From 9dbd47ca20773dcadab886692685b774c4a2a5f8 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 22 Jun 2020 11:20:34 +0200 Subject: [PATCH 01/15] [#22] Move http-webhook into demo-apps --- {scanner => demo-apps}/http-webhook/.helmignore | 0 {scanner => demo-apps}/http-webhook/Chart.yaml | 0 {scanner => demo-apps}/http-webhook/templates/NOTES.txt | 0 {scanner => demo-apps}/http-webhook/templates/_helpers.tpl | 0 {scanner => demo-apps}/http-webhook/templates/deployment.yaml | 0 {scanner => demo-apps}/http-webhook/templates/hpa.yaml | 0 {scanner => demo-apps}/http-webhook/templates/ingress.yaml | 0 {scanner => demo-apps}/http-webhook/templates/service.yaml | 0 {scanner => demo-apps}/http-webhook/templates/serviceaccount.yaml | 0 .../http-webhook/templates/tests/test-connection.yaml | 0 {scanner => demo-apps}/http-webhook/values.yaml | 0 11 files changed, 0 insertions(+), 0 deletions(-) rename {scanner => demo-apps}/http-webhook/.helmignore (100%) rename {scanner => demo-apps}/http-webhook/Chart.yaml (100%) rename {scanner => demo-apps}/http-webhook/templates/NOTES.txt (100%) rename {scanner => demo-apps}/http-webhook/templates/_helpers.tpl (100%) rename {scanner => demo-apps}/http-webhook/templates/deployment.yaml (100%) rename {scanner => demo-apps}/http-webhook/templates/hpa.yaml (100%) rename {scanner => demo-apps}/http-webhook/templates/ingress.yaml (100%) rename {scanner => demo-apps}/http-webhook/templates/service.yaml (100%) rename {scanner => demo-apps}/http-webhook/templates/serviceaccount.yaml (100%) rename {scanner => demo-apps}/http-webhook/templates/tests/test-connection.yaml (100%) rename {scanner => demo-apps}/http-webhook/values.yaml (100%) diff --git a/scanner/http-webhook/.helmignore b/demo-apps/http-webhook/.helmignore similarity index 100% rename from scanner/http-webhook/.helmignore rename to demo-apps/http-webhook/.helmignore diff --git a/scanner/http-webhook/Chart.yaml b/demo-apps/http-webhook/Chart.yaml similarity index 100% rename from scanner/http-webhook/Chart.yaml rename to demo-apps/http-webhook/Chart.yaml diff --git a/scanner/http-webhook/templates/NOTES.txt b/demo-apps/http-webhook/templates/NOTES.txt similarity index 100% rename from scanner/http-webhook/templates/NOTES.txt rename to demo-apps/http-webhook/templates/NOTES.txt diff --git a/scanner/http-webhook/templates/_helpers.tpl b/demo-apps/http-webhook/templates/_helpers.tpl similarity index 100% rename from scanner/http-webhook/templates/_helpers.tpl rename to demo-apps/http-webhook/templates/_helpers.tpl diff --git a/scanner/http-webhook/templates/deployment.yaml b/demo-apps/http-webhook/templates/deployment.yaml similarity index 100% rename from scanner/http-webhook/templates/deployment.yaml rename to demo-apps/http-webhook/templates/deployment.yaml diff --git a/scanner/http-webhook/templates/hpa.yaml b/demo-apps/http-webhook/templates/hpa.yaml similarity index 100% rename from scanner/http-webhook/templates/hpa.yaml rename to demo-apps/http-webhook/templates/hpa.yaml diff --git a/scanner/http-webhook/templates/ingress.yaml b/demo-apps/http-webhook/templates/ingress.yaml similarity index 100% rename from scanner/http-webhook/templates/ingress.yaml rename to demo-apps/http-webhook/templates/ingress.yaml diff --git a/scanner/http-webhook/templates/service.yaml b/demo-apps/http-webhook/templates/service.yaml similarity index 100% rename from scanner/http-webhook/templates/service.yaml rename to demo-apps/http-webhook/templates/service.yaml diff --git a/scanner/http-webhook/templates/serviceaccount.yaml b/demo-apps/http-webhook/templates/serviceaccount.yaml similarity index 100% rename from scanner/http-webhook/templates/serviceaccount.yaml rename to demo-apps/http-webhook/templates/serviceaccount.yaml diff --git a/scanner/http-webhook/templates/tests/test-connection.yaml b/demo-apps/http-webhook/templates/tests/test-connection.yaml similarity index 100% rename from scanner/http-webhook/templates/tests/test-connection.yaml rename to demo-apps/http-webhook/templates/tests/test-connection.yaml diff --git a/scanner/http-webhook/values.yaml b/demo-apps/http-webhook/values.yaml similarity