mirror of
https://github.com/hashicorp/vault-action.git
synced 2025-11-07 07:06:56 +00:00
9866ce3e18
* chore(deps): bump jsonata from 2.0.2 to 2.0.3 Bumps [jsonata](https://github.com/jsonata-js/jsonata) from 2.0.2 to 2.0.3. - [Release notes](https://github.com/jsonata-js/jsonata/releases) - [Changelog](https://github.com/jsonata-js/jsonata/blob/master/CHANGELOG.md) - [Commits](https://github.com/jsonata-js/jsonata/compare/v2.0.2...v2.0.3) --- updated-dependencies: - dependency-name: jsonata dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: maxcoulombe <max.coulombe@hashicorp.com>
299 lines
7.4 KiB
YAML
299 lines
7.4 KiB
YAML
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
pull_request_target:
|
|
types: [opened, reopened, synchronize]
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
ref: ${{ github.ref }}
|
|
|
|
- uses: actions/setup-node@v3
|
|
with:
|
|
node-version: '16.14.0'
|
|
|
|
- name: Setup NPM Cache
|
|
uses: actions/cache@v1
|
|
with:
|
|
path: ~/.npm
|
|
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-node-
|
|
|
|
- name: NPM Install
|
|
run: npm ci
|
|
|
|
- name: NPM Build
|
|
run: npm run build
|
|
|
|
- name: NPM Run Test
|
|
run: npm run test
|
|
|
|
integrationOSS:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
ref: ${{ github.ref }}
|
|
|
|
- name: Run docker-compose
|
|
run: docker-compose up -d vault
|
|
|
|
- uses: actions/setup-node@v3
|
|
with:
|
|
node-version: '16.14.0'
|
|
|
|
- name: Setup NPM Cache
|
|
uses: actions/cache@v1
|
|
with:
|
|
path: ~/.npm
|
|
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-node-
|
|
|
|
- name: NPM Install
|
|
run: npm ci
|
|
|
|
- name: NPM Build
|
|
run: npm run build
|
|
|
|
- name: NPM Run test;integration:basic
|
|
run: npm run test:integration:basic
|
|
env:
|
|
VAULT_HOST: localhost
|
|
VAULT_PORT: 8200
|
|
CI: true
|
|
|
|
integrationEnterprise:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
ref: ${{ github.ref }}
|
|
|
|
- name: Run docker-compose
|
|
run: docker-compose up -d vault-enterprise
|
|
env:
|
|
VAULT_LICENSE_CI: ${{ secrets.VAULT_LICENSE_CI }}
|
|
|
|
- uses: actions/setup-node@v3
|
|
with:
|
|
node-version: '16.14.0'
|
|
|
|
- name: Setup NPM Cache
|
|
uses: actions/cache@v1
|
|
with:
|
|
path: ~/.npm
|
|
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-node-
|
|
|
|
- name: NPM Install
|
|
run: npm ci
|
|
|
|
- name: NPM Build
|
|
run: npm run build
|
|
|
|
- name: NPM Run test:integration:enterprise
|
|
run: npm run test:integration:enterprise
|
|
env:
|
|
VAULT_HOST: localhost
|
|
VAULT_PORT: 8200
|
|
CI: true
|
|
|
|
e2e:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
ref: ${{ github.ref }}
|
|
|
|
- name: Run docker-compose
|
|
run: docker-compose up -d vault
|
|
|
|
- uses: actions/setup-node@v3
|
|
with:
|
|
node-version: '16.14.0'
|
|
|
|
- name: Setup NPM Cache
|
|
uses: actions/cache@v1
|
|
with:
|
|
path: ~/.npm
|
|
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-node-
|
|
|
|
- name: NPM Install
|
|
run: npm ci
|
|
|
|
- name: NPM Build
|
|
run: npm run build
|
|
|
|
- name: Setup Vault
|
|
run: node ./integrationTests/e2e/setup.js
|
|
env:
|
|
VAULT_HOST: localhost
|
|
VAULT_PORT: 8200
|
|
|
|
- name: Test Vault Action (default KV V2)
|
|
uses: ./
|
|
id: kv-secrets
|
|
with:
|
|
url: http://localhost:8200
|
|
token: testtoken
|
|
secrets: |
|
|
secret/data/test secret ;
|
|
secret/data/test secret | NAMED_SECRET ;
|
|
secret/data/nested/test otherSecret ;
|
|
|
|
- name: Test Vault Action (default KV V1)
|
|
uses: ./
|
|
with:
|
|
url: http://localhost:8200
|
|
token: testtoken
|
|
secrets: |
|
|
my-secret/test altSecret ;
|
|
my-secret/test altSecret | NAMED_ALTSECRET ;
|
|
