Fix(hardening)| Download policy-template zip #1529
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci-test | |
on: | |
push: | |
branches: | |
- '**' # matches every branch | |
pull_request: | |
branches: | |
- '**' # matches every branch | |
jobs: | |
unit-test: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Source | |
uses: actions/checkout@v2 | |
- uses: actions/setup-go@v2 | |
with: | |
go-version: v1.20 | |
- name: Unit Test | |
run: ./tests/test-go-unit.sh | |
system-test: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Source | |
uses: actions/checkout@v2 | |
- uses: actions/setup-go@v2 | |
with: | |
go-version: v1.20 | |
- name: Setup Env | |
run: | | |
# install kernel-headers | |
sudo apt-get update | |
sudo apt-get install -y linux-headers-$(uname -r) | |
# install kubeadm | |
sudo apt-get update | |
sudo apt-get install -y apt-transport-https curl | |
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - | |
sudo touch /etc/apt/sources.list.d/kubernetes.list | |
echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list | |
sudo apt-get update | |
sudo apt-get install -y kubelet=1.21.3-00 kubeadm=1.21.3-00 kubectl=1.21.3-00 | |
sudo apt-mark hold kubelet kubeadm kubectl | |
# install apparmor and auditd | |
sudo apt-get install -y apparmor apparmor-utils auditd | |
sudo systemctl start apparmor; sudo systemctl start auditd | |
# turn off swap | |
sudo swapoff -a | |
# initialize kubernetes | |
sudo kubeadm init --pod-network-cidr=10.244.0.0/16 | tee -a ~/k8s_init.log | |
# copy k8s config | |
mkdir -p $HOME/.kube | |
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config | |
sudo chown $USER:$USER $HOME/.kube/config | |
export KUBECONFIG=$HOME/.kube/config | |
echo "export KUBECONFIG=$HOME/.kube/config" | tee -a ~/.bashrc | |
# install flannel | |
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.13.0/Documentation/kube-flannel.yml | |
# disable master isolation | |
kubectl taint nodes --all node-role.kubernetes.io/master- | |
# Install grpcurl | |
go install github.com/fullstorydev/grpcurl/cmd/grpcurl@latest | |
- name: Run Test Script | |
run: ./tests/test-scenarios-local.sh |