actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-12 09:13:50 +00:00
Code Activity Actions
vault-action/.github/workflows/build.yml
JM Faircloth cec0b7b1f0 update build on directive
2023-06-26 15:33:01 -05:00

329 lines
9.3 KiB
YAML
Raw Blame History

on:
push:
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
ref: ${{ github.ref }}
- uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: '16.14.0'
- name: Setup NPM Cache
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: NPM Install
run: npm ci
- name: NPM Build
run: npm run build
- name: NPM Run Test
run: npm run test
integrationOSS:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
ref: ${{ github.ref }}
- name: Run docker-compose
run: docker-compose up -d vault
- uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: '16.14.0'
- name: Setup NPM Cache
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: NPM Install
run: npm ci
- name: NPM Build
run: npm run build
- name: NPM Run test;integration:basic
run: npm run test:integration:basic
env:
VAULT_HOST: localhost
VAULT_PORT: 8200
CI: true
integrationEnterprise:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
ref: ${{ github.ref }}
- name: Run docker-compose
run: docker-compose up -d vault-enterprise
env:
VAULT_LICENSE_CI: ${{ secrets.VAULT_LICENSE_CI }}
- uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: '16.14.0'
- name: Setup NPM Cache
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: NPM Install
run: npm ci
- name: NPM Build
run: npm run build
- name: NPM Run test:integration:enterprise
run: npm run test:integration:enterprise
env:
VAULT_HOST: localhost
VAULT_PORT: 8200
CI: true
e2e:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
ref: ${{ github.ref }}
- name: Run docker-compose
run: docker-compose up -d vault
- uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: '16.14.0'
- name: Setup NPM Cache
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: NPM Install
run: npm ci
- name: NPM Build
run: npm run build
- name: Setup Vault
run: node ./integrationTests/e2e/setup.js
env:
VAULT_HOST: localhost
VAULT_PORT: 8200
- name: Import Secrets
id: import-secrets
uses: ./
with:
url: http://localhost:8200
token: testtoken
secrets: |
secret/data/test-json-string-multiline jsonStringMultiline;
- name: Check Secrets
run: |
echo "${{ steps.import-secrets.outputs.jsonStringMultiline }}" > multiline.json
- name: Check json file format
run: |
echo "multiline:"
cat multiline.json
jq -c . < multiline.json
# - name: Test Vault Action (default KV V2)
# uses: ./
# id: kv-secrets
# with:
# url: http://localhost:8200
# token: testtoken
# secrets: |
# secret/data/test secret ;
# secret/data/test secret | NAMED_SECRET ;
# secret/data/nested/test otherSecret ;
# - name: Test Vault Action (default KV V1)
# uses: ./
# with:
# url: http://localhost:8200
# token: testtoken
# secrets: |
# my-secret/test altSecret ;
# my-secret/test altSecret | NAMED_ALTSECRET ;
# my-secret/nested/test otherAltSecret ;
# - name: Test Vault Action (cubbyhole)
# uses: ./
# with:
# url: http://localhost:8200
# token: testtoken
# secrets: |
# /cubbyhole/test foo ;
# /cubbyhole/test zip | NAMED_CUBBYSECRET ;
# - name: Verify Vault Action Outputs
# run: npm run test:integration:e2e
# env:
# OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }}
# - name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 1/2)
# uses: ./
# with:
# url: http://localhost:8200/
# token: testtoken
# secrets: |
# secret/data/test secret | SUBSEQUENT_TEST_SECRET;
# - name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 2/2)
# uses: ./
# with:
# url: http://localhost:8200/
# token: testtoken
# secrets: |
# secret/data/subsequent-test secret | SUBSEQUENT_TEST_SECRET;
# e2e-tls:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# with:
# ref: ${{ github.ref }}
# - name: Run docker-compose
# run: docker-compose up -d vault-tls
# - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
# with:
# node-version: '16.14.0'
# - name: Setup NPM Cache
# uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
# with:
# path: ~/.npm
# key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
# restore-keys: |
# ${{ runner.os }}-node-
# - name: NPM Install
# run: npm ci
# - name: NPM Build
# run: npm run build
# - name: Setup Vault
# run: node ./integrationTests/e2e-tls/setup.js
# env:
# VAULT_HOST: localhost
# VAULT_PORT: 8200
# VAULTCA: ${{ secrets.VAULTCA }}
# VAULT_CLIENT_CERT: ${{ secrets.VAULT_CLIENT_CERT }}
# VAULT_CLIENT_KEY: ${{ secrets.VAULT_CLIENT_KEY }}
# - name: Test Vault Action (default KV V2)
# uses: ./
# id: kv-secrets
# with:
# url: https://localhost:8200
# token: ${{ env.VAULT_TOKEN }}
# caCertificate: ${{ secrets.VAULTCA }}
# clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
# clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
# secrets: |
# secret/data/test secret ;
# secret/data/test secret | NAMED_SECRET ;
# secret/data/nested/test otherSecret ;
# - name: Test Vault Action (tlsSkipVerify)
# uses: ./
# with:
# url: https://localhost:8200
# token: ${{ env.VAULT_TOKEN }}
# tlsSkipVerify: true
# clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
# clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
# secrets: |
# secret/data/tlsSkipVerify skip ;
# - name: Test Vault Action (default KV V1)
# uses: ./
# with:
# url: https://localhost:8200
# token: ${{ env.VAULT_TOKEN }}
# caCertificate: ${{ secrets.VAULTCA }}
# clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
# clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
# secrets: |
# my-secret/test altSecret ;
# my-secret/test altSecret | NAMED_ALTSECRET ;
# my-secret/nested/test otherAltSecret ;
# - name: Test Vault Action (cubbyhole)
# uses: ./
# with:
# url: https://localhost:8200
# token: ${{ env.VAULT_TOKEN }}
# secrets: |
# /cubbyhole/test foo ;
# /cubbyhole/test zip | NAMED_CUBBYSECRET ;
# caCertificate: ${{ secrets.VAULTCA }}
# clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
# clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
# - name: Verify Vault Action Outputs
# run: npm run test:integration:e2e-tls
# env:
# OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }}
# Removing publish step for now.
# publish:
# if: github.event_name == 'push' && contains(github.ref, 'main')
# runs-on: ubuntu-latest
# needs: [build, integration, e2e]
# steps:
# - uses: actions/checkout@v1
# - uses: actions/setup-node@v3
# with:
# node-version: '16.14.0'
# - name: setup npm cache
# uses: actions/cache@v1
# with:
# path: ~/.npm
# key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
# restore-keys: |
# ${{ runner.os }}-node-
# - name: npm install
# run: npm ci
# - name: release
# if: success() && endsWith(github.ref, 'main')
# run: npx semantic-release
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
View git blame Copy permalink