-
Notifications
You must be signed in to change notification settings - Fork 49
77 lines (69 loc) · 2.16 KB
/
system-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
name: kubehound-system-tests
on:
push:
branches:
- main
pull_request:
permissions:
contents: read # to fetch code (actions/checkout)
jobs:
system-test:
runs-on:
group: Large Runner Shared Public
labels: ubuntu-8-core-latest
services:
dd-agent:
image: ${{ (! github.event.pull_request.head.repo.fork ) && 'gcr.io/datadoghq/agent:7' || '' }}
env:
DD_API_KEY: ${{ secrets.DD_API_KEY }}
DD_TRACE_DEBUG: 1
DD_LOGS_ENABLED: true
DD_APM_ENABLED: true
DD_HOSTNAME: "kubehound-github-action"
ports:
- 8126:8126
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
goreleaser.com:443
golang.org:443
go.dev:443
objects.githubusercontent.com:443
proxy.golang.org:443
storage.googleapis.com:443
uploads.github.com:443
sum.golang.org:443
*.docker.io:443
*.docker.com:443
gcr.io:443
repo.maven.apache.org:443
*.datadoghq.com:443
dl.k8s.io:443
cdn.dl.k8s.io:443
- name: Checkout Git Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Create K8s Kind Cluster
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
with:
cluster_name: kubehound.test.local
config: test/setup/test-cluster/cluster.yaml
wait: 5m
env:
KUBECONFIG: ./test/setup/.kube-config
- name: Create K8s resources
run: make local-cluster-resource-deploy
env:
KUBECONFIG: ./test/setup/.kube-config
- name: Setup Golang
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: "1.23"
- name: Run integration Tests
run: make system-test
env:
KIND_KUBECONFIG: .kube-config