index 100% rename from scanner/http-webhook/values.yaml rename to demo-apps/http-webhook/values.yaml From 3aa151797e8aaa3deeb15a4103fcc8de8e0784f4 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 22 Jun 2020 12:53:00 +0200 Subject: [PATCH 02/15] [#22] Include integration tests for read-only-hooks To ensure that read-only-hooks are executed I implemented a basic integrationtest using test-scan, generic-webhook, and http-webhook. The test checks whether the logs of http-webhook contain a request. --- .github/workflows/ci.yaml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index a57e382d..84afb5bf 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -341,7 +341,7 @@ jobs: run: | cd tests/integration/ npx jest --ci --color no-scan-definition-error - - name: "Hooks Integration Tests" + - name: "Hooks (Read-Write) Integration Tests" run: | helm -n integration-tests install update-category ./hooks/update-field/ \ --set="image.tag=sha-$(git rev-parse --short HEAD)" \ @@ -355,6 +355,16 @@ jobs: cd tests/integration/ npx jest --ci --color read-write-hook helm -n integration-tests uninstall test-scan update-category update-severity + - name: "Hooks (Read-Only) Integration Tests" + run: | + helm -n integration-tests install test-scan ./scanner/test-scan/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" + helm -n integration-tests install http-webhook ./demo-apps/http-webhook + WEB_HOOK_IP=$(kubectl get -n integration-tests service/http-webhook -o jsonpath='{.spec.clusterIP}') + helm -n integration-test install read-only-hook ./hooks/generic-webhook/ --set="webhookUrl=http://$WEB_HOOK_IP/hallo-welt" + cd tests/integration/ + npx jest --ci --color read-write-hook + helm -n integration-tests uninstall test-scan update-category update-severity + - name: "nmap Integration Tests" run: | helm -n integration-tests install nmap ./scanner/nmap/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" From 3bc58e910d8587dcd0b02a869b407f44187bc695 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 22 Jun 2020 13:22:35 +0200 Subject: [PATCH 03/15] [#22] Fix YAML syntax Removed unnecessary whitespaces. Fixed indentation --- .github/workflows/ci.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 84afb5bf..ee85c6f6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -316,7 +316,7 @@ jobs: # Operator Namespace kubectl create namespace securecodebox-system - # Install Operator using the images of the current commit + # Install Operator using the images of the current commit helm -n securecodebox-system install securecodebox-operator ./operator/ --wait \ --set="image.tag=sha-$(git rev-parse --short HEAD)" \ --set="image.digest=null" \ @@ -334,7 +334,7 @@ jobs: run: "kubectl create namespace demo-apps" - name: "Install Test Dependencies" run: | - cd tests/integration/ + cd tests/integration/ npm ci # This steps should include Integration tests which are not related to a Specific Scanner - name: "Throws NoScanDefiniton Error Integration Tests" @@ -360,7 +360,7 @@ jobs: helm -n integration-tests install test-scan ./scanner/test-scan/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" helm -n integration-tests install http-webhook ./demo-apps/http-webhook WEB_HOOK_IP=$(kubectl get -n integration-tests service/http-webhook -o jsonpath='{.spec.clusterIP}') - helm -n integration-test install read-only-hook ./hooks/generic-webhook/ --set="webhookUrl=http://$WEB_HOOK_IP/hallo-welt" + helm -n integration-test install read-only-hook ./hooks/generic-webhook/ --set="webhookUrl=http://$WEB_HOOK_IP/hallo-welt" cd tests/integration/ npx jest --ci --color read-write-hook helm -n integration-tests uninstall test-scan update-category update-severity From 0df9ec452a5b5d200a42e92f267f8d85c8244c91 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 22 Jun 2020 13:36:26 +0200 Subject: [PATCH 04/15] [#22] Fix namespace for helm chart --- .github/workflows/ci.