-
Notifications
You must be signed in to change notification settings - Fork 103
251 lines (225 loc) · 11.1 KB
/
interop.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
name: Interoperability tests
on: [push, repository_dispatch]
jobs:
build-rage:
name: Build rage
runs-on: ubuntu-latest
steps:
- name: Create FiloSottile/age status
if: always() && github.event.action == 'age-interop-request'
run: |
curl -X POST https://api.github.com/repos/FiloSottile/age/statuses/${{ github.event.client_payload.sha }} \
-H 'Accept: application/vnd.github.everest-preview+json' \
-H 'Authorization: token ${{ secrets.AGE_STATUS_ACCESS_TOKEN }}' \
--data '{"state": "pending", "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "description": "In progress", "context": "Interoperability tests / Build rage"}'
- uses: actions/checkout@v4
- name: cargo build
run: cargo build --release --features unstable
working-directory: ./rage
- uses: actions/upload-artifact@v4
with:
name: rage
path: |
target/release/rage
target/release/rage-keygen
- name: Update FiloSottile/age status with result
if: always() && github.event.action == 'age-interop-request'
run: |
curl -X POST https://api.github.com/repos/FiloSottile/age/statuses/${{ github.event.client_payload.sha }} \
-H 'Accept: application/vnd.github.everest-preview+json' \
-H 'Authorization: token ${{ secrets.AGE_STATUS_ACCESS_TOKEN }}' \
--data '{"state": "${{ job.status }}", "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "description": "Finished", "context": "Interoperability tests / Build rage"}'
build-age:
name: Build age
runs-on: ubuntu-latest
steps:
- name: Create FiloSottile/age status
if: always() && github.event.action == 'age-interop-request'
run: |
curl -X POST https://api.github.com/repos/FiloSottile/age/statuses/${{ github.event.client_payload.sha }} \
-H 'Accept: application/vnd.github.everest-preview+json' \
-H 'Authorization: token ${{ secrets.AGE_STATUS_ACCESS_TOKEN }}' \
--data '{"state": "pending", "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "description": "In progress", "context": "Interoperability tests / Build age"}'
- name: Set up Go 1.19
uses: actions/setup-go@v5
with:
go-version: 1.19
id: go
- name: Use specified FiloSottile/age commit
if: github.event.action == 'age-interop-request'
run: echo "AGE_REF=${{ github.event.client_payload.sha }}" >> $GITHUB_ENV
- name: Use FiloSottile/age current main
if: github.event.action != 'age-interop-request'
run: echo "AGE_REF=refs/heads/main" >> $GITHUB_ENV
- name: Check out FiloSottile/age
uses: actions/checkout@v4
with:
repository: FiloSottile/age
ref: ${{ env.AGE_REF }}
path: go-age/age
- name: go build
run: |
cd $GITHUB_WORKSPACE/go-age/age
go build filippo.io/age/cmd/age
go build filippo.io/age/cmd/age-keygen
- uses: actions/upload-artifact@v4
with:
name: age
path: |
go-age/age/age
go-age/age/age-keygen
- name: Update FiloSottile/age status with result
if: always() && github.event.action == 'age-interop-request'
run: |
curl -X POST https://api.github.com/repos/FiloSottile/age/statuses/${{ github.event.client_payload.sha }} \
-H 'Accept: application/vnd.github.everest-preview+json' \
-H 'Authorization: token ${{ secrets.AGE_STATUS_ACCESS_TOKEN }}' \
--data '{"state": "${{ job.status }}", "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "description": "Finished", "context": "Interoperability tests / Build age"}'
test:
name: ${{ matrix.alice }} -> ${{ matrix.bob }} [${{ matrix.recipient }}]
runs-on: ubuntu-latest
needs: [build-rage, build-age]
strategy:
matrix:
alice: [rage, age]
bob: [rage, age]
recipient: [x25519, ssh-rsa, ssh-ed25519]
fail-fast: false
steps:
- name: Create FiloSottile/age status
if: always() && github.event.action == 'age-interop-request'
run: |
curl -X POST https://api.github.com/repos/FiloSottile/age/statuses/${{ github.event.client_payload.sha }} \
-H 'Accept: application/vnd.github.everest-preview+json' \
-H 'Authorization: token ${{ secrets.AGE_STATUS_ACCESS_TOKEN }}' \
--data '{"state": "pending", "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "description": "In progress", "context": "Interoperability tests / ${{ matrix.alice }} -> ${{ matrix.bob }} [${{ matrix.recipient }}]"}'
# Download the binaries to test
- uses: actions/download-artifact@v4
with:
name: rage
- uses: actions/download-artifact@v4
with:
name: age
- run: chmod +x rage
- run: chmod +x rage-keygen
- run: chmod +x age
- run: chmod +x age-keygen
# Prepare the test environment
- name: Install dos2unix for simulating Windows files
run: sudo apt update && sudo apt install dos2unix
- name: Write (very not private) age X25519 key
if: matrix.recipient == 'x25519'
run: echo "AGE-SECRET-KEY-1TRYTV7PQS5XPUYSTAQZCD7DQCWC7Q77YJD7UVFJRMW4J82Q6930QS70MRX" >key.txt
- name: Save the corresponding age x25519 recipient
if: matrix.recipient == 'x25519'
run: echo "age1y8m84r6pwd4da5d45zzk03rlgv2xr7fn9px80suw3psrahul44ashl0usm" >key.txt.pub
- name: Set the corresponding age x25519 recipient
if: matrix.recipient == 'x25519'
run: echo "AGE_PUBKEY=-r age1y8m84r6pwd4da5d45zzk03rlgv2xr7fn9px80suw3psrahul44ashl0usm" >> $GITHUB_ENV
- name: Generate an ssh-rsa key
if: matrix.recipient == 'ssh-rsa'
run: ssh-keygen -t rsa -N "" -f key.txt
- name: Generate an ssh-ed25519 key
if: matrix.recipient == 'ssh-ed25519'
run: ssh-keygen -t ed25519 -N "" -f key.txt
- name: Set the corresponding SSH recipient
if: matrix.recipient == 'ssh-rsa' || matrix.recipient == 'ssh-ed25519'
