From 2ff0a8d751513f75f3660c4a4182aa47cac290fd Mon Sep 17 00:00:00 2001 From: entlein Date: Fri, 30 Jan 2026 20:32:48 +0100 Subject: [PATCH 01/10] testing if nodeagent ci runs against fork Signed-off-by: entlein --- .github/workflows/bypass.yaml | 2 +- .github/workflows/component-tests.yaml | 17 +++++++++++------ .github/workflows/incluster-comp-pr-merged.yaml | 16 ++++++++-------- .github/workflows/pr-merged.yaml | 2 +- 4 files changed, 21 insertions(+), 16 deletions(-) diff --git a/.github/workflows/bypass.yaml b/.github/workflows/bypass.yaml index 49b38b42c5..be81f0260b 100644 --- a/.github/workflows/bypass.yaml +++ b/.github/workflows/bypass.yaml @@ -20,7 +20,7 @@ jobs: needs: reset-run-number uses: ./.github/workflows/incluster-comp-pr-merged.yaml with: - IMAGE_NAME: quay.io/${{ github.repository_owner }}/node-agent + IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/node-agent IMAGE_TAG: v0.2.${{ needs.reset-run-number.outputs.run-number }} COMPONENT_NAME: nodeAgent CGO_ENABLED: 0 diff --git a/.github/workflows/component-tests.yaml b/.github/workflows/component-tests.yaml index e1dfeea907..03335887dd 100644 --- a/.github/workflows/component-tests.yaml +++ b/.github/workflows/component-tests.yaml @@ -10,15 +10,20 @@ concurrency: jobs: build-and-push-image: runs-on: ubuntu-latest + permissions: + contents: read + packages: write + id-token: write steps: - name: Checkout code uses: actions/checkout@v4 - - name: Login to Quay.io + - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: - registry: quay.io/kubescape - username: ${{ secrets.QUAYIO_REGISTRY_USERNAME }} - password: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }} + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Install IG run: | sudo apt-get update @@ -33,9 +38,9 @@ jobs: run: | COMMIT_HASH=$(git rev-parse --short HEAD) export IMAGE_TAG=test-${COMMIT_HASH} - export IMAGE_REPO=quay.io/kubescape/node-agent + export IMAGE_REPO=ghcr.io/${{ github.repository_owner }}/node-agent echo "image_repo=${IMAGE_REPO}" >> "$GITHUB_OUTPUT" - export IMAGE_NAME=quay.io/kubescape/node-agent:${IMAGE_TAG} + export IMAGE_NAME=ghcr.io/${{ github.repository_owner }}/node-agent:${IMAGE_TAG} echo "image_tag=${IMAGE_TAG}" >> "$GITHUB_OUTPUT" make docker-build TAG=${IMAGE_TAG} IMAGE=${IMAGE_REPO} && make docker-push TAG=${IMAGE_TAG} IMAGE=${IMAGE_REPO} outputs: diff --git a/.github/workflows/incluster-comp-pr-merged.yaml b/.github/workflows/incluster-comp-pr-merged.yaml index 89a0fa52dc..fe6f59afb8 100644 --- a/.github/workflows/incluster-comp-pr-merged.yaml +++ b/.github/workflows/incluster-comp-pr-merged.yaml @@ -109,12 +109,12 @@ jobs: id: unit-test run: go test -exec sudo -v ./... - - name: Login to Quay + - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: - registry: quay.io - username: ${{ secrets.QUAYIO_REGISTRY_USERNAME }} - password: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }} + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push uses: docker/build-push-action@v6 @@ -349,12 +349,12 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Login to Quay + - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: - registry: quay.io - username: ${{ secrets.QUAYIO_REGISTRY_USERNAME }} - password: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }} + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Docker retag run: | diff --git a/.github/workflows/pr-merged.yaml b/.github/workflows/pr-merged.yaml index 2d0d5ba4b5..38163ad470 100644 --- a/.github/workflows/pr-merged.yaml +++ b/.github/workflows/pr-merged.yaml @@ -29,7 +29,7 @@ jobs: needs: reset-run-number uses: ./.github/workflows/incluster-comp-pr-merged.yaml with: - IMAGE_NAME: quay.io/${{ github.repository_owner }}/node-agent + IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/node-agent IMAGE_TAG: v0.3.