update kubescape cli e2e run from private repo

[bvolovat]

Summary by CodeRabbit

• Chores
  • Enhanced internal CI/CD testing infrastructure with improved distributed test orchestration and failure tracking mechanisms.

[coderabbitai]

📝 Walkthrough

Walkthrough

The .github/workflows/kubescape-cli-e2e-tests.yaml workflow is refactored to dispatch E2E tests to a private repository instead of executing them locally. It introduces correlation tracking, repository dispatch events, status polling, conditional failure rerunning, and enhanced failure logging with per-test artifacts.

Changes

Cohort / File(s)

Summary

E2E Test Dispatch Workflow Refactor .github/workflows/kubescape-cli-e2e-tests.yaml

Adds SYSTEM_TESTS_BRANCH input parameter, removes host_scanner test entry. Replaces local test execution with distributed dispatch: introduces correlation ID generation, GitHub App token creation for private repo access, repository_dispatch to armosec/shared-workflows with synthesized payload, polling loop to find dispatched run ID, conditional rerun of failed jobs, status monitoring via GitHub CLI, failure log aggregation with per-test extraction, and artifact upload for failed logs.

Sequence Diagram

sequenceDiagram
    participant GH as GitHub Actions
    participant API as GitHub API
    participant PrivateRepo as armosec/shared-workflows
    participant Monitor as Status Monitor

    GH->>GH: Set dispatch info (correlation_id)
    GH->>API: Create GitHub App token
    API-->>GH: Token
    
    GH->>PrivateRepo: Repository dispatch (tests_group, artifact paths, etc.)
    PrivateRepo-->>GH: Dispatch event triggered
    
    GH->>Monitor: Find E2E workflow run (poll)
    loop Poll until found
        Monitor->>API: Query repository_dispatch event
        API-->>Monitor: run_id (when available)
    end
    Monitor-->>GH: run_id, run_url
    
    GH->>PrivateRepo: Get run status
    alt Run cancelled
        GH->>PrivateRepo: Full rerun
    else Run failed
        GH->>PrivateRepo: Rerun failed jobs only
    end
    
    GH->>Monitor: Wait for completion (poll status)
    loop Poll until complete
        Monitor->>API: Check run status
        API-->>Monitor: Status (in_progress/completed)
    end
    
    alt Success
        Monitor-->>GH: ✓ Passed
    else Failure
        GH->>API: Download failed job logs
        API-->>GH: Logs
        GH->>GH: Extract per-test context
        GH->>GH: Upload failed_*.txt artifacts
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Possibly related PRs

• Run test from private repo #76: Implements the same private-repo dispatch flow for E2E tests with GitHub App token creation, repository_dispatch with correlation_id, polling for dispatched run, conditional rerun, and failure log collection.
• run system test from private repo #75: Makes identical code-level changes to run-tests workflow, replacing local test execution with repository_dispatch to private repo and adding correlation tracking, polling, conditional rerun, and enhanced logging.

Suggested reviewers

• Naor-Armo

Poem

🐰 Hops through workflows with glee,
Dispatches tests across the sea,
Correlation IDs in hand,
To private repos so grand,
Polls and reruns with care,
Failures logged everywhere! 🎯

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: migrating the kubescape CLI E2E test execution from local to a private repository using repository_dispatch.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch run_test_from_private_repo

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Summary:

• License scan: failure
• Credentials scan: failure
• Vulnerabilities scan: failure
• Unit test: success
• Go linting: failure

[github-actions]

Summary:

• License scan: failure
• Credentials scan: failure
• Vulnerabilities scan: failure
• Unit test: success
• Go linting: failure

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/kubescape-cli-e2e-tests.yaml:
- Around line 246-256: The generated failed log filename
(log_file="failed_${test_name}.txt") can become invalid or collide when job_name
contains slashes or lacks parentheses; change the filename generation to
sanitize/slugify job_name and include step_name (and optionally a short
timestamp or unique counter) to avoid collisions: replace characters like / \ :
* ? " < > | and parentheses with safe characters or remove them, normalize
whitespace to dashes, then set log_file to something like
failed_<slugified_job_name>_<slugified_step_name>[_<ts>].txt using the existing
variables (test_name, job_name, step_name) before writing the file so filenames
are valid and de-duplicated.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Sanitize and de‑duplicate failed log filenames.
If job_name lacks parentheses or contains /, the filename can become invalid or overwrite logs for multiple failed steps. Consider slugifying and incorporating the step name.

🧽 Proposed fix

-                        log_file="failed_${test_name}.txt"
+                        safe_test_name=$(echo "$test_name" | tr -cs 'A-Za-z0-9._-' '_' )
+                        safe_step_name=$(echo "$step_name" | tr -cs 'A-Za-z0-9._-' '_' )
+                        log_file="failed_${safe_test_name}__${safe_step_name}.txt"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	log_file="failed_${test_name}.txt"
	echo "════════════════════════════════════════" > "$log_file"
	echo "${job_name}" >> "$log_file"
	echo " Step: ${step_name}" >> "$log_file"
	echo "════════════════════════════════════════" >> "$log_file"
	last_endgroup=$(grep -n "##\\[endgroup\\]" /tmp/job_logs.txt | tail -1 | cut -d: -f1)
	if [ -n "$last_endgroup" ]; then
	tail -n +$((last_endgroup + 1)) /tmp/job_logs.txt >> "$log_file"
	else
	tail -500 /tmp/job_logs.txt >> "$log_file"
	fi
	safe_test_name=$(echo "$test_name" | tr -cs 'A-Za-z0-9._-' '_' )
	safe_step_name=$(echo "$step_name" | tr -cs 'A-Za-z0-9._-' '_' )
	log_file="failed_${safe_test_name}__${safe_step_name}.txt"
	echo "════════════════════════════════════════" > "$log_file"
	echo "${job_name}" >> "$log_file"
	echo " Step: ${step_name}" >> "$log_file"
	echo "════════════════════════════════════════" >> "$log_file"
	last_endgroup=$(grep -n "##\\[endgroup\\]" /tmp/job_logs.txt | tail -1 | cut -d: -f1)
	if [ -n "$last_endgroup" ]; then
	tail -n +$((last_endgroup + 1)) /tmp/job_logs.txt >> "$log_file"
	else
	tail -500 /tmp/job_logs.txt >> "$log_file"
	fi

🤖 Prompt for AI Agents

In @.github/workflows/kubescape-cli-e2e-tests.yaml around lines 246 - 256, The
generated failed log filename (log_file="failed_${test_name}.txt") can become
invalid or collide when job_name contains slashes or lacks parentheses; change
the filename generation to sanitize/slugify job_name and include step_name (and
optionally a short timestamp or unique counter) to avoid collisions: replace
characters like / \ : * ? " < > | and parentheses with safe characters or remove
them, normalize whitespace to dashes, then set log_file to something like
failed_<slugified_job_name>_<slugified_step_name>[_<ts>].txt using the existing
variables (test_name, job_name, step_name) before writing the file so filenames
are valid and de-duplicated.