vault-action/.github/workflows/build.yml

on:
  push:
    branches:
      - master
  pull_request:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v1
    - name: Use Node.js 10.x
      uses: actions/setup-node@v1
      with:
        node-version: 10.x
    - name: setup npm cache
      uses: actions/cache@v1
      with:
        path: ~/.npm
        key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
        restore-keys: |
          ${{ runner.os }}-node-          
    - name: npm install
      run: npm ci
    - name: npm build
      run: npm run build
    - name: npm run test
      run: npm run test

  integration:
    runs-on: ubuntu-latest

    services:
      vaultBasic:
        image: vault:1.2.3
        ports:
          - 8200/tcp
        env:
          VAULT_DEV_ROOT_TOKEN_ID: testtoken
        options: --cap-add=IPC_LOCK
      vaultEnterprise:
        image: hashicorp/vault-enterprise:1.3.0_ent
        ports:
          - 8200/tcp
        env:
          VAULT_DEV_ROOT_TOKEN_ID: testtoken
        options: --cap-add=IPC_LOCK

    steps:
      - uses: actions/checkout@v1
      - name: Use Node.js 10.x
        uses: actions/setup-node@v1
        with:
          node-version: 10.x
      - name: setup npm cache
        uses: actions/cache@v1
        with:
          path: ~/.npm
          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
          restore-keys: |
            ${{ runner.os }}-node-            
      - name: npm install
        run: npm ci
      - name: npm build
        run: npm run build
      - name: npm run test:integration:basic
        run: npm run test:integration:basic
        env:
          VAULT_HOST: localhost
          VAULT_PORT: ${{ job.services.vaultBasic.ports[8200] }}
          CI: true
      - name: npm run test:integration:enterprise
        run: npm run test:integration:enterprise
        env:
          VAULT_HOST: localhost
          VAULT_PORT: ${{ job.services.vaultEnterprise.ports[8200] }}
          CI: true

  e2e:
    runs-on: ubuntu-latest

    services:
      vault:
        image: vault:1.3.0
        ports:
          - 8200/tcp
        env:
          VAULT_DEV_ROOT_TOKEN_ID: testtoken
        options: --cap-add=IPC_LOCK

    steps:
    - uses: actions/checkout@v1
    - name: Use Node.js 10.x
      uses: actions/setup-node@v1
      with:
        node-version: 10.x
    - name: setup npm cache
      uses: actions/cache@v1
      with:
        path: ~/.npm
        key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
        restore-keys: |
          ${{ runner.os }}-node-          
    - name: npm install
      run: npm ci
    - name: npm build
      run: npm run build
    - name: setup vault
      run: node ./integrationTests/e2e/setup.js
      env:
        VAULT_HOST: localhost
        VAULT_PORT: ${{ job.services.vault.ports[8200] }}
    - name: use vault action (default K/V version 2)
      uses: ./
      id: kv-secrets
      with:
        url: http://localhost:${{ job.services.vault.ports[8200] }}
        token: testtoken
        secrets: |
          test secret ;
          test secret | NAMED_SECRET ;
          nested/test otherSecret ;          
    - name: use vault action (custom K/V version 1)
      uses: ./
      with:
        url: http://localhost:${{ job.services.vault.ports[8200] }}
        token: testtoken
        path: my-secret
        kv-version: 1
        secrets: |
          test altSecret ;
          test altSecret | NAMED_ALTSECRET ;
          nested/test otherAltSecret ;          
    - name: use vault action (using cubbyhole engine)
      uses: ./
      with:
        url: http://localhost:${{ job.services.vault.ports[8200] }}
        token: testtoken
        secrets: |
          /cubbyhole/test foo ;
          /cubbyhole/test zip | NAMED_CUBBYSECRET ;          
    - name: verify
      run: npm run test:e2e
      env:
        OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }}

  publish:
    if: github.event_name	== 'push' && contains(github.ref, 'master')
    runs-on: ubuntu-latest
    needs: [build, integration, e2e]
    steps:
    - uses: actions/checkout@v1
    - name: Use Node.js 10.x
      uses: actions/setup-node@v1
      with:
        node-version: 10.x
    - name: setup npm cache
      uses: actions/cache@v1
      with:
        path: ~/.npm
        key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
        restore-keys: |
          ${{ runner.os }}-node-          
    - name: npm install
      run: npm ci
    - name: release
      if: success() && endsWith(github.ref, 'master')
      run: npx semantic-release
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}