete-source|cpol-clone-list-sync-update|cpol-clone-list-sync-update-deprecated|cpol-clone-sync-create|cpol-clone-sync-delete-downstream|cpol-clone-sync-delete-policy|cpol-clone-sync-delete-rule|cpol-clone-sync-delete-source|cpol-clone-sync-delete-trigger|cpol-clone-sync-existing-update-trigger-no-precondition)\\[.*\\]$", + "^generate$/^clusterpolicy$/^standard$/^clone$/^sync$/^(cpol-clone-sync-existing-update-trigger-no-precondition-deprecated|cpol-clone-sync-modify-downstream|cpol-clone-sync-modify-downstream-apply|cpol-clone-sync-modify-source|cpol-clone-sync-no-existing-update-trigger-no-precondition|cpol-clone-sync-update-trigger-no-match)\\[.*\\]$", + "^generate$/^clusterpolicy$/^standard$/^data$/^nosync$/^(cpol-data-nosync-delete-downstream|cpol-data-nosync-delete-policy|cpol-data-nosync-delete-rule|cpol-data-nosync-delete-trigger|cpol-data-nosync-modify-downstream|cpol-data-nosync-modify-rule|cpol-data-nosync-update-trigger-no-match|generate-on-subresource-trigger)\\[.*\\]$", + "^generate$/^clusterpolicy$/^standard$/^data$/^nosync-deprecated$/^(cpol-data-nosync-delete-downstream|cpol-data-nosync-delete-policy|cpol-data-nosync-delete-rule|cpol-data-nosync-modify-downstream|cpol-data-nosync-modify-rule|generate-on-subresource-trigger)\\[.*\\]$", + "^generate$/^clusterpolicy$/^standard$/^data$/^sync$/^(cpol-data-sync-create|cpol-data-sync-delete-downstream|cpol-data-sync-delete-one-trigger|cpol-data-sync-delete-policy|cpol-data-sync-delete-rule|cpol-data-sync-delete-trigger|cpol-data-sync-existing-update-trigger-no-precondition|cpol-data-sync-modify-downstream|cpol-data-sync-modify-policy|cpol-data-sync-modify-rule|cpol-data-sync-mutate-and-generate|cpol-data-sync-no-existing-update-trigger-no-precondition)\\[.*\\]$", + "^generate$/^clusterpolicy$/^standard$/^data$/^sync$/^(cpol-data-sync-orphan-downstream-delete-policy|cpol-data-sync-update-trigger-no-match)\\[.*\\]$", + "^generate$/^clusterpolicy$/^standard$/^data$/^sync-deprecated$/^(cpol-data-sync-create|cpol-data-sync-delete-downstream|cpol-data-sync-delete-policy|cpol-data-sync-delete-rule|cpol-data-sync-existing-update-trigger-no-precondition|cpol-data-sync-modify-downstream|cpol-data-sync-modify-rule|cpol-data-sync-orphan-downstream-delete-policy)\\[.*\\]$", + "^generate$/^clusterpolicy$/^standard$/^existing$/^(different-configurations-for-generate-existing|different-generate-existing-values|different-generate-existing-values-reorder|existing-basic-add-rule-data|existing-basic-create-policy-data|existing-basic-create-policy-preconditions-data|existing-with-wildcard-name-matching)\\[.*\\]$", + "^generate$/^clusterpolicy$/^standard$/^existing-deprecated$/^(existing-basic-add-rule-data|existing-basic-create-policy-data|existing-basic-create-policy-preconditions-data)\\[.*\\]$", + "^generate$/^foreach$/^clusterpolicy$/^clone$/^sync$/^(cpol-clone-list-sync-delete-source|cpol-clone-sync-create|cpol-clone-sync-create-delete-source)\\[.*\\]$", + "^generate$/^foreach$/^clusterpolicy$/^data$/^sync$/^(cpol-data-sync-create|cpol-data-sync-delete-policy)\\[.*\\]$", + "^generate$/^foreach$/^existing$/^(cpol-clone-sync-create)\\[.*\\]$", + "^generate$/^policy$/^cornercases$/^(pol-clone-create-on-trigger-deletion|pol-clone-sync-create-source-after-policy|pol-data-create-on-trigger-deletion)\\[.*\\]$", + "^generate$/^policy$/^standard$/^clone$/^nosync$/^(pol-clone-nosync-create|pol-clone-nosync-delete-downstream|pol-clone-nosync-delete-policy|pol-clone-nosync-delete-rule|pol-clone-nosync-delete-source|pol-clone-nosync-delete-trigger|pol-clone-nosync-invalid|pol-clone-nosync-modify-downstream|pol-clone-nosync-modify-source|pol-clone-nosync-update-trigger-no-match)\\[.*\\]$", + "^generate$/^policy$/^standard$/^clone$/^sync$/^(pol-clone-sync-delete-downstream|pol-clone-sync-delete-policy|pol-clone-sync-delete-rule|pol-clone-sync-delete-source|pol-clone-sync-delete-trigger|pol-clone-sync-invalid|pol-clone-sync-modify-downstream|pol-clone-sync-modify-source|pol-clone-sync-update-trigger-no-match)\\[.*\\]$", + "^generate$/^policy$/^standard$/^data$/^nosync$/^(pol-data-nosync-create-policy-invalid|pol-data-nosync-delete-downstream|pol-data-nosync-delete-policy|pol-data-nosync-delete-rule|pol-data-nosync-delete-rule-deprecated|pol-data-nosync-delete-trigger|pol-data-nosync-modify-downstream|pol-data-nosync-modify-rule|pol-data-nosync-update-trigger-no-match)\\[.*\\]$", + "^generate$/^policy$/^standard$/^data$/^sync$/^(pol-data-sync-create-policy-invalid|pol-data-sync-create-policy-valid|pol-data-sync-delete-downstream|pol-data-sync-delete-policy|pol-data-sync-delete-rule|pol-data-sync-delete-rule-deprecated|pol-data-sync-delete-trigger|pol-data-sync-modify-downstream|pol-data-sync-modify-rule|pol-data-sync-modify-rule-deprecated|pol-data-sync-update-trigger-no-match)\\[.*\\]$", + "^generate$/^policy$/^standard$/^existing$/^(match-trigger-namespace|match-trigger-namespace-deprecated|non-match-trigger-namespace|non-match-trigger-namespace-deprecated)\\[.*\\]$", + "^generate$/^validation$/^clusterpolicy$/^(cloneList|immutable-clone|immutable-clonelist|immutable-downstream|immutable-rule-spec|orphan|prevent-loop|target-namespace-scope|use-generate-existing-on-policy-update)\\[.*\\]$", + "^generate$/^validation$/^clusterpolicy$/^permissions$/^(no-permission|same-kind)\\[.*\\]$", + "^generate$/^validation$/^policy$/^(cloneList|immutable-clone|immutable-clonelist|immutable-downstream|immutable-rule-spec|permissions|prevent-loop|target-namespace-scope|use-generate-existing-on-policy-update)\\[.*\\]$" + ], + "generate-validating-admission-policy": [ + "^generate-validating-admission-policy$/^clusterpolicy$/^standard$/^generate$/^(block-ephemeral-containers|block-exec-in-pods|cpol-all-match-resource|cpol-any-exclude-namespace-match-resource|cpol-any-exclude-resource|cpol-any-exclude-resource-match-with-namespace-selector|cpol-any-exclude-resource-match-with-object-selector|cpol-any-match-multiple-resources|cpol-any-match-resource|cpol-any-match-resources-by-names|cpol-match-all-exclude-one|cpol-match-kind-with-wildcard)\\[.*\\]$", + "^generate-validating-admission-policy$/^clusterpolicy$/^standard$/^generate$/^(cpol-match-resource-in-specific-namespace|cpol-with-an-exception|cpol-with-an-exception-excluding-namespaces|cpol-with-two-exceptions)\\[.*\\]$", + "^generate-validating-admission-policy$/^clusterpolicy$/^standard$/^skip-generate$/^(cpol-any-match-multiple-resources-with-namespace-selector|cpol-any-match-multiple-resources-with-object-selector|cpol-any-match-resources-by-names-with-wildcard|cpol-any-match-resources-in-namespaces-with-wildcard|cpol-any-match-resources-with-different-namespace-selectors|cpol-any-match-resources-with-different-object-selectors|cpol-exclude-resources-in-specific-namespace|cpol-exclude-resources-with-namespace-selector|cpol-exclude-resources-with-object-selector|cpol-exclude-user-and-roles|cpol-match-resource-created-by-user|cpol-match-resource-using-annotations)\\[.*\\]$", + "^generate-validating-admission-policy$/^clusterpolicy$/^standard$/^skip-generate$/^(cpol-multiple-all-match-resources|cpol-multiple-rules|cpol-multiple-validation-failure-action-overrides|cpol-non-cel-rule|cpol-validation-failure-action-overrides-with-namespace|cpol-with-exception-and-conditions|cpol-with-exception-and-namespace-selector|cpol-with-exception-and-object-selector|cpol-with-exception-in-specific-namespace)\\[.*\\]$" + ], + "globalcontext": [ + "^globalcontext$/^(apicall-correct|apicall-failed|gctxentry-not-exist|not-ready|resource-correct|validate-apicall-data|validate-crd|validate-reference)\\[.*\\]$" + ], + "lease": [ + "^lease$/^(admission-controller|background-controller|cleanup-controller|reports-controller)\\[.*\\]$" + ], + "mutate": [ + "^mutate$/^cascading$/^(first-rule-is-foreach|no-foreach|two-foreach-rules)\\[.*\\]$", + "^mutate$/^clusterpolicy$/^cornercases$/^(cascading-mutation|defaulting-namespace-labels|jmespath-with-special-chars|mutate-using-default-context|mutate-with-404-api-call|trigger-name-exceeds-63-characters|variables-mutate-existing|variables-mutate-existing-deprecated)\\[.*\\]$", + "^mutate$/^clusterpolicy$/^standard$/^(basic-check-output|mutate-node-status|userInfo-roles-clusterRoles)\\[.*\\]$", + "^mutate$/^clusterpolicy$/^standard$/^existing$/^(background-false|background-false(deprecated)|basic-create|basic-create(deprecated)|basic-create-patchesJson6902|basic-create-patchesJson6902(deprecated)|basic-delete|basic-delete(deprecated)|basic-update|basic-update(deprecated)|delete-trigger-namespace|delete-trigger-namespace(deprecated))\\[.*\\]$", + "^mutate$/^clusterpolicy$/^standard$/^existing$/^(descending-patchJson6902|multiple-rules-match-exclude|multiple-rules-match-exclude(deprecated)|multiple-trigger-resources|multiple-trigger-resources(deprecated)|mutate-existing-node-status|mutate-pod-on-binding-request|namespaceselector|namespaceselector(deprecated)|preconditions|preconditions(deprecated)|target-context)\\[.