Included the latest n4k version in the chainsaw test

Signed-off-by: nsathyaseelan <[email protected]>

.github/workflows/chainsaw-e2e.yaml

@@ -3,28 +3,28 @@ on:
   push:
     branches:
       - 'main'
-  # this action needs to read GH secret
-  # hence prevents executing on PRs from forks
-  # disabling running on PRs until we find a workaround for this
+
   pull_request:
     branches:
       - 'main'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
-  
+
 jobs:
   run-e2etest:
     runs-on: ubuntu-latest
-    permissions:
-      packages: read
+
     strategy:
-      fail-fast: false
+      fail-fast: false    
       matrix:
-        k8s-version: [v1.28.0, v1.27.3, v1.26.3, v1.25.8, v1.24.12, v1.23.17]
-        n4k-chart-version: [1.6.11, 3.0.9]
-
+        k8s-version: [v1.29.2, v1.28.7, v1.27.11, v1.26.14, v1.25.16]
+        # For n4k-versions 1.10, and 1.11     
+        # "devel" refers to the RC version. 
+        # If there are no new RC versions available, it installs the latest n4k version.
+        n4k-chart-version: [3.0.18, 3.1.1, devel]
+
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -33,14 +33,16 @@ jobs:
         run: K8S_VERSION=${{ matrix.k8s-version }} make kind-create-cluster
 
       - name: Install kyverno
-        run: |
-          N4K_VERSION=${{ matrix.n4k-chart-version }} make kind-deploy-kyverno
+        run: N4K_VERSION=${{ matrix.n4k-chart-version }} make kind-deploy-kyverno
 
       - name: Check Kyverno status
         run: make wait-for-kyverno
 
-      - name: Install chainsaw
-        uses: kyverno/action-install-chainsaw@6ab03ccb2c8309b5f494fcbc78ec3a2d80cfabee # v0.1.0
+      - name: Install Chainsaw
+        uses: kyverno/[email protected] 
+
+      - name: Verify Chainsaw Installation
+        run: chainsaw version
 
       - name: Test with Chainsaw
         run: make test-chainsaw

Makefile

@@ -7,7 +7,7 @@ USE_CONFIG           ?= standard
 
 TOOLS_DIR                          := $(PWD)/.tools
 KIND                               := $(TOOLS_DIR)/kind
-KIND_VERSION                       := v0.20.0
+KIND_VERSION                       := v0.22.0
 HELM                               := $(TOOLS_DIR)/helm
 HELM_VERSION                       := v3.10.1
 TOOLS                              := $(KIND) $(HELM)
@@ -55,7 +55,11 @@ kind-deploy-kyverno: $(HELM)
 	@echo Install kyverno chart... >&2
 	@$(HELM) repo add nirmata https://nirmata.github.io/kyverno-charts
 	@$(HELM) repo update
-	@$(HELM) install kyverno nirmata/kyverno -n kyverno --create-namespace --version=$(N4K_VERSION)
+	@if [ "$(N4K_VERSION)" = "devel" ]; then \
+		$(HELM) install kyverno nirmata/kyverno -n kyverno --create-namespace --devel; \
+	else \
+		$(HELM) install kyverno nirmata/kyverno -n kyverno --create-namespace --version=$(N4K_VERSION); \
+	fi
 
 ## Check Kyverno status 
 .PHONY: wait-for-kyverno

pod-security/baseline/disallow-host-namespaces/e2e/chainsaw-test.yaml

@@ -22,8 +22,6 @@ spec:
         resource:
           apiVersion: wgpolicyk8s.io/v1alpha2
           kind: PolicyReport
-          metadata:
-            name: cpol-disallow-host-namespaces
           summary:
             error: 0
             fail: 0

pod-security/baseline/disallow-host-path/e2e/chainsaw-test.yaml

@@ -22,8 +22,6 @@ spec:
         resource:
           apiVersion: wgpolicyk8s.io/v1alpha2
           kind: PolicyReport
-          metadata:
-            name: cpol-disallow-host-path
           summary:
             error: 0
             fail: 0

pod-security/baseline/disallow-host-ports/e2e/chainsaw-test.yaml

@@ -22,8 +22,6 @@ spec:
         resource:
           apiVersion: wgpolicyk8s.io/v1alpha2
           kind: PolicyReport
-          metadata:
-            name: cpol-disallow-host-ports
           summary:
             error: 0
             fail: 0

pod-security/baseline/disallow-host-process/e2e/chainsaw-test.yaml

@@ -22,8 +22,6 @@ spec:
         resource:
           apiVersion: wgpolicyk8s.io/v1alpha2
           kind: PolicyReport
-          metadata:
-            name: cpol-disallow-host-process
           summary:
             error: 0
             fail: 0

pod-security/baseline/disallow-privileged-containers/e2e/chainsaw-test.yaml

@@ -22,8 +22,6 @@ spec:
         resource:
           apiVersion: wgpolicyk8s.io/v1alpha2
           kind: PolicyReport
-          metadata:
-            name: cpol-disallow-privileged-containers
           summary:
             error: 0
             fail: 0

pod-security/baseline/disallow-proc-mount/e2e/chainsaw-test.yaml

@@ -22,8 +22,6 @@ spec:
         resource:
           apiVersion: wgpolicyk8s.io/v1alpha2
           kind: PolicyReport
-          metadata:
-            name: cpol-disallow-proc-mount
           summary:
             error: 0
             fail: 0

pod-security/restricted/disallow-capabilities-strict/e2e/chainsaw-test.yaml

@@ -22,8 +22,6 @@ spec:
         resource:
           apiVersion: wgpolicyk8s.io/v1alpha2
           kind: PolicyReport
-          metadata:
-            name: cpol-disallow-capabilities-strict
           summary:
             error: 0
             fail: 0

pod-security/restricted/disallow-privilege-escalation/e2e/chainsaw-test.yaml

@@ -22,8 +22,6 @@ spec:
         resource:
           apiVersion: wgpolicyk8s.io/v1alpha2
           kind: PolicyReport
-          metadata:
-            name: cpol-disallow-privilege-escalation
           summary:
             error: 0
             fail: 0

pod-security/restricted/require-run-as-nonroot/e2e/chainsaw-test.yaml

@@ -22,8 +22,6 @@ spec:
         resource:
           apiVersion: wgpolicyk8s.io/v1alpha2
           kind: PolicyReport
-          metadata:
-            name: cpol-require-run-as-nonroot
           summary:
             error: 0
             fail: 0