Skip to content

Feature/policy rules #626

Feature/policy rules

Feature/policy rules #626

name: Node Agent Component Tests
on:
pull_request:
types: [synchronize, ready_for_review, opened, reopened]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build-and-push-image:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Login to Quay.io
uses: docker/login-action@v3
with:
registry: quay.io/kubescape
username: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
password: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
- name: Build the Image and Push to Quay.io
id: build-and-push-image
run: |
COMMIT_HASH=$(git rev-parse --short HEAD)
export IMAGE_TAG=test-${COMMIT_HASH}
export IMAGE_REPO=quay.io/kubescape/node-agent
echo "image_repo=${IMAGE_REPO}" >> "$GITHUB_OUTPUT"
export IMAGE_NAME=quay.io/kubescape/node-agent:${IMAGE_TAG}
echo "image_tag=${IMAGE_TAG}" >> "$GITHUB_OUTPUT"
make docker-build TAG=${IMAGE_TAG} IMAGE=${IMAGE_REPO} && make docker-push TAG=${IMAGE_TAG} IMAGE=${IMAGE_REPO}
outputs:
image_tag: ${{ steps.build-and-push-image.outputs.image_tag }}
image_repo: ${{ steps.build-and-push-image.outputs.image_repo }}
component-tests:
runs-on: ubuntu-latest
needs: build-and-push-image
continue-on-error: true
strategy:
matrix:
test: [
Test_01_BasicAlertTest,
Test_02_AllAlertsFromMaliciousApp,
Test_03_BasicLoadActivities,
# Test_04_MemoryLeak,
Test_05_MemoryLeak_10K_Alerts,
Test_06_KillProcessInTheMiddle,
Test_07_RuleBindingApplyTest,
Test_08_ApplicationProfilePatching,
Test_10_MalwareDetectionTest,
Test_11_EndpointTest,
Test_12_MergingProfilesTest,
Test_13_MergingNetworkNeighborhoodTest,
]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Kind
run: |
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-$(uname)-amd64
chmod +x ./kind
./kind create cluster
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
- name: Install Helm and Kubectl
run: |
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
sudo ./get_helm.sh
- name: Install Prometheus and Node Exporter
run: |
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
helm upgrade --install prometheus prometheus-community/kube-prometheus-stack --set grafana.enabled=false --namespace monitoring --create-namespace --set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false,prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false --wait --timeout 5m
# Check that the prometheus pod is running
kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=prometheus -n monitoring --timeout=300s
- name: Install Node Agent Chart
run: |
STORAGE_TAG=$(./tests/scripts/storage-tag.sh)
echo "Storage tag that will be used: ${STORAGE_TAG}"
helm upgrade --install kubescape ./tests/chart --set clusterName=`kubectl config current-context` --set nodeAgent.image.tag=${{ needs.build-and-push-image.outputs.image_tag }} --set nodeAgent.image.repository=${{ needs.build-and-push-image.outputs.image_repo }} --set storage.image.tag=${STORAGE_TAG} -n kubescape --create-namespace --wait --timeout 5m --debug
# Check that the node-agent pod is running
kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=node-agent -n kubescape --timeout=300s
sleep 5
- name: Run Port Forwarding
run: |
./tests/scripts/port-forward.sh
- name: Set up Go
env:
CGO_ENABLED: 0
uses: actions/setup-go@v4
with:
go-version: "1.23"
- name: Run test
run: |
cd tests && go test -v ./... -run ${{ matrix.test }} --timeout=20m --tags=component
- name: Print storage logs
if: always()
run: |
kubectl logs $(kubectl get pods -n kubescape -o name | grep storage) -n kubescape
# - name: Upload plot images
# if: always()
# uses: actions/upload-artifact@v2
# with:
# name: Performance plots
# path: "tests/*.png"
# - name: Upload pprof files
# if: always()
# uses: actions/upload-artifact@v2
# with:
# name: Pprof files
# path: "tests/*.pprof"
# - name: Comment on PR
# if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
# uses: actions/github-script@v3
# with:
# github-token: ${{secrets.GITHUB_TOKEN}}
# script: |
# const artifactUrl = `https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}`;
# const comment = `:sparkles: Artifacts are available [here](${artifactUrl}).`;
# github.issues.createComment({
# issue_number: context.issue.number,
# owner: context.repo.owner,
# repo: context.repo.repo,
# body: comment
# });