test #633
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: test | |
# Run for all pushes to main and pull requests when Go or YAML files change | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
jobs: | |
test: | |
name: test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: '1.19' | |
- name: Run golangci-lint | |
run: make lint | |
- name: Run go tests and generate coverage report | |
run: make coverage | |
- name: Upload coverage report | |
uses: codecov/codecov-action@v3 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
file: ./coverage.out | |
flags: unittests | |
name: codecov-umbrella | |
build-image: | |
name: build-image | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Build | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./images/audittail/Dockerfile | |
push: false | |
tags: ghcr.io/metal-toolbox/audittail:latest | |
- name: Scan image | |
id: scan | |
uses: anchore/scan-action@v3 | |
with: | |
image: ghcr.io/metal-toolbox/audittail:latest | |
acs-report-enable: true | |
- name: upload Anchore scan SARIF report | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: ${{ steps.scan.outputs.sarif }} | |
- name: Inspect action SARIF report | |
run: cat ${{ steps.scan.outputs.sarif }} | |
kube-test: | |
strategy: | |
matrix: | |
scenario: [nonroot, rootuser] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Create k8s Kind Cluster | |
uses: helm/kind-action@v1.9.0 | |
with: | |
cluster_name: kind | |
- name: Install Helm | |
uses: azure/setup-helm@v4 | |
with: | |
version: latest | |
- name: Build image | |
run: make image | |
- name: Load audittail image into kind cluster | |
run: kind load docker-image ghcr.io/metal-toolbox/audittail:latest | |
- name: Create Namespace | |
run: kubectl create namespace ${{ matrix.scenario }} | |
- name: Deploy test scenario | |
run: cd tests && helm dependency update ./kube_scenario/ && helm template kubescenario -s templates/${{ matrix.scenario }}.yml ./kube_scenario/ | kubectl apply -f - -n ${{ matrix.scenario }} | |
- name: Wait for readiness | |
run: kubectl wait --for=condition=ready --timeout=60s -n ${{ matrix.scenario }} pod myapp | |
- name: Get pod information | |
run: kubectl describe -n ${{ matrix.scenario }} pod myapp | |
- name: Get logs | |
id: logs | |
run: | | |
kubectl logs -n ${{ matrix.scenario }} myapp -c audit-logger | |
echo "::set-output name=auditlog::$(kubectl logs -n ${{ matrix.scenario }} myapp -c audit-logger)" | |
- name: Inspect logs | |
run: echo ${{ steps.logs.outputs.auditlog }} | |
- name: Check logs | |
run: | | |
echo ${{ steps.logs.outputs.auditlog }} | grep "This is an audit log" | |
echo ${{ steps.logs.outputs.auditlog }} | grep "This is an audit log" | wc -l | grep 1 |