From 1c532af7509580f9914e93155c19fd92e882eeeb Mon Sep 17 00:00:00 2001
From: nsathyaseelan <sathyaseelan@nirmata.com>
Date: Fri, 16 Feb 2024 09:35:15 +0530
Subject: [PATCH] Included the latest n4k version in the chainsaw test

Signed-off-by: nsathyaseelan <sathyaseelan@nirmata.com>
---
 .github/workflows/chainsaw-e2e.yaml           | 30 ++++++++++---------
 Makefile                                      |  8 +++--
 .../e2e/chainsaw-test.yaml                    |  2 --
 .../disallow-host-path/e2e/chainsaw-test.yaml |  2 --
 .../e2e/chainsaw-test.yaml                    |  2 --
 .../e2e/chainsaw-test.yaml                    |  2 --
 .../e2e/chainsaw-test.yaml                    |  2 --
 .../e2e/chainsaw-test.yaml                    |  2 --
 .../e2e/chainsaw-test.yaml                    |  2 --
 .../e2e/chainsaw-test.yaml                    |  2 --
 .../e2e/chainsaw-test.yaml                    |  2 --
 11 files changed, 22 insertions(+), 34 deletions(-)

diff --git a/.github/workflows/chainsaw-e2e.yaml b/.github/workflows/chainsaw-e2e.yaml
index f0088d05..1735cc1a 100644
--- a/.github/workflows/chainsaw-e2e.yaml
+++ b/.github/workflows/chainsaw-e2e.yaml
@@ -3,9 +3,7 @@ on:
   push:
     branches:
       - 'main'
-  # this action needs to read GH secret
-  # hence prevents executing on PRs from forks
-  # disabling running on PRs until we find a workaround for this
+
   pull_request:
     branches:
       - 'main'
@@ -13,18 +11,20 @@ on:
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
-  
+
 jobs:
   run-e2etest:
     runs-on: ubuntu-latest
-    permissions:
-      packages: read
+    
     strategy:
-      fail-fast: false
+      fail-fast: false    
       matrix:
-        k8s-version: [v1.28.0, v1.27.3, v1.26.3, v1.25.8, v1.24.12, v1.23.17]
-        n4k-chart-version: [1.6.11, 3.0.9]
-
+        k8s-version: [v1.29.2, v1.28.7, v1.27.11, v1.26.14, v1.25.16]
+        # For n4k-versions 1.10, and 1.11     
+        # "devel" refers to the RC version. 
+        # If there are no new RC versions available, it installs the latest n4k version.
+        n4k-chart-version: [3.0.18, 3.1.1, devel]
+        
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -33,14 +33,16 @@ jobs:
         run: K8S_VERSION=${{ matrix.k8s-version }} make kind-create-cluster
 
       - name: Install kyverno
-        run: |
-          N4K_VERSION=${{ matrix.n4k-chart-version }} make kind-deploy-kyverno
+        run: N4K_VERSION=${{ matrix.n4k-chart-version }} make kind-deploy-kyverno
 
       - name: Check Kyverno status
         run: make wait-for-kyverno
 
-      - name: Install chainsaw
-        uses: kyverno/action-install-chainsaw@6ab03ccb2c8309b5f494fcbc78ec3a2d80cfabee # v0.1.0
+      - name: Install Chainsaw
+        uses: kyverno/action-install-chainsaw@v0.1.4 
+
+      - name: Verify Chainsaw Installation
+        run: chainsaw version
 
       - name: Test with Chainsaw
         run: make test-chainsaw
diff --git a/Makefile b/Makefile
index 881478b0..cc90d06a 100644
--- a/Makefile
+++ b/Makefile
@@ -7,7 +7,7 @@ USE_CONFIG           ?= standard
 
 TOOLS_DIR                          := $(PWD)/.tools
 KIND                               := $(TOOLS_DIR)/kind
-KIND_VERSION                       := v0.20.0
+KIND_VERSION                       := v0.22.0
 HELM                               := $(TOOLS_DIR)/helm
 HELM_VERSION                       := v3.10.1
 TOOLS                              := $(KIND) $(HELM)
@@ -55,7 +55,11 @@ kind-deploy-kyverno: $(HELM)
 	@echo Install kyverno chart... >&2
 	@$(HELM) repo add nirmata https://nirmata.github.io/kyverno-charts
 	@$(HELM) repo update
-	@$(HELM) install kyverno nirmata/kyverno -n kyverno --create-namespace --version=$(N4K_VERSION)
+	@if [ "$(N4K_VERSION)" = "devel" ]; then \
+		$(HELM) install kyverno nirmata/kyverno -n kyverno --create-namespace --devel; \
+	else \
+		$(HELM) install kyverno nirmata/kyverno -n kyverno --create-namespace --version=$(N4K_VERSION); \
+	fi
 