*\\]$", + "^mutate$/^clusterpolicy$/^standard$/^existing$/^(target-preconditions)\\[.*\\]$", + "^mutate$/^clusterpolicy$/^standard$/^existing$/^onpolicyupdate$/^(basic-create-policy|basic-create-policy(deprecated)|different-configurations-for-mutate-existing|different-mutate-existing-values|namespaceselector|namespaceselector(deprecated))\\[.*\\]$", + "^mutate$/^clusterpolicy$/^standard$/^existing$/^validation$/^(mutate-existing-require-targets|mutate-existing-require-targets(deprecated)|target-variable-validation|target-variable-validation(deprecated))\\[.*\\]$", + "^mutate$/^clusterpolicy$/^standard$/^existing$/^validation$/^auth-check$/^(cpol-namespace-variable|cpol-namespace-variable(deprecated)|cpol-standard-auth-check|cpol-standard-auth-check(deprecated))\\[.*\\]$", + "^mutate$/^e2e$/^(foreach-patchStrategicMerge-context|foreach-patchStrategicMerge-preconditions|jmespath-logic|patchStrategicMerge-global|patchStrategicMerge-global-addifnotpresent|patchesJson6902-replace|patchesjson6902-simple|simple-conditional|variables-in-keys)\\[.*\\]$", + "^mutate$/^policy$/^cornercases$/^(foreach-remove-elements)\\[.*\\]$", + "^mutate$/^policy$/^standard$/^existing$/^validation$/^(auth-check)\\[.*\\]$", + "^mutate$/^refactor$/^(k10-minimum-retention)\\[.*\\]$", + "^mutate$/^refactor$/^foreach$/^(add-and-remove|remove-and-add|remove-multiple-elements-in-ascending-order|remove-multiple-elements-in-descending-order)\\[.*\\]$", + "^mutate$/^refactor$/^nested-foreach$/^(remove-all-env-vars)\\[.*\\]$", + "^mutate$/^refactor$/^simple$/^(remove-multiple-elements-in-ascending-order|remove-multiple-elements-in-descending-order)\\[.*\\]$" + ], + "policy-validation": [ + "^policy-validation$/^cluster-policy$/^(admission-disabled|all-disabled|assert|background-subresource|background-variables-update|cel-expressions|deprecated-operations|invalid-pod-security-exceptions|invalid-pod-security-rule|invalid-subject-kind|invalid-timeout|invalid-timeout-deprecated)\\[.*\\]$", + "^policy-validation$/^cluster-policy$/^(policy-exceptions-disabled|schema-validation-crd|success|target-context)\\[.*\\]$", + "^policy-validation$/^policy$/^(admission-disabled|all-disabled|assert|background-subresource|invalid-timeout)\\[.*\\]$" + ], + "rangeoperators": [ + "^rangeoperators$/^(standard)\\[.*\\]$" + ], + "rbac": [ + "^rbac$/^(aggregate-to-admin|cleanup-policy-with-clusterrole|mutate-policy-with-clusterrole)\\[.*\\]$" + ], + "reports": [ + "^reports$/^admission$/^(exception|namespaceselector|namespaceselector-assert|test-report-admission-mode|two-rules-with-different-modes|update)\\[.*\\]$", + "^reports$/^background$/^(exception|exception-assert|exception-with-conditions|exception-with-podsecurity|multiple-exceptions-with-pod-security|report-deletion|test-report-background-mode|two-rules-with-different-modes|verify-image-fail|verify-image-pass)\\[.*\\]$" + ], + "ttl": [ + "^ttl$/^(delete-twice|invalid-label|past-timestamp|permission-lack|valid-label)\\[.*\\]$" + ], + "validate": [ + "^validate$/^anchors$/^(conditional|conditional-deprecated)\\[.*\\]$", + "^validate$/^clusterpolicy$/^cornercases$/^(apply-on-deletion|apply-on-deletion-deprecated|cel-messages-upon-resource-failure|cel-messages-upon-resource-failure-deprecated|check-message-upon-resource-failure|check-message-upon-resource-failure-deprecated|different-configuration-for-actions|ephemeral-containers|ephemeral-containers-deprecated|external-metrics|external-metrics-deprecated|invalid-jmespath-variable-substitution)\\[.*\\]$", + "^validate$/^clusterpolicy$/^cornercases$/^(invalid-jmespath-variable-substitution-deprecated|psa-run-as-non-root|schema-validation-for-mutateExisting|schema-validation-for-mutateExisting-deprecated|two-rules-with-different-action|validate-pattern-should-fail|validate-pattern-should-fail-deprecated|validate-pattern-should-pass|validate-pattern-should-pass-deprecated|validate-pattern-should-skip|validate-pattern-should-skip-deprecated|variable-substitution-failure-messages)\\[.*\\]$", + "^validate$/^clusterpolicy$/^cornercases$/^(variable-substitution-failure-messages-deprecated)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^(gvk|gvk-deprecated|subresource|subresource-deprecated)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^apicalls$/^(lazyload|subjectaccessreview)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^apicalls-deprecated$/^(lazyload|subjectaccessreview)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^audit$/^(background-match-clusterRoles|background-match-roles|background-vars-roles|background-vars-serviceAccountName|background-vars-userInfo|configmap-context-lookup)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^audit-deprecated$/^(background-match-clusterRoles|background-match-roles|background-vars-roles|background-vars-serviceAccountName|background-vars-userInfo|configmap-context-lookup)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^cel$/^(cel-preconditions|cel-variables|check-statefulset-namespace|deny|disallow-host-port)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^cel-deprecated$/^(cel-preconditions|cel-variables|check-statefulset-namespace|disallow-host-port)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^cel-deprecated$/^authorizor-checks$/^(with-permissions|without-permissions)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^cel-deprecated$/^parameter-resources$/^(clusterscoped)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^cel-deprecated$/^parameter-resources$/^namespaced$/^(match-clusterscoped-resource|set-paramref-namespace|unset-paramref-namespace)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^cel$/^authorizor-checks$/^(with-permissions|without-permissions)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^cel$/^parameter-resources$/^(clusterscoped)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^cel$/^parameter-resources$/^namespaced$/^(match-clusterscoped-resource|set-paramref-namespace|unset-paramref-namespace)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^debug$/^(with-pod|with-subresource|with-wildcard)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^debug-deprecated$/^(with-pod|with-subresource|with-wildcard)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^enforce$/^(api-initiated-pod-eviction|block-pod-exec-requests|bypass-with-policy-exception|csr|enforce-validate-existing|failure-policy-ignore-anchor|ns-selector-with-wildcard-kind|operator-allnotin-01|operator-anyin-boolean|resource-apply-block|scaling-with-kubectl-scale)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^enforce-deprecated$/^(api-initiated-pod-eviction|block-pod-exec-requests|bypass-with-policy-exception|csr|enforce-validate-existing|failure-policy-ignore-anchor|ns-selector-with-wildcard-kind|operator-allnotin-01|operator-anyin-boolean|resource-apply-block|scaling-with-kubectl-scale)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^exclude$/^(exclude-namespace|exclude-namespace(deprecated))\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^operations$/^(only-update|only-update(deprecated))\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^psa$/^(concurrent-policy-execution|seccomp-latest-check-no-exclusion|test-deletion-request|test-exclusion-capabilities|test-exclusion-host-namespaces|test-exclusion-host-ports|test-exclusion-hostpath-volume|test-exclusion-hostprocesses|test-exclusion-privilege-escalation|test-exclusion-privileged-containers|test-exclusion-restricted-capabilities|test-exclusion-restricted-seccomp)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^psa$/^(test-exclusion-running-as-nonroot|test-exclusion-running-as-nonroot-user|test-exclusion-seccomp|test-exclusion-selinux|test-exclusion-sysctls|test-exclusion-volume-types)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^psa-deprecated$/^(seccomp-latest-check-no-exclusion|test-deletion-request|test-exclusion-capabilities|test-exclusion-host-namespaces|test-exclusion-host-ports|test-exclusion-hostpath-volume|test-exclusion-hostprocesses|test-exclusion-privilege-escalation|test-exclusion-privileged-containers|test-exclusion-restricted-capabilities|test-exclusion-restricted-seccomp|test-exclusion-running-as-nonroot)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^psa-deprecated$/^(test-exclusion-running-as-nonroot-user|test-exclusion-seccomp|test-exclusion-selinux|test-exclusion-sysctls|test-exclusion-volume-types)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^variables$/^lazyload$/^(conditions|conditions-deprecated)\\[.*\\]$", + "^validate$/^clusterpolicy$/^standard$/^wildcard$/^(block-verifyimage|block-verifyimage-deprecated)\\[.