Skip to content

Commit

Permalink
Merge branch 'dev' into isolate-metrics
Browse files Browse the repository at this point in the history
  • Loading branch information
binbin-li authored Jun 7, 2024
2 parents 9c534dc + 12e39b9 commit 50b334d
Show file tree
Hide file tree
Showing 6 changed files with 28 additions and 22 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/publish-dev-assets.yml
Original file line number Diff line number Diff line change
Expand Up @@ -72,8 +72,8 @@ jobs:
--push .
- name: replace version
run: |
sed -i '/^ repository:/c\ repository: ghcr.io/deislabs/ratify-dev' charts/ratify/values.yaml
sed -i '/^ crdRepository:/c\ crdRepository: ghcr.io/deislabs/ratify-crds-dev' charts/ratify/values.yaml
sed -i '/^ repository:/c\ repository: ghcr.io/ratify-project/ratify-dev' charts/ratify/values.yaml
sed -i '/^ crdRepository:/c\ crdRepository: ghcr.io/ratify-project/ratify-crds-dev' charts/ratify/values.yaml
sed -i '/^ tag:/c\ tag: ${{ steps.prepare.outputs.version }}' charts/ratify/values.yaml
- name: helm package
run: |
Expand Down
4 changes: 2 additions & 2 deletions dev.helmfile.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ repositories:
- name: gatekeeper
url: https://open-policy-agent.github.io/gatekeeper/charts
- name: ratify
url: ghcr.io/deislabs/ratify-chart-dev # PRERELEASE: Change to 'https://ratify-project.github.io/ratify' before copying to helmfile.yaml
url: ghcr.io/ratify-project/ratify-chart-dev # PRERELEASE: Change to 'https://ratify-project.github.io/ratify' before copying to helmfile.yaml
oci: true # PRERELEASE: Remove before copying to helmfile.yaml

releases:
Expand Down Expand Up @@ -77,6 +77,6 @@ releases:
- "gatekeeper-system"
set:
- name: notationCerts[0]
value: {{ exec "curl" (list "-sSL" "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/notation.crt") | quote }}
value: {{ exec "curl" (list "-sSL" "https://raw.githubusercontent.com/ratify-project/ratify/main/test/testdata/notation.crt") | quote }}
- name: featureFlags.RATIFY_CERT_ROTATION
value: true
12 changes: 6 additions & 6 deletions dev.high-availability.helmfile.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ repositories:
- name: bitnami
url: https://charts.bitnami.com/bitnami
- name: ratify
url: ghcr.io/deislabs/ratify-chart-dev # PRERELEASE: Change to 'https://ratify-project.github.io/ratify' before copying to helmfile.yaml
url: ghcr.io/ratify-project/ratify-chart-dev # PRERELEASE: Change to 'https://ratify-project.github.io/ratify' before copying to helmfile.yaml
oci: true # PRERELEASE: Remove before copying to helmfile.yaml

