helm: add oauth2-proxy wrapper chart #1203
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Pipelines | |
| on: | |
| pull_request: | |
| paths: | |
| - tests/install_KinD_create_KinD_cluster_install_kustomize.sh | |
| - .github/workflows/pipeline_test.yaml | |
| - applications/pipeline/upstream/** | |
| - tests/istio* | |
| - tests/multi_tenancy_install.sh | |
| - tests/profile_controller_install.sh | |
| - applications/dashboard/upstream/profile-controller/** | |
| - tests/oauth2-proxy_install.sh | |
| - common/cert-manager/** | |
| - common/oauth2-proxy/** | |
| - common/istio*/** | |
| - tests/pipeline_v1_test.py | |
| - tests/pipeline_v2_test.py | |
| - experimental/security/PSS/* | |
| permissions: | |
| contents: read | |
| actions: read | |
| env: | |
| KF_PROFILE: kubeflow-user-example-com | |
| jobs: | |
| pipeline_test: | |
| timeout-minutes: 15 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Install KinD, Create KinD cluster and Install kustomize | |
| run: ./tests/install_KinD_create_KinD_cluster_install_kustomize.sh | |
| - name: Create kubeflow namespace | |
| run: kustomize build common/kubeflow-namespace/base | kubectl apply -f - | |
| - name: Install Istio | |
| run: ./tests/istio-cni_install.sh | |
| - name: Install oauth2-proxy | |
| run: ./tests/oauth2-proxy_install.sh | |
| - name: Install cert-manager | |
| run: ./tests/cert_manager_install.sh | |
| - name: Install Kubeflow Istio Resources | |
| run: kustomize build common/istio/kubeflow-istio-resources/base | kubectl apply -f - | |
| - name: Install Profile Controller | |
| run: ./tests/profile_controller_install.sh | |
| - name: Install Multi-Tenancy | |
| run: ./tests/multi_tenancy_install.sh | |
| - name: Install KF Pipelines | |
| run: ./tests/pipelines_install.sh | |
| - name: Create KF Profile | |
| run: ./tests/kubeflow_profile_install.sh | |
| - name: Verify Pipeline Integration | |
| run: | | |
| if ! kubectl get secret mlpipeline-minio-artifact -n $KF_PROFILE > /dev/null 2>&1; then | |
| echo "Error: Secret mlpipeline-minio-artifact not found in namespace $KF_PROFILE" | |
| exit 1 | |
| fi | |
| kubectl get secret mlpipeline-minio-artifact -n "$KF_PROFILE" -o json | jq -r '.data | keys[] as $k | "\($k): \(. | .[$k] | @base64d)"' | tr '\n' ' ' | |
| - name: Wait for All Pods to be Ready | |
| run: kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout 60s --field-selector=status.phase!=Succeeded | |
| - name: Port forward | |
| run: ./tests/port_forward_gateway.sh | |
| - name: Install lib2to3 for KFP V1 SDK with Python3.12 (lib2to3 has been removed from python 3.12) | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y python3-lib2to3 | |
| - name: V1 Pipeline Test | |
| run: | | |
| pip3 install "kfp>=1.8.24,<2.0.0" | |
| TOKEN="$(kubectl -n $KF_PROFILE create token default-editor)" | |
| python3 tests/pipeline_v1_test.py "${TOKEN}" "${KF_PROFILE}" | |
| - name: V2 Pipeline Test | |
| run: | | |
| pip3 install "kfp>=2.16.1" kfp-kubernetes | |
| TOKEN="$(kubectl -n $KF_PROFILE create token default-editor)" | |
| python3 tests/pipeline_v2_test.py run_pipeline "${TOKEN}" "${KF_PROFILE}" | |
| - name: Test unauthorized access | |
| run: | | |
| TOKEN="$(kubectl -n default create token default)" | |
| python3 tests/pipeline_v2_test.py test_unauthorized_access "${TOKEN}" "${KF_PROFILE}" | |
| echo "Test succeeded. Token from unauthorized ServiceAccount cannot list pipelines in $KF_PROFILE namespace." | |
| - name: Test SeaweedFS Namespace Isolation | |
| run: ./tests/swfs_namespace_isolation_test.sh | |
| - name: Apply Pod Security Standards restricted levels | |
| run: ./tests/PSS_enable.sh |