*\\]$", + "^validate$/^e2e$/^(adding-key-to-config-map|adding-key-to-config-map-deprecated|global-anchor|global-anchor-deprecated|lowercase-kind-crd|lowercase-kind-crd-deprecated|old-object-exists|old-object-exists-deprecated|trusted-images|trusted-images-deprecated|x509-decode|x509-decode-deprecated)\\[.*\\]$", + "^validate$/^e2e$/^(yaml-signing|yaml-signing-deprecated)\\[.*\\]$" + ], + "validating-admission-policy-reports": [ + "^validating-admission-policy-reports$/^(events)\\[.*\\]$", + "^validating-admission-policy-reports$/^background$/^(validating-admission-policy-fail|validating-admission-policy-pass|with-validating-admission-policy-binding-fail|with-validating-admission-policy-binding-no-reports|with-validating-admission-policy-binding-pass)\\[.*\\]$" + ], + "verify-manifests": [ + "^verify-manifests$/^(multi-signatures|multi-signatures(deprecated)|single-signature|single-signature(deprecated))\\[.*\\]$" + ], + "verifyImages": [ + "^verifyImages$/^clusterpolicy$/^cornercases$/^(multiple-attestors)\\[.*\\]$", + "^verifyImages$/^clusterpolicy$/^standard$/^(configmap-context-lookup|empty-image|failure-policy-test-noconfigmap-diffimage-success|failure-policy-test-noconfigmap-diffimage-success-deprecated|imageExtractors-complex|imageExtractors-complex-keyless|imageExtractors-none|imageExtractors-simple|keyed-basic|keyed-basic-namespace-selector|keyed-oci11|keyed-secret)\\[.*\\]$", + "^verifyImages$/^clusterpolicy$/^standard$/^(keyed-tsa|keyless-attestation-invalid-attestor|keyless-attestation-regexp|keyless-attestations-multiple-subjects-1|keyless-attestations-multiple-subjects-2|keyless-attestations-multiple-subjects-3|keyless-attestations-multiple-subjects-4|keyless-attestations-multiple-subjects-counts-1|keyless-attestations-multiple-subjects-counts-2|keyless-attestations-multiple-subjects-counts-3|keyless-image-invalid-attestor|keyless-mutatedigest-verifydigest-required)\\[.*\\]$", + "^verifyImages$/^clusterpolicy$/^standard$/^(keyless-nomutatedigest-noverifydigest-norequired|keyless-nomutatedigest-noverifydigest-required|mutateDigest-noverifyDigest-norequired|noconfigmap-diffimage-success|nomutateDigest-verifyDigest-norequired|notary-attestation-verification|notary-image-verification|notary-image-verification-secret-from-policy|rollback-image-verification|sigstore-attestation-verification-regexp|sigstore-attestation-verification-test|sigstore-image-verification-test)\\[.*\\]$", + "^verifyImages$/^clusterpolicy$/^standard$/^(skip-image-reference|update-multi-containers|verify-image-background-audit|verify-image-background-basic|verify-image-background-existing|with-mutation)\\[.*\\]$" + ], + "webhook-configurations": [ + "^webhook-configurations$/^(cpol-match-conditions-block|cpol-match-conditions-pass|match-conditions-standard|match-conditions-userinfo|webhook-registeration)\\[.*\\]$" + ], + "webhooks": [ + "^webhooks$/^(all-scale|clusterpolicy|double-wildcard|dyn-op-mutate|dyn-op-mutate-multiple|dyn-op-validate|dyn-op-validate-and-mutate|dyn-op-validate-multiple|expected-webhooks|only-pod|pod-all-subresources|pod-exec-subresource)\\[.*\\]$", + "^webhooks$/^(policy|policy-clusterpolicy-different-resource-group|policy-clusterpolicy-namespaced-clusterscoped-resources|policy-clusterpolicy-namespaced-resources|policy-clusterpolicy-same-resource|policy-clusterpolicy-wildcard-resource|policy-clusterscope-resource|policy-different-resource-group|policy-wildcard-resource|scale|unknown-kind)\\[.*\\]$" + ] +} diff --git a/.github/workflows/conformance.yaml b/.github/workflows/conformance.yaml index 60612321a7d8..8c53e00c12a4 100644 --- a/.github/workflows/conformance.yaml +++ b/.github/workflows/conformance.yaml @@ -15,6 +15,17 @@ concurrency: cancel-in-progress: true jobs: + define-matrix: + runs-on: ubuntu-latest + outputs: + tests: ${{ steps.tests.outputs.tests }} + steps: + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: Set matrix data + id: tests + run: echo "tests=$(jq -c . < ./.github/e2e-matrix.json)" >> $GITHUB_OUTPUT + prepare-images: runs-on: ubuntu-latest steps: @@ -81,36 +92,34 @@ jobs: fail-fast: false matrix: k8s-version: - - v1.28.13 - - v1.29.8 - - v1.30.4 + # - v1.28.13 + # - v1.29.8 + # - v1.30.4 - v1.31.0 tests: - - ^assert$ - - ^autogen$ - - ^background-only$ - - ^cleanup$ - - ^deferred$ - - ^events$ - - ^exceptions$ - - ^filter$ - - ^generate$/^clusterpolicy$ - - ^generate$/^policy$ - - ^generate$/^validation$ - - ^generate$/^foreach$ - - ^globalcontext$ - - ^lease$ - - ^mutate$ - - ^policy-validation$ - - ^rangeoperators$ - - ^rbac$ - - ^reports$ - - ^validate$ - - ^verify-manifests$ - - ^verifyImages$ - - ^webhooks$ + - ${{ fromJSON(needs.define-matrix.outputs.tests).assert }} + - ${{ fromJSON(needs.define-matrix.outputs.tests).autogen }} + - ${{ fromJSON(needs.define-matrix.outputs.tests).background-only }} + - ${{ fromJSON(needs.define-matrix.outputs.tests).cleanup }} + - ${{ fromJSON(needs.define-matrix.outputs.tests).deferred }} + - ${{ fromJSON(needs.define-matrix.outputs.tests).events }} + - ${{ fromJSON(needs.define-matrix.outputs.tests).exceptions }} + - ${{ fromJSON(needs.define-matrix.outputs.tests).filter }} + - ${{ fromJSON(needs.define-matrix.outputs.tests).generate }} + - ${{ fromJSON(needs.define-matrix.outputs.tests).globalcontext }} + - ${{ fromJSON(needs.define-matrix.outputs.tests).lease }} + - ${{ fromJSON(needs.define-matrix.outputs.tests).mutate }} + - ${{ fromJSON(needs.define-matrix.outputs.tests).policy-validation }} + - ${{ fromJSON(needs.define-matrix.outputs.tests).rangeoperators }} + - ${{ fromJSON(needs.define-matrix.outputs.tests).rbac }} + - ${{ fromJSON(needs.define-matrix.outputs.tests).reports }} + - ${{ fromJSON(needs.define-matrix.outputs.tests).validate }} + - ${{ fromJSON(needs.define-matrix.outputs.tests).verify-manifests }} + - ${{ fromJSON(needs.define-matrix.outputs.tests).verifyImages }} + - ${{ fromJSON(needs.define-matrix.outputs.tests).webhooks }} needs: - prepare-images + - define-matrix steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 From de3aa980152b64c820e2e53330b925731af55670 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Mon, 2 Sep 2024 18:10:12 +0200 Subject: [PATCH 04/12] fix: configure dependabot to work with composite actions (#10975) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché --- .github/dependabot.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index fbfd4e5966bd..125acda7fb7e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,7 +6,9 @@ updates: interval: daily rebase-strategy: disabled - package-ecosystem: github-actions - directory: / + directories: + - / + - /.github/actions/*/ schedule: interval: daily rebase-strategy: disabled From 0438a65c0c9b65a872c7c345b70ca2e7f8060d7f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 16:55:57 +0000 Subject: [PATCH 05/12] chore(deps): bump jlumbroso/free-disk-space (#10982) Bumps [jlumbroso/free-disk-space](https://github.com/jlumbroso/free-disk-space) from 1.2.0 to 1.3.1. - [Release notes](https://github.com/jlumbroso/free-disk-space/releases) - [Commits](https://github.com/jlumbroso/free-disk-space/compare/76866dbe54312617f00798d1762df7f43def6e5c...54081f138730dfa15788a46383842cd2f914a1be) --- updated-dependencies: - dependency-name: jlumbroso/free-disk-space dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/actions/setup-test-env/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/setup-test-env/action.yaml b/.github/actions/setup-test-env/action.yaml index e06a4c2baf58..79b04eae87b6 100644 --- a/.github/actions/setup-test-env/action.yaml +++ b/.github/actions/setup-test-env/action.yaml @@ -13,7 +13,7 @@ inputs: runs: using: composite steps: - - uses: jlumbroso/free-disk-space@76866dbe54312617f00798d1762df7f43def6e5c # v1.2.0 + - uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 if: ${{ inputs.free-disk-space == 'true' }} with: tool-cache: true From e4afa3a125e18fa6b7b6eedb6ad469ae4a4583d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 17:21:03 +0000 Subject: [PATCH 06/12] chore(deps): bump jlumbroso/free-disk-space (#10981) Bumps [jlumbroso/free-disk-space](https://github.com/jlumbroso/free-disk-space) from 1.2.0 to 1.3.1. - [Release notes](https://github.com/jlumbroso/free-disk-space/releases) - [Commits](https://github.com/jlumbroso/free-disk-space/compare/76866dbe54312617f00798d1762df7f43def6e5c...54081f138730dfa15788a46383842cd2f914a1be) --- updated-dependencies: - dependency-name: jlumbroso/free-disk-space dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/actions/setup-build-env/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/setup-build-env/action.yaml b/.github/actions/setup-build-env/action.yaml index 40dea8c9b8b7..e04f5a30ac6b 100644 --- a/.github/actions/setup-build-env/action.yaml +++ b/.github/actions/setup-build-env/action.yaml @@ -13,7 +13,7 @@ inputs: runs: using: composite steps: - - uses: