Skip to content

RULES.md automation refactoring #879

RULES.md automation refactoring

RULES.md automation refactoring #879

Workflow file for this run

name: Tests
on:
pull_request_target:
branches:
- main
- "[0-9]+.[0-9]+"
types: [opened, synchronize, reopened]
push:
branches:
- main
- "[0-9]+.[0-9]+"
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
init-hermit:
name: Init Hermit Tools
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Hermit Environment
uses: ./.github/actions/hermit
with:
init-tools: 'true'
ci-azure:
needs: [ init-hermit ]
name: CIS Azure CI
runs-on: ubuntu-22.04
timeout-minutes: 60
permissions:
contents: "read"
id-token: "write"
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Hermit Environment
uses: ./.github/actions/hermit
- name: Run Azure integration tests
uses: ./.github/actions/azure-ci
with:
elk-version: ${{ env.ELK_VERSION }}
azure-client-id: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientId }}
azure-tenant-id: ${{ fromJSON(secrets.AZURE_CREDENTIALS).tenantId }}
azure-client-secret: ${{ fromJSON(secrets.AZURE_CREDENTIALS).clientSecret }}
ci-aws:
needs: [ init-hermit ]
name: CIS AWS CI
runs-on: ubuntu-22.04
timeout-minutes: 60
permissions:
contents: "read"
id-token: "write"
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Hermit Environment
uses: ./.github/actions/hermit
- name: Run AWS integration tests
uses: ./.github/actions/aws-ci
with:
elk-version: ${{ env.ELK_VERSION }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_TEST_ACC }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_TEST_ACC }}
aws-account-type: single-account
ci-gcp:
needs: [ init-hermit ]
name: CIS GCP CI
runs-on: ubuntu-22.04
timeout-minutes: 60
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Hermit Environment
uses: ./.github/actions/hermit
- name: Run GCP integration tests
uses: ./.github/actions/gcp-ci
with:
elk-version: ${{ env.ELK_VERSION }}
workload-identity-provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service-account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
gcp-project-id: 'elastic-security-test'
gcp-account-type: 'single-account'
ci-cnvm:
needs: [ init-hermit ]
name: CNVM CI
runs-on: ubuntu-22.04
timeout-minutes: 30
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Hermit Environment
uses: ./.github/actions/hermit
- name: Run CNVM integration tests
uses: ./.github/actions/cnvm-ci
with:
elk-version: ${{ env.ELK_VERSION }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: 'us-east-2'
docker-images:
needs: [ init-hermit ]
name: Build docker images
# Since we build the cloudbeat in the worker's OS and as non static,
# we need to keep the OS version same as elastic-agent docker image base.
# docker run --interactive --tty --rm --entrypoint bash docker.elastic.co/elastic-agent/elastic-agent-complete:8.14.0-SNAPSHOT -c 'cat /etc/os-release'
runs-on: ubuntu-20.04
timeout-minutes: 40
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
tool-cache: false
android: true
dotnet: true
haskell: true
large-packages: false
docker-images: true
swap-storage: true
- name: Check out the repo
uses: actions/checkout@v4
- name: Hermit Environment
uses: ./.github/actions/hermit
- name: Build docker images
uses: ./.github/actions/docker-images
with:
build-docker-images: 'true'
ci-k8s:
needs: [ init-hermit, docker-images ]
name: ${{ matrix.test-target }}-${{ matrix.kind-config }}
runs-on: ubuntu-22.04
timeout-minutes: 120
strategy:
fail-fast: false
matrix:
include:
- test-target: pre_merge
kind-config: kind-multi
values-file: tests/test_environments/values/ci.yml
- test-target: pre_merge_agent
kind-config: kind-multi
values-file: tests/test_environments/values/ci-sa-agent.yml
- test-target: k8s_file_system_rules
kind-config: kind-test-files
values-file: tests/test_environments/values/ci-test-k8s-files.yml
- test-target: k8s_object_psp_rules
kind-config: kind-multi
values-file: tests/test_environments/values/ci-test-k8s-objects.yml
- test-target: k8s_process_rules
kind-config: kind-test-proc-conf1
values-file: tests/test_environments/values/ci-test-k8s-proc-conf1.yml
- test-target: k8s_process_rules
kind-config: kind-test-proc-conf2
values-file: tests/test_environments/values/ci-test-k8s-proc-conf2.yml
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
tool-cache: false
android: true
dotnet: true
haskell: true
large-packages: false
docker-images: true
swap-storage: true
- name: Check out the repo
uses: actions/checkout@v4
- name: Hermit Environment
uses: ./.github/actions/hermit
- name: Get docker images
uses: ./.github/actions/docker-images
with:
build-docker-images: 'false'
docker-images-folder: '/tmp/.docker-images'
- name: Run k8s integration tests
uses: ./.github/actions/k8s-ci
with:
kind-config: ${{ matrix.kind-config }}
test-target: ${{ matrix.test-target }}
values-file: ${{ matrix.values-file }}
docker-images-folder: '/tmp/.docker-images'
upload-allure-results:
needs:
- ci-azure
- ci-aws
- ci-gcp
- ci-cnvm
- ci-k8s
name: Upload integration tests results
runs-on: ubuntu-22.04
timeout-minutes: 60
permissions:
pull-requests: write
if: ${{ always() }}
env:
AWS_REGION: "eu-west-1"
ALLURE_S3_BUCKET: "s3://csp-allure-reports/allure_reports/cloudbeat/ci"
S3_BUCKET_ALLURE_REPORT_AP: "http://csp-allure-reports.s3.amazonaws.com/allure_reports/cloudbeat/ci"
steps:
- name: Check out the repo
uses: actions/checkout@v4
- uses: actions/download-artifact@v4
if: ${{ always() }}
with:
pattern: allure-results-ci-*
path: tests/allure/results/
merge-multiple: true
- name: log
if: ${{ always() }}
shell: bash
run: |
ls -lahR tests/allure/results/ || true
- name: Publish allure report
if: ${{ always() }}
uses: andrcuns/[email protected]
env:
GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_REGION: ${{ env.AWS_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
with:
storageType: s3
resultsGlob: "tests/allure/results"
updatePr: actions
collapseSummary: false
summary: suites
summaryTableType: markdown
copyLatest: true
bucket: csp-allure-reports
prefix: allure_reports/cloudbeat/ci/${{ github.event.number }}
ignoreMissingResults: true
debug: false
- name: Allure Summary
if: ${{ success() && github.event_name != 'push' }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
curl --fail --show-error --location '${{ env.S3_BUCKET_ALLURE_REPORT_AP }}/${{ github.event.number }}/history/history-trend.json' --output ./history-trend.json
allure_result=./history-trend.json
allure_url=${{ env.S3_BUCKET_ALLURE_REPORT_AP }}/${{ github.event.number }}/index.html
./.ci/scripts/allure-report-summary.sh "$allure_result" "$allure_url"
allure_summary=$(./.ci/scripts/allure-report-summary.sh "$allure_result" "$allure_url")
# saving result into env variable (with multiline handling)
echo "ALLURE_SUMMARY<<EOF" >> $GITHUB_ENV
echo "$allure_summary" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
- name: Comment test success result
uses: marocchino/sticky-pull-request-comment@v2
if: ${{ success() && github.event_name != 'push' }}
with:
header: CI Test Results
number: ${{ github.event.number }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
message: |
${{ env.ALLURE_SUMMARY }}
- if: ${{ success() }}
name: Cleanup docker image artifacts
uses: geekyeggo/delete-artifact@v5
with:
name: docker-images
failOnError: false