-
Notifications
You must be signed in to change notification settings - Fork 4
170 lines (163 loc) · 5.75 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
name: Tenant Security Client Java CI
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
jobs:
build_and_test:
runs-on: ubuntu-22.04
needs: get_refs
steps:
- uses: actions/checkout@v4
- name: set up jdk 17
uses: actions/setup-java@v4
with:
java-version: 17
distribution: adopt
- name: cache mvn repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: test
run: test-suites/unitTest.sh
- name: local install
run: mvn install -DskipTests=true -Dgpg.skip=true -Dmaven.javadoc.skip=true -B -V
- name: clone the tsp
uses: actions/checkout@v4
with:
repository: IronCoreLabs/tenant-security-proxy
ref: ${{ needs.get_refs.outputs.tenant-security-proxy }}
path: tenant-security-proxy
token: ${{ secrets.WORKFLOW_PAT }}
- name: cache cargo registry
uses: actions/cache@v4
with:
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
path: |
~/.cargo/registry
~/.cargo/git
target
- name: Decrypt TSP integration keys
uses: IronCoreLabs/ironhide-actions/decrypt@v3
with:
keys: ${{ secrets.IRONHIDE_KEYS }}
input: tenant-security-proxy/.env.integration.iron
- name: install zmq
run: sudo apt update && sudo apt install -y --no-install-recommends libzmq3-dev
- name: integration test
run: |
cd tenant-security-proxy
cargo build --release
env $(cat .env.integration) cargo run --release &
timeout 700 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:9000/ready)" =~ ''[01346-9][0-9][0-9]'' ]]; do sleep 5; done' || false
env $(cat .env.integration) ../test-suites/integrationTest.sh
# Look for a comment telling us what refs to use from the other repos we depend on.
# To add additional repositories, add them to "outputs" and to the "Setup list of required repos" step.
get_refs:
# Only run if it's on a PR.
if: github.base_ref != ''
runs-on: ubuntu-22.04
outputs:
tenant-security-proxy: ${{ steps.get_refs.outputs.tenant-security-proxy }}
steps:
- name: Setup list of required repos
run: |
echo tenant-security-proxy >> repos
- name: Get PR number
id: get_pr
run: |
PR=$(jq -r .pull_request.number "${GITHUB_EVENT_PATH}")
echo "PR is ${PR}"
# Sanity check that ${PR} is a number.
test "${PR}" -ge 0
echo "pr=${PR}" >> "$GITHUB_OUTPUT"
- name: Find Comment
uses: peter-evans/find-comment@v3
id: find_comment
with:
issue-number: ${{ steps.get_pr.outputs.pr }}
body-includes: CI_branches
- name: Parse refs
if: steps.find_comment.outputs.comment-id != 0
id: get_refs
env:
COMMENT_BODY: ${{ steps.find_comment.outputs.comment-body }}
run: |
# Extract the JSON part of the comment into a file.
echo "${COMMENT_BODY}" | tr '\n' ' ' | sed -e 's,^[^{]*,,' -e 's,[^}]*$,,' > refs.json
echo "Got JSON:"
cat refs.json && echo ""
# Sanity check that all repos in the JSON comment are ones that we know about.
jq -r 'keys[]' < refs.json > extra_repos
for REPO in $(cat repos) ; do
grep -v "^${REPO}\$" < extra_repos > temp || true
mv temp extra_repos
done
if [ -s extra_repos ] ; then
echo "Unrecognized repositories:"
cat extra_repos
exit 1
fi
# Emit an output variable for each repo.
for REPO in $(cat repos) ; do
REF=$(jq -r '.["'"${REPO}"'"]' < refs.json)
if [ "${REF}" = "null" ] ; then
REF="main"
fi
echo "${REPO}: ${REF}"
echo "${REPO}=${REF}" >> "$GITHUB_OUTPUT"
done
- name: Post a reaction (parsed your comment)
if: steps.get_refs.outcome == 'success'
uses: peter-evans/create-or-update-comment@v4
with:
issue-number: ${{ steps.get_pr.outputs.pr }}
comment-id: ${{ steps.find_comment.outputs.comment-id }}
reactions: eyes
- name: Post a reaction (unparsed comment)
if: steps.get_refs.outcome == 'failure'
uses: peter-evans/create-or-update-comment@v4
with:
issue-number: ${{ steps.get_pr.outputs.pr }}
comment-id: ${{ steps.find_comment.outputs.comment-id }}
reactions: confused
build_examples:
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
example-dir:
[large-documents, logging-example, rekey-example, simple-roundtrip]
steps:
- uses: actions/checkout@v4
- name: set up jdk 17
uses: actions/setup-java@v4
with:
java-version: 17
distribution: adopt
- name: cache mvn repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Build example
run: mvn compile
working-directory: ./examples/${{ matrix.example-dir }}
formatter:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: set up jdk 17
uses: actions/setup-java@v4
with:
java-version: 17
distribution: adopt
- name: Check formatting
run: mvn formatter:validate