jlumbroso/free-disk-space@76866dbe54312617f00798d1762df7f43def6e5c # v1.2.0 + - uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 if: ${{ inputs.free-disk-space == 'true' }} with: tool-cache: true From 61c4a3e7b74b0c076aced439ec09c63d278d4d29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Mon, 2 Sep 2024 19:55:55 +0200 Subject: [PATCH 07/12] chore: split conformance jobs per folder (#10974) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore: simplify e2e matrix Signed-off-by: Charles-Edouard Brétéché * chore: use dynamic matrix Signed-off-by: Charles-Edouard Brétéché * chore: split conformance jobs per folder Signed-off-by: Charles-Edouard Brétéché --------- Signed-off-by: Charles-Edouard Brétéché --- .github/actions/run-tests/action.yaml | 62 ++++ .github/workflows/conformance.yaml | 486 ++++++++++++++++++++++---- 2 files changed, 472 insertions(+), 76 deletions(-) create mode 100644 .github/actions/run-tests/action.yaml diff --git a/.github/actions/run-tests/action.yaml b/.github/actions/run-tests/action.yaml new file mode 100644 index 000000000000..c0b927be1097 --- /dev/null +++ b/.github/actions/run-tests/action.yaml @@ -0,0 +1,62 @@ +name: Runs E2E Tests +description: Runs E2E tests using chainsaw +inputs: + k8s-version: + description: Kubernetes version + required: true + config: + description: Chainsaw config + required: true + tests: + description: Test regex + required: true + token: + description: GH token + required: true +runs: + using: composite + steps: + # install tools + - name: Install helm + id: helm + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + - name: Install chainsaw + uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8 + # create cluster + - name: Create kind cluster + uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 + with: + node_image: kindest/node:${{ inputs.k8s-version }} + cluster_name: kind + config: ./scripts/config/kind/default.yaml + # deploy kyverno + - name: Download kyverno images archive + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + with: + name: kyverno.tar + - name: Load kyverno images archive in kind cluster + shell: bash + run: | + set -e + kind load image-archive kyverno.tar --name kind + - name: Install kyverno + shell: bash + run: | + set -e + export HELM=${{ steps.helm.outputs.helm-path }} + export USE_CONFIG=standard + make kind-install-kyverno + - name: Wait for kyverno ready + uses: ./.github/actions/kyverno-wait-ready + # run tests + - name: Test with Chainsaw + shell: bash + env: + GITHUB_TOKEN: ${{ inputs.token }} + run: | + set -e + cd ./test/conformance/chainsaw && chainsaw test --include-test-regex '^chainsaw$/${{ inputs.tests }}' --config ../../../.chainsaw.yaml + # debug + - name: Debug failure + if: failure() + uses: ./.github/actions/kyverno-logs \ No newline at end of file diff --git a/.github/workflows/conformance.yaml b/.github/workflows/conformance.yaml index 8c53e00c12a4..a22b8987dde4 100644 --- a/.github/workflows/conformance.yaml +++ b/.github/workflows/conformance.yaml @@ -84,91 +84,385 @@ jobs: retention-days: 1 if-no-files-found: error - standard: + assert: runs-on: ubuntu-latest permissions: packages: read strategy: fail-fast: false matrix: - k8s-version: - # - v1.28.13 - # - v1.29.8 - # - v1.30.4 - - v1.31.0 - tests: - - ${{ fromJSON(needs.define-matrix.outputs.tests).assert }} - - ${{ fromJSON(needs.define-matrix.outputs.tests).autogen }} - - ${{ fromJSON(needs.define-matrix.outputs.tests).background-only }} - - ${{ fromJSON(needs.define-matrix.outputs.tests).cleanup }} - - ${{ fromJSON(needs.define-matrix.outputs.tests).deferred }} - - ${{ fromJSON(needs.define-matrix.outputs.tests).events }} - - ${{ fromJSON(needs.define-matrix.outputs.tests).exceptions }} - - ${{ fromJSON(needs.define-matrix.outputs.tests).filter }} - - ${{ fromJSON(needs.define-matrix.outputs.tests).generate }} - - ${{ fromJSON(needs.define-matrix.outputs.tests).globalcontext }} - - ${{ fromJSON(needs.define-matrix.outputs.tests).lease }} - - ${{ fromJSON(needs.define-matrix.outputs.tests).mutate }} - - ${{ fromJSON(needs.define-matrix.outputs.tests).policy-validation }} - - ${{ fromJSON(needs.define-matrix.outputs.tests).rangeoperators }} - - ${{ fromJSON(needs.define-matrix.outputs.tests).rbac }} - - ${{ fromJSON(needs.define-matrix.outputs.tests).reports }} - - ${{ fromJSON(needs.define-matrix.outputs.tests).validate }} - - ${{ fromJSON(needs.define-matrix.outputs.tests).verify-manifests }} - - ${{ fromJSON(needs.define-matrix.outputs.tests).verifyImages }} - - ${{ fromJSON(needs.define-matrix.outputs.tests).webhooks }} - needs: - - prepare-images - - define-matrix + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).assert }} + needs: [ prepare-images, define-matrix ] steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - # install tools - - name: Install helm - id: helm - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests with: + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} token: ${{ secrets.GITHUB_TOKEN }} - - name: Install chainsaw - uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8 - # create cluster - - name: Create kind cluster - uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 + + autogen: + runs-on: ubuntu-latest + permissions: + packages: read + strategy: + fail-fast: false + matrix: + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).autogen }} + needs: [ prepare-images, define-matrix ] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests with: - node_image: kindest/node:${{ matrix.k8s-version }} - cluster_name: kind - config: ./scripts/config/kind/default.yaml - # deploy kyverno - - name: Download kyverno images archive - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} + token: ${{ secrets.GITHUB_TOKEN }} + + background-only: + runs-on: ubuntu-latest + permissions: + packages: read + strategy: + fail-fast: false + matrix: + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).background-only }} + needs: [ prepare-images, define-matrix ] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests with: - name: kyverno.tar - - name: Load kyverno images archive in kind cluster - shell: bash - run: | - set -e - kind load image-archive kyverno.tar --name kind - - name: Install kyverno - shell: bash - run: | - set -e - export HELM=${{ steps.helm.outputs.helm-path }} - export USE_CONFIG=standard - make kind-install-kyverno - - name: Wait for kyverno ready - uses: ./.github/actions/kyverno-wait-ready - # run tests - - name: Test with Chainsaw - shell: bash - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - set -e - cd ./test/conformance/chainsaw && chainsaw test --include-test-regex '^chainsaw$/${{ matrix.tests }}' --config ../../../.chainsaw.yaml - # debug - - name: Debug failure - if: failure() - uses: ./.github/actions/kyverno-logs + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} + token: ${{ secrets.GITHUB_TOKEN }} + + cleanup: + runs-on: ubuntu-latest + permissions: + packages: read + strategy: + fail-fast: false + matrix: + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).cleanup }} + needs: [ prepare-images, define-matrix ] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests + with: + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} + token: ${{ secrets.GITHUB_TOKEN }} + + deferred: + runs-on: ubuntu-latest + permissions: + packages: read + strategy: + fail-fast: false + matrix: + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).deferred }} + needs: [ prepare-images, define-matrix ] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests + with: + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} + token: ${{ secrets.GITHUB_TOKEN }} + + events: + runs-on: ubuntu-latest + permissions: + packages: read + strategy: + fail-fast: false + matrix: + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).events }} + needs: [ prepare-images, define-matrix ] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests + with: + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} + token: ${{ secrets.GITHUB_TOKEN }} + + exceptions: + runs-on: ubuntu-latest + permissions: + packages: read + strategy: + fail-fast: false + matrix: + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).exceptions }} + needs: [ prepare-images, define-matrix ] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests + with: + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} + token: ${{ secrets.GITHUB_TOKEN }} + + filter: + runs-on: ubuntu-latest + permissions: + packages: read + strategy: + fail-fast: false + matrix: + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).filter }} + needs: [ prepare-images, define-matrix ] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests + with: + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} + token: ${{ secrets.GITHUB_TOKEN }} + + generate: + runs-on: ubuntu-latest + permissions: + packages: read + strategy: + fail-fast: false + matrix: + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).generate }} + needs: [ prepare-images, define-matrix ] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests + with: + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} + token: ${{ secrets.GITHUB_TOKEN }} + + globalcontext: + runs-on: ubuntu-latest + permissions: + packages: read + strategy: + fail-fast: false + matrix: + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).globalcontext }} + needs: [ prepare-images, define-matrix ] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests + with: + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} + token: ${{ secrets.GITHUB_TOKEN }} + + lease: + runs-on: ubuntu-latest + permissions: + packages: read + strategy: + fail-fast: false + matrix: + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).lease }} + needs: [ prepare-images, define-matrix ] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests + with: + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} + token: ${{ secrets.GITHUB_TOKEN }} + + mutate: + runs-on: ubuntu-latest + permissions: + packages: read + strategy: + fail-fast: false + matrix: + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).mutate }} + needs: [ prepare-images, define-matrix ] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests + with: + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} + token: ${{ secrets.GITHUB_TOKEN }} + + policy-validation: + runs-on: ubuntu-latest + permissions: + packages: read + strategy: + fail-fast: false + matrix: + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).policy-validation }} + needs: [ prepare-images, define-matrix ] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests + with: + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} + token: ${{ secrets.GITHUB_TOKEN }} + + rangeoperators: + runs-on: ubuntu-latest + permissions: + packages: read + strategy: + fail-fast: false + matrix: + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).rangeoperators }} + needs: [ prepare-images, define-matrix ] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests + with: + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} + token: ${{ secrets.GITHUB_TOKEN }} + + rbac: + runs-on: ubuntu-latest + permissions: + packages: read + strategy: + fail-fast: false + matrix: + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).rbac }} + needs: [ prepare-images, define-matrix ] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests + with: + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} + token: ${{ secrets.GITHUB_TOKEN }} + + reports: + runs-on: ubuntu-latest + permissions: + packages: read + strategy: + fail-fast: false + matrix: + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).reports }} + needs: [ prepare-images, define-matrix ] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests + with: + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} + token: ${{ secrets.GITHUB_TOKEN }} + + validate: + runs-on: ubuntu-latest + permissions: + packages: read + strategy: + fail-fast: false + matrix: + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).validate }} + needs: [ prepare-images, define-matrix ] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests + with: + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} + token: ${{ secrets.GITHUB_TOKEN }} + + verify-manifests: + runs-on: ubuntu-latest + permissions: + packages: read + strategy: + fail-fast: false + matrix: + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).verify-manifests }} + needs: [ prepare-images, define-matrix ] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests + with: + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} + token: ${{ secrets.GITHUB_TOKEN }} + + verifyImages: + runs-on: ubuntu-latest + permissions: + packages: read + strategy: + fail-fast: false + matrix: + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).verifyImages }} + needs: [ prepare-images, define-matrix ] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests + with: + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} + token: ${{ secrets.GITHUB_TOKEN }} + + webhooks: + runs-on: ubuntu-latest + permissions: + packages: read + strategy: + fail-fast: false + matrix: + k8s-version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ] + tests: ${{ fromJSON(needs.define-matrix.outputs.tests).webhooks }} + needs: [ prepare-images, define-matrix ] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./.github/actions/run-tests + with: + k8s-version: ${{ matrix.k8s-version }} + config: standard + tests: ${{ matrix.tests }} + token: ${{ secrets.GITHUB_TOKEN }} k8s-version-specific-tests-above-1-28: runs-on: ubuntu-latest @@ -797,7 +1091,27 @@ jobs: conformance-required-success: name: conformance-required needs: - - standard + - assert + - autogen + - background-only + - cleanup + - deferred + - events + - exceptions + - filter + - generate + - globalcontext + - lease + - mutate + - policy-validation + - rangeoperators + - rbac + - reports + - ttl + - validate + - verify-manifests + - verifyImages + - webhooks - ttl - force-failure-policy-ignore - k8s-version-specific-tests-above-1-28 @@ -814,7 +1128,27 @@ jobs: conformance-required-failure: name: conformance-required needs: - - standard + - assert + - autogen + - background-only + - cleanup + - deferred + - events + - exceptions + - filter + - generate + - globalcontext + - lease + - mutate + - policy-validation + - rangeoperators + - rbac + - reports + - ttl + - validate + - verify-manifests + - verifyImages + - webhooks - ttl - force-failure-policy-ignore - k8s-version-specific-tests-above-1-28 From d219766f12482e89b8dd7cf8e668c0411720b9c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Mon, 2 Sep 2024 21:01:50 +0200 Subject: [PATCH 08/12] feat: add chainsaw matrix script (#10976) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché --- .github/workflows/conformance.yaml | 2 +- hack/chainsaw-matrix/go.mod | 100 ++++++ hack/chainsaw-matrix/go.sum | 325 ++++++++++++++++++ hack/chainsaw-matrix/main.go | 67 ++++ .../conformance/chainsaw}/e2e-matrix.json | 0 5 files changed, 493 insertions(+), 1 deletion(-) create mode 100644 hack/chainsaw-matrix/go.mod create mode 100644 hack/chainsaw-matrix/go.sum create mode 100644 hack/chainsaw-matrix/main.go rename {.github => test/conformance/chainsaw}/e2e-matrix.json (100%) diff --git a/.github/workflows/conformance.yaml b/.github/workflows/conformance.yaml index a22b8987dde4..6ea9ca765440 100644 --- a/.github/workflows/conformance.yaml +++ b/.github/workflows/conformance.yaml @@ -24,7 +24,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set matrix data id: tests - run: echo "tests=$(jq -c . < ./.github/e2e-matrix.json)" >> $GITHUB_OUTPUT + run: echo "tests=$(jq -c . < ./test/conformance/chainsaw/e2e-matrix.json)" >> $GITHUB_OUTPUT prepare-images: runs-on: ubuntu-latest diff --git a/hack/chainsaw-matrix/go.mod b/hack/chainsaw-matrix/go.mod new file mode 100644 index 000000000000..ced9bd7d8465 --- /dev/null +++ b/hack/chainsaw-matrix/go.mod @@ -0,0 +1,100 @@ +module github.com/kyverno/kyverno/hack/chainsaw-matrix + +go 1.23.0 + +require github.com/kyverno/chainsaw v0.2.8 + +require ( + github.com/NYTimes/gziphandler v1.1.1 // indirect + github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect + github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect + github.com/beorn7/perks v1.0.1 // indirect + github.com/blang/semver/v4 v4.0.0 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/coreos/go-semver v0.3.1 // indirect + github.com/coreos/go-systemd/v22 v22.5.0 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/emicklei/go-restful/v3 v3.12.1 // indirect + github.com/evanphx/json-patch v5.9.0+incompatible // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/go-logr/logr v1.4.2 // indirect + github.com/go-logr/stdr v1.2.2 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.21.0 // indirect + github.com/go-openapi/swag v0.23.0 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/google/cel-go v0.17.8 // indirect + github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect + github.com/google/go-cmp v0.6.0 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.21.0 // indirect + github.com/imdario/mergo v0.3.16 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/jinzhu/copier v0.4.0 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/kyverno/kyverno-json v0.0.4-0.20240730143747-aade3d42fc0e // indirect + github.com/kyverno/pkg/ext v0.0.0-20240418121121-df8add26c55c // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/prometheus/client_golang v1.18.0 // indirect + github.com/prometheus/client_model v0.6.0 // indirect + github.com/prometheus/common v0.47.0 // indirect + github.com/prometheus/procfs v0.12.0 // indirect + github.com/spf13/cobra v1.8.1 // indirect + github.com/spf13/pflag v1.0.5 // indirect + github.com/stoewer/go-strcase v1.3.0 // indirect + go.etcd.io/etcd/api/v3 v3.5.15 // indirect + go.etcd.io/etcd/client/pkg/v3 v3.5.15 // indirect + go.etcd.io/etcd/client/v3 v3.5.15 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect + go.opentelemetry.io/otel v1.28.