RULES.md automation refactoring #879
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tests | |
on: | |
pull_request_target: | |
branches: | |
- main | |
- "[0-9]+.[0-9]+" | |
types: [opened, synchronize, reopened] | |
push: | |
branches: | |
- main | |
- "[0-9]+.[0-9]+" | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
init-hermit: | |
name: Init Hermit Tools | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 60 | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v4 | |
- name: Hermit Environment | |
uses: ./.github/actions/hermit | |
with: | |
init-tools: 'true' | |
ci-azure: | |
needs: [ init-hermit ] | |
name: CIS Azure CI | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 60 | |
permissions: | |
contents: "read" | |
id-token: "write" | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v4 | |
- name: Hermit Environment | |
uses: ./.github/actions/hermit | |
- name: Run Azure integration tests | |
uses: ./.github/actions/azure-ci | |
with: | |
elk-version: ${{ env.ELK_VERSION }} | |
azure-client-id: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientId }} | |
azure-tenant-id: ${{ fromJSON(secrets.AZURE_CREDENTIALS).tenantId }} | |
azure-client-secret: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }} | |
ci-aws: | |
needs: [ init-hermit ] | |
name: CIS AWS CI | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 60 | |
permissions: | |
contents: "read" | |
id-token: "write" | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v4 | |
- name: Hermit Environment | |
uses: ./.github/actions/hermit | |
- name: Run AWS integration tests | |
uses: ./.github/actions/aws-ci | |
with: | |
elk-version: ${{ env.ELK_VERSION }} | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_TEST_ACC }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_TEST_ACC }} | |
aws-account-type: single-account | |
ci-gcp: | |
needs: [ init-hermit ] | |
name: CIS GCP CI | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 60 | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v4 | |
- name: Hermit Environment | |
uses: ./.github/actions/hermit | |
- name: Run GCP integration tests | |
uses: ./.github/actions/gcp-ci | |
with: | |
elk-version: ${{ env.ELK_VERSION }} | |
workload-identity-provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
service-account: ${{ secrets.GCP_SERVICE_ACCOUNT }} | |
gcp-project-id: 'elastic-security-test' | |
gcp-account-type: 'single-account' | |
ci-cnvm: | |
needs: [ init-hermit ] | |
name: CNVM CI | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 30 | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v4 | |
- name: Hermit Environment | |
uses: ./.github/actions/hermit | |
- name: Run CNVM integration tests | |
uses: ./.github/actions/cnvm-ci | |
with: | |
elk-version: ${{ env.ELK_VERSION }} | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: 'us-east-2' | |
docker-images: | |
needs: [ init-hermit ] | |
name: Build docker images | |
# Since we build the cloudbeat in the worker's OS and as non static, | |
# we need to keep the OS version same as elastic-agent docker image base. | |
# docker run --interactive --tty --rm --entrypoint bash docker.elastic.co/elastic-agent/elastic-agent-complete:8.14.0-SNAPSHOT -c 'cat /etc/os-release' | |
runs-on: ubuntu-20.04 | |
timeout-minutes: 40 | |
steps: | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/free-disk-space@main | |
with: | |
tool-cache: false | |
android: true | |
dotnet: true | |
haskell: true | |
large-packages: false | |
docker-images: true | |
swap-storage: true | |
- name: Check out the repo | |
uses: actions/checkout@v4 | |
- name: Hermit Environment | |
uses: ./.github/actions/hermit | |
- name: Build docker images | |
uses: ./.github/actions/docker-images | |
with: | |
build-docker-images: 'true' | |
ci-k8s: | |
needs: [ init-hermit, docker-images ] | |
name: ${{ matrix.test-target }}-${{ matrix.kind-config }} | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 120 | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- test-target: pre_merge | |
kind-config: kind-multi | |
values-file: tests/test_environments/values/ci.yml | |
