Bump idna from 3.6 to 3.7 in /python #393
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Integration Tests | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - main | |
| pull_request: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| # Cancel previous runs for PRs but not pushes to main | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }} | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| lang: [go, rust] | |
| defaults: | |
| run: | |
| working-directory: ${{matrix.lang}} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| if: ${{ matrix.lang == 'rust'}} | |
| - uses: Swatinem/[email protected] | |
| if: ${{ matrix.lang == 'rust'}} | |
| with: | |
| workspaces: ./rust -> target | |
| - uses: actions/setup-go@v5 | |
| if: ${{ matrix.lang == 'go'}} | |
| with: | |
| go-version: ">=1.21.0" | |
| cache-dependency-path: go/go.sum | |
| - name: Run build script for compiled languages | |
| run: "./build.sh" | |
| - name: Upload built binaries | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{matrix.lang}} | |
| path: ${{matrix.lang}}/vault | |
| tests: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| env: | |
| # VAULT_STACK overwrites default 'vault' for vaults | |
| VAULT_STACK: nitor-vault-integration-testing | |
| # at the moment we store to the values to fixed keys so this needs to have limited concurrency | |
| concurrency: "integration-test" | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_CI_ROLE }} | |
| role-session-name: GitHubVaultIntegrationTests | |
| aws-region: eu-west-1 | |
| - uses: actions/checkout@v4 | |
| - name: Download reports' artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: bin | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| cache: pip | |
| - name: install python vault | |
| run: python -m pip install . | |
| working-directory: python | |
| - name: add execute rights & run --version for all versions | |
| run: | | |
| chmod +x bin/go/vault bin/rust/vault | |
| vault --version | |
| bin/go/vault --version | |
| bin/rust/vault --version | |
| - name: store secret with python | |
| run: vault -s 'secret-python' -v 'sha-${{github.sha}}' -w | |
| - name: store secret with go | |
| run: bin/go/vault -s 'secret-go' -v 'sha-${{github.sha}}' -w | |
| - name: store secret with rust | |
| run: bin/rust/vault -s 'secret-rust' -v 'sha-${{github.sha}}' -w | |
| - name: validate storing worked fine python | |
| run: diff <(vault -l secret-python) <(echo -n sha-${{github.sha}}) | |
| - name: validate go and rust secret equality with python | |
| run: diff <(vault -l secret-go) <(vault -l secret-rust) | |
| - name: validate python and rust secret equality with go | |
| run: diff <(bin/go/vault -l secret-rust) <(bin/go/vault -l secret-python) | |
| - name: validate go and python secret equality with rust | |
| run: diff <(bin/rust/vault -l secret-go) <(bin/rust/vault -l secret-python) | |
| - name: delete secret with python | |
| run: vault -d 'secret-python' | |
| - name: delete secret with go | |
| run: bin/go/vault -d 'secret-go' | |
| - name: delete secret with rust | |
| run: bin/rust/vault -d 'secret-rust' | |
| - name: verify that keys have been deleted | |
| run: | | |
| bin/rust/vault --exists secret-python | grep doesn\'t | |
| bin/rust/vault --exists secret-go | grep doesn\'t | |
| bin/rust/vault --exists secret-rust | grep doesn\'t |