.github/workflows/admission-verify.yml · cicd-supply-chain-security

25 lines · yaml

name: admission-policy-check
 
on:
  pull_request:
    paths:
      - "policy/**"
  workflow_dispatch:
 
permissions:
  contents: read
 
jobs:
  kyverno-test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
 
      - name: install kyverno cli
        run: |
          curl -sLo kyverno.tar.gz https://github.com/kyverno/kyverno/releases/download/v1.12.5/kyverno-cli_v1.12.5_linux_x86_64.tar.gz
          tar -xzf kyverno.tar.gz kyverno
          sudo install kyverno /usr/local/bin/
 
      - name: validate policy
        run: kyverno apply policy/kyverno-verify-images.yaml --resource policy/test/pods.yaml

1	name: admission-policy-check
2
3	on:
4	pull_request:
5	paths:
6	- "policy/**"
7	workflow_dispatch:
8
9	permissions:
10	contents: read
11
12	jobs:
13	kyverno-test:
14	runs-on: ubuntu-latest
15	steps:
16	- uses: actions/checkout@v4
17
18	- name: install kyverno cli
19	run: \|
20	curl -sLo kyverno.tar.gz https://github.com/kyverno/kyverno/releases/download/v1.12.5/kyverno-cli_v1.12.5_linux_x86_64.tar.gz
21	tar -xzf kyverno.tar.gz kyverno
22	sudo install kyverno /usr/local/bin/
23
24	- name: validate policy
25	run: kyverno apply policy/kyverno-verify-images.yaml --resource policy/test/pods.yaml