Skip to content

Commit

Permalink
Merge 68f0a96 into 982c4e3
Browse files Browse the repository at this point in the history
  • Loading branch information
@matthyx
matthyx authored Feb 10, 2025
2 parents 982c4e3 + 68f0a96 commit 377634c
Show file tree
Hide file tree
Showing 7 changed files with 189 additions and 55 deletions.
44 changes: 22 additions & 22 deletions .github/workflows/go-basic-tests.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,9 +82,9 @@ jobs:
- uses: actions/checkout@v4
with:
submodules: recursive
- uses: actions/setup-go@v4
name: Setup Go

- uses: actions/setup-go@v5
name: Setup Go
with:
go-version: '${{ inputs.GO_VERSION }}'

Expand All @@ -95,7 +95,7 @@ jobs:
- name: Test without race conditions
if: ${{ env.CGO_ENABLED != 1 }}
run: go test -v $(go list ${{ inputs.UNIT_TESTS_PATH }} | grep -v /e2e)

- name: Initialize CodeQL
continue-on-error: true
uses: github/codeql-action/init@v2
Expand All @@ -110,7 +110,7 @@ jobs:
continue-on-error: true
uses: github/codeql-action/analyze@v2

# - name: Test go build
# - name: Test go build
# run: go build -v ${{ inputs.BUILD_PATH }}

Basic-Test:
Expand All @@ -122,10 +122,10 @@ jobs:
runs-on: ubuntu-latest
needs: [Check-secret, Environment-Test]
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4

- uses: actions/setup-go@v4
name: Setup Go
- uses: actions/setup-go@v5
name: Setup Go
with:
go-version: '${{ inputs.GO_VERSION }}'

Expand All @@ -140,14 +140,14 @@ jobs:
- name: Scanning - Credentials (GitGuardian)
if: needs.check-secret.outputs.run-gitgardian == 'true'
continue-on-error: true
continue-on-error: true
id: credentials-scan
uses: GitGuardian/ggshield/actions/secret@main
env:
GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}
GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
uses: GitGuardian/ggshield/actions/secret@main
env:
GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}
GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}

- name: Scanning - Vulnerabilities (Snyk)
Expand All @@ -160,32 +160,32 @@ jobs:



- name: Test go linting
- name: Test go linting
continue-on-error: true # TODO: Should be removed
uses: golangci/golangci-lint-action@v3
uses: golangci/golangci-lint-action@v6
id: linting
with:
version: latest
args: --timeout 10m
only-new-issues: true

- name: Test coverage
id: unit-test
run: go test -v $(go list ${{ inputs.UNIT_TESTS_PATH }} | grep -v /e2e) -covermode=count -coverprofile=coverage.out

- name: Convert coverage count to lcov format
uses: jandelgado/gcov2lcov-action@v1

- name: Submit coverage tests to Coveralls
continue-on-error: true
uses: coverallsapp/github-action@v1
uses: coverallsapp/github-action@v2
with:
github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
path-to-lcov: coverage.lcov

- name: Comment results to PR
uses: peter-evans/create-or-update-comment@v2
continue-on-error: true # This step typically fails when opening PRs from forks
uses: peter-evans/create-or-update-comment@v4
continue-on-error: true # This step typically fails when opening PRs from forks
with:
issue-number: ${{ github.event.pull_request.number }}
body: |
Expand Down
28 changes: 14 additions & 14 deletions .github/workflows/incluster-comp-pr-merged.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,22 +76,22 @@ jobs:
# if: github.ref == 'master'
# run: exit -1

- uses: actions/checkout@v3
- uses: actions/checkout@v4
name: Checkout
with:
fetch-depth: 0
# submodules: recursive

- uses: actions/setup-go@v4
- uses: actions/setup-go@v5
name: Installing go
with:
go-version: '${{ inputs.GO_VERSION }}'

- name: Set up QEMU
uses: docker/setup-qemu-action@v2
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3

- name: Set prerelease image tag
id: image-prerelease-tag
Expand All @@ -102,14 +102,14 @@ jobs:
run: go test -v ./...

- name: Login to Quay
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
password: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}

- name: Build and push
uses: docker/build-push-action@v3
uses: docker/build-push-action@v6
with:
context: .
file: build/Dockerfile
Expand Down Expand Up @@ -164,13 +164,13 @@ jobs:
steps:

- name: Checkout systests repo
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: armosec/system-tests
ref: ${{ inputs.SYSTEM_TESTS_BRANCH }}
path: .

- uses: actions/setup-python@v4
- uses: actions/setup-python@v5
with:
python-version: '3.8.13'
cache: 'pip'
Expand All @@ -185,7 +185,7 @@ jobs:
- name: Create k8s Kind Cluster
id: kind-cluster-install
uses: helm/kind-action@v1.10.0
uses: helm/kind-action@v1
with:
cluster_name: ${{ steps.uuid.outputs.RANDOM_UUID }}
# kubectl_version: v1.23.12
Expand Down Expand Up @@ -220,7 +220,7 @@ jobs:
deactivate
- name: Test Report
uses: mikepenz/action-junit-report@v3.6.1
uses: mikepenz/action-junit-report@v5
if: always() # always run even if the previous step fails
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -238,10 +238,10 @@ jobs:
contents: write
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3

