Refactor .github/workflows/pss_test.yaml (kubeflow#2845)

* Added pipelines to PSS test and fixed typo Signed-off-by: biswajit-9776 <[email protected]> * Added dynamic namespaces to PSS test Signed-off-by: biswajit-9776 <[email protected]> --------- Signed-off-by: biswajit-9776 <[email protected]>
hansinikarunarathne · Aug 26, 2024 · 37a86f9 · 37a86f9
1 parent a16b606
commit 37a86f9
Showing 1 changed file with 19 additions and 1 deletion.
diff --git a/.github/workflows/pss_test.yaml b/.github/workflows/pss_test.yaml
@@ -5,9 +5,10 @@ on:
     - .github/workflows/*
     - tests/gh-actions/kind-cluster.yaml
     - apps/profiles/upstream/**
+    - apps/pipeline/upstream/**
     - common/dex/**
     - common/cert-manager/**
-    - common/oidc-client/oauth2-proxy/**
+    - common/oauth2-proxy/**
     - common/istio*/**
     - tests/gh-actions/install_istio_with_ext_auth.sh
     - tests/gh-actions/install_multitenancy.sh
@@ -45,9 +46,26 @@ jobs:
         echo "Waiting for pods in auth namespace to become ready..."
         kubectl wait --for=condition=Ready pods --all --timeout=180s -n auth
 
+    - name: Install KF Pipelines
+      run: ./tests/gh-actions/install_pipelines.sh
+
     - name: Applying Pod Security Standards baseline levels for static namespaces
       run: ./tests/gh-actions/enable_baseline_PSS.sh
 
+    - name: Applying Pod Security Standards baseline levels for dynamic namespaces
+      run: |
+        cat << EOF > ./kustomization.yaml
+        apiVersion: kustomize.config.k8s.io/v1beta1
+        kind: Kustomization
+        resources:
+        - apps/profiles/upstream/overlays/kubeflow
+        components:
+        - contrib/security/PSS/dynamic/baseline
+        EOF
+        kubectl apply -k .
+        rm ./kustomization.yaml
+        kubectl -n kubeflow wait --for=condition=Ready pods -l kustomize.component=profiles --timeout 180s
+
     - name: Unapplying applied baseline values
       run: |
         NAMESPACES=("istio-system" "auth" "cert-manager" "oauth2-proxy" "kubeflow")