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ee85c6f6..5eb99ac6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -360,11 +360,10 @@ jobs: helm -n integration-tests install test-scan ./scanner/test-scan/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" helm -n integration-tests install http-webhook ./demo-apps/http-webhook WEB_HOOK_IP=$(kubectl get -n integration-tests service/http-webhook -o jsonpath='{.spec.clusterIP}') - helm -n integration-test install read-only-hook ./hooks/generic-webhook/ --set="webhookUrl=http://$WEB_HOOK_IP/hallo-welt" + helm -n integration-tests install read-only-hook ./hooks/generic-webhook/ --set="webhookUrl=http://$WEB_HOOK_IP/hallo-welt" cd tests/integration/ npx jest --ci --color read-write-hook - helm -n integration-tests uninstall test-scan update-category update-severity - + helm -n integration-tests uninstall test-scan http-webhook read-only-hook - name: "nmap Integration Tests" run: | helm -n integration-tests install nmap ./scanner/nmap/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" From b6f6d5e08eca4b27e262df60e60e9d015895544c Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 22 Jun 2020 14:20:38 +0200 Subject: [PATCH 05/15] [#22] Rename Test for read-only-hooks --- tests/integration/generic/read-only-hook.test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/generic/read-only-hook.test.js b/tests/integration/generic/read-only-hook.test.js index d71c3d64..5950cd19 100644 --- a/tests/integration/generic/read-only-hook.test.js +++ b/tests/integration/generic/read-only-hook.test.js @@ -2,7 +2,7 @@ const { scan } = require("../helpers"); const k8s = require('@kubernetes/client-node'); test( - "localhost port scan should only find a host finding", + "should trigger a webhook", async () => { await scan( "test-scan-read-only-hook", From 5b98dfd65b744683d40cf8e3748e32be3f7be27a Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 22 Jun 2020 14:26:04 +0200 Subject: [PATCH 06/15] [#22] Rename Test hook --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 5eb99ac6..44dd8d08 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -360,7 +360,7 @@ jobs: helm -n integration-tests install test-scan ./scanner/test-scan/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" helm -n integration-tests install http-webhook ./demo-apps/http-webhook WEB_HOOK_IP=$(kubectl get -n integration-tests service/http-webhook -o jsonpath='{.spec.clusterIP}') - helm -n integration-tests install read-only-hook ./hooks/generic-webhook/ --set="webhookUrl=http://$WEB_HOOK_IP/hallo-welt" + helm -n integration-tests install ro-hook ./hooks/generic-webhook/ --set="webhookUrl=http://$WEB_HOOK_IP/hallo-welt" cd tests/integration/ npx jest --ci --color read-write-hook helm -n integration-tests uninstall test-scan http-webhook read-only-hook From 295161259acd8980d46d3c911facc10898c88469 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 22 Jun 2020 14:35:38 +0200 Subject: [PATCH 07/15] [#22] Ensure that the right test is invoked for ro-hooks --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 44dd8d08..50029c9f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -362,7 +362,7 @@ jobs: WEB_HOOK_IP=$(kubectl get -n integration-tests service/http-webhook -o jsonpath='{.spec.clusterIP}') helm -n integration-tests install ro-hook ./hooks/generic-webhook/ --set="webhookUrl=http://$WEB_HOOK_IP/hallo-welt" cd tests/integration/ - npx jest --ci --color read-write-hook + npx jest --ci --color read-only-hook helm -n integration-tests uninstall test-scan http-webhook read-only-hook - name: "nmap Integration Tests" run: | From e635bae605c74dfcfae83e000b77ee6661ac3b2c Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Wed, 24 Jun 2020 09:13:09 +0200 Subject: [PATCH 08/15] [#22] Shorten Name for Test Scan --- tests/integration/generic/read-only-hook.test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/generic/read-only-hook.test.js b/tests/integration/generic/read-only-hook.test.js index 5950cd19..b5a32bdd 100644 --- a/tests/integration/generic/read-only-hook.test.js +++ b/tests/integration/generic/read-only-hook.test.js @@ -5,7 +5,7 @@ test( "should trigger a webhook", async () => { await scan( - "test-scan-read-only-hook", + "ro-hook-test", "test-scan", [], 90 From b43a322bd5f26ba50dd43f192f6aad4f14b87d70 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Wed, 24 Jun 2020 09:55:17 +0200 Subject: [PATCH 09/15] [#22] Add Timeout I added a timeout to ensure that the logs of the http-webhook service have already been created --- tests/integration/generic/read-only-hook.test.