Use Helm chart and add test command

kubescape · May 15, 2024 · 00f06b6 · 00f06b6
1 parent af4f855
commit 00f06b6
Show file tree

Hide file tree

Showing 8 changed files with 80 additions and 22 deletions.
diff --git a/.github/workflows/self-test.yaml b/.github/workflows/self-test.yaml
@@ -15,9 +15,17 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+
+      - name: Checkout nginx helm chart
+        uses: actions/checkout@v4
+        with:
+          repository: helm/examples
+          path: charts/examples
+          ref: main
 
       - name: Test VEX Generation
         uses: ./
         with:
-          deployment-file: "https://k8s.io/examples/application/deployment.yaml"
-          ready-condition: "kubectl wait --for=condition=ready pod -l app=nginx --timeout=300s"
+          helm-chart-path: "charts/examples/charts/hello-world"
+          ready-condition: "kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=hello-world --timeout=300s"
+          test-command: "self-test/test.sh"
diff --git a/action.yml b/action.yml
@@ -1,15 +1,15 @@
 name: "Generate VEX with Kubescape"
 description: "Generate VEX with Kubescape"
 inputs:
-  deployment-file:
-    description: "Path / URL to the deployment file"
+  helm-chart-path:
+    description: "Path to Helm chart to test"
     required: true
   ready-condition:
     description: "Condition to wait for before collecting VEX info"
-    required: true
-  wait-time:
-    description: "Time to wait (in seconds) before collecting VEX info, after the ready-condition is met"
-    default: "300"
+    required: false
+  test-command:
+    description: "Command to run to test the deployment"
+    required: false
 
 runs:
   using: "composite"
@@ -18,17 +18,17 @@ runs:
       run: $GITHUB_ACTION_PATH/setup.sh
       shell: bash
 
-    - name: "Install deployment"
+    - name: "Install Helm Chart"
       env: 
-        DEPLOYMENT_FILE: ${{ inputs.deployment-file }}
+        HELM_CHART_PATH: ${{ inputs.helm-chart-path }}
         READY_CONDITION: ${{ inputs.ready-condition }}
       run: $GITHUB_ACTION_PATH/install.sh
       shell: bash
 
-    - name: "Wait for deployment to be ready"
-      env: 
-        WAIT_TIME: ${{ inputs.wait-time }}
-      run: $GITHUB_ACTION_PATH/wait.sh
+    - name: "Run tests"
+      env:
+        TEST_COMMAND: ${{ inputs.test-command }}
+      run: $GITHUB_ACTION_PATH/test.sh
       shell: bash
 
     - name: "Generate VEX"

diff --git a/generate.sh b/generate.sh
@@ -1,6 +1,31 @@
 #!/usr/bin/env bash
 set -x
 
+timeout=300
+start_time=$SECONDS
+while [[ -z $(kubectl -n kubescape get openvulnerabilityexchangecontainers.spdx.softwarecomposition.kubescape.io) ]]; do
+    echo "Waiting for VEX generation..."
+    sleep 10
+    if [[ $((SECONDS - start_time)) -gt $timeout ]]; then
+        echo "Timeout reached. Exiting..."
+
+        # Loop through all pods in the kubescape namespace and print the logs
+        for pod in $(kubectl -n kubescape get pods -o jsonpath='{.items[*].metadata.name}'); do
+            echo "Logs for $pod:"
+            kubectl -n kubescape logs "$pod"
+        done
+
+        break
+    fi
+done
+
+echo "Saving VEX results..."
 kubectl -n kubescape get openvulnerabilityexchangecontainer \
     "$(kubectl -n kubescape get openvulnerabilityexchangecontainer -o jsonpath='{.items[0].metadata.name}')" \
     -o jsonpath='{.spec}' > vex.json
+
+echo "Affected:"
+jq "." vex.json | grep -c "\"affected\""
+
+echo "Not affected:"
+jq "." vex.json | grep -c "\"not_affected\""
diff --git a/install.sh b/install.sh
@@ -1,5 +1,8 @@
 #!/usr/bin/env bash
 set -x
 
-kubectl apply -f "$DEPLOYMENT_FILE"
-$READY_CONDITION
+helm install "$HELM_CHART_PATH" --wait --timeout 300s --generate-name
+
+if [[ -n "$READY_CONDITION" ]]; then
+    $READY_CONDITION
+fi
diff --git a/self-test/test.sh b/self-test/test.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -x
+
+# Get the pod name and container port of the test application
+POD_NAME=$(kubectl get pods -l "app.kubernetes.io/name=hello-world" -o jsonpath="{.items[0].metadata.name}")
+CONTAINER_PORT=$(kubectl get pod "$POD_NAME" -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+# Expose the test app on localhost
+kubectl port-forward "$POD_NAME" 8080:"$CONTAINER_PORT" &
+sleep 5
+# Test the application by sending a request to it a number of times
+for _ in {1..10}; do
+    # Prints just the status code
+    curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:8080
+    echo
+done
+# Stop the port-forwarding
+kill %1
diff --git a/setup.sh b/setup.sh
@@ -15,8 +15,11 @@ sudo ./get_helm.sh
 # Install Kubescape
 helm repo add kubescape https://kubescape.github.io/helm-charts/
 helm repo update
-helm upgrade --install kubescape kubescape/kubescape-operator -n kubescape --create-namespace --set clusterName="$(kubectl config current-context)" --set capabilities.vexGeneration=enable
+helm upgrade --install kubescape kubescape/kubescape-operator -n kubescape --create-namespace \
+  --set clusterName="$(kubectl config current-context)" \
+  --set capabilities.vexGeneration=enable \
+  --set nodeAgent.config.learningPeriod=1m \
+  --set nodeAgent.config.updatePeriod=1m
 # Wait for the pod to be ready
 sleep 15
-kubectl get pods -n kubescape
 kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=node-agent -n kubescape --timeout=300s
diff --git a/test.sh b/test.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -x
+
+if [[ -n "$TEST_COMMAND" ]]; then
+    $TEST_COMMAND
+fi
diff --git a/wait.sh b/wait.sh