- name: Login to Quay
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
Expand All @@ -262,7 +262,7 @@ jobs:
- name: Create Release
id: create_release
uses: ncipollo/release-action@v1.11.1
uses: ncipollo/release-action@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ inputs.IMAGE_TAG }}
Expand All @@ -274,7 +274,7 @@ jobs:

- name: Trigger helm chart workflow
if: ${{ inputs.TRIGGER_HELM_CICD == true }}
uses: benc-uk/workflow-dispatch@v1.2.2
uses: benc-uk/workflow-dispatch@v1
with:
workflow: 00-cicd.yaml
repo: kubescape/helm-charts
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ks-ga-flow.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
contents: read
security-events: write
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: kubescape/github-action@main
continue-on-error: true
with:
Expand Down
16 changes: 8 additions & 8 deletions .github/workflows/kubescape-cli-e2e-tests.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ on:
USE_ARTIFACTS_FILE:
description: 'The base file name that need to be used by "use_artifacts" kwargs flag (systests)'
required: false
type: string
type: string
BINARY_TESTS:
type: string
default: '[ "scan_nsa",
Expand Down Expand Up @@ -59,7 +59,7 @@ jobs:
# run: "echo \"is-secret-set=${{ env.CUSTOMER != '' && \n env.USERNAME != '' &&\n env.PASSWORD != '' &&\n env.CLIENT_ID != '' &&\n env.SECRET_KEY != '' &&\n env.REGISTRY_USERNAME != '' &&\n env.REGISTRY_PASSWORD != ''\n }}\" >> $GITHUB_OUTPUT\n"
# "is-secret-set" validatin (and var) is commented because we add the secret validator function down here.
# We commented it out because we revised the secret validation process. We want the pipeline to fail if even one of the secrets is not set.

run: |
env_vars=("CUSTOMER" "USERNAME" "PASSWORD" "CLIENT_ID" "SECRET_KEY" "REGISTRY_USERNAME" "REGISTRY_PASSWORD")
Expand All @@ -79,7 +79,7 @@ jobs:
echo "TEST_NAMES=$input" >> $GITHUB_OUTPUT
env:
input: ${{ inputs.BINARY_TESTS }}


run-tests:
strategy:
Expand All @@ -94,12 +94,12 @@ jobs:
steps:

- name: Checkout systests repo
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3
uses: actions/checkout@v4
with:
repository: armosec/system-tests
path: .

- uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # ratchet:actions/setup-python@v4
- uses: actions/setup-python@v5
with:
python-version: '3.8.13'
cache: 'pip'
Expand All @@ -114,12 +114,12 @@ jobs:
- name: Create k8s Kind Cluster
id: kind-cluster-install
uses: helm/kind-action@d08cf6ff1575077dee99962540d77ce91c62387d # ratchet:helm/[email protected]
uses: helm/kind-action@v1
with:
cluster_name: ${{ steps.uuid.outputs.RANDOM_UUID }}
config: ${{ inputs.KIND_CONFIG_FILE }}

- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # ratchet:actions/[email protected]
- uses: actions/download-artifact@v4
id: download-artifact
with:
name: ${{ inputs.DOWNLOAD_ARTIFACT_KEY_NAME }}
Expand Down Expand Up @@ -152,7 +152,7 @@ jobs:
deactivate
- name: Test Report
uses: mikepenz/action-junit-report@6e9933f4a97f4d2b99acef4d7b97924466037882 # ratchet:mikepenz/[email protected]
uses: mikepenz/action-junit-report@v5
if: always() # always run even if the previous step fails
with:
report_paths: '**/results_xml_format/**.xml'
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/package-release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: 0

Expand All @@ -66,4 +66,4 @@ jobs:
-------------------------------
Add release notes here.
draft: false
prerelease: false
prerelease: false
16 changes: 8 additions & 8 deletions .github/workflows/sanity-check.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ on:
# Triggers the workflow every 5 minutes
# schedule:
# - cron: "*/30 * * * *"

workflow_call:
inputs:
GH_RUNNER:
Expand Down Expand Up @@ -61,24 +61,24 @@ jobs:

run-tests:
strategy:
fail-fast: false
fail-fast: false
matrix:
TEST: ${{ fromJson(needs.wf-preparation.outputs.TEST_NAMES) }}
needs: wf-preparation
runs-on: ${{ inputs.GH_RUNNER }}
steps:

- name: Checkout systests repo
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: armosec/system-tests
path: .
ref: ${{ inputs.SYSTEM_TESTS_BRANCH }}

- uses: actions/setup-python@v4
- uses: actions/setup-python@v5
with:
python-version: '3.8.13'
cache: 'pip'
cache: 'pip'

- name: create env
run: ./create_env.sh
Expand All @@ -89,7 +89,7 @@ jobs:
echo "RANDOM_UUID=systets-$(uuidgen)" >> $GITHUB_OUTPUT
- name: Create k8s Kind Cluster
id: kind-cluster-install
uses: helm/kind-action@v1.3.0
uses: helm/kind-action@v1
with:
cluster_name: ${{ steps.uuid.outputs.RANDOM_UUID }}
# kubectl_version: v1.23.12
Expand Down Expand Up @@ -118,7 +118,7 @@ jobs:
deactivate
- name: Test Report
uses: mikepenz/action-junit-report@v3.6.1
uses: mikepenz/action-junit-report@v5
if: always() # always run even if the previous step fails
with:
report_paths: '**/results_xml_format/**.xml'
report_paths: '**/results_xml_format/**.xml'
Loading

0 comments on commit 377634c

Please sign in to comment.