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/integration/generic/read-only-hook.test.js b/tests/integration/generic/read-only-hook.test.js index b5a32bdd..25ff61f5 100644 --- a/tests/integration/generic/read-only-hook.test.js +++ b/tests/integration/generic/read-only-hook.test.js @@ -5,12 +5,15 @@ test( "should trigger a webhook", async () => { await scan( - "ro-hook-test", + "test-scan-read-only-hook", "test-scan", [], 90 ); + // This is necessary to ensure that the HTTP-Server already logged the Request + await new Promise(resolve => setTimeout(resolve, 5000)); + const webhook = "http-webhook"; const namespace = "integration-tests"; From 134d8a72506ccd6db37a5440f896f6c6db092cb9 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Wed, 24 Jun 2020 10:13:18 +0200 Subject: [PATCH 10/15] [#22] Fix wrong deployment name for uninstalling --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 50029c9f..f9dc7f36 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -363,7 +363,7 @@ jobs: helm -n integration-tests install ro-hook ./hooks/generic-webhook/ --set="webhookUrl=http://$WEB_HOOK_IP/hallo-welt" cd tests/integration/ npx jest --ci --color read-only-hook - helm -n integration-tests uninstall test-scan http-webhook read-only-hook + helm -n integration-tests uninstall test-scan http-webhook ro-hook - name: "nmap Integration Tests" run: | helm -n integration-tests install nmap ./scanner/nmap/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" From 04caaa64568b8fd0e2d8ae0e87960487cc6ca0bc Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 29 Jun 2020 11:22:16 +0200 Subject: [PATCH 11/15] [#22] Use cluster DNS to resolve IP for RO-Hooks --- .github/workflows/ci.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index f9dc7f36..3b21b56c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -359,8 +359,7 @@ jobs: run: | helm -n integration-tests install test-scan ./scanner/test-scan/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" helm -n integration-tests install http-webhook ./demo-apps/http-webhook - WEB_HOOK_IP=$(kubectl get -n integration-tests service/http-webhook -o jsonpath='{.spec.clusterIP}') - helm -n integration-tests install ro-hook ./hooks/generic-webhook/ --set="webhookUrl=http://$WEB_HOOK_IP/hallo-welt" + helm -n integration-tests install ro-hook ./hooks/generic-webhook/ --set="webhookUrl=http://http-webhook/hallo-welt" cd tests/integration/ npx jest --ci --color read-only-hook helm -n integration-tests uninstall test-scan http-webhook ro-hook From 18b31bc9004d1ef413bcde30f68582b08eaf0a7b Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Wed, 8 Jul 2020 09:44:58 +0200 Subject: [PATCH 12/15] [#22] Implement function to retry tests. --- .../generic/read-only-hook.test.js | 47 +++++++++++++++---- 1 file changed, 37 insertions(+), 10 deletions(-) diff --git a/tests/integration/generic/read-only-hook.test.js b/tests/integration/generic/read-only-hook.test.js index 25ff61f5..f21abe9c 100644 --- a/tests/integration/generic/read-only-hook.test.js +++ b/tests/integration/generic/read-only-hook.test.js @@ -11,11 +11,8 @@ test( 90 ); - // This is necessary to ensure that the HTTP-Server already logged the Request - await new Promise(resolve => setTimeout(resolve, 5000)); - - const webhook = "http-webhook"; - const namespace = "integration-tests"; + const WEBHOOK = "http-webhook"; + const NAMESPACE = "integration-tests"; const kc = new k8s.KubeConfig(); kc.loadFromDefault(); @@ -23,19 +20,49 @@ test( const k8sApi = kc.makeApiClient(k8s.CoreV1Api); function containsPod(item) { - return item.metadata.name.includes(webhook) + return item.metadata.name.includes(WEBHOOK) } let podName; - await k8sApi.listNamespacedPod(namespace, 'true').then((res) => { + await k8sApi.listNamespacedPod(NAMESPACE, 'true').then((res) => { let podArray = res.body.items.filter(containsPod); podName = podArray.pop().metadata.name; }); - const containerName = webhook; + const