fix: Use reusable start-additional-kas workflow #763
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Checks" | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| merge_group: | |
| branches: | |
| - main | |
| types: | |
| - checks_requested | |
| permissions: | |
| contents: read | |
| jobs: | |
| pr: | |
| name: Validate PR title | |
| if: contains(fromJSON('["pull_request", "pull_request_target"]'), github.event_name) | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| pull-requests: read | |
| steps: | |
| - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| mavenverify: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - uses: bufbuild/buf-setup-action@2211e06e8cf26d628cda2eea15c95f8c42b080b3 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up JDK | |
| uses: actions/setup-java@5896cecc08fd8a1fbdfaf517e29b571164b031f7 | |
| with: | |
| java-version: "11" | |
| distribution: "adopt" | |
| server-id: github | |
| - name: Maven Verify | |
| run: mvn --batch-mode verify | |
| env: | |
| BUF_INPUT_HTTPS_USERNAME: opentdf-bot | |
| BUF_INPUT_HTTPS_PASSWORD: ${{ secrets.PERSONAL_ACCESS_TOKEN_OPENTDF }} | |
| sonarcloud: | |
| name: SonarCloud Scan | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| with: | |
| fetch-depth: 0 | |
| - uses: bufbuild/buf-setup-action@2211e06e8cf26d628cda2eea15c95f8c42b080b3 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up JDK | |
| uses: actions/setup-java@5896cecc08fd8a1fbdfaf517e29b571164b031f7 | |
| with: | |
| java-version: "17" | |
| distribution: "temurin" | |
| server-id: github | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar | |
| restore-keys: ${{ runner.os }}-sonar | |
| - name: Cache Maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-m2 | |
| - name: Maven Test Coverage | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| BUF_INPUT_HTTPS_USERNAME: opentdf-bot | |
| BUF_INPUT_HTTPS_PASSWORD: ${{ secrets.PERSONAL_ACCESS_TOKEN_OPENTDF }} | |
| run: mvn --batch-mode clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=opentdf_java-sdk -P coverage | |
| platform-integration: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout Java SDK | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - uses: bufbuild/buf-setup-action@2211e06e8cf26d628cda2eea15c95f8c42b080b3 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up JDK | |
| uses: actions/setup-java@5896cecc08fd8a1fbdfaf517e29b571164b031f7 | |
| with: | |
| java-version: "11" | |
| distribution: "adopt" | |
| server-id: github | |
| - name: Build java SDK | |
| run: | | |
| mvn --batch-mode clean install -DskipTests | |
| env: | |
| BUF_INPUT_HTTPS_USERNAME: opentdf-bot | |
| BUF_INPUT_HTTPS_PASSWORD: ${{ secrets.PERSONAL_ACCESS_TOKEN_OPENTDF }} | |
| - name: Check out and start up platform with deps/containers | |
| id: run-platform | |
| uses: opentdf/platform/test/start-up-with-containers@main | |
| with: | |
| platform-ref: main | |
| - name: Get grpcurl | |
| run: go install github.com/fullstorydev/grpcurl/cmd/[email protected] | |
| - name: Make sure that the platform is up | |
| run: | | |
| grpcurl -plaintext localhost:8080 list && \ | |
| grpcurl -plaintext localhost:8080 kas.AccessService/PublicKey | |
| - name: Validate the SDK through the command line interface | |
| run: | | |
| printf 'here is some data to encrypt' > data | |
| java -jar target/cmdline.jar \ | |
| --client-id=opentdf-sdk \ | |
| --client-secret=secret \ | |
| --platform-endpoint=localhost:8080 \ | |
| -h\ | |
