Bump the python group across 1 directory with 3 updates #579
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Integration Tests | |
on: | |
push: | |
branches: | |
- master | |
- main | |
pull_request: | |
permissions: | |
id-token: write | |
contents: read | |
# Cancel previous runs for PRs but not pushes to main | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
lang: [go, rust] | |
defaults: | |
run: | |
working-directory: ${{matrix.lang}} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
if: ${{ matrix.lang == 'rust'}} | |
- uses: Swatinem/[email protected] | |
if: ${{ matrix.lang == 'rust'}} | |
with: | |
workspaces: ./rust -> target | |
- uses: actions/setup-go@v5 | |
if: ${{ matrix.lang == 'go'}} | |
with: | |
go-version: ">=1.21.0" | |
cache-dependency-path: go/go.sum | |
- name: Run build script for compiled languages | |
run: "./build.sh" | |
- name: Upload built binaries | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{matrix.lang}} | |
path: ${{matrix.lang}}/vault | |
tests: | |
needs: build | |
runs-on: ubuntu-latest | |
env: | |
# VAULT_STACK overwrites default 'vault' for vaults | |
VAULT_STACK: nitor-vault-integration-testing | |
# at the moment we store to the values to fixed keys so this needs to have limited concurrency | |
concurrency: "integration-test" | |
steps: | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.AWS_CI_ROLE }} | |
role-session-name: GitHubVaultIntegrationTests | |
aws-region: eu-west-1 | |
- uses: actions/checkout@v4 | |
- name: Download reports' artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
path: bin | |
- uses: pnpm/action-setup@v4 | |
with: | |
version: 9 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: "pnpm" | |
cache-dependency-path: nodejs/pnpm-lock.yaml | |
- name: build node vault | |
run: pnpm install --frozen-lockfile && pnpm build | |
working-directory: nodejs | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
cache: pip | |
- name: install python vault | |
run: python -m pip install . | |
working-directory: python | |
- name: add execute rights & run --version for all versions | |
run: | | |
chmod +x bin/go/vault bin/rust/vault nodejs/dist/cli/vault.js | |
vault --version | |
bin/go/vault --version | |
bin/rust/vault --version | |
nodejs/dist/cli/vault.js --version | |
- name: store secret with python | |
run: vault -s 'secret-python' -v 'sha-${{github.sha}}' -w | |
- name: store secret with go | |
run: bin/go/vault -s 'secret-go' -v 'sha-${{github.sha}}' -w | |
- name: store secret with rust | |
run: bin/rust/vault -s 'secret-rust' -v 'sha-${{github.sha}}' -w | |
- name: store secret with nodejs | |
run: nodejs/dist/cli/vault.js s 'secret-nodejs' 'sha-${{github.sha}}' -w | |
- name: validate storing worked fine python | |
run: diff <(vault -l secret-python) <(echo -n sha-${{github.sha}}) | |
- name: validate go and rust secret equality with python | |
run: diff <(vault -l secret-go) <(vault -l secret-rust) | |
- name: validate python and rust secret equality with go and nodejs | |
run: diff <(bin/go/vault -l secret-rust) <(nodejs/dist/cli/vault.js l secret-python) | |
- name: validate go and python secret equality with rust and go | |
run: diff <(bin/rust/vault -l secret-go) <(bin/go/vault -l secret-python) | |
- name: validate python and nodejs secret equality with rust | |
run: diff <(bin/rust/vault -l secret-python) <(bin/rust/vault -l secret-nodejs) | |
- name: validate rust and go secret equality with rust and nodejs | |
run: diff <(bin/rust/vault -l secret-rust) <(nodejs/dist/cli/vault.js l secret-nodejs) | |
- name: delete secret with python | |
run: vault -d 'secret-python' | |
- name: delete secret with go | |
run: bin/go/vault -d 'secret-go' | |
- name: delete secret with rust | |
run: bin/rust/vault -d 'secret-rust' | |
- name: delete secret with nodejs | |
run: nodejs/dist/cli/vault.js d 'secret-nodejs' | |
- name: verify that keys have been deleted | |
run: | | |
bin/rust/vault --exists secret-python | grep doesn\'t | |
bin/rust/vault --exists secret-go | grep doesn\'t | |
bin/rust/vault --exists secret-rust | grep doesn\'t | |
bin/rust/vault --exists secret-nodejs | grep doesn\'t |