Feature/thirdparty enricher #665
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Node Agent Component Tests | |
on: | |
pull_request: | |
types: [synchronize, ready_for_review, opened, reopened] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build-and-push-image: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Login to Quay.io | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io/kubescape | |
username: ${{ secrets.QUAYIO_REGISTRY_USERNAME }} | |
password: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }} | |
- name: Build the Image and Push to Quay.io | |
id: build-and-push-image | |
run: | | |
COMMIT_HASH=$(git rev-parse --short HEAD) | |
export IMAGE_TAG=test-${COMMIT_HASH} | |
export IMAGE_REPO=quay.io/kubescape/node-agent | |
echo "image_repo=${IMAGE_REPO}" >> "$GITHUB_OUTPUT" | |
export IMAGE_NAME=quay.io/kubescape/node-agent:${IMAGE_TAG} | |
echo "image_tag=${IMAGE_TAG}" >> "$GITHUB_OUTPUT" | |
make docker-build TAG=${IMAGE_TAG} IMAGE=${IMAGE_REPO} && make docker-push TAG=${IMAGE_TAG} IMAGE=${IMAGE_REPO} | |
outputs: | |
image_tag: ${{ steps.build-and-push-image.outputs.image_tag }} | |
image_repo: ${{ steps.build-and-push-image.outputs.image_repo }} | |
component-tests: | |
runs-on: ubuntu-latest | |
needs: build-and-push-image | |
continue-on-error: true | |
strategy: | |
matrix: | |
test: [ | |
Test_01_BasicAlertTest, | |
Test_02_AllAlertsFromMaliciousApp, | |
Test_03_BasicLoadActivities, | |
# Test_04_MemoryLeak, | |
Test_05_MemoryLeak_10K_Alerts, | |
Test_06_KillProcessInTheMiddle, | |
Test_07_RuleBindingApplyTest, | |
Test_08_ApplicationProfilePatching, | |
Test_10_MalwareDetectionTest, | |
Test_11_EndpointTest, | |
Test_12_MergingProfilesTest, | |
Test_13_MergingNetworkNeighborhoodTest, | |
Test_14_RulePoliciesTest, | |
] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Kind | |
run: | | |
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-$(uname)-amd64 | |
chmod +x ./kind | |
./kind create cluster | |
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubectl | |
chmod +x ./kubectl | |
sudo mv ./kubectl /usr/local/bin/kubectl | |
- name: Install Helm and Kubectl | |
run: | | |
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | |
chmod 700 get_helm.sh | |
sudo ./get_helm.sh | |
- name: Install Prometheus and Node Exporter | |
run: | | |
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts | |
helm repo update | |
helm upgrade --install prometheus prometheus-community/kube-prometheus-stack --set grafana.enabled=false --namespace monitoring --create-namespace --set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false,prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false --wait --timeout 5m | |
# Check that the prometheus pod is running | |
kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=prometheus -n monitoring --timeout=300s | |
- name: Install Node Agent Chart | |
run: | | |
STORAGE_TAG=$(./tests/scripts/storage-tag.sh) | |
echo "Storage tag that will be used: ${STORAGE_TAG}" | |
helm upgrade --install kubescape ./tests/chart --set clusterName=`kubectl config current-context` --set nodeAgent.image.tag=${{ needs.build-and-push-image.outputs.image_tag }} --set nodeAgent.image.repository=${{ needs.build-and-push-image.outputs.image_repo }} --set storage.image.tag=${STORAGE_TAG} -n kubescape --create-namespace --wait --timeout 5m --debug | |
# Check that the node-agent pod is running | |
kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=node-agent -n kubescape --timeout=300s | |
sleep 5 | |
- name: Run Port Forwarding | |
run: | | |
./tests/scripts/port-forward.sh | |
- name: Set up Go | |
env: | |
CGO_ENABLED: 0 | |
uses: actions/setup-go@v4 | |
with: | |
go-version: "1.23" | |
- name: Run test | |
run: | | |
cd tests && go test -v ./... -run ${{ matrix.test }} --timeout=20m --tags=component | |
- name: Print node agent & storage logs | |
if: always() | |
run: | | |
echo "Node agent logs" | |
kubectl logs $(kubectl get pods -n kubescape -o name | grep node-agent) -n kubescape -c node-agent | |
echo "-----------------------------------------" | |
echo "Storage logs" | |
kubectl logs $(kubectl get pods -n kubescape -o name | grep storage) -n kubescape | |
# - name: Upload plot images | |
# if: always() | |
# uses: actions/upload-artifact@v2 | |
# with: | |
# name: Performance plots | |
# path: "tests/*.png" | |
# - name: Upload pprof files | |
# if: always() | |
# uses: actions/upload-artifact@v2 | |
# with: | |
# name: Pprof files | |
# path: "tests/*.pprof" | |
# - name: Comment on PR | |
# if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target' | |
# uses: actions/github-script@v3 | |
# with: | |
# github-token: ${{secrets.GITHUB_TOKEN}} | |
# script: | | |
# const artifactUrl = `https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}`; | |
# const comment = `:sparkles: Artifacts are available [here](${artifactUrl}).`; | |
# github.issues.createComment({ | |
# issue_number: context.issue.number, | |
# owner: context.repo.owner, | |
# repo: context.repo.repo, | |
# body: comment | |
# }); |