gatekeeper/.github/workflows/disk-export.yaml at master · aqstack/gatekeeper · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
name: disk-export
on:
  push:
    paths:
      - "pkg/export/dapr"
      - "pkg/export/disk"
      - "test/export/**"
  pull_request:
    paths:
      - "pkg/export/dapr"
      - "pkg/export/disk"
      - "test/export/**"
permissions: read-all

jobs:
  disk_test:
    name: "Disk export test"
    runs-on: ubuntu-22.04
    timeout-minutes: 15
    steps:
    - name: Harden Runner
      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
      with:
        egress-policy: audit

    - name: Check out code into the Go module directory
      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

    - name: Bootstrap e2e
      run: |
        mkdir -p $GITHUB_WORKSPACE/bin
        echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
        make e2e-bootstrap

    - name: Run e2e
      run: |
        make docker-buildx IMG=gatekeeper-e2e:latest
        make e2e-build-load-externaldata-image
        make e2e-reader-build-image
        make docker-buildx-crds CRD_IMG=gatekeeper-crds:latest CI=true
        kind load docker-image --name kind gatekeeper-e2e:latest fake-reader:latest gatekeeper-crds:latest
        kubectl create ns gatekeeper-system

        make e2e-helm-deploy HELM_REPO=gatekeeper-e2e HELM_CRD_REPO=gatekeeper-crds HELM_RELEASE=latest ENABLE_EXPORT=true LOG_LEVEL=DEBUG EXPORT_BACKEND=disk FAKE_READER_IMAGE_PULL_POLICY=Never AUDIT_CONNECTION=audit-connection AUDIT_CHANNEL=audit-channel EXPORT_DISK_MOUNT=/tmp/violations EXPORT_DISK_PATH=/tmp/violations/topics MAX_AUDIT_RESULTS=3 FAKE_READER_IMAGE=fake-reader:latest

        make test-e2e ENABLE_EXPORT_TESTS=1 EXPORT_BACKEND=disk

    - name: Save logs
      if: ${{ always() }}
      run: |
        kubectl logs -n gatekeeper-system -l control-plane=audit-controller -c manager --tail=-1 > logs-audit-manager.json
        kubectl logs -n gatekeeper-system -l control-plane=audit-controller -c reader --tail=-1 > logs-audit-export.json

    - name: Upload artifacts
      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
      if: ${{ always() }}
      with:
        name: export-logs
        path: |
          logs-*.json