${{ needs.reset-run-number.outputs.run-number }} COMPONENT_NAME: nodeAgent CGO_ENABLED: 0 From 52af9405c5025f51b9f1327899b0701a9ffc2c7a Mon Sep 17 00:00:00 2001 From: entlein Date: Sun, 1 Feb 2026 18:15:59 +0100 Subject: [PATCH 02/10] where is that unit test trigger Signed-off-by: entlein --- .github/workflows/component-tests.yaml | 12 ++++++------ tests/chart/values.yaml | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/component-tests.yaml b/.github/workflows/component-tests.yaml index 03335887dd..aae2c6da78 100644 --- a/.github/workflows/component-tests.yaml +++ b/.github/workflows/component-tests.yaml @@ -59,8 +59,8 @@ jobs: # Test_03_BasicLoadActivities, # Test_04_MemoryLeak, # Test_05_MemoryLeak_10K_Alerts, - Test_06_KillProcessInTheMiddle, - Test_07_RuleBindingApplyTest, + #Test_06_KillProcessInTheMiddle, + #Test_07_RuleBindingApplyTest, Test_08_ApplicationProfilePatching, Test_10_MalwareDetectionTest, Test_11_EndpointTest, @@ -70,12 +70,12 @@ jobs: Test_15_CompletedApCannotBecomeReadyAgain, Test_16_ApNotStuckOnRestart, Test_17_ApCompletedToPartialUpdateTest, - Test_18_ShortLivedJobTest, + #Test_18_ShortLivedJobTest, Test_19_AlertOnPartialProfileTest, Test_20_AlertOnPartialThenLearnProcessTest, - Test_21_AlertOnPartialThenLearnNetworkTest, - Test_22_AlertOnPartialNetworkProfileTest, - Test_23_RuleCooldownTest, + #Test_21_AlertOnPartialThenLearnNetworkTest, + #Test_22_AlertOnPartialNetworkProfileTest, + #Test_23_RuleCooldownTest, Test_24_ProcessTreeDepthTest ] steps: diff --git a/tests/chart/values.yaml b/tests/chart/values.yaml index 7cf029c4c8..cde97df906 100644 --- a/tests/chart/values.yaml +++ b/tests/chart/values.yaml @@ -32,7 +32,7 @@ global: storage: name: "storage" image: - repository: quay.io/kubescape/storage + repository: ghcr.io/k8sstormcenter/storage tag: v0.0.156 pullPolicy: Always cleanupInterval: "6h" @@ -50,7 +50,7 @@ storage: nodeAgent: name: node-agent image: - repository: quay.io/kubescape/node-agent + repository: ghcr.io/k8sstormcenter/node-agent tag: v0.2.21 pullPolicy: IfNotPresent From 306782e925bd225a997c43404747a0d9ec402a07 Mon Sep 17 00:00:00 2001 From: entlein Date: Sun, 1 Feb 2026 18:17:49 +0100 Subject: [PATCH 03/10] debug test workflow on fork Signed-off-by: entlein --- .github/workflows/pr-created.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/pr-created.yaml b/.github/workflows/pr-created.yaml index 856fa2bc26..76ad4f3cbf 100644 --- a/.github/workflows/pr-created.yaml +++ b/.github/workflows/pr-created.yaml @@ -13,6 +13,10 @@ concurrency: jobs: pr-created: + permissions: + pull-requests: write + security-events: write + contents: read uses: ./.github/workflows/incluster-comp-pr-created.yaml with: GO_VERSION: "1.25" From 4e089460b30392e2d64bf32068f5dd1dbaab4182 Mon Sep 17 00:00:00 2001 From: entlein Date: Sun, 1 Feb 2026 18:28:49 +0100 Subject: [PATCH 04/10] debug test workflow on fork Signed-off-by: entlein --- .github/workflows/component-tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/component-tests.yaml b/.github/workflows/component-tests.yaml index aae2c6da78..350152371e 100644 --- a/.github/workflows/component-tests.yaml +++ b/.github/workflows/component-tests.yaml @@ -104,7 +104,7 @@ jobs: kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=prometheus -n monitoring --timeout=300s - name: Install Node Agent Chart run: | - STORAGE_TAG=$(./tests/scripts/storage-tag.sh) + STORAGE_TAG="latest" echo "Storage tag that will be used: ${STORAGE_TAG}" helm upgrade --install kubescape ./tests/chart --set