- test-target: pre_merge_agent | |
kind-config: kind-multi | |
values-file: tests/test_environments/values/ci-sa-agent.yml | |
- test-target: k8s_file_system_rules | |
kind-config: kind-test-files | |
values-file: tests/test_environments/values/ci-test-k8s-files.yml | |
- test-target: k8s_object_psp_rules | |
kind-config: kind-multi | |
values-file: tests/test_environments/values/ci-test-k8s-objects.yml | |
- test-target: k8s_process_rules | |
kind-config: kind-test-proc-conf1 | |
values-file: tests/test_environments/values/ci-test-k8s-proc-conf1.yml | |
- test-target: k8s_process_rules | |
kind-config: kind-test-proc-conf2 | |
values-file: tests/test_environments/values/ci-test-k8s-proc-conf2.yml | |
steps: | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/free-disk-space@main | |
with: | |
tool-cache: false | |
android: true | |
dotnet: true | |
haskell: true | |
large-packages: false | |
docker-images: true | |
swap-storage: true | |
- name: Check out the repo | |
uses: actions/checkout@v4 | |
- name: Hermit Environment | |
uses: ./.github/actions/hermit | |
- name: Get docker images | |
uses: ./.github/actions/docker-images | |
with: | |
build-docker-images: 'false' | |
docker-images-folder: '/tmp/.docker-images' | |
- name: Run k8s integration tests | |
uses: ./.github/actions/k8s-ci | |
with: | |
kind-config: ${{ matrix.kind-config }} | |
test-target: ${{ matrix.test-target }} | |
values-file: ${{ matrix.values-file }} | |
docker-images-folder: '/tmp/.docker-images' | |
upload-allure-results: | |
needs: | |
- ci-azure | |
- ci-aws | |
- ci-gcp | |
- ci-cnvm | |
- ci-k8s | |
name: Upload integration tests results | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 60 | |
permissions: | |
pull-requests: write | |
if: ${{ always() }} | |
env: | |
AWS_REGION: "eu-west-1" | |
ALLURE_S3_BUCKET: "s3://csp-allure-reports/allure_reports/cloudbeat/ci" | |
S3_BUCKET_ALLURE_REPORT_AP: "http://csp-allure-reports.s3.amazonaws.com/allure_reports/cloudbeat/ci" | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
if: ${{ always() }} | |
with: | |
pattern: allure-results-ci-* | |
path: tests/allure/results/ | |
merge-multiple: true | |
- name: log | |
if: ${{ always() }} | |
shell: bash | |
run: | | |
ls -lahR tests/allure/results/ || true | |
- name: Publish allure report | |
if: ${{ always() }} | |
uses: andrcuns/[email protected] | |
env: | |
GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
AWS_REGION: ${{ env.AWS_REGION }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
with: | |
storageType: s3 | |
resultsGlob: "tests/allure/results" | |
updatePr: actions | |
collapseSummary: false | |
summary: suites | |
summaryTableType: markdown | |
copyLatest: true | |
bucket: csp-allure-reports | |
prefix: allure_reports/cloudbeat/ci/${{ github.event.number }} | |
ignoreMissingResults: true | |
debug: false | |
- name: Allure Summary | |
if: ${{ success() && github.event_name != 'push' }} | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
curl --fail --show-error --location '${{ env.S3_BUCKET_ALLURE_REPORT_AP }}/${{ github.event.number }}/history/history-trend.json' --output ./history-trend.json | |
allure_result=./history-trend.json | |
allure_url=${{ env.S3_BUCKET_ALLURE_REPORT_AP }}/${{ github.event.number }}/index.html | |
./.ci/scripts/allure-report-summary.sh "$allure_result" "$allure_url" | |
allure_summary=$(./.ci/scripts/allure-report-summary.sh "$allure_result" "$allure_url") | |
# saving result into env variable (with multiline handling) | |
echo "ALLURE_SUMMARY<<EOF" >> $GITHUB_ENV | |
echo "$allure_summary" >> $GITHUB_ENV | |
echo "EOF" >> $GITHUB_ENV | |
- name: Comment test success result | |
uses: marocchino/sticky-pull-request-comment@v2 | |
if: ${{ success() && github.event_name != 'push' }} | |
with: | |
header: CI Test Results | |
number: ${{ github.event.number }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
message: | | |
${{ env.ALLURE_SUMMARY }} | |
- if: ${{ success() }} | |
name: Cleanup docker image artifacts | |
uses: geekyeggo/delete-artifact@v5 | |
with: | |
name: docker-images | |
failOnError: false |