IronCoreLabs · giarc3 · Dec 12, 2025 · Dec 11, 2025 · Dec 11, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,7 +10,6 @@ on:
 jobs:
   build_and_test:
     runs-on: ubuntu-22.04
-    needs: get_refs
     steps:
       - uses: actions/checkout@v6
       - name: set up jdk 17
@@ -29,13 +28,6 @@ jobs:
         run: test-suites/unitTest.sh
       - name: local install
         run: mvn install -DskipTests=true -Dgpg.skip=true -Dmaven.javadoc.skip=true -B -V
-      - name: clone the tsp
-        uses: actions/checkout@v6
-        with:
-          repository: IronCoreLabs/tenant-security-proxy
-          ref: ${{ needs.get_refs.outputs.tenant-security-proxy }}
-          path: tenant-security-proxy
-          token: ${{ secrets.WORKFLOW_PAT }}
       - name: cache cargo registry
         uses: actions/cache@v4
         with:
@@ -44,93 +36,18 @@ jobs:
             ~/.cargo/registry
             ~/.cargo/git
             target
-      - name: Decrypt TSP integration keys
-        uses: IronCoreLabs/ironhide-actions/decrypt@v3
-        with:
-          keys: ${{ secrets.IRONHIDE_KEYS }}
-          input: tenant-security-proxy/.env.integration.iron
-      - name: install zmq
-        run: sudo apt update && sudo apt install -y --no-install-recommends libzmq3-dev
-      - name: integration test
-        run: |
-          cd tenant-security-proxy
-          cargo build --release
-          env $(cat .env.integration) cargo run --release &
-          timeout 700 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:9000/ready)" =~ ''[01346-9][0-9][0-9]'' ]]; do sleep 5; done' || false
-          env $(cat .env.integration) ../test-suites/integrationTest.sh
-
-  # Look for a comment telling us what refs to use from the other repos we depend on.
-  # To add additional repositories, add them to "outputs" and to the "Setup list of required repos" step.
-  get_refs:
-    # Only run if it's on a PR.
-    if: github.base_ref != ''
-    runs-on: ubuntu-22.04
-    outputs:
-      tenant-security-proxy: ${{ steps.get_refs.outputs.tenant-security-proxy }}
-    steps:
-      - name: Setup list of required repos
+      - name: Save TSP env.integration to a file
         run: |
-          echo tenant-security-proxy >> repos
-      - name: Get PR number
-        id: get_pr
-        run: |
-          PR=$(jq -r .pull_request.number "${GITHUB_EVENT_PATH}")
-          echo "PR is ${PR}"
-          # Sanity check that ${PR} is a number.
-          test "${PR}" -ge 0
-          echo "pr=${PR}" >> "$GITHUB_OUTPUT"
-      - name: Find Comment
-        uses: peter-evans/find-comment@v4
-        id: find_comment
+          cat > .env.integration <<EOF
+          ${{ secrets.TSP_ENV_INTEGRATION }}
+          EOF
+      - name: Start the TSP
+        uses: IronCoreLabs/workflows/.github/actions/start-tsp@start-tsp-v1
         with:
-          issue-number: ${{ steps.get_pr.outputs.pr }}
-          body-includes: CI_branches
-      - name: Parse refs
-        if: steps.find_comment.outputs.comment-id != 0
-        id: get_refs
-        env:
-          COMMENT_BODY: ${{ steps.find_comment.outputs.comment-body }}
-        run: |
-          # Extract the JSON part of the comment into a file.
-          echo "${COMMENT_BODY}" | tr '\n' ' ' | sed -e 's,^[^{]*,,' -e 's,[^}]*$,,' > refs.json
-          echo "Got JSON:"
-          cat refs.json && echo ""
-
-          # Sanity check that all repos in the JSON comment are ones that we know about.
-          jq -r 'keys[]' < refs.json > extra_repos
-          for REPO in $(cat repos) ; do
-            grep -v "^${REPO}\$" < extra_repos > temp || true
-            mv temp extra_repos
-          done
-          if [ -s extra_repos ] ; then
-            echo "Unrecognized repositories:"
-            cat extra_repos
-            exit 1
-          fi
-
-          # Emit an output variable for each repo.
-          for REPO in $(cat repos) ; do
-            REF=$(jq -r '.["'"${REPO}"'"]' < refs.json)
-            if [ "${REF}" = "null" ] ; then
-              REF="main"
-            fi
-            echo "${REPO}: ${REF}"
-            echo "${REPO}=${REF}" >> "$GITHUB_OUTPUT"
-          done
-      - name: Post a reaction (parsed your comment)
-        if: steps.get_refs.outcome == 'success'
-        uses: peter-evans/create-or-update-comment@v5
-        with:
-          issue-number: ${{ steps.get_pr.outputs.pr }}
-          comment-id: ${{ steps.find_comment.outputs.comment-id }}
-          reactions: eyes
-      - name: Post a reaction (unparsed comment)
-        if: steps.get_refs.outcome == 'failure'
-        uses: peter-evans/create-or-update-comment@v5
-        with:
-          issue-number: ${{ steps.get_pr.outputs.pr }}
-          comment-id: ${{ steps.find_comment.outputs.comment-id }}
-          reactions: confused
+          gcloud-auth: ${{ secrets.GCLOUD_AUTH }}
+          env-file-path: .env.integration
+      - name: integration test
+        run: env $(cat .env.integration) ./test-suites/integrationTest.sh
 
   build_examples:
     runs-on: ubuntu-22.04