-
Notifications
You must be signed in to change notification settings - Fork 5
135 lines (130 loc) · 5.74 KB
/
component-tests.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: Node Agent Component Tests
on:
pull_request:
types: [synchronize, ready_for_review, opened, reopened]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build-and-push-image:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Login to Quay.io
uses: docker/login-action@v3
with:
registry: quay.io/kubescape
username: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
password: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
- name: Build the Image and Push to Quay.io
id: build-and-push-image
run: |
COMMIT_HASH=$(git rev-parse --short HEAD)
export IMAGE_TAG=test-${COMMIT_HASH}
export IMAGE_REPO=quay.io/kubescape/node-agent
echo "image_repo=${IMAGE_REPO}" >> "$GITHUB_OUTPUT"
export IMAGE_NAME=quay.io/kubescape/node-agent:${IMAGE_TAG}
echo "image_tag=${IMAGE_TAG}" >> "$GITHUB_OUTPUT"
make docker-build TAG=${IMAGE_TAG} IMAGE=${IMAGE_REPO} && make docker-push TAG=${IMAGE_TAG} IMAGE=${IMAGE_REPO}
outputs:
image_tag: ${{ steps.build-and-push-image.outputs.image_tag }}
image_repo: ${{ steps.build-and-push-image.outputs.image_repo }}
component-tests:
runs-on: ubuntu-latest
needs: build-and-push-image
continue-on-error: true
strategy:
matrix:
test: [
Test_01_BasicAlertTest,
Test_02_AllAlertsFromMaliciousApp,
Test_03_BasicLoadActivities,
# Test_04_MemoryLeak,
Test_05_MemoryLeak_10K_Alerts,
Test_06_KillProcessInTheMiddle,
Test_07_RuleBindingApplyTest,
Test_08_ApplicationProfilePatching,
Test_10_MalwareDetectionTest,
Test_11_EndpointTest,
Test_12_MergingProfilesTest,
Test_13_MergingNetworkNeighborhoodTest,
Test_14_RulePoliciesTest,
]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Kind
run: |
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-$(uname)-amd64
chmod +x ./kind
./kind create cluster
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
- name: Install Helm and Kubectl
run: |
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
sudo ./get_helm.sh
- name: Install Prometheus and Node Exporter
run: |
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
helm upgrade --install prometheus prometheus-community/kube-prometheus-stack --set grafana.enabled=false --namespace monitoring --create-namespace --set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false,prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false --wait --timeout 5m
# Check that the prometheus pod is running
kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=prometheus -n monitoring --timeout=300s
- name: Install Node Agent Chart
run: |
STORAGE_TAG=$(./tests/scripts/storage-tag.sh)
echo "Storage tag that will be used: ${STORAGE_TAG}"
helm upgrade --install kubescape ./tests/chart --set clusterName=`kubectl config current-context` --set nodeAgent.image.tag=${{ needs.build-and-push-image.outputs.image_tag }} --set nodeAgent.image.repository=${{ needs.build-and-push-image.outputs.image_repo }} --set storage.image.tag=${STORAGE_TAG} -n kubescape --create-namespace --wait --timeout 5m --debug
# Check that the node-agent pod is running
kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=node-agent -n kubescape --timeout=300s
sleep 5
- name: Run Port Forwarding
run: |
./tests/scripts/port-forward.sh
- name: Set up Go
env:
CGO_ENABLED: 0
uses: actions/setup-go@v4
with:
go-version: "1.23"
- name: Run test
run: |
cd tests && go test -v ./... -run ${{ matrix.test }} --timeout=20m --tags=component
- name: Print node agent & storage logs
if: always()
run: |
echo "Node agent logs"
kubectl logs $(kubectl get pods -n kubescape -o name | grep node-agent) -n kubescape -c node-agent
echo "-----------------------------------------"
echo "Storage logs"
kubectl logs $(kubectl get pods -n kubescape -o name | grep storage) -n kubescape
# - name: Upload plot images
# if: always()
# uses: actions/upload-artifact@v2
# with:
# name: Performance plots
# path: "tests/*.png"
# - name: Upload pprof files
# if: always()
# uses: actions/upload-artifact@v2
# with:
# name: Pprof files
# path: "tests/*.pprof"
# - name: Comment on PR
# if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
# uses: actions/github-script@v3
# with:
# github-token: ${{secrets.GITHUB_TOKEN}}
# script: |
# const artifactUrl = `https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}`;
# const comment = `:sparkles: Artifacts are available [here](${artifactUrl}).`;
# github.issues.createComment({
# issue_number: context.issue.number,
# owner: context.repo.owner,
# repo: context.repo.repo,
# body: comment
# });