feat: test VAPs generated by pod security cel policies #251

Workflow file for this run

.github/workflows/cel-test.yml at 2d79945

	name: E2E Tests - CEL

	permissions: {}

	on:
	workflow_dispatch: {}
	pull_request:
	branches:
	- 'main'

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	chainsaw:
	strategy:
	fail-fast: false
	matrix:
	k8s-version:
	- name: v1.25
	version: v1.25.16
	- name: v1.26
	version: v1.26.14
	- name: v1.27
	version: v1.27.11
	- name: v1.28
	version: v1.28.7
	- name: v1.29
	version: v1.29.2
	tests:
	- ^argo-cel$
	- ^aws-cel$
	- ^best-practices-cel$
	- ^consul-cel$
	- ^flux-cel$
	- ^istio-cel$
	- ^kasten-cel$
	- ^kubecost-cel$
	- ^linkerd-cel$
	- ^nginx-ingress-cel$
	- ^openshift-cel$
	- ^other-cel$/^a
	- ^other-cel$/^[b-d]
	- ^other-cel$/^[e-l]
	- ^other-cel$/^[m-q]
	- ^other-cel$/^re[c-q]
	- ^other-cel$/^res
	- ^other-cel$/^[s-z]
	- ^pod-security-cel$
	- ^psa-cel$
	- ^traefik-cel$
	runs-on: ubuntu-latest
	name: ${{ matrix.k8s-version.name }} - ${{ matrix.tests }}
	steps:
	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
	- name: Setup Environment
	uses: ./.github/actions/setup-env
	with:
	k8s-version: ${{ matrix.k8s-version.version }}
	- name: Run CEL Tests
	uses: ./.github/actions/run-tests
	with:
	tests: ${{ matrix.tests }}

	validatingadmissionpolicies-v1alpha1:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	k8s-version:
	- name: v1.27
	version: v1.27.13
	tests:
	- ^pod-security-cel$
	name: ${{ matrix.k8s-version.name }} - validating-admission-policies - ${{ matrix.tests }}
	steps:
	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
	- name: Create kind cluster
	uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
	with:
	node_image: kindest/node:${{ matrix.k8s-version.version }}
	cluster_name: kind
	config: ./.github/scripts/config/kind/vap-v1alpha1.yaml
	- name: Install latest kyverno with VAP generation enabled
	run: ./.github/scripts/config/generate-validating-admission-policy/install-kyverno.sh
	- name: Wait for kyverno ready
	uses: ./.github/actions/wait-for-kyverno-ready
	- name: Install CRDs
	uses: ./.github/actions/install-crds
	- name: Run VAP tests
	uses: ./.github/actions/run-tests
	with:
	tests: ${{ matrix.tests }}
	test-file: chainsaw-test-vap
	k8s-version: ${{ matrix.k8s-version.version }}

	validatingadmissionpolicies-tests-above-1-28:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	k8s-version:
	- name: v1.28
	version: v1.28.9
	- name: v1.29
	version: v1.29.4
	- name: v1.30
	version: v1.30.0
	tests:
	- ^pod-security-cel$
	name: ${{ matrix.k8s-version.name }} - validating-admission-policies - ${{ matrix.tests }}
	steps:
	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
	- name: Create kind cluster
	uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
	with:
	node_image: kindest/node:${{ matrix.k8s-version.version }}
	cluster_name: kind
	config: ./.github/scripts/config/kind/vap-v1beta1.yaml
	- name: Install latest kyverno with VAP generation enabled
	run: ./.github/scripts/config/generate-validating-admission-policy/install-kyverno.sh
	- name: Wait for kyverno ready
	uses: ./.github/actions/wait-for-kyverno-ready
	- name: Install CRDs
	uses: ./.github/actions/install-crds
	- name: Run VAP tests
	uses: ./.github/actions/run-tests
	with:
	tests: ${{ matrix.tests }}
	test-file: chainsaw-test-vap
	k8s-version: ${{ matrix.k8s-version.version }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: test VAPs generated by pod security cel policies #251

Workflow file

feat: test VAPs generated by pod security cel policies #251

Jobs

Run details

Workflow file for this run