chore: Added directive fetching public KMS key in Makefile

orlowskilp · Oct 15, 2024 · 599ca91 · 599ca91
1 parent d69807a
commit 599ca91
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 17 deletions.
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
@@ -45,7 +45,9 @@ jobs:
       - name: Run unit and integration tests
         env:
           LLVM_COV_ARGS: --lcov --output-path ${{ env.LCOV_OUT }}
-        run: make test-coverage
+        run: |
+          make fetch-public-key
+          make test-coverage
 
       - name: Run doc tests
         run: make doc-test

diff --git a/Makefile b/Makefile
@@ -4,8 +4,7 @@ TOOL_CHAIN =
 ifndef TOOL_CHAIN
 	TOOL_CHAIN = x86_64-unknown-linux-gnu
 endif
-build:
-	cargo fmt
+build: format
 	cargo clippy
 	cargo build --target=$(TOOL_CHAIN) --release
 
@@ -17,37 +16,58 @@ doc:
 
 # Run all tests (no coverage)
 .PHONY: test
-test: check-env
-	cargo fmt
+test: format check-env
 	cargo test
 
-# Run unit and integration tests and measure coverage. Additional flags can be passed with LLVM_COV_ARGS
+# Clean up
+.PHONY: clean
+clean:
+	cargo clean
+
+# ==== Directives for developers ====
+
+# Run unit and integration tests and measure coverage.
+# Additional flags can be passed with LLVM_COV_ARGS
 .PHONY: test-coverage
 test-coverage: check-env
 	cargo llvm-cov $(LLVM_COV_ARGS)
 
 # Run only documentation tests (shorthand for developers)
 .PHONY: doc-test
-test-test: check-env
-	cargo fmt
+doc-test: format check-env
 	cargo test --doc
 
 # Run only unit tests (shorthand for developers)
 .PHONY: unit-test
-unit-test:
-	cargo fmt
+unit-test: format
 	cargo test --lib
 
 # Run only integration tests (shorthand for developers)
 .PHONY: integration-test
-integration-test: check-env
-	cargo fmt
+integration-test: format check-env
 	cargo test --tests
 
-# Clean up
-.PHONY: clean
-clean:
-	cargo clean
+# ==== Helper directives ====
+
+# Format codebase
+.PHONY: format
+format:
+	cargo fmt
+
+# Downloads and decodes the public key from KMS
+.PHONY: fetch-public-key
+PUBLIC_KEY_FILE_PATH = ./tests/data/pub-key
+PUBLIC_KEY_FILE_PEM = $(PUBLIC_KEY_FILE_PATH).pem
+PUBLIC_KEY_FILE_DER = $(PUBLIC_KEY_FILE_PATH).der
+fetch-public-key: check-env
+	@aws kms get-public-key \
+		--region $(AWS_REGION) \
+		--key-id $(KMS_KEY_ID) \
+		--output text \
+		--query PublicKey > $(PUBLIC_KEY_FILE_PEM) || \
+		(echo "Failed to fetch public key" && exit 1)
+	@cat $(PUBLIC_KEY_FILE_PEM) | base64 -d > $(PUBLIC_KEY_FILE_DER)
+	@echo "Public key saved to $(PUBLIC_KEY_FILE_PEM) and decoded to $(PUBLIC_KEY_FILE_DER)"
 
 # Check if the environment variables are set and STS token is valid
 .PHONY: check-env
@@ -59,4 +79,6 @@ ifndef AWS_REGION
 	$(error AWS_REGION is not set)
 endif
 	@aws --version &> /dev/null || (echo "AWS CLI not installed" && exit 1)
-	@aws sts get-caller-identity &> /dev/null || (echo "AWS CLI could not assume role. Did the token expire?" && exit 1)
+	@aws sts get-caller-identity &> /dev/null || \
+		(echo "AWS CLI could not assume role. Did the STS token expire?" && exit 1)
+	@echo "Environment variables are set and the STS token is valid"