clusterName=`kubectl config current-context` --set nodeAgent.image.tag=${{ needs.build-and-push-image.outputs.image_tag }} --set nodeAgent.image.repository=${{ needs.build-and-push-image.outputs.image_repo }} --set storage.image.tag=${STORAGE_TAG} -n kubescape --create-namespace --wait --timeout 5m --debug # Check that the node-agent pod is running From 4639e093111b100cdf9b7c96609e094f661873f6 Mon Sep 17 00:00:00 2001 From: entlein Date: Sun, 1 Feb 2026 19:21:59 +0100 Subject: [PATCH 05/10] debug test workflow on fork Signed-off-by: entlein --- .github/workflows/component-tests.yaml | 34 ++++++++---- tests/component_test.go | 73 ++++++++++++++++++++++++++ 2 files changed, 96 insertions(+), 11 deletions(-) diff --git a/.github/workflows/component-tests.yaml b/.github/workflows/component-tests.yaml index 350152371e..b25fb89e92 100644 --- a/.github/workflows/component-tests.yaml +++ b/.github/workflows/component-tests.yaml @@ -2,6 +2,13 @@ name: Node Agent Component Tests on: pull_request: types: [synchronize, ready_for_review, opened, reopened] + workflow_dispatch: + inputs: + build_image: + description: 'Build and push a new container image for the test' + type: boolean + required: false + default: false concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -9,6 +16,8 @@ concurrency: jobs: build-and-push-image: + # Only run this job if it's a manual trigger with the box checked. + if: github.event_name == 'workflow_dispatch' && github.event.inputs.build_image == true runs-on: ubuntu-latest permissions: contents: read @@ -49,7 +58,6 @@ jobs: component-tests: runs-on: ubuntu-latest - needs: build-and-push-image continue-on-error: true strategy: matrix: @@ -61,22 +69,23 @@ jobs: # Test_05_MemoryLeak_10K_Alerts, #Test_06_KillProcessInTheMiddle, #Test_07_RuleBindingApplyTest, - Test_08_ApplicationProfilePatching, - Test_10_MalwareDetectionTest, - Test_11_EndpointTest, + #Test_08_ApplicationProfilePatching, + #Test_10_MalwareDetectionTest, + #Test_11_EndpointTest, Test_12_MergingProfilesTest, - Test_13_MergingNetworkNeighborhoodTest, - Test_14_RulePoliciesTest, - Test_15_CompletedApCannotBecomeReadyAgain, - Test_16_ApNotStuckOnRestart, - Test_17_ApCompletedToPartialUpdateTest, + #Test_13_MergingNetworkNeighborhoodTest, + #Test_14_RulePoliciesTest, + #Test_15_CompletedApCannotBecomeReadyAgain, + #Test_16_ApNotStuckOnRestart, + #Test_17_ApCompletedToPartialUpdateTest, #Test_18_ShortLivedJobTest, Test_19_AlertOnPartialProfileTest, Test_20_AlertOnPartialThenLearnProcessTest, #Test_21_AlertOnPartialThenLearnNetworkTest, #Test_22_AlertOnPartialNetworkProfileTest, #Test_23_RuleCooldownTest, - Test_24_ProcessTreeDepthTest + #Test_24_ProcessTreeDepthTest + Test_27_RegexFileOpenMatchTest ] steps: - name: Checkout code @@ -106,7 +115,10 @@ jobs: run: | STORAGE_TAG="latest" echo "Storage tag that will be used: ${STORAGE_TAG}" - helm upgrade --install kubescape ./tests/chart --set clusterName=`kubectl config current-context` --set nodeAgent.image.tag=${{ needs.build-and-push-image.outputs.image_tag }} --set nodeAgent.image.repository=${{ needs.build-and-push-image.outputs.image_repo }} --set storage.image.tag=${STORAGE_TAG} -n kubescape --create-namespace --wait --timeout 5m --debug + IMAGE_TAG=${{ (github.event_name == 'workflow_dispatch' && github.event.inputs.build_image == true) && needs.build-and-push-image.outputs.image_tag || 'latest' }} + IMAGE_REPO=${{ (github.event_name == 'workflow_dispatch' && github.event.inputs.build_image == true) && needs.build-and-push-image.outputs.image_repo || 'ghcr.io/kubescape/node-agent' }} + echo "Using Node Agent image: ${IMAGE_REPO}:${IMAGE_TAG}" + helm upgrade --install