From 717e24f524a2b40ac37632febb1d8ed22835c364 Mon Sep 17 00:00:00 2001
From: juliankatz <juliankatz@google.com>
Date: Tue, 27 Aug 2024 12:49:11 -0700
Subject: [PATCH 1/2] chore: Bump GATOR_VERSION to 1.17.0 from 1.16.3

In the 1.17.0 version of gator (which I've been using on my machine),
the `--experimental-enable-k8s-native-validation` flag has been renamed
to `--enable-k8s-native-validation`.  This was preventing me from using
the `make verify-gator` target.

This PR fixes updates the GATOR_VERSION and changes the flag.

Signed-off-by: juliankatz <juliankatz@google.com>
---
 Makefile | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Makefile b/Makefile
index bc7908f22..064e6ec94 100644
--- a/Makefile
+++ b/Makefile
@@ -5,7 +5,7 @@ KUBERNETES_VERSION ?= 1.30.0
 KUSTOMIZE_VERSION ?= 4.5.5
 GATEKEEPER_VERSION ?= 3.16.3
 BATS_VERSION ?= 1.8.2
-GATOR_VERSION ?= 3.16.3
+GATOR_VERSION ?= 3.17.0
 GOMPLATE_VERSION ?= 3.11.6
 POLICY_ENGINE ?= rego
 
@@ -50,17 +50,17 @@ test-integration:
 .PHONY: verify-gator
 verify-gator:
 ifeq ($(POLICY_ENGINE), rego)
-	gator verify ./... --experimental-enable-k8s-native-validation=false
+	gator verify ./... --enable-k8s-native-validation=false
 else ifeq ($(POLICY_ENGINE), cel)
-	gator verify ./... --experimental-enable-k8s-native-validation=true
+	gator verify ./... --enable-k8s-native-validation=true
 endif
 
 .PHONY: verify-gator-dockerized
 verify-gator-dockerized: __build-gator
 ifeq ($(POLICY_ENGINE), rego)
-	$(docker) run -i -v $(shell pwd):/gatekeeper-library gator-container verify ./... --experimental-enable-k8s-native-validation=false
+	$(docker) run -i -v $(shell pwd):/gatekeeper-library gator-container verify ./... --enable-k8s-native-validation=false
 else ifeq ($(POLICY_ENGINE), cel)
-	$(docker) run -i -v $(shell pwd):/gatekeeper-library gator-container verify ./... --experimental-enable-k8s-native-validation=true
+	$(docker) run -i -v $(shell pwd):/gatekeeper-library gator-container verify ./... --enable-k8s-native-validation=true
 endif
 
 .PHONY: build-gator

From 6ab6bca909e2146a905f683ee2bbde9f1240f55a Mon Sep 17 00:00:00 2001
From: Andrew Peabody <andrewpeabody@google.com>
Date: Thu, 19 Dec 2024 15:11:14 -0800
Subject: [PATCH 2/2] bump gatekeeper

Signed-off-by: Andrew Peabody <andrewpeabody@google.com>
---
 .github/workflows/workflow.yaml | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
index fcc48a9d3..a50fac89e 100644
--- a/.github/workflows/workflow.yaml
+++ b/.github/workflows/workflow.yaml
@@ -65,22 +65,19 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        gatekeeper: [ "3.15.1", "3.16.3" ]
+        gatekeeper: [ "3.17.1", "3.18.1" ]
         engine: [ "cel", "rego" ]
     name: "Integration test on Gatekeeper ${{ matrix.gatekeeper }} for ${{ matrix.engine }} policies"
     steps:
       - name: Harden Runner
-        if: ${{ !(matrix.gatekeeper == '3.15.1' && matrix.engine == 'cel') }} # remove this condition once 3.17 is out
         uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
 
       - name: Check out code into the Go module directory
-        if: ${{ !(matrix.gatekeeper == '3.15.1' && matrix.engine == 'cel') }}
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Bootstrap integration test
-        if: ${{ !(matrix.gatekeeper == '3.15.1' && matrix.engine == 'cel') }}
         run: |
           mkdir -p $GITHUB_WORKSPACE/bin
           echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
@@ -88,12 +85,10 @@ jobs:
           make deploy GATEKEEPER_VERSION=${{ matrix.gatekeeper }} POLICY_ENGINE=${{ matrix.engine }}
 
       - name: Run integration test
-        if: ${{ !(matrix.gatekeeper == '3.15.1' && matrix.engine == 'cel') }}
         run: |
           make test-integration
 
       - name: Save logs
-        if: ${{ !(matrix.gatekeeper == '3.15.1' && matrix.engine == 'cel') }}
         run: |
           kubectl logs -n gatekeeper-system -l control-plane=controller-manager --tail=-1 > logs-controller.json
           kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-audit.json
@@ -136,18 +131,15 @@ jobs:
     strategy:
       matrix:
         engine: [ "cel", "rego" ]
-        gatekeeper: [ "3.15.1", "3.16.3" ]
+        gatekeeper: [ "3.17.1", "3.18.1" ]
     name: "Verify assertions in suite.yaml files for ${{ matrix.engine }} policies"
     steps:
       - name: Harden Runner
-        if: ${{ !(matrix.gatekeeper == '3.15.1' && matrix.engine == 'cel') }} # remove this condition once 3.17 is out
         uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
 
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        if: ${{ !(matrix.gatekeeper == '3.15.1' && matrix.engine == 'cel') }}
 
       - run: |
           make verify-gator-dockerized POLICY_ENGINE=${{ matrix.engine }} GATOR_VERSION=${{ matrix.gatekeeper }}
-        if: ${{ !(matrix.gatekeeper == '3.15.1' && matrix.engine == 'cel') }}