fix: Add allowPrivilegeEscalation to Lumos (#484) #158
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Lint and Test Falcon Sidecar Sensor | |
| on: | |
| push: | |
| paths: | |
| - 'helm-charts/falcon-sensor/**' | |
| - '.github/workflows/helm-sidecar-sensor.yaml' | |
| pull_request_target: | |
| types: [ labeled ] | |
| paths: | |
| - 'helm-charts/falcon-sensor/**' | |
| - '.github/workflows/helm-sidecar-sensor.yaml' | |
| permissions: # added using https://github.com/step-security/secure-repo | |
| contents: read | |
| jobs: | |
| sidecar-sensor-test: | |
| if: | | |
| github.event_name == 'push' || | |
| (github.event_name == 'pull_request_target' && | |
| github.event.label.name == 'ok-to-test') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| fetch-depth: 0 | |
| if: github.event_name != 'pull_request_target' | |
| - name: Checkout | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| ref: ${{github.event.pull_request.head.sha}} | |
| fetch-depth: 0 | |
| if: github.event_name == 'pull_request_target' | |
| - name: Set up Helm | |
| uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 | |
| with: | |
| version: v3.8.1 | |
| - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 #v5.6.0 | |
| with: | |
| python-version: '3.9' | |
| check-latest: true | |
| - name: Set up chart-testing | |
| uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 #v2.6.1 | |
| - name: Run chart-testing (lint) | |
| run: ct lint --config tests/ct.yaml --check-version-increment=false | |
| - name: Configure Sidecar Chart values | |
| run: | | |
| rm -f helm-charts/falcon-sensor/ci/cid-values.yaml | |
| cp tests/sidecar-values.yaml helm-charts/falcon-sensor/ci/sidecar-values.yaml | |
| - name: Create kind cluster | |
| uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde #v1.10.0 | |
| - name: Run chart-testing (install) using Sidecar sensor | |
| run: ct install --config tests/ct.yaml --helm-extra-set-args "--set container.image.tag=${{ secrets.FALCON_SIDECAR_TAG }} --set container.image.pullSecrets.registryConfigJSON=${{ secrets.FALCON_REGISTRY_TOKEN }} --set falcon.cid=${{ secrets.FALCON_CID }}" |