Add TenantSecurityErrorCode for KMS_ACCOUNT_ISSUE. #304
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tenant Security Client Java CI | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
workflow_dispatch: | |
jobs: | |
build_and_test: | |
runs-on: ubuntu-22.04 | |
needs: get_refs | |
steps: | |
- uses: actions/checkout@v4 | |
- name: set up jdk 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: adopt | |
- name: cache mvn repository | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-maven- | |
- name: test | |
run: test-suites/unitTest.sh | |
- name: local install | |
run: mvn install -DskipTests=true -Dgpg.skip=true -Dmaven.javadoc.skip=true -B -V | |
- name: clone the tsp | |
uses: actions/checkout@v4 | |
with: | |
repository: IronCoreLabs/tenant-security-proxy | |
ref: ${{ needs.get_refs.outputs.tenant-security-proxy }} | |
path: tenant-security-proxy | |
token: ${{ secrets.WORKFLOW_PAT }} | |
- name: cache cargo registry | |
uses: actions/cache@v4 | |
with: | |
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
path: | | |
~/.cargo/registry | |
~/.cargo/git | |
target | |
- name: Decrypt TSP integration keys | |
uses: IronCoreLabs/ironhide-actions/decrypt@v3 | |
with: | |
keys: ${{ secrets.IRONHIDE_KEYS }} | |
input: tenant-security-proxy/.env.integration.iron | |
- name: install zmq | |
run: sudo apt update && sudo apt install -y --no-install-recommends libzmq3-dev | |
- name: integration test | |
run: | | |
cd tenant-security-proxy | |
cargo build --release | |
env $(cat .env.integration) cargo run --release & | |
timeout 700 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:9000/ready)" =~ ''[01346-9][0-9][0-9]'' ]]; do sleep 5; done' || false | |
env $(cat .env.integration) ../test-suites/integrationTest.sh | |
# Look for a comment telling us what refs to use from the other repos we depend on. | |
# To add additional repositories, add them to "outputs" and to the "Setup list of required repos" step. | |
get_refs: | |
# Only run if it's on a PR. | |
if: github.base_ref != '' | |
runs-on: ubuntu-22.04 | |
outputs: | |
tenant-security-proxy: ${{ steps.get_refs.outputs.tenant-security-proxy }} | |
steps: | |
- name: Setup list of required repos | |
run: | | |
echo tenant-security-proxy >> repos | |
- name: Get PR number | |
id: get_pr | |
run: | | |
PR=$(jq -r .pull_request.number "${GITHUB_EVENT_PATH}") | |
echo "PR is ${PR}" | |
# Sanity check that ${PR} is a number. | |
test "${PR}" -ge 0 | |
echo "pr=${PR}" >> "$GITHUB_OUTPUT" | |
- name: Find Comment | |
uses: peter-evans/find-comment@v3 | |
id: find_comment | |
with: | |
issue-number: ${{ steps.get_pr.outputs.pr }} | |
body-includes: CI_branches | |
- name: Parse refs | |
if: steps.find_comment.outputs.comment-id != 0 | |
id: get_refs | |
env: | |
COMMENT_BODY: ${{ steps.find_comment.outputs.comment-body }} | |
run: | | |
# Extract the JSON part of the comment into a file. | |
echo "${COMMENT_BODY}" | tr '\n' ' ' | sed -e 's,^[^{]*,,' -e 's,[^}]*$,,' > refs.json | |
echo "Got JSON:" | |
cat refs.json && echo "" | |
# Sanity check that all repos in the JSON comment are ones that we know about. | |
jq -r 'keys[]' < refs.json > extra_repos | |
for REPO in $(cat repos) ; do | |
grep -v "^${REPO}\$" < extra_repos > temp || true | |
mv temp extra_repos | |
done | |
if [ -s extra_repos ] ; then | |
echo "Unrecognized repositories:" | |
cat extra_repos | |
exit 1 | |
fi | |
# Emit an output variable for each repo. | |
for REPO in $(cat repos) ; do | |
REF=$(jq -r '.["'"${REPO}"'"]' < refs.json) | |
if [ "${REF}" = "null" ] ; then | |
REF="main" | |
fi | |
echo "${REPO}: ${REF}" | |
echo "${REPO}=${REF}" >> "$GITHUB_OUTPUT" | |
done | |
- name: Post a reaction (parsed your comment) | |
if: steps.get_refs.outcome == 'success' | |
uses: peter-evans/create-or-update-comment@v4 | |
with: | |
issue-number: ${{ steps.get_pr.outputs.pr }} | |
comment-id: ${{ steps.find_comment.outputs.comment-id }} | |
reactions: eyes | |
- name: Post a reaction (unparsed comment) | |
if: steps.get_refs.outcome == 'failure' | |
uses: peter-evans/create-or-update-comment@v4 | |
with: | |
issue-number: ${{ steps.get_pr.outputs.pr }} | |
comment-id: ${{ steps.find_comment.outputs.comment-id }} | |
reactions: confused | |
build_examples: | |
runs-on: ubuntu-22.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
example-dir: | |
[large-documents, logging-example, rekey-example, simple-roundtrip] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: set up jdk 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: adopt | |
- name: cache mvn repository | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-maven- | |
- name: Build example | |
run: mvn compile | |
working-directory: ./examples/${{ matrix.example-dir }} | |
formatter: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: set up jdk 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: adopt | |
- name: Check formatting | |
run: mvn formatter:validate |