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 // indirect + go.opentelemetry.io/otel/metric v1.28.0 // indirect + go.opentelemetry.io/otel/sdk v1.28.0 // indirect + go.opentelemetry.io/otel/trace v1.28.0 // indirect + go.opentelemetry.io/proto/otlp v1.3.1 // indirect + go.uber.org/multierr v1.11.0 // indirect + go.uber.org/zap v1.27.0 // indirect + golang.org/x/crypto v0.25.0 // indirect + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect + golang.org/x/net v0.27.0 // indirect + golang.org/x/oauth2 v0.21.0 // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/sys v0.22.0 // indirect + golang.org/x/term v0.22.0 // indirect + golang.org/x/text v0.16.0 // indirect + golang.org/x/time v0.5.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f // indirect + google.golang.org/grpc v1.65.0 // indirect + google.golang.org/protobuf v1.34.2 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/api v0.30.3 // indirect + k8s.io/apiextensions-apiserver v0.30.3 // indirect + k8s.io/apimachinery v0.30.3 // indirect + k8s.io/apiserver v0.30.3 // indirect + k8s.io/client-go v0.30.3 // indirect + k8s.io/component-base v0.30.3 // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20240726031636-6f6746feab9c // indirect + k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/kubectl-validate v0.0.4 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect +) diff --git a/hack/chainsaw-matrix/go.sum b/hack/chainsaw-matrix/go.sum new file mode 100644 index 000000000000..d8dd6dbca39d --- /dev/null +++ b/hack/chainsaw-matrix/go.sum @@ -0,0 +1,325 @@ +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I= +github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= +github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18= +github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= +github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= +github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= +github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= +github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= +github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= +github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU= +github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= +github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= +github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= +github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= +github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= +github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= +github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= +github.com/google/cel-go v0.17.8 h1:j9m730pMZt1Fc4oKhCLUHfjj6527LuhYcYw0Rl8gqto= +github.com/google/cel-go v0.17.8/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= +github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU= +github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49/go.mod h1:BkkQ4L1KS1xMt2aWSPStnn55ChGC0DPOn2FQYj+f25M= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= +github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI= +github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vbp88Yd8NsDy6rZz+RcrMPxvld8= +github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 h1:JYghRBlGCZyCF2wNUJ8W0cwaQdtpcssJ4CgC406g+WU= +github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99/go.mod h1:3bDW6wMZJB7tiONtC/1Xpicra6Wp5GgbTbQWCbI5fkc= +github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= +github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.21.0 h1:CWyXh/jylQWp2dtiV33mY4iSSp6yf4lmn+c7/tN+ObI= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.21.0/go.mod h1:nCLIt0w3Ept2NwF8ThLmrppXsfT07oC8k0XNDxd8sVU= +github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= +github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8= +github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg= +github.com/jonboulle/clockwork v0.4.0 h1:p4Cf1aMWXnXAUh8lVfewRBx1zaTSYKrKMF2g3ST4RZ4= +github.com/jonboulle/clockwork v0.4.0/go.mod h1:xgRqUGwRcjKCO1vbZUEtSLrqKoPSsUpK7fnezOII0kc= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/kyverno/chainsaw v0.2.8 h1:E+zUQ8SuOxUBeQC5i/0RYUPOXIeOKi69gOqFN5w256c= +github.com/kyverno/chainsaw v0.2.8/go.mod h1:ttTQJepYvp8Uy+aATNZ4EpEgh39A3HjIphSdCCyppkI= +github.com/kyverno/kyverno-json v0.0.4-0.20240730143747-aade3d42fc0e h1:gh9iMuJS8yloxo3JIzvgLWZWwy5iRjEkA8/U7rK3iu8= +github.com/kyverno/kyverno-json v0.0.4-0.20240730143747-aade3d42fc0e/go.mod h1:3LgZogzltja+Sx0o5CIa7d7+991v8sWXHskU0fWSOsQ= +github.com/kyverno/pkg/ext v0.0.0-20240418121121-df8add26c55c h1:lAolpR9H8BwM5lRRvgCQ8JowswyxZRH+fgtIQzHFVCk= +github.com/kyverno/pkg/ext v0.0.0-20240418121121-df8add26c55c/go.mod h1:02vxM0GNXz9+B/i6+rMfWAIwibUuAH+qFsd73IFskgQ= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= +github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM= +github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= +github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos= +github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= +github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/common v0.47.0 h1:p5Cz0FNHo7SnWOmWmoRozVcjEp0bIVU8cV7OShpjL1k= +github.com/prometheus/common v0.47.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= +github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= +github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js= +github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs= +github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE= +github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk= +github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8= +github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +go.etcd.io/bbolt v1.3.8 h1:xs88BrvEv273UsB79e0hcVrlUWmS0a8upikMFhSyAtA= +go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= +go.etcd.io/etcd/api/v3 v3.5.15 h1:3KpLJir1ZEBrYuV2v+Twaa/e2MdDCEZ/70H+lzEiwsk= +go.etcd.io/etcd/api/v3 v3.5.15/go.mod h1:N9EhGzXq58WuMllgH9ZvnEr7SI9pS0k0+DHZezGp7jM= +go.etcd.io/etcd/client/pkg/v3 v3.5.15 h1:fo0HpWz/KlHGMCC+YejpiCmyWDEuIpnTDzpJLB5fWlA= +go.etcd.io/etcd/client/pkg/v3 v3.5.15/go.mod h1:mXDI4NAOwEiszrHCb0aqfAYNCrZP4e9hRca3d1YK8EU= +go.etcd.io/etcd/client/v2 v2.305.10 h1:MrmRktzv/XF8CvtQt+P6wLUlURaNpSDJHFZhe//2QE4= +go.etcd.io/etcd/client/v2 v2.305.10/go.mod h1:m3CKZi69HzilhVqtPDcjhSGp+kA1OmbNn0qamH80xjA= +go.etcd.io/etcd/client/v3 v3.5.15 h1:23M0eY4Fd/inNv1ZfU3AxrbbOdW79r9V9Rl62Nm6ip4= +go.etcd.io/etcd/client/v3 v3.5.15/go.mod h1:CLSJxrYjvLtHsrPKsy7LmZEE+DK2ktfd2bN4RhBMwlU= +go.etcd.io/etcd/pkg/v3 v3.5.10 h1:WPR8K0e9kWl1gAhB5A7gEa5ZBTNkT9NdNWrR8Qpo1CM= +go.etcd.io/etcd/pkg/v3 v3.5.10/go.mod h1:TKTuCKKcF1zxmfKWDkfz5qqYaE3JncKKZPFf8c1nFUs= +go.etcd.io/etcd/raft/v3 v3.5.10 h1:cgNAYe7xrsrn/5kXMSaH8kM/Ky8mAdMqGOxyYwpP0LA= +go.etcd.io/etcd/raft/v3 v3.5.10/go.mod h1:odD6kr8XQXTy9oQnyMPBOr0TVe+gT0neQhElQ6jbGRc= +go.etcd.io/etcd/server/v3 v3.5.10 h1:4NOGyOwD5sUZ22PiWYKmfxqoeh72z6EhYjNosKGLmZg= +go.etcd.io/etcd/server/v3 v3.5.10/go.mod h1:gBplPHfs6YI0L+RpGkTQO7buDbHv5HJGG/Bst0/zIPo= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 h1:9G6E0TXzGFVfTnawRzrPl83iHOAV7L8NJiR8RSGYV1g= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0/go.mod h1:azvtTADFQJA8mX80jIH/akaE7h+dbm/sVuaHqN13w74= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= +go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= +go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 h1:R3X6ZXmNPRR8ul6i3WgFURCHzaXjHdm0karRG/+dj3s= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0/go.mod h1:QWFXnDavXWwMx2EEcZsf3yxgEKAqsxQ+Syjp+seyInw= +go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= +go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= +go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= +go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= +go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= +go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= +go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= +go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= +golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= +golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= +golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20240725223205-93522f1f2a9f h1:htT2I9bZvGm+110zq8bIErMX+WgBWxCzV3ChwbvnKnc= +google.golang.org/genproto v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:Sk3mLpoDFTAp6R4OvlcUgaG4ISTspKeFsIAXMn9Bm4Y= +google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f