Bump aws-sdk-sts from 1.46.0 to 1.47.0 in /rust in the rust group #765
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Integration Tests | |
on: | |
push: | |
branches: | |
- master | |
- main | |
pull_request: | |
permissions: | |
id-token: write | |
contents: read | |
# Cancel previous runs for PRs but not pushes to main | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
lang: [go, rust] | |
defaults: | |
run: | |
working-directory: ${{matrix.lang}} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
if: ${{ matrix.lang == 'rust'}} | |
- uses: Swatinem/[email protected] | |
if: ${{ matrix.lang == 'rust'}} | |
with: | |
workspaces: ./rust -> target | |
- uses: actions/setup-go@v5 | |
if: ${{ matrix.lang == 'go'}} | |
with: | |
go-version: ">=1.21.0" | |
cache-dependency-path: go/go.sum | |
- name: Run build script for compiled languages | |
run: "./build.sh" | |
- name: Upload built binaries | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{matrix.lang}} | |
path: ${{matrix.lang}}/vault | |
tests: | |
needs: build | |
runs-on: ubuntu-latest | |
env: | |
# VAULT_STACK overwrites default 'vault' for vaults | |
VAULT_STACK: nitor-vault-integration-testing | |
# at the moment we store to the values to fixed keys so this needs to have limited concurrency | |
concurrency: "integration-test" | |
steps: | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.AWS_CI_ROLE }} | |
role-session-name: GitHubVaultIntegrationTests | |
aws-region: eu-west-1 | |
- uses: actions/checkout@v4 | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
path: bin | |
- uses: pnpm/action-setup@v4 | |
with: | |
version: 9 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: "pnpm" | |
cache-dependency-path: nodejs/pnpm-lock.yaml | |
- name: Install zip | |
run: | | |
sudo apt-get install zip unzip | |
- name: build node vault | |
run: pnpm install --frozen-lockfile && pnpm build | |
working-directory: nodejs | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
cache: pip | |
- name: install python vault | |
run: python -m pip install . | |
working-directory: python | |
- name: add execute rights & run --version for all versions | |
run: | | |
chmod +x bin/go/vault bin/rust/vault nodejs/dist/cli/vault.js | |
vault --version | |
bin/go/vault --version | |
bin/rust/vault --version | |
nodejs/dist/cli/vault.js --version | |
- name: Store secret with Python | |
run: vault -s 'secret-python' -v 'sha-${{github.sha}}' -w | |
- name: Store secret with Go | |
run: bin/go/vault -s 'secret-go' -v 'sha-${{github.sha}}' -w | |
- name: Store secret with Rust | |
run: bin/rust/vault -s 'secret-rust' -v 'sha-${{github.sha}}' -w | |
- name: Store secret with Nodejs | |
run: nodejs/dist/cli/vault.js s 'secret-nodejs' 'sha-${{github.sha}}' -w | |
- name: Validate storing worked Python | |
run: diff <(vault -l secret-python) <(echo -n sha-${{github.sha}}) | |
- name: Validate Go and Rust secret equality with Python | |
run: diff <(vault -l secret-go) <(vault -l secret-rust) | |
- name: Validate Python and Rust secret equality with Go and Nodejs | |
run: diff <(bin/go/vault -l secret-rust) <(nodejs/dist/cli/vault.js l secret-python) | |
- name: Validate Go and Python secret equality with Rust and Go | |
run: diff <(bin/rust/vault -l secret-go) <(bin/go/vault -l secret-python) | |
- name: Validate Python and Nodejs secret equality with Rust | |
run: diff <(bin/rust/vault -l secret-python) <(bin/rust/vault -l secret-nodejs) | |
- name: Validate Rust and Go secret equality with Nodejs | |
run: diff <(bin/rust/vault -l secret-rust) <(nodejs/dist/cli/vault.js l secret-nodejs) | |
- name: Delete secret with Python | |
run: vault -d 'secret-python' | |
- name: Delete secret with Go | |
run: bin/go/vault -d 'secret-go' | |
- name: Delete secret with Rust | |
run: bin/rust/vault -d 'secret-rust' | |
- name: Delete secret with Nodejs | |
run: nodejs/dist/cli/vault.js d 'secret-nodejs' | |
- name: Verify that keys have been deleted | |
run: | | |
bin/rust/vault --exists secret-python | grep -q "key 'secret-python' does not exist" | |
bin/rust/vault --exists secret-go | grep -q "key 'secret-go' does not exist" | |
bin/rust/vault --exists secret-rust | grep -q "key 'secret-rust' does not exist" | |
bin/rust/vault --exists secret-nodejs | grep -q "key 'secret-nodejs' does not exist" | |
- name: Create dummy text file | |
run: echo "Vault test ${{ github.sha }} ${{ github.ref_name }}" > test.txt | |
- name: Zip the text file | |
run: zip "secret-${{github.sha}}.zip" test.txt | |
- name: Store zip file using Python vault | |
run: vault --store --file "secret-${{github.sha}}.zip" | |
- name: Lookup the stored zip file and write to output | |
run: vault -l "secret-${{github.sha}}.zip" > output-python.zip | |
- name: Extract the retrieved zip file | |
run: unzip output-python.zip -d extracted-python | |
- name: Verify the extracted file content | |
run: diff extracted-python/test.txt test.txt | |
- name: Delete secret with Python | |
run: vault -d "secret-${{github.sha}}.zip" | |
- name: Store zip file using Rust vault | |
run: bin/rust/vault --store --file "secret-${{github.sha}}.zip" | |
- name: Lookup the stored zip file and write to output | |
run: bin/rust/vault -l "secret-${{github.sha}}.zip" > output-rust.zip | |
- name: Extract the retrieved zip file | |
run: unzip output-rust.zip -d extracted-rust | |
- name: Verify the extracted file content | |
run: diff extracted-rust/test.txt test.txt | |
- name: Delete secret with Rust | |
run: bin/rust/vault -d "secret-${{github.sha}}.zip" | |
- name: Verify that keys have been deleted | |
run: | | |
bin/rust/vault --exists secret-${{github.sha}}.zip | grep -q "does not exist" |