fix: default posture logs for system generated permission denied events #2028

Workflow file for this run

.github/workflows/ci-test-ubi-image.yml at b392b7b

	name: ci-test-ubi-ginkgo

	on:
	push:
	branches: [main]
	paths:
	- "KubeArmor/**"
	- "tests/**"
	- "protobuf/**"
	- ".github/workflows/ci-test-ginkgo.yml"
	- "pkg/KubeArmorOperator/**"
	- "deployments/helm/**"
	pull_request:
	branches: [main]
	paths:
	- "KubeArmor/**"
	- "tests/**"
	- "protobuf/**"
	- ".github/workflows/ci-test-ginkgo.yml"
	- "pkg/KubeArmorOperator/**"
	- "deployments/helm/**"

	# Declare default permissions as read only.
	permissions: read-all

	jobs:
	build:
	name: Auto-testing Framework / ${{ matrix.os }} / ${{ matrix.runtime }}
	runs-on: ${{ matrix.os }}
	env:
	RUNTIME: ${{ matrix.runtime }}
	strategy:
	fail-fast: false
	matrix:
	os: ["bpflsm"]

	runtime: ["crio"]


	steps:
	- uses: actions/checkout@v3
	with:
	submodules: true

	- uses: actions/setup-go@v5
	with:
	go-version-file: 'KubeArmor/go.mod'

	- name: Install the latest LLVM toolchain
	run: ./.github/workflows/install-llvm.sh

	- name: Compile libbpf
	run: ./.github/workflows/install-libbpf.sh

	- name: Setup a Kubernetes environment
	run: ./.github/workflows/install-k3s.sh

	- name: Generate KubeArmor artifacts
	run: \|
	GITHUB_SHA=$GITHUB_SHA ./KubeArmor/build/build_kubearmor.sh

	- name: Build Kubearmor-Operator
	working-directory: pkg/KubeArmorOperator
	run: \|
	make docker-build

	- name: Run KubeArmor
	run: \|
	docker save kubearmor/kubearmor-init:latest \| sudo podman load
	docker save kubearmor/kubearmor-ubi:latest \| sudo podman load
	docker save kubearmor/kubearmor-operator:latest \| sudo podman load
	docker save kubearmor/kubearmor-snitch:latest \| sudo podman load
	helm upgrade --install kubearmor-operator ./deployments/helm/KubeArmorOperator -n kubearmor --create-namespace --set kubearmorOperator.image.tag=latest
	kubectl get pods -A
	kubectl wait --for=condition=ready --timeout=5m -n kubearmor pod -l kubearmor-app=kubearmor-operator
	kubectl apply -f pkg/KubeArmorOperator/config/samples/kubearmor-ubi-test.yaml
	kubectl wait -n kubearmor --timeout=5m --for=jsonpath='{.status.phase}'=Running kubearmorconfigs/kubearmorconfig-test
	kubectl wait --timeout=7m --for=condition=ready pod -l kubearmor-app,kubearmor-app!=kubearmor-snitch,kubearmor-app!=kubearmor-controller -n kubearmor
	kubectl wait --timeout=1m --for=condition=ready pod -l kubearmor-app=kubearmor-controller -n kubearmor
	kubectl get pods -A

	- name: Operator may take upto 10 sec to enable TLS, Sleep for 15Sec
	run: \|
	sleep 15

	- name: Test KubeArmor using Ginkgo
	run: \|
	go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo
	make
	working-directory: ./tests/k8s_env
	timeout-minutes: 30

	- name: Get karmor sysdump
	if: ${{ failure() }}
	run: \|
	kubectl describe pod -n kubearmor -l kubearmor-app=kubearmor
	curl -sfL http://get.kubearmor.io/ \| sudo sh -s -- -b /usr/local/bin
	mkdir -p /tmp/kubearmor/ && cd /tmp/kubearmor && karmor sysdump

	- name: Archive log artifacts
	if: ${{ failure() }}
	uses: actions/upload-artifact@v3
	with:
	name: kubearmor.logs
	path: \|
	/tmp/kubearmor/
	/tmp/kubearmor.*

	- name: Measure code coverage
	if: ${{ always() }}
	run: \|
	go install github.com/modocache/gover@latest
	gover
	go tool cover -func=gover.coverprofile
	working-directory: KubeArmor
	env:
	GOPATH: /home/vagrant/go
	- uses: codecov/codecov-action@v3
	if: ${{ always() }}
	with:
	files: ./KubeArmor/gover.coverprofile
	- name: Run cleanup
	if: ${{ always() }}
	run: ./.github/workflows/cleanup.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: default posture logs for system generated permission denied events #2028

Workflow file

fix: default posture logs for system generated permission denied events #2028

Jobs

Run details

Workflow file for this run