kubescape ./tests/chart --set clusterName=`kubectl config current-context` --set nodeAgent.image.tag=${IMAGE_TAG} --set nodeAgent.image.repository=${IMAGE_REPO} --set storage.image.tag=${STORAGE_TAG} -n kubescape --create-namespace --wait --timeout 5m --debug # Check that the node-agent pod is running kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=node-agent -n kubescape --timeout=300s sleep 5 diff --git a/tests/component_test.go b/tests/component_test.go index cdede98ff5..761cca7a16 100644 --- a/tests/component_test.go +++ b/tests/component_test.go @@ -1565,3 +1565,76 @@ func Test_24_ProcessTreeDepthTest(t *testing.T) { t.Logf("Found alerts for the process tree depth: %v", alerts) } + +func Test_27_RegexFileOpenMatchTest(t *testing.T) { + start := time.Now() + defer tearDownTest(t, start) + + t.Log("Starting regex file open match component test") + + // 1. Setup workload and initial profile + ns := testutils.NewRandomNamespace() + wl, err := testutils.NewTestWorkload(ns.Name, path.Join(utils.CurrentDir(), "resources/nginx-deployment.yaml")) + require.NoError(t, err, "Failed to create workload") + require.NoError(t, wl.WaitForReady(80), "Workload failed to be ready") + require.NoError(t, wl.WaitForApplicationProfileCompletion(80), "Application profile did not complete") + + // Wait for the initial profile to be processed + time.Sleep(30 * time.Second) + + initialProfile, err := wl.GetApplicationProfile() + require.NoError(t, err, "Failed to get initial profile") + + // 2. Apply a user-managed profile with a regex rule for file opens + t.Log("Applying user-managed profile...") + // Create the user-managed profile + userProfile := &v1beta1.ApplicationProfile{ + ObjectMeta: metav1.ObjectMeta{ + Name: fmt.Sprintf("ug-%s", initialProfile.Name), + Namespace: initialProfile.Namespace, + Annotations: map[string]string{ + "kubescape.io/managed-by": "User", + }, + }, + Spec: v1beta1.ApplicationProfileSpec{ + Architectures: []string{"amd64"}, + Containers: []v1beta1.ApplicationProfileContainer{ + { + Name: "nginx", + Execs: []v1beta1.ExecCalls{ + { + Path: "/usr/bin/ls", + Args: []string{"/usr/bin/ls", "-l"}, + }, + }, + Opens: []v1beta1.OpenCalls{ + {Path: "/etc/nginx/*", Flags: []string{"O_RDONLY"}}, + {Path: "/var/log/nginx/*", Flags: []string{"O_WRONLY", "O_CREAT"}}, + }, + }, + }, + }, + } + + // Create the user-managed profile + k8sClient := k8sinterface.NewKubernetesApi() + storageClient := spdxv1beta1client.NewForConfigOrDie(k8sClient.K8SConfig) + _, err = storageClient.ApplicationProfiles(ns.Name).Create(context.Background(), userProfile, metav1.CreateOptions{}) + require.NoError(t, err, "Failed to create user profile") + + // Wait for the user profile to be processed by the system + time.Sleep(60 * time.Second) + + // 3. Trigger file open events to test the regex rule + t.Log("Triggering file open events to test regex rule") + _, _, _ = wl.ExecIntoPod([]string{"cat", "/etc/nginx/nginx.conf"}, "nginx") // Should be allowed by regex + _, _, _ = wl.ExecIntoPod([]string{"cat", "/etc/hostname"}, "nginx") // Should be blocked (alert) + + time.Sleep(30 * time.Second) // Wait for alerts + + // 4. Verify alerts + alerts, err := testutils.GetAlerts(wl.Namespace) + require.NoError(t, err, "Failed to get alerts") + testutils.AssertNotContains(t, alerts, "Unexpected file open", "cat", "nginx", []bool{true}) + testutils.AssertContains(t, alerts, "Unexpected file open", "cat", "hostname", []bool{true}) +} From cd2ef91e462c31fd317048f8609fe358e205362f Mon Sep 17 00:00:00 2001 From: entlein Date: Sun, 1 Feb 2026 20:29:58 +0100 Subject: [PATCH 06/10] debug test workflow on fork Signed-off-by: entlein --- .github/workflows/component-tests.