my-secret/nested/test otherAltSecret ;
|
|
|
|
- name: Test Vault Action (cubbyhole)
|
|
uses: ./
|
|
with:
|
|
url: http://localhost:8200
|
|
token: testtoken
|
|
secrets: |
|
|
/cubbyhole/test foo ;
|
|
/cubbyhole/test zip | NAMED_CUBBYSECRET ;
|
|
|
|
- name: Verify Vault Action Outputs
|
|
run: npm run test:integration:e2e
|
|
env:
|
|
OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }}
|
|
|
|
e2e-tls:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
ref: ${{ github.ref }}
|
|
|
|
- name: Run docker-compose
|
|
run: docker-compose up -d vault-tls
|
|
|
|
- uses: actions/setup-node@v3
|
|
with:
|
|
node-version: '16.14.0'
|
|
|
|
- name: Setup NPM Cache
|
|
uses: actions/cache@v1
|
|
with:
|
|
path: ~/.npm
|
|
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-node-
|
|
|
|
- name: NPM Install
|
|
run: npm ci
|
|
|
|
- name: NPM Build
|
|
run: npm run build
|
|
|
|
- name: Setup Vault
|
|
run: node ./integrationTests/e2e-tls/setup.js
|
|
env:
|
|
VAULT_HOST: localhost
|
|
VAULT_PORT: 8200
|
|
VAULTCA: ${{ secrets.VAULTCA }}
|
|
VAULT_CLIENT_CERT: ${{ secrets.VAULT_CLIENT_CERT }}
|
|
VAULT_CLIENT_KEY: ${{ secrets.VAULT_CLIENT_KEY }}
|
|
|
|
- name: Test Vault Action (default KV V2)
|
|
uses: ./
|
|
id: kv-secrets
|
|
with:
|
|
url: https://localhost:8200
|
|
token: ${{ env.VAULT_TOKEN }}
|
|
caCertificate: ${{ secrets.VAULTCA }}
|
|
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
|
|
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
|
|
secrets: |
|
|
secret/data/test secret ;
|
|
secret/data/test secret | NAMED_SECRET ;
|
|
secret/data/nested/test otherSecret ;
|
|
|
|
- name: Test Vault Action (tlsSkipVerify)
|
|
uses: ./
|
|
with:
|
|
url: https://localhost:8200
|
|
token: ${{ env.VAULT_TOKEN }}
|
|
tlsSkipVerify: true
|
|
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
|
|
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
|
|
secrets: |
|
|
secret/data/tlsSkipVerify skip ;
|
|
|
|
- name: Test Vault Action (default KV V1)
|
|
uses: ./
|
|
with:
|
|
url: https://localhost:8200
|
|
token: ${{ env.VAULT_TOKEN }}
|
|
caCertificate: ${{ secrets.VAULTCA }}
|
|
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
|
|
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
|
|
secrets: |
|
|
my-secret/test altSecret ;
|
|
my-secret/test altSecret | NAMED_ALTSECRET ;
|
|
my-secret/nested/test otherAltSecret ;
|
|
|
|
- name: Test Vault Action (cubbyhole)
|
|
uses: ./
|
|
with:
|
|
url: https://localhost:8200
|
|
token: ${{ env.VAULT_TOKEN }}
|
|
secrets: |
|
|
/cubbyhole/test foo ;
|
|
/cubbyhole/test zip | NAMED_CUBBYSECRET ;
|
|
caCertificate: ${{ secrets.VAULTCA }}
|
|
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
|
|
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
|
|
|
|
- name: Verify Vault Action Outputs
|
|
run: npm run test:integration:e2e-tls
|
|
env:
|
|
OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }}
|
|
|
|
# Removing publish step for now.
|
|
# publish:
|
|
# if: github.event_name == 'push' && contains(github.ref, 'main')
|
|
# runs-on: ubuntu-latest
|
|
# needs: [build, integration, e2e]
|
|
# steps:
|
|
# - uses: actions/checkout@v1
|
|
# - uses: actions/setup-node@v3
|
|
# with:
|
|
# node-version: '16.14.0'
|
|
# - name: setup npm cache
|
|
# uses: actions/cache@v1
|
|
# with:
|
|
# path: ~/.npm
|
|
# key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
|
|
# restore-keys: |
|
|
# ${{ runner.os }}-node-
|
|
# - name: npm install
|
|
# run: npm ci
|
|
# - name: release
|
|
# if: success() && endsWith(github.ref, 'main')
|
|
# run: npx semantic-release
|
|
# env:
|
|
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
# NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
|