Bump github.com/aws/aws-sdk-go-v2/service/s3 in /go in the go group (… #771

Workflow file for this run

.github/workflows/integration.yml at 3b3eb37

	name: Integration Tests

	on:
	push:
	branches:
	- master
	- main
	pull_request:

	permissions:
	id-token: write
	contents: read

	# Cancel previous runs for PRs but not pushes to main
	concurrency:
	group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref \|\| github.sha }}
	cancel-in-progress: true

	jobs:
	build:
	runs-on: ubuntu-latest
	strategy:
	matrix:
	lang: [go, rust]
	defaults:
	run:
	working-directory: ${{matrix.lang}}
	steps:
	- uses: actions/checkout@v4

	- uses: dtolnay/rust-toolchain@stable
	if: ${{ matrix.lang == 'rust'}}

	- uses: Swatinem/[email protected]
	if: ${{ matrix.lang == 'rust'}}
	with:
	workspaces: ./rust -> target

	- uses: actions/setup-go@v5
	if: ${{ matrix.lang == 'go'}}
	with:
	go-version: ">=1.21.0"
	cache-dependency-path: go/go.sum

	- name: Run build script for compiled languages
	run: "./build.sh"

	- name: Upload built binaries
	uses: actions/upload-artifact@v4
	with:
	name: ${{matrix.lang}}
	path: ${{matrix.lang}}/vault

	tests:
	needs: build
	runs-on: ubuntu-latest
	env:
	# VAULT_STACK overwrites default 'vault' for vaults
	VAULT_STACK: nitor-vault-integration-testing
	# at the moment we store to the values to fixed keys so this needs to have limited concurrency
	concurrency: "integration-test"
	steps:
	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.AWS_CI_ROLE }}
	role-session-name: GitHubVaultIntegrationTests
	aws-region: eu-west-1

	- uses: actions/checkout@v4

	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	path: bin

	- uses: pnpm/action-setup@v4
	with:
	version: 9

	- uses: actions/setup-node@v4
	with:
	node-version: 20
	cache: "pnpm"
	cache-dependency-path: nodejs/pnpm-lock.yaml

	- name: Install zip
	run: \|
	sudo apt-get install zip unzip

	- name: build node vault
	run: pnpm install --frozen-lockfile && pnpm build
	working-directory: nodejs
	- uses: actions/setup-python@v5
	with:
	python-version: "3.12"
	cache: pip

	- name: install python vault
	run: python -m pip install .
	working-directory: python
	- name: add execute rights & run --version for all versions
	run: \|
	chmod +x bin/go/vault bin/rust/vault nodejs/dist/cli/vault.js
	vault --version
	bin/go/vault --version
	bin/rust/vault --version
	nodejs/dist/cli/vault.js --version

	- name: Store secret with Python
	run: vault -s 'secret-python' -v 'sha-${{github.sha}}' -w

	- name: Store secret with Go
	run: bin/go/vault -s 'secret-go' -v 'sha-${{github.sha}}' -w

	- name: Store secret with Rust
	run: bin/rust/vault -s 'secret-rust' -v 'sha-${{github.sha}}' -w

	- name: Store secret with Nodejs
	run: nodejs/dist/cli/vault.js s 'secret-nodejs' 'sha-${{github.sha}}' -w

	- name: Validate storing worked Python
	run: diff <(vault -l secret-python) <(echo -n sha-${{github.sha}})

	- name: Validate Go and Rust secret equality with Python
	run: diff <(vault -l secret-go) <(vault -l secret-rust)

	- name: Validate Python and Rust secret equality with Go and Nodejs
	run: diff <(bin/go/vault -l secret-rust) <(nodejs/dist/cli/vault.js l secret-python)

	- name: Validate Go and Python secret equality with Rust and Go
	run: diff <(bin/rust/vault -l secret-go) <(bin/go/vault -l secret-python)

	- name: Validate Python and Nodejs secret equality with Rust
	run: diff <(bin/rust/vault -l secret-python) <(bin/rust/vault -l secret-nodejs)

	- name: Validate Rust and Go secret equality with Nodejs
	run: diff <(bin/rust/vault -l secret-rust) <(nodejs/dist/cli/vault.js l secret-nodejs)

	- name: Delete secret with Python
	run: vault -d 'secret-python'

	- name: Delete secret with Go
	run: bin/go/vault -d 'secret-go'

	- name: Delete secret with Rust
	run: bin/rust/vault -d 'secret-rust'

	- name: Delete secret with Nodejs
	run: nodejs/dist/cli/vault.js d 'secret-nodejs'

	- name: Verify that keys have been deleted
	run: \|
	bin/rust/vault --exists secret-python \| grep -q "key 'secret-python' does not exist"
	bin/rust/vault --exists secret-go \| grep -q "key 'secret-go' does not exist"
	bin/rust/vault --exists secret-rust \| grep -q "key 'secret-rust' does not exist"
	bin/rust/vault --exists secret-nodejs \| grep -q "key 'secret-nodejs' does not exist"

	- name: Create dummy text file
	run: echo "Vault test ${{ github.sha }} ${{ github.ref_name }}" > test.txt

	- name: Zip the text file
	run: zip "secret-${{github.sha}}.zip" test.txt

	- name: Store zip file using Python vault
	run: vault --store --file "secret-${{github.sha}}.zip"

	- name: Lookup the stored zip file and write to output
	run: vault -l "secret-${{github.sha}}.zip" > output-python.zip

	- name: Extract the retrieved zip file
	run: unzip output-python.zip -d extracted-python

	- name: Verify the extracted file content
	run: diff extracted-python/test.txt test.txt

	- name: Delete secret with Python
	run: vault -d "secret-${{github.sha}}.zip"

	- name: Store zip file using Rust vault
	run: bin/rust/vault --store --file "secret-${{github.sha}}.zip"

	- name: Lookup the stored zip file and write to output
	run: bin/rust/vault -l "secret-${{github.sha}}.zip" > output-rust.zip

	- name: Extract the retrieved zip file
	run: unzip output-rust.zip -d extracted-rust

	- name: Verify the extracted file content
	run: diff extracted-rust/test.txt test.txt

	- name: Delete secret with Rust
	run: bin/rust/vault -d "secret-${{github.sha}}.zip"

	- name: Verify that keys have been deleted
	run: \|
	bin/rust/vault --exists secret-${{github.sha}}.zip \| grep -q "does not exist"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/aws/aws-sdk-go-v2/service/s3 in /go in the go group (… #771

Workflow file

Bump github.com/aws/aws-sdk-go-v2/service/s3 in /go in the go group (… #771

Jobs

Run details

Workflow file for this run