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/component-tests.yaml b/.github/workflows/component-tests.yaml index b25fb89e92..d4d7e3c012 100644 --- a/.github/workflows/component-tests.yaml +++ b/.github/workflows/component-tests.yaml @@ -115,9 +115,10 @@ jobs: run: | STORAGE_TAG="latest" echo "Storage tag that will be used: ${STORAGE_TAG}" - IMAGE_TAG=${{ (github.event_name == 'workflow_dispatch' && github.event.inputs.build_image == true) && needs.build-and-push-image.outputs.image_tag || 'latest' }} - IMAGE_REPO=${{ (github.event_name == 'workflow_dispatch' && github.event.inputs.build_image == true) && needs.build-and-push-image.outputs.image_repo || 'ghcr.io/kubescape/node-agent' }} + IMAGE_TAG=test-5336ad3 + IMAGE_REPO='ghcr.io/k8sstormcenter/node-agent' echo "Using Node Agent image: ${IMAGE_REPO}:${IMAGE_TAG}" + # End of constanze modification helm upgrade --install kubescape ./tests/chart --set clusterName=`kubectl config current-context` --set nodeAgent.image.tag=${IMAGE_TAG} --set nodeAgent.image.repository=${IMAGE_REPO} --set storage.image.tag=${STORAGE_TAG} -n kubescape --create-namespace --wait --timeout 5m --debug # Check that the node-agent pod is running kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=node-agent -n kubescape --timeout=300s From 9316ab6da4ccc07cf4ac78ee5ffd49f35a4114f9 Mon Sep 17 00:00:00 2001 From: entlein Date: Thu, 12 Feb 2026 15:54:19 +0100 Subject: [PATCH 07/10] apparently we need to rebuild the storage go module into node-agent Signed-off-by: entlein --- .github/workflows/build.yaml | 78 ++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 .github/workflows/build.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000000..24fcbf8386 --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,78 @@ +name: build-image + +on: + workflow_dispatch: + inputs: + IMAGE_TAG: + required: true + type: string + description: "Image tag for the node-agent image" + STORAGE_REF: + required: false + type: string + default: "" + description: "Branch/tag/commit of k8sstormcenter/storage to use (leave empty to keep go.mod default)" + PLATFORMS: + type: boolean + required: false + default: false + description: "Build for both amd64 and arm64" + +jobs: + build: + runs-on: ubuntu-latest + permissions: + id-token: write + packages: write + contents: read + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + + - uses: actions/setup-go@v5 + with: + go-version: "1.25" + + - name: Update storage dependency + if: ${{ inputs.STORAGE_REF != '' }} + env: + STORAGE_REF: ${{ inputs.STORAGE_REF }} + run: | + echo "Replacing github.com/kubescape/storage with github.com/k8sstormcenter/storage@${STORAGE_REF}" + go mod edit -replace "github.com/kubescape/storage=github.com/k8sstormcenter/storage@${STORAGE_REF}" + GOPROXY=direct GONOSUMCHECK="github.com/k8sstormcenter/*" go mod tidy + echo "Resolved storage version:" + grep "k8sstormcenter/storage" go.sum | head -1 + + - name: Ensure ig is installed + run: | + curl -L https://github.com/inspektor-gadget/inspektor-gadget/releases/download/v0.45.0/ig_0.45.0_amd64.deb -O + sudo dpkg -i ig_0.45.0_amd64.deb + + - name: Build gadgets + run: make gadgets + + - name: Set up QEMU + if: ${{ inputs.PLATFORMS }} + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push + uses: docker/build-push-action@v6 + with: + context: . + file: build/Dockerfile + tags: ghcr.io/${{ github.repository_owner }}/node-agent:${{ inputs.IMAGE_TAG }} + build-args: image_version=${{ inputs.IMAGE_TAG }} + platforms: ${{ inputs.PLATFORMS && 'linux/amd64,linux/arm64' || 'linux/amd64' }} + push: true From 8e6a60c5db866fb2922378edcd75a19733a8b501 