on: push: branches: - main pull_request_target: types: [opened, reopened, synchronize] workflow_dispatch: jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - uses: actions/setup-node@v3 with: node-version: '16.14.0' - name: Setup NPM Cache uses: actions/cache@v1 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-node- - name: NPM Install run: npm ci - name: NPM Build run: npm run build - name: NPM Run Test run: npm run test integrationOSS: runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - name: Run docker-compose run: docker-compose up -d vault - uses: actions/setup-node@v3 with: node-version: '16.14.0' - name: Setup NPM Cache uses: actions/cache@v1 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-node- - name: NPM Install run: npm ci - name: NPM Build run: npm run build - name: NPM Run test;integration:basic run: npm run test:integration:basic env: VAULT_HOST: localhost VAULT_PORT: 8200 CI: true integrationEnterprise: runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - name: Run docker-compose run: docker-compose up -d vault-enterprise env: VAULT_LICENSE_CI: ${{ secrets.VAULT_LICENSE_CI }} - uses: actions/setup-node@v3 with: node-version: '16.14.0' - name: Setup NPM Cache uses: actions/cache@v1 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-node- - name: NPM Install run: npm ci - name: NPM Build run: npm run build - name: NPM Run test:integration:enterprise run: npm run test:integration:enterprise env: VAULT_HOST: localhost VAULT_PORT: 8200 CI: true e2e: runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - name: Run docker-compose run: docker-compose up -d vault - uses: actions/setup-node@v3 with: node-version: '16.14.0' - name: Setup NPM Cache uses: actions/cache@v1 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-node- - name: NPM Install run: npm ci - name: NPM Build run: npm run build - name: Setup Vault run: node ./integrationTests/e2e/setup.js env: VAULT_HOST: localhost VAULT_PORT: 8200 - name: Test Vault Action (default KV V2) uses: ./ id: kv-secrets with: url: http://localhost:8200 token: testtoken secrets: | secret/data/test secret ; secret/data/test secret | NAMED_SECRET ; secret/data/nested/test otherSecret ; - name: Test Vault Action (default KV V1) uses: ./ with: url: http://localhost:8200 token: testtoken secrets: | my-secret/test altSecret ; my-secret/test altSecret | NAMED_ALTSECRET ; my-secret/nested/test otherAltSecret ; - name: Test Vault Action (cubbyhole) uses: ./ with: url: http://localhost:8200 token: testtoken secrets: | /cubbyhole/test foo ; /cubbyhole/test zip | NAMED_CUBBYSECRET ; - name: Verify Vault Action Outputs run: npm run test:e2e env: OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }} e2e-tls: runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - name: Run docker-compose run: docker-compose up -d vault-tls - uses: actions/setup-node@v3 with: node-version: '16.14.0' - name: Setup NPM Cache uses: actions/cache@v1 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-node- - name: NPM Install run: npm ci - name: NPM Build run: npm run build - name: Setup Vault run: node ./integrationTests/e2e-tls/setup.js env: VAULT_HOST: localhost VAULT_PORT: 8200 VAULTCA: ${{ secrets.VAULTCA }} VAULT_CLIENT_CERT: ${{ secrets.VAULT_CLIENT_CERT }} VAULT_CLIENT_KEY: ${{ secrets.VAULT_CLIENT_KEY }} - name: Test Vault Action (default KV V2) uses: ./ id: kv-secrets with: url: https://localhost:8200 token: ${{ env.VAULT_TOKEN }} caCertificate: ${{ secrets.VAULTCA }} clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }} clientKey: ${{ secrets.VAULT_CLIENT_KEY }} secrets: | secret/data/test secret ; secret/data/test secret | NAMED_SECRET ; secret/data/nested/test otherSecret ; - name: Test Vault Action (tlsSkipVerify) uses: ./ with: url: https://localhost:8200 token: ${{ env.VAULT_TOKEN }} tlsSkipVerify: true clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }} clientKey: ${{ secrets.VAULT_CLIENT_KEY }} secrets: | secret/data/tlsSkipVerify skip ; - name: Test Vault Action (default KV V1) uses: ./ with: url: https://localhost:8200 token: ${{ env.VAULT_TOKEN }} caCertificate: ${{ secrets.VAULTCA }} clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }} clientKey: ${{ secrets.VAULT_CLIENT_KEY }} secrets: | my-secret/test altSecret ; my-secret/test altSecret | NAMED_ALTSECRET ; my-secret/nested/test otherAltSecret ; - name: Test Vault Action (cubbyhole) uses: ./ with: url: https://localhost:8200 token: ${{ env.VAULT_TOKEN }} secrets: | /cubbyhole/test foo ; /cubbyhole/test zip | NAMED_CUBBYSECRET ; caCertificate: ${{ secrets.VAULTCA }} clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }} clientKey: ${{ secrets.VAULT_CLIENT_KEY }} - name: Verify Vault Action Outputs run: npm run test:e2e-tls env: OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }} # Removing publish step for now. # publish: # if: github.event_name == 'push' && contains(github.ref, 'main') # runs-on: ubuntu-latest # needs: [build, integration, e2e] # steps: # - uses: actions/checkout@v1 # - uses: actions/setup-node@v3 # with: # node-version: '16.14.0' # - name: setup npm cache # uses: actions/cache@v1 # with: # path: ~/.npm # key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} # restore-keys: | # ${{ runner.os }}-node- # - name: npm install # run: npm ci # - name: release # if: success() && endsWith(github.ref, 'main') # run: npx semantic-release # env: # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # NPM_TOKEN: ${{ secrets.NPM_TOKEN }}