diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9d42dc9..bd113b9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,7 +10,6 @@ on: jobs: build_and_test: runs-on: ubuntu-22.04 - needs: get_refs steps: - uses: actions/checkout@v6 - name: set up jdk 17 @@ -29,13 +28,6 @@ jobs: run: test-suites/unitTest.sh - name: local install run: mvn install -DskipTests=true -Dgpg.skip=true -Dmaven.javadoc.skip=true -B -V - - name: clone the tsp - uses: actions/checkout@v6 - with: - repository: IronCoreLabs/tenant-security-proxy - ref: ${{ needs.get_refs.outputs.tenant-security-proxy }} - path: tenant-security-proxy - token: ${{ secrets.WORKFLOW_PAT }} - name: cache cargo registry uses: actions/cache@v4 with: @@ -44,93 +36,18 @@ jobs: ~/.cargo/registry ~/.cargo/git target - - name: Decrypt TSP integration keys - uses: IronCoreLabs/ironhide-actions/decrypt@v3 - with: - keys: ${{ secrets.IRONHIDE_KEYS }} - input: tenant-security-proxy/.env.integration.iron - - name: install zmq - run: sudo apt update && sudo apt install -y --no-install-recommends libzmq3-dev - - name: integration test - run: | - cd tenant-security-proxy - cargo build --release - env $(cat .env.integration) cargo run --release & - timeout 700 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:9000/ready)" =~ ''[01346-9][0-9][0-9]'' ]]; do sleep 5; done' || false - env $(cat .env.integration) ../test-suites/integrationTest.sh - - # Look for a comment telling us what refs to use from the other repos we depend on. - # To add additional repositories, add them to "outputs" and to the "Setup list of required repos" step. - get_refs: - # Only run if it's on a PR. - if: github.base_ref != '' - runs-on: ubuntu-22.04 - outputs: - tenant-security-proxy: ${{ steps.get_refs.outputs.tenant-security-proxy }} - steps: - - name: Setup list of required repos + - name: Save TSP env.integration to a file run: | - echo tenant-security-proxy >> repos - - name: Get PR number - id: get_pr - run: | - PR=$(jq -r .pull_request.number "${GITHUB_EVENT_PATH}") - echo "PR is ${PR}" - # Sanity check that ${PR} is a number. - test "${PR}" -ge 0 - echo "pr=${PR}" >> "$GITHUB_OUTPUT" - - name: Find Comment - uses: peter-evans/find-comment@v4 - id: find_comment + cat > .env.integration < refs.json - echo "Got JSON:" - cat refs.json && echo "" - - # Sanity check that all repos in the JSON comment are ones that we know about. - jq -r 'keys[]' < refs.json > extra_repos - for REPO in $(cat repos) ; do - grep -v "^${REPO}\$" < extra_repos > temp || true - mv temp extra_repos - done - if [ -s extra_repos ] ; then - echo "Unrecognized repositories:" - cat extra_repos - exit 1 - fi - - # Emit an output variable for each repo. - for REPO in $(cat repos) ; do - REF=$(jq -r '.["'"${REPO}"'"]' < refs.json) - if [ "${REF}" = "null" ] ; then - REF="main" - fi - echo "${REPO}: ${REF}" - echo "${REPO}=${REF}" >> "$GITHUB_OUTPUT" - done - - name: Post a reaction (parsed your comment) - if: steps.get_refs.outcome == 'success' - uses: peter-evans/create-or-update-comment@v5 - with: - issue-number: ${{ steps.get_pr.outputs.pr }} - comment-id: ${{ steps.find_comment.outputs.comment-id }} - reactions: eyes - - name: Post a reaction (unparsed comment) - if: steps.get_refs.outcome == 'failure' - uses: peter-evans/create-or-update-comment@v5 - with: - issue-number: ${{ steps.get_pr.outputs.pr }} - comment-id: ${{ steps.find_comment.outputs.comment-id }} - reactions: confused + gcloud-auth: ${{ secrets.GCLOUD_AUTH }} + env-file-path: .env.integration + - name: integration test + run: env $(cat .env.integration) ./test-suites/integrationTest.sh build_examples: runs-on: ubuntu-22.04