diff --git a/.github/workflows/ci-test-seccomp.yaml b/.github/workflows/ci-test-seccomp.yaml deleted file mode 100644 index a8750f6696..0000000000 --- a/.github/workflows/ci-test-seccomp.yaml +++ /dev/null @@ -1,192 +0,0 @@ -name: ci-test-ginkgo-seccomp - -on: - push: - branches: [main] - paths: - - "KubeArmor/**" - - "tests/**" - - "protobuf/**" - - ".github/workflows/ci-test-ginkgo.yml" - - "pkg/KubeArmorOperator/**" - - "deployments/helm/**" - pull_request: - branches: [main] - paths: - - "KubeArmor/**" - - "tests/**" - - "protobuf/**" - - ".github/workflows/ci-test-ginkgo.yml" - - "pkg/KubeArmorOperator/**" - - "deployments/helm/**" - -# Declare default permissions as read only. -permissions: read-all - -jobs: - build: - name: Auto-testing Framework / ${{ matrix.os }} / ${{ matrix.runtime }} - runs-on: ${{ matrix.os }} - env: - RUNTIME: ${{ matrix.runtime }} - strategy: - fail-fast: false - matrix: - os: [ubuntu-20.04] - runtime: ["docker", "containerd", "crio"] - steps: - - uses: actions/checkout@v3 - with: - submodules: true - - - uses: actions/setup-go@v3 - with: - go-version: "v1.20" - - - name: Install the latest LLVM toolchain - run: ./.github/workflows/install-llvm.sh - - - name: Compile libbpf - run: ./.github/workflows/install-libbpf.sh - - - name: Setup a Kubernetes environment - run: ./.github/workflows/install-k3s.sh - - - name: Generate KubeArmor artifacts - run: | - - kubectl apply -f ./.github/workflows/kubearmor-seccomp.yaml - - - name: Test KubeArmor using Ginkgo - run: | - go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo - make - working-directory: ./tests/k8s_env - timeout-minutes: 30 - - - name: Get karmor sysdump - if: ${{ failure() }} - run: | - kubectl describe pod -n kubearmor -l kubearmor-app=kubearmor - curl -sfL http://get.kubearmor.io/ | sudo sh -s -- -b /usr/local/bin - mkdir -p /tmp/kubearmor/ && cd /tmp/kubearmor && karmor sysdump - - - name: Archive log artifacts - if: ${{ failure() }} - uses: actions/upload-artifact@v3 - with: - name: kubearmor.logs - path: | - /tmp/kubearmor/ - /tmp/kubearmor.* - - - name: Measure code coverage - if: ${{ always() }} - run: | - go install github.com/modocache/gover@latest - gover - go tool cover -func=gover.coverprofile - working-directory: KubeArmor - env: - GOPATH: /home/runner/go - - - uses: codecov/codecov-action@v3 - if: ${{ always() }} - with: - files: ./KubeArmor/gover.coverprofile -name: ci-test-ginkgo-SECCOMP - -on: - push: - branches: [main] - paths: - - "KubeArmor/**" - - "tests/**" - - "protobuf/**" - - ".github/workflows/ci-test-ginkgo.yml" - - "pkg/KubeArmorOperator/**" - - "deployments/helm/**" - pull_request: - branches: [main] - paths: - - "KubeArmor/**" - - "tests/**" - - "protobuf/**" - - ".github/workflows/ci-test-ginkgo.yml" - - "pkg/KubeArmorOperator/**" - - "deployments/helm/**" - -# Declare default permissions as read only. -permissions: read-all - -jobs: - build: - name: Auto-testing Framework / ${{ matrix.os }} / ${{ matrix.runtime }} - runs-on: ${{ matrix.os }} - env: - RUNTIME: ${{ matrix.runtime }} - strategy: - fail-fast: false - matrix: - os: [ubuntu-20.04] - runtime: ["docker", "containerd", "crio"] - steps: - - uses: actions/checkout@v3 - with: - submodules: true - - - uses: actions/setup-go@v3 - with: - go-version: "v1.20" - - - name: Install the latest LLVM toolchain - run: ./.github/workflows/install-llvm.sh - - - name: Compile libbpf - run: ./.github/workflows/install-libbpf.sh - - - name: Setup a Kubernetes environment - run: ./.github/workflows/install-k3s.sh - - - name: Generate KubeArmor artifacts - run: | - sudo cp ./.github/workflows/kube.json /var/lib/kubelet/seccomp/profiles/kube.json - kubectl apply -f ./.github/workflows/kubearmor-seccomp.yaml - - - name: Test KubeArmor using Ginkgo - run: | - go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo - make - working-directory: ./tests/k8s_env - timeout-minutes: 30 - - - name: Get karmor sysdump - if: ${{ failure() }} - run: | - kubectl describe pod -n kubearmor -l kubearmor-app=kubearmor - curl -sfL http://get.kubearmor.io/ | sudo sh -s -- -b /usr/local/bin - mkdir -p /tmp/kubearmor/ && cd /tmp/kubearmor && karmor sysdump - - - name: Archive log artifacts - if: ${{ failure() }} - uses: actions/upload-artifact@v3 - with: - name: kubearmor.logs - path: | - /tmp/kubearmor/ - /tmp/kubearmor.* - - - name: Measure code coverage - if: ${{ always() }} - run: | - go install github.com/modocache/gover@latest - gover - go tool cover -func=gover.coverprofile - working-directory: KubeArmor - env: - GOPATH: /home/runner/go - - - uses: codecov/codecov-action@v3 - if: ${{ always() }} - with: - files: ./KubeArmor/gover.coverprofile diff --git a/.github/workflows/ci-test-seccomp.yml b/.github/workflows/ci-test-seccomp.yml new file mode 100644 index 0000000000..370d54fea7 --- /dev/null +++ b/.github/workflows/ci-test-seccomp.yml @@ -0,0 +1,96 @@ +name: ci-test-ginkgo-seccomp + +on: + push: + branches: [main] + paths: + - "KubeArmor/**" + - "tests/**" + - "protobuf/**" + - ".github/workflows/ci-test-ginkgo-seccomp.yml" + - "pkg/KubeArmorOperator/**" + - "deployments/helm/**" + pull_request: + branches: [main] + paths: + - "KubeArmor/**" + - "tests/**" + - "protobuf/**" + - ".github/workflows/ci-test-ginkgo-seccomp.yml" + - "pkg/KubeArmorOperator/**" + - "deployments/helm/**" + +# Declare default permissions as read only. +permissions: read-all + +jobs: + build: + name: Auto-testing Framework / ${{ matrix.os }} / ${{ matrix.runtime }} + runs-on: ${{ matrix.os }} + env: + RUNTIME: ${{ matrix.runtime }} + strategy: + fail-fast: false + matrix: + os: [ubuntu-20.04] + runtime: ["docker", "containerd", "crio"] + steps: + - uses: actions/checkout@v3 + with: + submodules: true + + - uses: actions/setup-go@v3 + with: + go-version: "v1.20" + + - name: Install the latest LLVM toolchain + run: ./.github/workflows/install-llvm.sh + + - name: Compile libbpf + run: ./.github/workflows/install-libbpf.sh + + - name: Setup a Kubernetes environment + run: ./.github/workflows/install-k3s.sh + + - name: Generate KubeArmor artifacts + run: | + sudo cp ./.github/workflows/kube.json /var/lib/kubelet/seccomp/profiles/kube.json + kubectl apply -f ./.github/workflows/kubearmor-seccomp.yaml + + - name: Test KubeArmor using Ginkgo + run: | + go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo + make + working-directory: ./tests/k8s_env + timeout-minutes: 30 + + - name: Get karmor sysdump + if: ${{ failure() }} + run: | + kubectl describe pod -n kubearmor -l kubearmor-app=kubearmor + curl -sfL http://get.kubearmor.io/ | sudo sh -s -- -b /usr/local/bin + mkdir -p /tmp/kubearmor/ && cd /tmp/kubearmor && karmor sysdump + + - name: Archive log artifacts + if: ${{ failure() }} + uses: actions/upload-artifact@v3 + with: + name: kubearmor.logs + path: | + /tmp/kubearmor/ + /tmp/kubearmor.* + + - name: Measure code coverage + if: ${{ always() }} + run: | + go install github.com/modocache/gover@latest + gover + go tool cover -func=gover.coverprofile + working-directory: KubeArmor + env: + GOPATH: /home/runner/go + + - uses: codecov/codecov-action@v3 + if: ${{ always() }} + with: + files: ./KubeArmor/gover.coverprofile