From 40b427547644e4d45e8ecaab05c131e012b402e1 Mon Sep 17 00:00:00 2001 From: Christian Zunker Date: Mon, 30 Oct 2023 16:58:06 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Fix=20GKE=20cloud=20test?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `GitHubSecurityLab/actions-permissions/monitor` added a MITM proxy to intercept calls. This proxy signed the GKE API cert which lead to errors: ``` Unable to connect to the server: tls: failed to verify certificate: x509: certificate signed by unknown authority ``` Signed-off-by: Christian Zunker --- .github/terraform/gke/main.tf | 1 + .github/terraform/gke/outputs.tf | 2 +- .github/workflows/cloud-tests.yaml | 17 +---------------- 3 files changed, 3 insertions(+), 17 deletions(-) diff --git a/.github/terraform/gke/main.tf b/.github/terraform/gke/main.tf index 2b3ed5f7b..480edb696 100644 --- a/.github/terraform/gke/main.tf +++ b/.github/terraform/gke/main.tf @@ -17,6 +17,7 @@ resource "google_container_cluster" "cluster" { resource "google_container_node_pool" "node_pool" { name = "mondoo-operator-pool-${random_string.suffix.result}" location = "us-central1-a" + project = var.project_id cluster = google_container_cluster.cluster.id node_count = 1 diff --git a/.github/terraform/gke/outputs.tf b/.github/terraform/gke/outputs.tf index 57b9f3cb9..6c3c331be 100644 --- a/.github/terraform/gke/outputs.tf +++ b/.github/terraform/gke/outputs.tf @@ -2,4 +2,4 @@ resource "local_file" "kubeconfig" { depends_on = [google_container_cluster.cluster] content = module.gke_auth.kubeconfig_raw filename = "kubeconfig" -} \ No newline at end of file +} diff --git a/.github/workflows/cloud-tests.yaml b/.github/workflows/cloud-tests.yaml index 9f1c677bd..448c63a5a 100644 --- a/.github/workflows/cloud-tests.yaml +++ b/.github/workflows/cloud-tests.yaml @@ -55,9 +55,6 @@ jobs: k8s-version: ["1.25", "1.26", "1.27"] steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - uses: actions/checkout@v4 with: fetch-depth: 0 # fetch is needed for "git tag --list" in the Makefile @@ -142,9 +139,6 @@ jobs: AWS_REGION: us-east-2 steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - uses: actions/checkout@v4 with: fetch-depth: 0 # fetch is needed for "git tag --list" in the Makefile @@ -224,9 +218,6 @@ jobs: KUBECONFIG: ${{ format('{0}/{1}', github.workspace, '.github/terraform/gke/kubeconfig') }} steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - uses: actions/checkout@v4 with: fetch-depth: 0 # fetch is needed for "git tag --list" in the Makefile @@ -264,7 +255,7 @@ jobs: run: echo "OPERATOR_VERSION=$(docker run ghcr.io/mondoohq/mondoo-operator:${{ env.MONDOO_OPERATOR_IMAGE_TAG }} version --simple)" >> $GITHUB_ENV - name: Wait a bit for the cluster to become more stable - run: kubectl -n kube-system wait --for=condition=Ready pods --all --timeout=60s + run: kubectl -n kube-system wait --for=condition=Ready pods --all --timeout=100s - name: Run integration tests env: @@ -305,9 +296,6 @@ jobs: needs: [eks-integration-test,aks-integration-test,gke-integration-test] if: always() steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - uses: actions/checkout@v4 with: fetch-depth: 0 # fetch is needed for "git tag --list" in the Makefile @@ -331,9 +319,6 @@ jobs: # Run only if the previous job has failed and only if it's running against the main branch if: ${{ always() && contains(join(needs.*.result, ','), 'fail') && github.ref_name == 'main' }} steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - with: - config: ${{ vars.PERMISSIONS_CONFIG }} - uses: sarisia/actions-status-discord@v1 with: webhook: ${{ secrets.DISCORD_WEBHOOK }}