🐛 Fix GKE cloud test

`GitHubSecurityLab/actions-permissions/monitor` added a MITM proxy to intercept calls. This proxy signed the GKE API cert which lead to errors: ``` Unable to connect to the server: tls: failed to verify certificate: x509: certificate signed by unknown authority ``` Signed-off-by: Christian Zunker <[email protected]>
mondoohq · Nov 8, 2023 · 40b4275 · 40b4275
1 parent b3dff07
commit 40b4275
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 17 deletions.
diff --git a/.github/terraform/gke/main.tf b/.github/terraform/gke/main.tf
@@ -17,6 +17,7 @@ resource "google_container_cluster" "cluster" {
 resource "google_container_node_pool" "node_pool" {
   name       = "mondoo-operator-pool-${random_string.suffix.result}"
   location   = "us-central1-a"
+  project    = var.project_id
   cluster    = google_container_cluster.cluster.id
   node_count = 1
 

diff --git a/.github/terraform/gke/outputs.tf b/.github/terraform/gke/outputs.tf
@@ -2,4 +2,4 @@ resource "local_file" "kubeconfig" {
   depends_on   = [google_container_cluster.cluster]
   content      = module.gke_auth.kubeconfig_raw
   filename     = "kubeconfig"
-}
+}
diff --git a/.github/workflows/cloud-tests.yaml b/.github/workflows/cloud-tests.yaml
@@ -55,9 +55,6 @@ jobs:
         k8s-version: ["1.25", "1.26", "1.27"]
 
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0 # fetch is needed for "git tag --list" in the Makefile
@@ -142,9 +139,6 @@ jobs:
       AWS_REGION: us-east-2
 
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0 # fetch is needed for "git tag --list" in the Makefile
@@ -224,9 +218,6 @@ jobs:
       KUBECONFIG: ${{ format('{0}/{1}', github.workspace, '.github/terraform/gke/kubeconfig') }}
 
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0 # fetch is needed for "git tag --list" in the Makefile
@@ -264,7 +255,7 @@ jobs:
         run: echo "OPERATOR_VERSION=$(docker run ghcr.io/mondoohq/mondoo-operator:${{ env.MONDOO_OPERATOR_IMAGE_TAG }} version --simple)" >> $GITHUB_ENV
 
       - name: Wait a bit for the cluster to become more stable
-        run: kubectl -n kube-system wait --for=condition=Ready pods --all --timeout=60s
+        run: kubectl -n kube-system wait --for=condition=Ready pods --all --timeout=100s
 
       - name: Run integration tests
         env:
@@ -305,9 +296,6 @@ jobs:
     needs: [eks-integration-test,aks-integration-test,gke-integration-test]
     if: always()
     steps:
-    - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-      with:
-        config: ${{ vars.PERMISSIONS_CONFIG }}
     - uses: actions/checkout@v4
       with:
         fetch-depth: 0 # fetch is needed for "git tag --list" in the Makefile
@@ -331,9 +319,6 @@ jobs:
     # Run only if the previous job has failed and only if it's running against the main branch
     if: ${{ always() && contains(join(needs.*.result, ','), 'fail') && github.ref_name == 'main' }}
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          config: ${{ vars.PERMISSIONS_CONFIG }}
       - uses: sarisia/actions-status-discord@v1
         with:
           webhook: ${{ secrets.DISCORD_WEBHOOK }}