Test PR #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Generate VEX workflow | |
| on: | |
| pull_request: | |
| paths-ignore: | |
| - '**/*.md' | |
| types: [labeled, synchronize, ready_for_review, opened, reopened] | |
| jobs: | |
| generate-vex: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Kind | |
| run: | | |
| curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-$(uname)-amd64 | |
| chmod +x ./kind | |
| ./kind create cluster | |
| curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubectl | |
| chmod +x ./kubectl | |
| sudo mv ./kubectl /usr/local/bin/kubectl | |
| - name: Install Helm and Kubectl | |
| run: | | |
| curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | |
| chmod 700 get_helm.sh | |
| sudo ./get_helm.sh | |
| - name: Install Kubescape | |
| run: | | |
| helm repo add kubescape https://kubescape.github.io/helm-charts/ | |
| helm repo update | |
| helm upgrade --install kubescape kubescape/kubescape-operator -n kubescape --create-namespace --set clusterName=`kubectl config current-context` --set capabilities.vexGeneration=enable | |
| # Wait for the pod to be ready | |
| kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=node-agent -n kubescape --timeout=300s | |
| - name: Install Nginx | |
| run: | | |
| kubectl apply -f https://k8s.io/examples/application/deployment.yaml | |
| kubectl wait --for=condition=ready pod -l app=nginx --timeout=300s | |
| - name: Wait 2 minutes | |
| run: sleep 120 # Wait for ebpf to collect data | |
| - name: Generate VEX | |
| run: | | |
| kubectl -n kubescape get openvulnerabilityexchangecontainer $(kubectl -n kubescape get openvulnerabilityexchangecontainer -o jsonpath='{.items[0].metadata.name}') -o jsonpath='{.spec}' > nginx.json | |
| - name: Upload VEX document | |
| if: always() | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: VEX document | |
| path: "nginx.json" | |