-
Notifications
You must be signed in to change notification settings - Fork 0
158 lines (152 loc) · 5.37 KB
/
go-ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
name: Go CI
"on":
push:
branches:
- main
pull_request: null
workflow_dispatch: null
schedule:
- cron: "0 14 * * 1" # Mondays at 2pm UTC
jobs:
test:
needs: get_refs
strategy:
matrix:
go-version: [1.19.x, 1.20.x]
os:
- ubuntu-22.04
- macos-12
# - windows-2022 Can't install libzmq.
runs-on: ${{ matrix.os }}
steps:
- uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
- uses: actions/checkout@v4
- name: clone the tsp
uses: actions/checkout@v4
with:
repository: IronCoreLabs/tenant-security-proxy
ref: ${{ needs.get_refs.outputs.tenant-security-proxy }}
path: tenant-security-proxy
token: ${{ secrets.WORKFLOW_PAT }}
- uses: actions/cache@v4
with:
# In order:
# * Module download cache
# * Build cache (Linux)
# * Build cache (Mac)
# * Build cache (Windows)
# * Cargo registry
# * Cargo packages
# * TSP build
path: |
~/go/pkg/mod
~/.cache/go-build
~/Library/Caches/go-build
~\AppData\Local\go-build
~/.cargo/registry
~/.cargo/git
tenant-security-proxy/target
key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-${{ matrix.go-version }}-
- name: Decrypt TSC integration keys
uses: IronCoreLabs/ironhide-actions/decrypt@v3
with:
keys: ${{ secrets.IRONHIDE_KEYS }}
input: .env.integration.iron
- name: install zmq (linux)
if: ${{ runner.os == 'Linux' }}
run: sudo apt update && sudo apt install -y --no-install-recommends libzmq3-dev
- name: install zmq (mac)
if: ${{ runner.os == 'macOS' }}
run: brew install zmq coreutils
- name: Build TSP
working-directory: tenant-security-proxy
run: cargo build --release
- name: Run tests
run: |
cd tenant-security-proxy && env $(cat ../.env.integration) cargo run --release &
timeout 700 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:9000/ready)" =~ ''[01346-9][0-9][0-9]'' ]]; do sleep 5; done' || false
env $(cat .env.integration) go test ./... -v
lint:
runs-on: ubuntu-22.04
steps:
- uses: actions/setup-go@v5
with:
go-version: 1.20.x
- uses: actions/checkout@v4
- uses: golangci/golangci-lint-action@v6
with:
version: v1.53
# Look for a comment telling us what refs to use from the other repos we depend on.
# To add additional repositories, add them to "outputs" and to the "Setup list of required repos" step.
get_refs:
# Only run if it's on a PR.
if: github.base_ref != ''
runs-on: ubuntu-22.04
outputs:
tenant-security-proxy: ${{ steps.get_refs.outputs.tenant-security-proxy }}
steps:
- name: Setup list of required repos
run: |
echo tenant-security-proxy >> repos
- name: Get PR number
id: get_pr
run: |
PR=$(jq -r .pull_request.number "${GITHUB_EVENT_PATH}")
echo "PR is ${PR}"
# Sanity check that ${PR} is a number.
test "${PR}" -ge 0
echo "pr=${PR}" >> "$GITHUB_OUTPUT"
- name: Find Comment
uses: peter-evans/find-comment@v3
id: find_comment
with:
issue-number: ${{ steps.get_pr.outputs.pr }}
body-includes: CI_branches
- name: Parse refs
if: steps.find_comment.outputs.comment-id != 0
id: get_refs
env:
COMMENT_BODY: ${{ steps.find_comment.outputs.comment-body }}
run: |
# Extract the JSON part of the comment into a file.
echo "${COMMENT_BODY}" | tr '\n' ' ' | sed -e 's,^[^{]*,,' -e 's,[^}]*$,,' > refs.json
echo "Got JSON:"
cat refs.json && echo ""
# Sanity check that all repos in the JSON comment are ones that we know about.
jq -r 'keys[]' < refs.json > extra_repos
for REPO in $(cat repos) ; do
grep -v "^${REPO}\$" < extra_repos > temp || true
mv temp extra_repos
done
if [ -s extra_repos ] ; then
echo "Unrecognized repositories:"
cat extra_repos
exit 1
fi
# Emit an output variable for each repo.
for REPO in $(cat repos) ; do
REF=$(jq -r '.["'"${REPO}"'"]' < refs.json)
if [ "${REF}" = "null" ] ; then
REF="main"
fi
echo "${REPO}: ${REF}"
echo "${REPO}=${REF}" >> "$GITHUB_OUTPUT"
done
- name: Post a reaction (parsed your comment)
if: steps.get_refs.outcome == 'success'
uses: peter-evans/create-or-update-comment@v4
with:
issue-number: ${{ steps.get_pr.outputs.pr }}
comment-id: ${{ steps.find_comment.outputs.comment-id }}
reactions: eyes
- name: Post a reaction (unparsed comment)
if: steps.get_refs.outcome == 'failure'
uses: peter-evans/create-or-update-comment@v4
with:
issue-number: ${{ steps.get_pr.outputs.pr }}
comment-id: ${{ steps.find_comment.outputs.comment-id }}
reactions: confused