h1:b1Ln/PG8orm0SsBbHZWke8dDp2lrCD4jSmfglFpTZbk= +google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:AHT0dDg3SoMOgZGnZk29b5xTbPHMoEC8qthmBLJCpys= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f h1:RARaIm8pxYuxyNPbBQf5igT7XdOyCNtat1qAT2ZxjU4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= +google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= +google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc= +gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +k8s.io/api v0.30.3 h1:ImHwK9DCsPA9uoU3rVh4QHAHHK5dTSv1nxJUapx8hoQ= +k8s.io/api v0.30.3/go.mod h1:GPc8jlzoe5JG3pb0KJCSLX5oAFIW3/qNJITlDj8BH04= +k8s.io/apiextensions-apiserver v0.30.3 h1:oChu5li2vsZHx2IvnGP3ah8Nj3KyqG3kRSaKmijhB9U= +k8s.io/apiextensions-apiserver v0.30.3/go.mod h1:uhXxYDkMAvl6CJw4lrDN4CPbONkF3+XL9cacCT44kV4= +k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc= +k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apiserver v0.30.3 h1:QZJndA9k2MjFqpnyYv/PH+9PE0SHhx3hBho4X0vE65g= +k8s.io/apiserver v0.30.3/go.mod h1:6Oa88y1CZqnzetd2JdepO0UXzQX4ZnOekx2/PtEjrOg= +k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k= +k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U= +k8s.io/component-base v0.30.3 h1:Ci0UqKWf4oiwy8hr1+E3dsnliKnkMLZMVbWzeorlk7s= +k8s.io/component-base v0.30.3/go.mod h1:C1SshT3rGPCuNtBs14RmVD2xW0EhRSeLvBh7AGk1quA= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kms v0.30.3 h1:NLg+oN45S2Y3U0WiLRzbS61AY/XrS5JBMZp531Z+Pho= +k8s.io/kms v0.30.3/go.mod h1:GrMurD0qk3G4yNgGcsCEmepqf9KyyIrTXYR2lyUOJC4= +k8s.io/kube-openapi v0.0.0-20240726031636-6f6746feab9c h1:CHL3IcTrTI3csK36iwYJy36uQRic+IpSoRMNH+0I8SE= +k8s.io/kube-openapi v0.0.0-20240726031636-6f6746feab9c/go.mod h1:0CVn9SVo8PeW5/JgsBZZIFmmTk5noOM8WXf2e1tCihE= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 h1:2770sDpzrjjsAtVhSeUFseziht227YAWYHLGNM8QPwY= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/kubectl-validate v0.0.4 h1:tGKuv0awYHn11Cb6KPsZKxUmHgavF46K3NvVH0Nse9U= +sigs.k8s.io/kubectl-validate v0.0.4/go.mod h1:JTm3G+JZLPISqABh73uV7s/sW28q2zZqnTghOzahEKA= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/hack/chainsaw-matrix/main.go b/hack/chainsaw-matrix/main.go new file mode 100644 index 000000000000..420be718cee6 --- /dev/null +++ b/hack/chainsaw-matrix/main.go @@ -0,0 +1,67 @@ +// run with: +// (cd hack/chainsaw-matrix && go run . > ../../test/conformance/chainsaw/e2e-matrix.json) + +package main + +import ( + "encoding/json" + "fmt" + "maps" + "path/filepath" + "slices" + "strings" + + "github.com/kyverno/chainsaw/pkg/discovery" +) + +const chunkSize = 12 + +func main() { + tests, err := discovery.DiscoverTests("chainsaw-test.yaml", nil, false, "../../test/conformance/chainsaw") + if err != nil { + panic(err) + } + var paths []string + for _, test := range tests { + path, err := filepath.Rel("../../test/conformance/chainsaw", test.BasePath) + if err != nil { + panic(err) + } + parts := strings.Split(path, "/") + if len(parts) < 2 { + panic("not enough folder parts: " + path) + } + if strings.HasSuffix(parts[0], "-cel") { + continue + } + paths = append(paths, strings.Join(parts, "/")) + } + suites := map[string][]string{} + for _, path := range paths { + parts := strings.Split(path, "/") + root := strings.Join(parts[:len(parts)-1], "/") + suites[root] = append(suites[root], parts[len(parts)-1]) + } + ts := map[string][]string{} + for _, key := range slices.Sorted(maps.Keys(suites)) { + root := "" + for _, part := range strings.Split(key, "/") { + root += "^" + part + "$" + "/" + } + slices.Sort(suites[key]) + for i := 0; i < len(suites[key]); i += chunkSize { + end := i + chunkSize + if end > len(suites[key]) { + end = len(suites[key]) + } + pattern := root + "^" + "(" + strings.Join(suites[key][i:end], "|") + ")\\[.*\\]$" + key := strings.Split(key, "/")[0] + ts[key] = append(ts[key], pattern) + } + } + data, err := json.MarshalIndent(ts, "", " ") + if err != nil { + panic(err) + } + fmt.Println(string(data)) +} diff --git a/.github/e2e-matrix.json b/test/conformance/chainsaw/e2e-matrix.json similarity index 100% rename from .github/e2e-matrix.json rename to test/conformance/chainsaw/e2e-matrix.json From 322dce6e76811605244fcd06c79de5f143c7c3c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 19:51:32 +0000 Subject: [PATCH 09/12] chore(deps): bump adRise/update-pr-branch from 0.9.0 to 0.9.1 (#10968) Bumps [adRise/update-pr-branch](https://github.com/adrise/update-pr-branch) from 0.9.0 to 0.9.1. - [Release notes](https://github.com/adrise/update-pr-branch/releases) - [Commits](https://github.com/adrise/update-pr-branch/compare/f6b919383eee5095c37ead42513ee555cc69607d...3576c22e28fb6f665417bfe3a83f9da7ca5363e2) --- updated-dependencies: - dependency-name: adRise/update-pr-branch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pr-update.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-update.yaml b/.github/workflows/pr-update.yaml index ebf31d89f75d..fa356f8a4703 100644 --- a/.github/workflows/pr-update.yaml +++ b/.github/workflows/pr-update.yaml @@ -23,7 +23,7 @@ jobs: value: ${{ secrets.PR_UPDATE_TOKEN }} - name: Automatically update PR if: steps.checksecret.outputs.result == 'true' - uses: adRise/update-pr-branch@f6b919383eee5095c37ead42513ee555cc69607d # v0.9.0 + uses: adRise/update-pr-branch@3576c22e28fb6f665417bfe3a83f9da7ca5363e2 # v0.9.1 with: token: ${{ secrets.PR_UPDATE_TOKEN }} base: ${{ github.ref_name }} From 3dceb714428e4330203da5a832d3d9da1cae9b2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Mon, 2 Sep 2024 22:23:13 +0200 Subject: [PATCH 10/12] chore: remove deprecated option in install-helm action (#10983) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché --- .github/workflows/conformance.yaml | 14 -------------- .github/workflows/load-testing.yml | 2 -- 2 files changed, 16 deletions(-) diff --git a/.github/workflows/conformance.yaml b/.github/workflows/conformance.yaml index 6ea9ca765440..cbd43d03340d 100644 --- a/.github/workflows/conformance.yaml +++ b/.github/workflows/conformance.yaml @@ -487,8 +487,6 @@ jobs: - name: Install helm id: helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - name: Install chainsaw uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8 # create cluster @@ -552,8 +550,6 @@ jobs: - name: Install helm id: helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - name: Install chainsaw uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8 # create cluster @@ -618,8 +614,6 @@ jobs: - name: Install helm id: helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - name: Install chainsaw uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8 # create cluster @@ -683,8 +677,6 @@ jobs: - name: Install helm id: helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - name: Install chainsaw uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8 # create cluster @@ -747,8 +739,6 @@ jobs: - name: Install helm id: helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - name: Install crane uses: imjasonh/setup-crane@31b88efe9de28ae0ffa220711af4b60be9435f6e - name: Install Cosign @@ -832,8 +822,6 @@ jobs: - name: Install helm id: helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - name: Install chainsaw uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8 # create cluster @@ -932,8 +920,6 @@ jobs: - name: Install helm id: helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - name: Install chainsaw uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8 - name: Download kyverno CLI archive diff --git a/.github/workflows/load-testing.yml b/.github/workflows/load-testing.yml index 2bdc40485978..84e663f049bf 100644 --- a/.github/workflows/load-testing.yml +++ b/.github/workflows/load-testing.yml @@ -81,8 +81,6 @@ jobs: - name: Install helm id: helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - name: Create kind cluster uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: From ebf61e3e10388a5bd695508567db00cea8e018cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Mon, 2 Sep 2024 23:01:25 +0200 Subject: [PATCH 11/12] chore: update upload/download artifact actions (#10985) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché --- .github/actions/publish-image/action.yaml | 2 +- .github/actions/run-tests/action.yaml | 2 +- .github/workflows/codecov.yaml | 4 ++-- .github/workflows/conformance.yaml | 24 +++++++++---------- .github/workflows/load-testing.yml | 10 ++++---- .github/workflows/nancy.yaml | 4 ++-- .../workflows/report-on-vulnerabilities.yaml | 4 ++-- .github/workflows/scorecard.yaml | 2 +- 8 files changed, 26 insertions(+), 26 deletions(-) diff --git a/.github/actions/publish-image/action.yaml b/.github/actions/publish-image/action.yaml index 368531c18607..1f26ddae4407 100644 --- a/.github/actions/publish-image/action.yaml +++ b/.github/actions/publish-image/action.yaml @@ -59,7 +59,7 @@ runs: with: version: v1 args: app -licenses -json -output ${{ inputs.sbom-name }}-bom.cdx.json -main ${{ inputs.main-path }} - - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: ${{ inputs.sbom-name }}-bom-cdx path: ${{ inputs.sbom-name }}-bom.cdx.json diff --git a/.github/actions/run-tests/action.yaml b/.github/actions/run-tests/action.yaml index c0b927be1097..481408f29b05 100644 --- a/.github/actions/run-tests/action.yaml +++ b/.github/actions/run-tests/action.yaml @@ -31,7 +31,7 @@ runs: config: ./scripts/config/kind/default.yaml # deploy kyverno - name: Download kyverno images archive - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: kyverno.tar - name: Load kyverno images archive in kind cluster diff --git a/.github/workflows/codecov.yaml b/.github/workflows/codecov.yaml index f3c451665d7a..9a851c3eb52e 100644 --- a/.github/workflows/codecov.yaml +++ b/.github/workflows/codecov.yaml @@ -37,7 +37,7 @@ jobs: - name: Generate Code Coverage Report run: make code-cov-report - name: Upload coverage - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: coverage.out path: coverage.out @@ -52,7 +52,7 @@ jobs: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Download coverage - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: coverage.out - name: Upload Report to Codecov diff --git a/.github/workflows/conformance.yaml b/.github/workflows/conformance.yaml index cbd43d03340d..32065c712e33 100644 --- a/.github/workflows/conformance.yaml +++ b/.github/workflows/conformance.yaml @@ -48,7 +48,7 @@ jobs: set -e VERSION=${{ github.ref_name }} make docker-save-image-all - name: upload images archive - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: kyverno.tar path: kyverno.tar @@ -77,7 +77,7 @@ jobs: set -e VERSION=${{ github.ref_name }} make build-cli - name: upload images archive - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: kubectl-kyverno path: cmd/cli/kubectl-kyverno/kubectl-kyverno @@ -498,7 +498,7 @@ jobs: config: ./scripts/config/kind/vap-v1beta1.yaml # deploy kyverno - name: Download kyverno images archive - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: kyverno.tar - name: Load kyverno images archive in kind cluster @@ -561,7 +561,7 @@ jobs: config: ./scripts/config/kind/vap-v1beta1.yaml # deploy kyverno - name: Download kyverno images archive - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: kyverno.tar - name: Load kyverno images archive in kind cluster @@ -625,7 +625,7 @@ jobs: config: ./scripts/config/kind/default.yaml # deploy kyverno - name: Download kyverno images archive - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: kyverno.tar - name: Load kyverno images archive in kind cluster @@ -688,7 +688,7 @@ jobs: config: ./scripts/config/kind/default.yaml # deploy kyverno - name: Download kyverno images archive - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: kyverno.tar - name: Load kyverno images archive in kind cluster @@ -760,7 +760,7 @@ jobs: kubectl -n tuf-system get secrets tuf-root -oyaml | sed 's/namespace: .*/namespace: kyverno/' | kubectl create -f - # deploy kyverno - name: Download kyverno images archive - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: kyverno.tar - name: Load kyverno images archive in kind cluster @@ -833,7 +833,7 @@ jobs: config: ./scripts/config/kind/default.yaml # deploy kyverno - name: Download kyverno images archive - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: kyverno.tar - name: Load kyverno images archive in kind cluster @@ -923,7 +923,7 @@ jobs: - name: Install chainsaw uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8 - name: Download kyverno CLI archive - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: kubectl-kyverno - name: Install Kyverno CLI @@ -941,7 +941,7 @@ jobs: config: ./scripts/config/kind/default.yaml # deploy kyverno - name: Download kyverno images archive - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: kyverno.tar - name: Load kyverno images archive in kind cluster @@ -997,7 +997,7 @@ jobs: set -e make kind-create-cluster - name: Download kyverno images archive - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: kyverno.tar - name: Load kyverno images archive in kind cluster @@ -1041,7 +1041,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 # install tools - name: Download kyverno CLI archive - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: kubectl-kyverno - name: Install chainsaw diff --git a/.github/workflows/load-testing.yml b/.github/workflows/load-testing.yml index 84e663f049bf..4b1bc5336496 100644 --- a/.github/workflows/load-testing.yml +++ b/.github/workflows/load-testing.yml @@ -35,7 +35,7 @@ jobs: set -e VERSION=${{ github.ref_name }} make docker-save-image-all - name: upload images archive - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: kyverno.tar path: kyverno.tar @@ -88,7 +88,7 @@ jobs: cluster_name: kind config: ./scripts/config/kind/default.yaml - name: Download kyverno images archive - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: kyverno.tar - name: Load kyverno images archive in kind cluster @@ -121,19 +121,19 @@ jobs: kubectl -n kyverno get vpa goldilocks-kyverno-admission-controller -o jsonpath='{.status.recommendation.containerRecommendations[*]}' - name: Archive load test results if: failure() - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: load-test-reports path: load-testing/k6/${{ matrix.test }}.js-${{ matrix.k6-config.vus }}vu-${{ matrix.k6-config.iterations }}it-logs.txt - name: Archive pprof CPU profiles if: failure() - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: pprof-cpu-profiles path: cpu.pprof - name: Archive pprof HEAP profiles if: failure() - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: pprof-heap-profiles path: heap.pprof diff --git a/.github/workflows/nancy.yaml b/.github/workflows/nancy.yaml index ba41bb595ac7..91c8f76c2b8f 100644 --- a/.github/workflows/nancy.yaml +++ b/.github/workflows/nancy.yaml @@ -44,7 +44,7 @@ jobs: echo "results=nothing" >> $GITHUB_OUTPUT fi - name: Upload vulnerability scan report - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 if: steps.parse-results.outputs.results == 'found' with: name: nancy-results.json @@ -61,7 +61,7 @@ jobs: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Download scan results - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: nancy-results.json - name: Set scan output diff --git a/.github/workflows/report-on-vulnerabilities.yaml b/.github/workflows/report-on-vulnerabilities.yaml index aec28c50230d..a074ca8416d1 100644 --- a/.github/workflows/report-on-vulnerabilities.yaml +++ b/.github/workflows/report-on-vulnerabilities.yaml @@ -78,7 +78,7 @@ jobs: fi - name: Upload vulnerability scan report - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 if: steps.parse-results.outputs.results == 'found' with: name: scan.json @@ -95,7 +95,7 @@ jobs: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Download scan - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: scan.json - name: Set scan output diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 30aa1c67bec4..196b9fe4bf0d 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -34,7 +34,7 @@ jobs: repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} publish_results: true - name: Upload artifact - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: SARIF file path: results.sarif From 24b5e6ddde5a5cff093a27da360b7aa4ce18daea Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 21:55:51 +0000 Subject: [PATCH 12/12] chore(deps): bump actions/setup-python from 5.1.1 to 5.2.0 (#10959) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.1 to 5.2.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/39cd14951b08e74b54015e9e001cdefcf80e669f...f677139bbe7f9c59b41e40162b753c062f5d49a3) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/helm-release.yaml | 2 +- .github/workflows/helm-test.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/helm-release.yaml b/.github/workflows/helm-release.yaml index 8edfaa23dc56..9192f4de1734 100644 --- a/.github/workflows/helm-release.yaml +++ b/.github/workflows/helm-release.yaml @@ -25,7 +25,7 @@ jobs: - name: Setup build env uses: ./.github/actions/setup-build-env timeout-minutes: 10 - - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: 3.7 - name: Set up chart-testing diff --git a/.github/workflows/helm-test.yaml b/.github/workflows/helm-test.yaml index a246d3bcd69d..9c3c4ab1f19a 100644 --- a/.github/workflows/helm-test.yaml +++ b/.github/workflows/helm-test.yaml @@ -33,7 +33,7 @@ jobs: uses: ./.github/actions/setup-build-env timeout-minutes: 10 - name: Setup python - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: 3.7 - name: Set up chart-testing