Add disableOciArtifactSignatureVerification
spod option
#5139
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: test | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
env: | |
GO_VERSION: '1.20' | |
permissions: {} | |
jobs: | |
analyze: | |
permissions: | |
# write security-events is required by all codeql-action workflows | |
security-events: write | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 | |
- uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a | |
with: | |
languages: go | |
- uses: github/codeql-action/autobuild@cdcdbb579706841c47f7063dda365e292e5cad7a | |
- uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a | |
coverage: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 | |
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Install dependencies | |
run: | | |
sudo apt update | |
sudo apt install -y libseccomp-dev libelf-dev libapparmor-dev | |
sudo hack/install-libbpf.sh | |
- run: make test-unit | |
- uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d | |
with: | |
files: build/coverage.out | |
flags: unittests | |
verbose: true | |
image: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 | |
- run: make image | |
- run: podman save -o image.tar security-profiles-operator | |
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce | |
with: | |
name: image | |
path: image.tar | |
e2e-fedora: | |
needs: image | |
runs-on: macos-12 | |
timeout-minutes: 90 | |
env: | |
RUN: ./hack/ci/run-fedora.sh | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 | |
- uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 | |
with: | |
path: | | |
~/.vagrant.d/boxes | |
key: e2e-fedora-${{ hashFiles('hack/ci/Vagrantfile-fedora') }} | |
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
with: | |
name: image | |
path: . | |
- name: Boot Virtual Machine | |
run: make vagrant-up-fedora | |
- name: Show environment information | |
run: | | |
$RUN kubectl wait --for=condition=ready --timeout=60s node 127.0.0.1 | |
$RUN kubectl get nodes -o wide | |
- name: Set up git config | |
run: | | |
$RUN git config --global --add safe.directory /vagrant | |
- name: Run E2E tests | |
run: $RUN hack/ci/e2e-fedora.sh | |
- name: Run Flaky E2E tests | |
continue-on-error: true | |
run: | | |
$RUN "echo \"export E2E_TEST_FLAKY_TESTS_ONLY=true\" >> /vagrant/hack/ci/env-fedora.sh" | |
$RUN hack/ci/e2e-fedora.sh | |
- name: Print generated RBAC rules | |
run: $RUN hack/ci/print-rbac.sh | |
e2e-ubuntu: | |
needs: image | |
runs-on: macos-12 | |
timeout-minutes: 90 | |
env: | |
RUN: ./hack/ci/run-ubuntu.sh | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 | |
- uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 | |
with: | |
path: | | |
~/.vagrant.d/boxes | |
key: e2e-ubuntu-${{ hashFiles('hack/ci/Vagrantfile-ubuntu') }} | |
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
with: | |
name: image | |
path: . | |
- name: Boot Virtual Machine | |
run: make vagrant-up-ubuntu | |
- name: Show environment information | |
run: | | |
$RUN kubectl wait --for=condition=ready --timeout=60s node ubuntu2204 | |
$RUN kubectl get nodes -o wide | |
- name: Set up git config | |
run: | | |
$RUN git config --global --add safe.directory /vagrant | |
- name: Run E2E tests | |
run: $RUN hack/ci/e2e-ubuntu.sh | |
- name: Run Flaky E2E tests | |
continue-on-error: true | |
run: | | |
$RUN "echo \"export E2E_TEST_FLAKY_TESTS_ONLY=true\" >> /vagrant/hack/ci/env-ubuntu.sh" | |
$RUN hack/ci/e2e-ubuntu.sh | |
e2e-flatcar: | |
needs: image | |
runs-on: macos-12 | |
timeout-minutes: 90 | |
env: | |
RUN: ./hack/ci/run-flatcar.sh | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 | |
- name: Vagrant box version | |
id: vagrant-box | |
run: | | |
echo "version=$(curl -s https://stable.release.flatcar-linux.net/amd64-usr/current/flatcar_production_vagrant.json | jq '.versions[0].version' | tr -d '".')" >> $GITHUB_OUTPUT | |
shell: bash | |
- uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 | |
with: | |
path: | | |
~/.vagrant.d/boxes | |
key: e2e-flatcar-${{ steps.vagrant-box.outputs.version }}-${{ hashFiles('hack/ci/Vagrantfile-flatcar') }} | |
- name: Upgrade vagrant box | |
run: | | |
ln -sf hack/ci/Vagrantfile-flatcar Vagrantfile | |
vagrant box update | |
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
with: | |
name: image | |
path: . | |
- name: Boot Virtual Machine | |
run: make vagrant-up-flatcar | |
- name: Show environment information | |
run: | | |
$RUN kubectl wait --for=condition=ready --timeout=600s node localhost | |
$RUN kubectl get nodes -o wide | |
- name: Run E2E tests | |
run: $RUN hack/ci/e2e-flatcar-dev-container.sh | |
- name: Run Flaky E2E tests | |
continue-on-error: true | |
run: | | |
$RUN "echo \"export E2E_TEST_FLAKY_TESTS_ONLY=true\" >> /vagrant/hack/ci/env-flatcar.sh" | |
$RUN hack/ci/e2e-flatcar-dev-container.sh | |
baseprofiles: | |
needs: image | |
runs-on: macos-12 | |
timeout-minutes: 90 | |
env: | |
RUN: ./hack/ci/run-ubuntu.sh | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 | |
- uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 | |
with: | |
path: | | |
~/.vagrant.d/boxes | |
key: e2e-ubuntu-${{ hashFiles('hack/ci/Vagrantfile-ubuntu') }} | |
restore-keys: e2e-ubuntu- | |
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
with: | |
name: image | |
path: . | |
- name: Boot Virtual Machine | |
run: make vagrant-up-ubuntu | |
- name: Show environment information | |
run: | | |
$RUN kubectl wait --for=condition=ready --timeout=60s node ubuntu2204 | |
$RUN kubectl get nodes -o wide | |
- name: Set up git config | |
run: | | |
$RUN git config --global --add safe.directory /vagrant | |
- name: Record baseprofiles | |
run: $RUN hack/ci/baseprofiles.sh | |
typos: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 | |
- uses: crate-ci/typos@37e2b40f24407ec641ec44d4b81e76a8826b7b84 # v4.0.0 | |
with: | |
config: .typos.toml |