From e4a9be832c0eab74379d9cc4e624b3d9c916c5d9 Mon Sep 17 00:00:00 2001
From: Moritz Eckert <m1gh7ym0@gmail.com>
Date: Thu, 19 May 2022 14:57:21 +0200
Subject: [PATCH] Add cis benchmark to conformance test (#165)

* Add cis benchmark to conformance docs

* Update e2e workflow to include cis benchmarks
---
 .github/workflows/e2e-test-azure.yml |  2 +-
 .github/workflows/e2e-test-gcp.yml   |  2 +-
 conformance/README.md                | 10 ++++++++++
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/e2e-test-azure.yml b/.github/workflows/e2e-test-azure.yml
index d74f32607..3b5543ad9 100644
--- a/.github/workflows/e2e-test-azure.yml
+++ b/.github/workflows/e2e-test-azure.yml
@@ -21,5 +21,5 @@ jobs:
         cloudProvider: 'azure'
         machineType: 'Standard_D4s_v3'
         azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }}
-        sonobuoyTestSuiteCmd: '--mode certified-conformance'
+        sonobuoyTestSuiteCmd: '--mode certified-conformance --plugin e2e --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml'
         msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }}
diff --git a/.github/workflows/e2e-test-gcp.yml b/.github/workflows/e2e-test-gcp.yml
index baec26ed2..1ad2ec7a4 100644
--- a/.github/workflows/e2e-test-gcp.yml
+++ b/.github/workflows/e2e-test-gcp.yml
@@ -21,5 +21,5 @@ jobs:
         cloudProvider: 'gcp'
         machineType: 'n2d-standard-2'
         gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }}
-        sonobuoyTestSuiteCmd: '--mode certified-conformance'
+        sonobuoyTestSuiteCmd: '--mode certified-conformance --plugin e2e --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml'
         msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }}
diff --git a/conformance/README.md b/conformance/README.md
index 27edf0b5f..171aee181 100644
--- a/conformance/README.md
+++ b/conformance/README.md
@@ -54,3 +54,13 @@ wg-quick down ./wg0.conf
 ./constellation terminate
 rm constellation-mastersecret.base64
 ```
+
+## Run CIS Benchmark Tests
+
+```sh
+# Runs for <1 min.
+sonobuoy run --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml --wait
+# ... download & display results.
+outfile=$(sonobuoy retrieve)
+sonobuoy results $outfiles
+```