diff --git a/.github/workflows/dex_oauth2-proxy_test.yaml b/.github/workflows/dex_oauth2-proxy_test.yaml index cdcd738580..139d365788 100644 --- a/.github/workflows/dex_oauth2-proxy_test.yaml +++ b/.github/workflows/dex_oauth2-proxy_test.yaml @@ -7,7 +7,8 @@ on: - common/cert-manager/** - common/oauth2-proxy/** - common/istio*/** - - experimental/security/PSS/* + - tests/kubeflow_profile_install.sh + - tests/PSS_enable.sh - common/dex/base/** - tests/istio* - tests/dex_login_test.py diff --git a/.github/workflows/katib_test.yaml b/.github/workflows/katib_test.yaml index 921da769b1..d629acde6b 100644 --- a/.github/workflows/katib_test.yaml +++ b/.github/workflows/katib_test.yaml @@ -3,13 +3,14 @@ on: pull_request: paths: - tests/install_KinD_create_KinD_cluster_install_kustomize.sh - - tests/katib_install.sh + - tests/katib* - .github/workflows/katib_test.yaml - applications/katib/upstream/** - common/istio*/** - tests/istio* - common/cert-manager/** - - experimental/security/PSS/* + - tests/kubeflow_profile_install.sh + - tests/PSS_enable.sh permissions: contents: read diff --git a/.github/workflows/pipeline_run_from_notebook.yaml b/.github/workflows/pipeline_run_from_notebook.yaml index c7f1f5bbb2..7b6fb89e3d 100644 --- a/.github/workflows/pipeline_run_from_notebook.yaml +++ b/.github/workflows/pipeline_run_from_notebook.yaml @@ -10,6 +10,9 @@ on: - common/cert-manager/** - common/oauth2-proxy/** - common/istio*/** + - tests/pipeline* + - tests/kubeflow_profile_install.sh + - tests/PSS_enable.sh - common/kubeflow-namespace/** - applications/jupyter/** diff --git a/.github/workflows/pipeline_test.yaml b/.github/workflows/pipeline_test.yaml index 6c479db1b7..cf1fab6d87 100644 --- a/.github/workflows/pipeline_test.yaml +++ b/.github/workflows/pipeline_test.yaml @@ -10,9 +10,9 @@ on: - common/cert-manager/** - common/oauth2-proxy/** - common/istio*/** - - tests/pipeline_v1_test.py - - tests/pipeline_v2_test.py - - experimental/security/PSS/* + - tests/pipeline* + - tests/kubeflow_profile_install.sh + - tests/PSS_enable.sh permissions: contents: read diff --git a/.github/workflows/trainer_test.yaml b/.github/workflows/trainer_test.yaml index f23f28206b..6b257b1f0d 100644 --- a/.github/workflows/trainer_test.yaml +++ b/.github/workflows/trainer_test.yaml @@ -11,7 +11,8 @@ on: - common/cert-manager/** - common/oauth2-proxy/** - common/istio*/** - - experimental/security/PSS/* + - tests/kubeflow_profile_install.sh + - tests/PSS_enable.sh permissions: contents: read diff --git a/.github/workflows/training_operator_test.yaml b/.github/workflows/training_operator_test.yaml index 5d05f0f80e..d36f6be745 100644 --- a/.github/workflows/training_operator_test.yaml +++ b/.github/workflows/training_operator_test.yaml @@ -11,7 +11,8 @@ on: - common/cert-manager/** - common/oauth2-proxy/** - common/istio*/** - - experimental/security/PSS/* + - tests/kubeflow_profile_install.sh + - tests/PSS_enable.sh permissions: contents: read diff --git a/tests/kubeflow_profile_install.sh b/tests/kubeflow_profile_install.sh index 4176836970..222ef321b3 100755 --- a/tests/kubeflow_profile_install.sh +++ b/tests/kubeflow_profile_install.sh @@ -6,4 +6,7 @@ PROFILE_CONTROLLER_POD=$(kubectl get pods -n kubeflow -o json | jq -r '.items[] kubectl logs -n kubeflow "$PROFILE_CONTROLLER_POD" KF_PROFILE=kubeflow-user-example-com kubectl -n $KF_PROFILE get pods,configmaps,secrets -kubectl label namespace $KF_PROFILE pod-security.kubernetes.io/enforce=baseline --overwrite +kubectl label namespace $KF_PROFILE \ + pod-security.kubernetes.io/enforce=restricted \ + pod-security.kubernetes.io/enforce-version=latest \ + --overwrite