Mon Sep 17 00:00:00 2001 From: Duck <70207455+entlein@users.noreply.github.com> Date: Thu, 12 Feb 2026 15:58:24 +0100 Subject: [PATCH 08/10] Uncomment component tests in workflow configuration Signed-off-by: Duck <70207455+entlein@users.noreply.github.com> --- .github/workflows/component-tests.yaml | 30 +++++++++++++------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/component-tests.yaml b/.github/workflows/component-tests.yaml index d4d7e3c012..5007f0fed0 100644 --- a/.github/workflows/component-tests.yaml +++ b/.github/workflows/component-tests.yaml @@ -67,24 +67,24 @@ jobs: # Test_03_BasicLoadActivities, # Test_04_MemoryLeak, # Test_05_MemoryLeak_10K_Alerts, - #Test_06_KillProcessInTheMiddle, - #Test_07_RuleBindingApplyTest, - #Test_08_ApplicationProfilePatching, - #Test_10_MalwareDetectionTest, - #Test_11_EndpointTest, + Test_06_KillProcessInTheMiddle, + Test_07_RuleBindingApplyTest, + Test_08_ApplicationProfilePatching, + Test_10_MalwareDetectionTest, + Test_11_EndpointTest, Test_12_MergingProfilesTest, - #Test_13_MergingNetworkNeighborhoodTest, - #Test_14_RulePoliciesTest, - #Test_15_CompletedApCannotBecomeReadyAgain, - #Test_16_ApNotStuckOnRestart, - #Test_17_ApCompletedToPartialUpdateTest, - #Test_18_ShortLivedJobTest, + Test_13_MergingNetworkNeighborhoodTest, + Test_14_RulePoliciesTest, + Test_15_CompletedApCannotBecomeReadyAgain, + Test_16_ApNotStuckOnRestart, + Test_17_ApCompletedToPartialUpdateTest, + Test_18_ShortLivedJobTest, Test_19_AlertOnPartialProfileTest, Test_20_AlertOnPartialThenLearnProcessTest, - #Test_21_AlertOnPartialThenLearnNetworkTest, - #Test_22_AlertOnPartialNetworkProfileTest, - #Test_23_RuleCooldownTest, - #Test_24_ProcessTreeDepthTest + Test_21_AlertOnPartialThenLearnNetworkTest, + Test_22_AlertOnPartialNetworkProfileTest, + Test_23_RuleCooldownTest, + Test_24_ProcessTreeDepthTest Test_27_RegexFileOpenMatchTest ] steps: From 8a33ce1d23ef0bfcb4b21533af4528d236a70328 Mon Sep 17 00:00:00 2001 From: entlein Date: Thu, 12 Feb 2026 16:16:03 +0100 Subject: [PATCH 09/10] apparently we need to rebuild the storage go module into node-agent Signed-off-by: entlein --- tests/scripts/storage-tag.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/storage-tag.sh b/tests/scripts/storage-tag.sh index 5512f2ae5a..3d23046b20 100755 --- a/tests/scripts/storage-tag.sh +++ b/tests/scripts/storage-tag.sh @@ -1,4 +1,4 @@ #/bin/bash -curl -s https://raw.githubusercontent.com/kubescape/helm-charts/main/charts/kubescape-operator/values.yaml -o values.yaml +curl -s https://raw.githubusercontent.com/bob/test/localtestbuild/kubescape/values.yaml -o values.yaml yq '.storage.image.tag' < values.yaml rm -rf values.yaml From ac13916623e7ac5997897f19033bdb80e9585ab2 Mon Sep 17 00:00:00 2001 From: entlein Date: Thu, 12 Feb 2026 16:20:17 +0100 Subject: [PATCH 10/10] apparently we need to rebuild the storage go module into node-agent Signed-off-by: entlein --- .github/workflows/component-tests.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/component-tests.yaml b/.github/workflows/component-tests.yaml index 5007f0fed0..91d0778d2b 100644 --- a/.github/workflows/component-tests.yaml +++ b/.github/workflows/component-tests.yaml @@ -113,9 +113,9 @@ jobs: kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=prometheus -n monitoring --timeout=300s - name: Install Node Agent Chart run: | - STORAGE_TAG="latest" + STORAGE_TAG=$(./tests/scripts/storage-tag.sh) echo "Storage tag that will be used: ${STORAGE_TAG}" - IMAGE_TAG=test-5336ad3 + IMAGE_TAG="latest" IMAGE_REPO='ghcr.io/k8sstormcenter/node-agent' echo "Using Node Agent image: ${IMAGE_REPO}:${IMAGE_TAG}" # End of constanze modification