-
Notifications
You must be signed in to change notification settings - Fork 542
234 lines (227 loc) · 8.26 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
name: Build
on:
push:
paths-ignore:
- 'website/**'
- 'CHANGELOG.md'
workflow_dispatch:
permissions:
# Permission for checking out code
contents: read
jobs:
go-version:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.go-version.outputs.version }}
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- id: go-version
run: echo "version=$(cat .go-version)" >> "$GITHUB_OUTPUT"
build:
needs: [go-version]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: '.go-version'
cache: false
# setup-terraform is used to install the Terraform CLI. If we don't do
# this then the terraform-plugin-sdk will attempt to download it for each test!
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: '1.7.*'
terraform_wrapper: false
- name: Cache go build
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.cache/go-build
~/go/pkg/mod
~/Library/Caches/go-build
key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-golang-
- name: Build
run: |
make build
- name: Run unit tests
# here to short-circuit the acceptance tests, in the case of a failure.
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
run: |
make test
acceptance:
needs: [go-version, build]
runs-on: custom-linux-large
strategy:
fail-fast: false
matrix:
image:
- "vault-enterprise:1.14.13-ent"
- "vault-enterprise:1.15.16-ent"
- "vault-enterprise:1.16.11-ent"
- "vault-enterprise:1.17.7-ent"
- "vault-enterprise:1.18.0-ent"
- "vault:latest"
services:
vault:
image: hashicorp/${{ matrix.image }}
env:
VAULT_DEV_ROOT_TOKEN_ID: root
VAULT_LICENSE: ${{ secrets.VAULT_LICENSE }}
VAULT_AUTH_CONFIG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VAULT_LOCAL_CONFIG: |
{"plugin_directory": "/vault/plugins"}
options: >-
--health-cmd "VAULT_ADDR=http://127.0.0.1:8200 vault status"
--health-interval 1s
--health-timeout 5s
--health-retries 5
ports:
- 8200:8200
volumes:
- ${{ github.workspace }}:/vault/plugins
mysql:
image: docker.mirror.hashicorp.services/mysql:latest
env:
MYSQL_ROOT_PASSWORD: mysql
ports:
- 3306:3306
mssql:
image: mcr.microsoft.com/mssql/server:2017-latest-ubuntu
env:
ACCEPT_EULA: Y
SA_PASSWORD: ${{ secrets.MSSQL_SA_PASSWORD }}
ports:
- 1433:1433
mongo:
image: docker.mirror.hashicorp.services/mongo:latest
env:
MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD: mongodb
MONGO_INITDB_DATABASE: admin
ports:
- 27017:27017
postgres:
image: docker.mirror.hashicorp.services/postgres:latest
env:
POSTGRES_PASSWORD: secret
POSTGRES_DB: database
ports:
- 5432:5432
couchbase:
image: docker.io/couchbase/server-sandbox:7.1.1
ports:
- 8091:8091
- 8092:8092
- 8093:8093
- 8094:8094
- 11207:11207
- 11210:11210
- 18091:18091
- 18092:18092
- 18093:18093
- 18094:18094
options: >-
--health-cmd "curl -f http://Administrator:[email protected]:8091/sampleBuckets"
--health-interval 1s
--health-timeout 5s
--health-retries 60
consul:
image: docker.mirror.hashicorp.services/hashicorp/consul:latest
env:
CONSUL_LOCAL_CONFIG: "{\"acl\":{\"enabled\":true}}"
ports:
- 8500:8500
- 8600:8600
options: >-
--health-cmd "curl -f 'http://127.0.0.1:8500/v1/health/node/server-1'"
--health-interval 1s
--health-timeout 5s
--health-retries 5
openldap:
image: docker.io/bitnami/openldap:2.6
ports:
- 1389:1389
- 1636:1636
env:
LDAP_ADMIN_USERNAME: "admin"
LDAP_ADMIN_PASSWORD: "adminpassword"
LDAP_USERS: "alice,bob,foo"
LDAP_PASSWORDS: "password1,password2,password3"
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: '.go-version'
cache: false
# setup-terraform is used to install the Terraform CLI. If we don't do
# this then the terraform-plugin-sdk will attempt to download it for each test!
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: '1.7.*'
terraform_wrapper: false
- name: Check Terraform CLI version
run: terraform --version
- name: Download external plugin
id: plugin
env:
PLUGIN: "vault-plugin-auth-jwt"
VERSION: "0.17.0"
run: |
ZIP="${PLUGIN}_${VERSION}_linux_amd64.zip"
SHA256SUMS="${PLUGIN}_${VERSION}_SHA256SUMS"
curl -sO "https://releases.hashicorp.com/${PLUGIN}/${VERSION}/{${ZIP},${SHA256SUMS}}"
shasum -a 256 -c "${PLUGIN}_${VERSION}_SHA256SUMS" --ignore-missing
unzip "${ZIP}"; rm "${ZIP}" "${SHA256SUMS}"
echo "command=${PLUGIN}" >> "${GITHUB_OUTPUT}"
- name: Cache go build
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.cache/go-build
~/go/pkg/mod
~/Library/Caches/go-build
key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-golang-
- name: Acceptance Tests
env:
VAULT_TOKEN: "root"
VAULT_ADDR: "http://localhost:8200"
# RUNS_IN_CONTAINER is false if not using jobs.<job_id>.container
RUNS_IN_CONTAINER: "false"
MYSQL_URL: "root:mysql@tcp(mysql:3306)/"
MYSQL_CONNECTION_URL: "{{username}}:{{password}}@tcp(mysql:3306)/"
MYSQL_CONNECTION_USERNAME: "root"
MYSQL_CONNECTION_PASSWORD: "mysql"
MONGODB_URL: "mongodb://root:mongodb@mongo:27017/admin?ssl=false"
MSSQL_URL: "sqlserver://sa:${{ secrets.MSSQL_SA_PASSWORD }}@mssql:1433"
# POSTGRES_URL is the standard root conn URL for Vault
POSTGRES_URL: "postgres://postgres:secret@postgres:5432/database?sslmode=disable"
# POSTGRES_URL_TEST is used by the TFVP test to connect directly to
# the postgres container. Note: the host is "localhost" because the
# TFVP tests do not run in the same docker network.
POSTGRES_URL_TEST: "postgres://postgres:secret@localhost:5432/database?sslmode=disable"
# POSTGRES_URL_ROOTLESS is used by Vault to connect to the postgres container.
POSTGRES_URL_ROOTLESS: "postgres://{{username}}:{{password}}@postgres:5432/database?sslmode=disable"
COUCHBASE_HOST: couchbase
COUCHBASE_USERNAME: Administrator
COUCHBASE_PASSWORD: password
CONSUL_HTTP_ADDR: "consul:8500"
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
LDAP_BINDDN: "cn=admin,dc=example,dc=org"
LDAP_BINDPASS: "adminpassword"
LDAP_URL: "ldap://openldap:1389"
VAULT_PLUGIN_COMMAND: ${{ steps.plugin.outputs.command }}
run: |
if [[ ${{ matrix.image }} =~ "-ent" ]]; then
target="testacc-ent"
else
target="testacc"
fi
make $target TESTARGS='-test.v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true SKIP_VAULT_NEXT_TESTS=true TF_ACC_K8S_SKIP_IN_CLUSTER=true
- name: "Generate Vault API Path Coverage Report"
run: |
go run cmd/coverage/main.go -openapi-doc=./testdata/openapi.json