releases:
Expand Down Expand Up @@ -63,14 +63,14 @@ releases:
command: "bash"
args:
- "-c"
- "export SIGN_KEY=$(openssl rand 16 | hexdump -v -e '/1 \"%02x\"' | base64) && curl https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis-secret.yaml | yq e '.data.signingKey = strenv(SIGN_KEY)' | kubectl apply -f -"
- "export SIGN_KEY=$(openssl rand 16 | hexdump -v -e '/1 \"%02x\"' | base64) && curl https://raw.githubusercontent.com/ratify-project/ratify/main/test/testdata/dapr/dapr-redis-secret.yaml | yq e '.data.signingKey = strenv(SIGN_KEY)' | kubectl apply -f -"
- events: ["presync"]
showlogs: true
command: "kubectl"
args:
- "apply"
- "-f"
- "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis.yaml"
- "https://raw.githubusercontent.com/ratify-project/ratify/main/test/testdata/dapr/dapr-redis.yaml"
- "-n"
- "gatekeeper-system"
- events: ["presync"]
Expand All @@ -85,7 +85,7 @@ releases:
args:
- "delete"
- "-f"
- "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis-secret.yaml"
- "https://raw.githubusercontent.com/ratify-project/ratify/main/test/testdata/dapr/dapr-redis-secret.yaml"
- "-n"
- "gatekeeper-system"
- "--ignore-not-found=true"
Expand All @@ -95,7 +95,7 @@ releases:
args:
- "delete"
- "-f"
- "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis.yaml"
- "https://raw.githubusercontent.com/ratify-project/ratify/main/test/testdata/dapr/dapr-redis.yaml"
- "-n"
- "gatekeeper-system"
- "--ignore-not-found=true"
Expand Down Expand Up @@ -146,7 +146,7 @@ releases:
- name: logger.level
value: debug
- name: notationCerts[0]
value: {{ exec "curl" (list "-sSL" "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/notation.crt") | quote }}
value: {{ exec "curl" (list "-sSL" "https://raw.githubusercontent.com/ratify-project/ratify/main/test/testdata/notation.crt") | quote }}
- name: replicaCount
value: 2
- name: provider.cache.type
Expand Down
2 changes: 1 addition & 1 deletion httpserver/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

FROM --platform=$BUILDPLATFORM golang:1.21@sha256:16438a8e66c0c984f732e815ee5b7d715b8e33e81bac6d6a3750b1067744e7ca as builder
FROM --platform=$BUILDPLATFORM golang:1.21@sha256:a8edec58ba598e2f1259f4ec4ca1b06358468214225e73d7c841ab0980c12367 as builder

ARG TARGETPLATFORM
ARG TARGETOS
Expand Down
6 changes: 6 additions & 0 deletions scripts/azure-ci-test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,12 @@ save_logs() {
cleanup() {
save_logs || true

echo "Delete key vault"
az keyvault delete --name "${KEYVAULT_NAME}" --resource-group "${GROUP_NAME}" || true

echo "Purge key vault"
az keyvault purge --name "${KEYVAULT_NAME}" --no-wait || true

echo "Deleting group"
az group delete --name "${GROUP_NAME}" --yes --no-wait || true
}
Expand Down
22 changes: 11 additions & 11 deletions test/bats/azure-test.bats
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ SLEEP_TIME=1

# enable dynamic plugins
helm upgrade --atomic --namespace gatekeeper-system --reuse-values --set featureFlags.RATIFY_EXPERIMENTAL_DYNAMIC_PLUGINS=true ratify ./charts/ratify
sleep 5
sleep 30
latestpod=$(kubectl -n gatekeeper-system get pod -l=app.kubernetes.io/name=ratify --sort-by=.metadata.creationTimestamp -o=name | tail -n 1)

run kubectl apply -f ./config/samples/clustered/verifier/config_v1beta1_verifier_dynamic.yaml
Expand Down Expand Up @@ -60,7 +60,7 @@ SLEEP_TIME=1
assert_success

# verify that the image can be run with a root cert, root verification cert should have been configured on deployment
run kubectl run demo-leaf --namespace default --image=${TEST_REGISTRY}/notation:leafSigned
wait_for_process 20 10 'kubectl run demo-leaf --namespace default --image=${TEST_REGISTRY}/notation:leafSigned'
assert_success

# add the leaf certificate as an inline certificate store
Expand Down Expand Up @@ -93,7 +93,7 @@ SLEEP_TIME=1
run kubectl apply -f ./library/multi-tenancy-validation/samples/constraint.yaml
assert_success
sleep 5
run kubectl run demo --namespace default --image=${TEST_REGISTRY}/notation:signed
wait_for_process 20 10 'kubectl run demo --namespace default --image=${TEST_REGISTRY}/notation:signed'
assert_success
run kubectl run demo1 --namespace default --image=${TEST_REGISTRY}/notation:unsigned
assert_failure
Expand All @@ -116,7 +116,7 @@ SLEEP_TIME=1
assert_success
sleep 5

