Skip to content

Commit 33fddc0

Browse files
committed
chore: defer engine-specific policy-matrix workflow to GA
Removes .github/workflows/policy-matrix.yml. Engine-specific admission validation (PSA-restricted × Kyverno × Gatekeeper × default+production) delivered negative ROI at rc1: 4 PRs blocked on flaky CRD-bootstrap + upstream-version races (#475, #481, #498, #501). Caught zero real regressions; only its own infra bugs. Coverage retained via conftest (offline policy), helm lint, kubeconform, and kubectl apply --dry-run=server in chart.yml. policy-matrix-smoke.sh + bundles stay in tree for cheap reactivation at GA. Triggers for re-enabling: - GA criterion #1 (third-party audit) requests engine-specific compat - First operator running under Kyverno/Gatekeeper reports admission rot - CRD-bootstrap pattern stabilised across other workflows Tracking: #502 (filed alongside). Signed-off-by: Tri Lam <tree@lumalabs.ai>
1 parent 51c1921 commit 33fddc0

2 files changed

Lines changed: 3 additions & 233 deletions

File tree

.github/actions/kind-cluster-setup/action.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
name: Set up kind cluster (with optional CRD prereqs + tracecore image)
22
description: >
3-
Unified kind-cluster bootstrap shared by chart.yml, policy-matrix.yml,
4-
install-bench.yml, and (optionally) compat-matrix.yml. Replaces the
3+
Unified kind-cluster bootstrap shared by chart.yml, install-bench.yml,
4+
and (optionally) compat-matrix.yml. Replaces the
55
prior `kind-tracecore-up` action (deleted — all callsites migrated)
66
and centralises three sources of fragmentation that recurred on every
77
chart-touching PR:
@@ -11,7 +11,7 @@ description: >
1111
2. Each workflow that talked to the chart's production preset hit
1212
the same "no matches for kind ServiceMonitor in version
1313
monitoring.coreos.com/v1" error on kind (regressed three PRs
14-
before #494 closed it for policy-matrix only). Install the CRDs
14+
before #494 closed it). Install the CRDs
1515
in one place driven by inputs (`install-servicemonitor-crd`,
1616
`install-gatekeeper-crds`, `install-cert-manager-crds`).
1717
3. `docker build` + `kind load` for the tracecore image was

.github/workflows/policy-matrix.yml

Lines changed: 0 additions & 230 deletions
This file was deleted.

0 commit comments

Comments
 (0)