From 357925bd050e36038f2d584d82bcb836600ec490 Mon Sep 17 00:00:00 2001 From: biswajit-9776 <115724497+biswajit-9776@users.noreply.github.com> Date: Mon, 19 Aug 2024 13:03:55 +0530 Subject: [PATCH] Refactor .github/workflows/pss_test.yaml (#2845) * Added pipelines to PSS test and fixed typo Signed-off-by: biswajit-9776 * Added dynamic namespaces to PSS test Signed-off-by: biswajit-9776 --------- Signed-off-by: biswajit-9776 Signed-off-by: hansinikarunarathne --- .github/workflows/pss_test.yaml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pss_test.yaml b/.github/workflows/pss_test.yaml index 2a43707dfb..984df974b1 100644 --- a/.github/workflows/pss_test.yaml +++ b/.github/workflows/pss_test.yaml @@ -5,9 +5,10 @@ on: - .github/workflows/* - tests/gh-actions/kind-cluster.yaml - apps/profiles/upstream/** + - apps/pipeline/upstream/** - common/dex/** - common/cert-manager/** - - common/oidc-client/oauth2-proxy/** + - common/oauth2-proxy/** - common/istio*/** - tests/gh-actions/install_istio_with_ext_auth.sh - tests/gh-actions/install_multitenancy.sh @@ -45,9 +46,26 @@ jobs: echo "Waiting for pods in auth namespace to become ready..." kubectl wait --for=condition=Ready pods --all --timeout=180s -n auth + - name: Install KF Pipelines + run: ./tests/gh-actions/install_pipelines.sh + - name: Applying Pod Security Standards baseline levels for static namespaces run: ./tests/gh-actions/enable_baseline_PSS.sh + - name: Applying Pod Security Standards baseline levels for dynamic namespaces + run: | + cat << EOF > ./kustomization.yaml + apiVersion: kustomize.config.k8s.io/v1beta1 + kind: Kustomization + resources: + - apps/profiles/upstream/overlays/kubeflow + components: + - contrib/security/PSS/dynamic/baseline + EOF + kubectl apply -k . + rm ./kustomization.yaml + kubectl -n kubeflow wait --for=condition=Ready pods -l kustomize.component=profiles --timeout 180s + - name: Unapplying applied baseline values run: | NAMESPACES=("istio-system" "auth" "cert-manager" "oauth2-proxy" "kubeflow")