 ## Check Kyverno status 
 .PHONY: wait-for-kyverno
diff --git a/pod-security/baseline/disallow-host-namespaces/e2e/chainsaw-test.yaml b/pod-security/baseline/disallow-host-namespaces/e2e/chainsaw-test.yaml
index a2f9a2bd..c3e0e055 100644
--- a/pod-security/baseline/disallow-host-namespaces/e2e/chainsaw-test.yaml
+++ b/pod-security/baseline/disallow-host-namespaces/e2e/chainsaw-test.yaml
@@ -22,8 +22,6 @@ spec:
         resource:
           apiVersion: wgpolicyk8s.io/v1alpha2
           kind: PolicyReport
-          metadata:
-            name: cpol-disallow-host-namespaces
           summary:
             error: 0
             fail: 0
diff --git a/pod-security/baseline/disallow-host-path/e2e/chainsaw-test.yaml b/pod-security/baseline/disallow-host-path/e2e/chainsaw-test.yaml
index e5fb1ccc..39a36e89 100644
--- a/pod-security/baseline/disallow-host-path/e2e/chainsaw-test.yaml
+++ b/pod-security/baseline/disallow-host-path/e2e/chainsaw-test.yaml
@@ -22,8 +22,6 @@ spec:
         resource:
           apiVersion: wgpolicyk8s.io/v1alpha2
           kind: PolicyReport
-          metadata:
-            name: cpol-disallow-host-path
           summary:
             error: 0
             fail: 0
diff --git a/pod-security/baseline/disallow-host-ports/e2e/chainsaw-test.yaml b/pod-security/baseline/disallow-host-ports/e2e/chainsaw-test.yaml
index 893a7b16..8ac23644 100644
--- a/pod-security/baseline/disallow-host-ports/e2e/chainsaw-test.yaml
+++ b/pod-security/baseline/disallow-host-ports/e2e/chainsaw-test.yaml
@@ -22,8 +22,6 @@ spec:
         resource:
           apiVersion: wgpolicyk8s.io/v1alpha2
           kind: PolicyReport
-          metadata:
-            name: cpol-disallow-host-ports
           summary:
             error: 0
             fail: 0
diff --git a/pod-security/baseline/disallow-host-process/e2e/chainsaw-test.yaml b/pod-security/baseline/disallow-host-process/e2e/chainsaw-test.yaml
index 30d6a068..3b71ff1a 100644
--- a/pod-security/baseline/disallow-host-process/e2e/chainsaw-test.yaml
+++ b/pod-security/baseline/disallow-host-process/e2e/chainsaw-test.yaml
@@ -22,8 +22,6 @@ spec:
         resource:
           apiVersion: wgpolicyk8s.io/v1alpha2
           kind: PolicyReport
-          metadata:
-            name: cpol-disallow-host-process
           summary:
             error: 0
             fail: 0
diff --git a/pod-security/baseline/disallow-privileged-containers/e2e/chainsaw-test.yaml b/pod-security/baseline/disallow-privileged-containers/e2e/chainsaw-test.yaml
index 8d09d1a5..af3d292e 100644
--- a/pod-security/baseline/disallow-privileged-containers/e2e/chainsaw-test.yaml
+++ b/pod-security/baseline/disallow-privileged-containers/e2e/chainsaw-test.yaml
@@ -22,8 +22,6 @@ spec:
         resource:
           apiVersion: wgpolicyk8s.io/v1alpha2
           kind: PolicyReport
-          metadata:
-            name: cpol-disallow-privileged-containers
           summary:
             error: 0
             fail: 0
diff --git a/pod-security/baseline/disallow-proc-mount/e2e/chainsaw-test.yaml b/pod-security/baseline/disallow-proc-mount/e2e/chainsaw-test.yaml
index 4510f135..ab1aa1a7 100644
--- a/pod-security/baseline/disallow-proc-mount/e2e/chainsaw-test.yaml
+++ b/pod-security/baseline/disallow-proc-mount/e2e/chainsaw-test.yaml
@@ -22,8 +22,6 @@ spec:
         resource:
           apiVersion: wgpolicyk8s.io/v1alpha2
           kind: PolicyReport
-          metadata:
-            name: cpol-disallow-proc-mount
           summary:
             error: 0
             fail: 0
diff --git a/pod-security/restricted/disallow-capabilities-strict/e2e/chainsaw-test.yaml b/pod-security/restricted/disallow-capabilities-strict/e2e/chainsaw-test.yaml
index cb22dc47..73d7ebe6 100644
--- a/pod-security/restricted/disallow-capabilities-strict/e2e/chainsaw-test.yaml
+++ b/pod-security/restricted/disallow-capabilities-strict/e2e/chainsaw-test.yaml
@@ -22,8 +22,6 @@ spec:
         resource:
           apiVersion: wgpolicyk8s.io/v1alpha2
           kind: PolicyReport
-          metadata:
-            name: cpol-disallow-capabilities-strict
           summary:
             error: 0
             fail: 0
diff --git a/pod-security/restricted/disallow-privilege-escalation/e2e/chainsaw-test.yaml b/pod-security/restricted/disallow-privilege-escalation/e2e/chainsaw-test.yaml
index 703dcc9f..341ecc65 100644
--- a/pod-security/restricted/disallow-privilege-escalation/e2e/chainsaw-test.yaml
+++ b/pod-security/restricted/disallow-privilege-escalation/e2e/chainsaw-test.yaml
@@ -22,8 +22,6 @@ spec:
         resource:
           apiVersion: wgpolicyk8s.io/v1alpha2
           kind: PolicyReport
-          metadata:
-            name: cpol-disallow-privilege-escalation
           summary:
             error: 0
             fail: 0
diff --git a/pod-security/restricted/require-run-as-nonroot/e2e/chainsaw-test.yaml b/pod-security/restricted/require-run-as-nonroot/e2e/chainsaw-test.yaml
index 45755c90..bfacc595 100644
--- a/pod-security/restricted/require-run-as-nonroot/e2e/chainsaw-test.yaml
+++ b/pod-security/restricted/require-run-as-nonroot/e2e/chainsaw-test.yaml
@@ -22,8 +22,6 @@ spec:
         resource:
           apiVersion: wgpolicyk8s.io/v1alpha2
           kind: PolicyReport
-          metadata:
-            name: cpol-require-run-as-nonroot
           summary:
             error: 0
             fail: 0