containerName = WEBHOOK; + + let params = { + k8sApi: k8sApi, + podName: podName, + namespace: NAMESPACE, + containerName: containerName + } + const result = await delayedRepeat(isHookTriggered, params, 1000, 10); - let containerLog = await k8sApi.readNamespacedPodLog(podName, namespace, containerName, false); - expect(containerLog.body.includes("path: '/hallo-welt'")).toBe(true); + expect(result).toBe(true) }, 3 * 60 * 1000 ); + +async function isHookTriggered(params) { + console.log("Fetch Container Logs...") + let containerLog = await params.k8sApi.readNamespacedPodLog(params.podName, params.namespace, params.containerName, false); + return containerLog.body.includes("/hallo-welt"); +} + + +const sleep = durationInMs => + new Promise(resolve => setTimeout(resolve, durationInMs)); + +async function delayedRepeat(fun, functionParamObject, intervalInMs, maxRetries,) { + for (let i = 0; i < maxRetries; i++){ + const condition = await fun(functionParamObject); + if(condition){ + return condition; + } + + await sleep(intervalInMs); + } + + throw new Error("Reached max retries") +} From ec192fb8c08cc5cdf6d1e627bab7b7330d700ee2 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Wed, 8 Jul 2020 09:46:40 +0200 Subject: [PATCH 13/15] Remove healthchecks for demo webhook --- demo-apps/http-webhook/templates/deployment.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/demo-apps/http-webhook/templates/deployment.yaml b/demo-apps/http-webhook/templates/deployment.yaml index ebfbd8e5..1af82e95 100644 --- a/demo-apps/http-webhook/templates/deployment.yaml +++ b/demo-apps/http-webhook/templates/deployment.yaml @@ -37,14 +37,6 @@ spec: - name: http containerPort: 80 protocol: TCP - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} From 68780ac53823406e5a6c877e57cab7386ab83e79 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Wed, 8 Jul 2020 09:51:15 +0200 Subject: [PATCH 14/15] Minor refactoring --- tests/integration/generic/read-only-hook.test.js | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/tests/integration/generic/read-only-hook.test.js b/tests/integration/generic/read-only-hook.test.js index f21abe9c..a2aa3e60 100644 --- a/tests/integration/generic/read-only-hook.test.js +++ b/tests/integration/generic/read-only-hook.test.js @@ -25,17 +25,21 @@ test( let podName; await k8sApi.listNamespacedPod(NAMESPACE, 'true').then((res) => { - let podArray = res.body.items.filter(containsPod); - podName = podArray.pop().metadata.name; + let podArray = res.body.items.filter((containsPod)); + if (podArray.length === 0) { + throw new Error(`Did not find Pod for "${WEBHOOK}" Hook`); + } + + podName = podArray[0].metadata.name; }); const containerName = WEBHOOK; - let params = { - k8sApi: k8sApi, - podName: podName, + const params = { + k8sApi, + podName, namespace: NAMESPACE, - containerName: containerName + containerName } const result = await delayedRepeat(isHookTriggered, params, 1000, 10); From 8eb320943921a15995ef5619ecea1c7595ad447b Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Wed, 8 Jul 2020 09:56:46 +0200 Subject: [PATCH 15/15] [#22] Fix wording for Hook integration tests To comply with ADR-0001 I changed the test names for Hooks. --- .github/workflows/ci.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3b21b56c..ec46a76f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -341,7 +341,7 @@ jobs: run: | cd tests/integration/ npx jest --ci --color no-scan-definition-error - - name: "Hooks (Read-Write) Integration Tests" + - name: "Hooks (ReadAndWrite) Integration Tests" run: | helm -n integration-tests install update-category ./hooks/update-field/ \ --set="image.tag=sha-$(git rev-parse --short HEAD)" \ @@ -355,7 +355,7 @@ jobs: cd tests/integration/ npx jest --ci --color read-write-hook helm -n integration-tests uninstall test-scan update-category update-severity - - name: "Hooks (Read-Only) Integration Tests" + - name: "Hooks (ReadOnly) Integration Tests" run: | helm -n integration-tests install test-scan ./scanner/test-scan/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" helm -n integration-tests install http-webhook ./demo-apps/http-webhook