run kubectl run cosign-demo --namespace default --image=${TEST_REGISTRY}/cosign:signed-key
wait_for_process 20 10 'kubectl run cosign-demo --namespace default --image=${TEST_REGISTRY}/cosign:signed-key'
assert_success
run kubectl run cosign-demo2 --namespace default --image=${TEST_REGISTRY}/cosign:unsigned
assert_failure
Expand Down Expand Up @@ -145,7 +145,7 @@ SLEEP_TIME=1
run kubectl apply -f ./config/samples/clustered/verifier/config_v1beta1_verifier_complete_licensechecker.yaml
# wait for the httpserver cache to be invalidated
sleep 15
run kubectl run license-checker2 --namespace default --image=${TEST_REGISTRY}/licensechecker:v0
wait_for_process 20 10 'kubectl run license-checker2 --namespace default --image=${TEST_REGISTRY}/licensechecker:v0'
assert_success
}

Expand All @@ -165,7 +165,7 @@ SLEEP_TIME=1

run kubectl apply -f ./config/samples/clustered/verifier/config_v1beta1_verifier_sbom.yaml
sleep 5
run kubectl run sbom --namespace default --image=${TEST_REGISTRY}/sbom:v0
wait_for_process 20 10 'kubectl run sbom --namespace default --image=${TEST_REGISTRY}/sbom:v0'
assert_success

run kubectl delete verifiers.config.ratify.deislabs.io/verifier-sbom
Expand Down Expand Up @@ -196,7 +196,7 @@ SLEEP_TIME=1
run kubectl apply -f ./config/samples/clustered/verifier/config_v1beta1_verifier_schemavalidator.yaml
sleep 5

run kubectl run schemavalidator --namespace default --image=${TEST_REGISTRY}/schemavalidator:v0
wait_for_process 20 10 'kubectl run schemavalidator --namespace default --image=${TEST_REGISTRY}/schemavalidator:v0'
assert_success

run kubectl apply -f ./config/samples/clustered/verifier/config_v1beta1_verifier_schemavalidator_bad.yaml
Expand Down Expand Up @@ -230,7 +230,7 @@ SLEEP_TIME=1
run kubectl apply -f ./config/samples/clustered/verifier/config_v1beta1_verifier_schemavalidator.yaml
sleep 5

run kubectl run all-in-one --namespace default --image=${TEST_REGISTRY}/all:v0
wait_for_process 20 10 'kubectl run all-in-one --namespace default --image=${TEST_REGISTRY}/all:v0'
assert_success
}

Expand All @@ -256,7 +256,7 @@ SLEEP_TIME=1

# wait for the httpserver cache to be invalidated
sleep 15
run kubectl run crdtest --namespace default --image=${TEST_REGISTRY}/notation:signed
wait_for_process 20 10 'kubectl run crdtest --namespace default --image=${TEST_REGISTRY}/notation:signed'
assert_success
}

Expand All @@ -268,7 +268,7 @@ SLEEP_TIME=1
run kubectl apply -f ./library/multi-tenancy-validation/samples/constraint.yaml
assert_success
sleep 5
run kubectl run demo2 --image=${TEST_REGISTRY}/notation:signed
wait_for_process 20 10 'kubectl run demo2 --image=${TEST_REGISTRY}/notation:signed'
assert_success

run kubectl get configmaps ratify-configuration --namespace=gatekeeper-system -o yaml >currentConfig.yaml
Expand Down Expand Up @@ -313,7 +313,7 @@ SLEEP_TIME=1
run kubectl apply -f ./library/multi-tenancy-validation/samples/constraint.yaml
assert_success
sleep 5
run kubectl run mutate-demo --namespace default --image=${TEST_REGISTRY}/notation:signed
wait_for_process 20 10 'kubectl run mutate-demo --namespace default --image=${TEST_REGISTRY}/notation:signed'
assert_success
result=$(kubectl get pod mutate-demo --namespace default -o json | jq -r ".spec.containers[0].image" | grep @sha)
assert_mutate_success
Expand Down

0 comments on commit 50b334d

Please sign in to comment.