| encrypt --kas-url=localhost:8080 --mime-type=text/plain --attr https://example.com/attr/attr1/value/value1 --autoconfigure=false -f data -m 'here is some metadata' > test.tdf | |
| java -jar target/cmdline.jar \ | |
| --client-id=opentdf-sdk \ | |
| --client-secret=secret \ | |
| --platform-endpoint=localhost:8080 \ | |
| -h\ | |
| decrypt -f test.tdf > decrypted | |
| java -jar target/cmdline.jar \ | |
| --client-id=opentdf-sdk \ | |
| --client-secret=secret \ | |
| --platform-endpoint=localhost:8080 \ | |
| -h\ | |
| metadata -f test.tdf > metadata | |
| if ! diff -q data decrypted; then | |
| printf 'decrypted data is incorrect [%s]' "$(< decrypted)" | |
| exit 1 | |
| fi | |
| if [ "$(< metadata)" != 'here is some metadata' ]; then | |
| printf 'metadata is incorrect [%s]\n' "$(< metadata)" | |
| exit 1 | |
| fi | |
| working-directory: cmdline | |
| - name: Encrypt/Decrypt NanoTDF | |
| run: | | |
| echo 'here is some data to encrypt' > data | |
| java -jar target/cmdline.jar \ | |
| --client-id=opentdf-sdk \ | |
| --client-secret=secret \ | |
| --platform-endpoint=localhost:8080 \ | |
| -h\ | |
| encryptnano --kas-url=http://localhost:8080 --attr https://example.com/attr/attr1/value/value1 -f data -m 'here is some metadata' > nano.ntdf | |
| java -jar target/cmdline.jar \ | |
| --client-id=opentdf-sdk \ | |
| --client-secret=secret \ | |
| --platform-endpoint=localhost:8080 \ | |
| -h\ | |
| decryptnano -f nano.ntdf > decrypted | |
| if ! diff -q data decrypted; then | |
| printf 'decrypted data is incorrect [%s]' "$(< decrypted)" | |
| exit 1 | |
| fi | |
| working-directory: cmdline | |
| - name: Start additional kas | |
| uses: opentdf/platform/test/start-additional-kas@main | |
| with: | |
| kas-port: 8282 | |
| kas-name: beta | |
| - name: Make sure that the second platform is up | |
| run: | | |
| grpcurl -plaintext localhost:8282 kas.AccessService/PublicKey | |
| - name: Validate multikas through the command line interface | |
| run: | | |
| printf 'here is some data to encrypt' > data | |
| java -jar target/cmdline.jar \ | |
| --client-id=opentdf-sdk \ | |
| --client-secret=secret \ | |
| --platform-endpoint=localhost:8080 \ | |
| -h\ | |
| encrypt --kas-url=localhost:8080,localhost:8282 -f data -m 'here is some metadata' > test.tdf | |
| java -jar target/cmdline.jar \ | |
| --client-id=opentdf-sdk \ | |
| --client-secret=secret \ | |
| --platform-endpoint=localhost:8080 \ | |
| -h\ | |
| decrypt -f test.tdf > decrypted | |
| java -jar target/cmdline.jar \ | |
| --client-id=opentdf-sdk \ | |
| --client-secret=secret \ | |
| --platform-endpoint=localhost:8080 \ | |
| -h\ | |
| metadata -f test.tdf > metadata | |
| if ! diff -q data decrypted; then | |
| printf 'decrypted data is incorrect [%s]' "$(< decrypted)" | |
| exit 1 | |
| fi | |
| if [ "$(< metadata)" != 'here is some metadata' ]; then | |
| printf 'metadata is incorrect [%s]\n' "$(< metadata)" | |
| exit 1 | |
| fi | |
| working-directory: cmdline | |
| platform-xtest: | |
| permissions: | |
| contents: read | |
| packages: read | |
| needs: platform-integration | |
| uses: opentdf/tests/.github/workflows/xtest.yml@main | |
| with: | |
| java-ref: ${{ github.ref }} | |
| ci: | |
| needs: | |
| - platform-integration | |
| - platform-xtest | |
| - mavenverify | |
| - sonarcloud | |
| - pr | |
| runs-on: ubuntu-latest | |
| if: always() | |
| steps: | |
| - if: contains(needs.*.result, 'failure') | |
| run: echo "Failed due to ${{ contains(needs.*.result, 'failure') }}" && exit 1 |