run: echo "AGE_PUBKEY=-R key.txt.pub" >> $GITHUB_ENV
- name: Store key.txt in case we need it
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_key.txt
path: key.txt
# Tests!
- name: Encrypt to file
run: echo "Test string" | ./${{ matrix.alice }} -o test.age $AGE_PUBKEY
- name: Decrypt from file
run: ./${{ matrix.bob }} -d -i key.txt test.age | grep -q "^Test string$"
- name: Store test.age
uses: actions/upload-artifact@v4
if: failure()
with:
name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test.age
path: test.age
- name: Generate a file to encrypt
run: echo "2 test 2 string" > test2.txt
- name: Encrypt to ASCII-armored file
run: ./${{ matrix.alice }} -a -o test2.age $AGE_PUBKEY test2.txt
- name: Decrypt from ASCII-armored file
run: ./${{ matrix.bob }} -d -i key.txt test2.age | grep -q "^2 test 2 string$"
- name: Store test2.age
uses: actions/upload-artifact@v4
if: failure()
with:
name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test2.age
path: test2.age
- name: Convert file to CRLF
run: unix2dos test2.age
- name: Decrypt from ASCII-armored CRLF file
run: ./${{ matrix.bob }} -d -i key.txt test2.age | grep -q "^2 test 2 string$"
- name: Store CRLF-ed test2.age
uses: actions/upload-artifact@v4
if: failure()
with:
name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test2.age
path: test2.age
- name: Pipes!
run: echo "Test string 3 - ASCII Drift" | ./${{ matrix.alice }} $AGE_PUBKEY | tee --output-error=warn test3.age | ./${{ matrix.bob }} -d -i key.txt | grep -q "^Test string 3 - ASCII Drift$"
- name: Store test3.age
uses: actions/upload-artifact@v4
if: failure()
with:
name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test3.age
path: test3.age
- name: Explicit stdout during encryption
run: ./${{ matrix.alice }} -a -o - $AGE_PUBKEY test2.txt >test4.age
- name: Explicit stdin during decryption
run: cat test4.age | ./${{ matrix.bob }} -d -i key.txt - | grep -q "^2 test 2 string$"
- name: Store test4.age
uses: actions/upload-artifact@v4
if: failure()
with:
name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test4.age
path: test4.age
- name: Generate a file to encrypt
run: echo "Test 5" > test5.txt
- name: Encrypt to identity in a named pipe
run: ./${{ matrix.alice }} -e -i <(cat key.txt) -o test5.age test5.txt
- name: Decrypt with identity in a named pipe
run: ./${{ matrix.bob }} -d -i <(cat key.txt) test5.age | grep -q "^Test 5$"
- name: Store test5.age
uses: actions/upload-artifact@v4
if: failure()
with:
name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test5.age
path: test5.age
- name: Encrypt to recipient in standard input
run: cat key.txt.pub | ./${{ matrix.alice }} -e -R - -o test6.age test5.txt
- name: Decrypt with identity in standard input
run: cat key.txt | ./${{ matrix.bob }} -d -i - test6.age | grep -q "^Test 5$"
- name: Store test6.age
uses: actions/upload-artifact@v4
if: failure()
with:
name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test6.age
path: test6.age
- name: Keygen prevents overwriting an existing file
run: |
touch do_not_overwrite_key.txt
if $(./${{ matrix.alice }}-keygen -o do_not_overwrite_key.txt); then
false
else
true
fi
- name: Keygen supports conversion from stdin
run: ./${{ matrix.alice }}-keygen | ./${{ matrix.bob }}-keygen -y
- name: Keygen supports conversion from file
if: matrix.recipient == 'x25519'
run: ./${{ matrix.alice }}-keygen -y key.txt
- name: Update FiloSottile/age status with result
if: always() && github.event.action == 'age-interop-request'
run: |
curl -X POST https://api.github.com/repos/FiloSottile/age/statuses/${{ github.event.client_payload.sha }} \
-H 'Accept: application/vnd.github.everest-preview+json' \
-H 'Authorization: token ${{ secrets.AGE_STATUS_ACCESS_TOKEN }}' \
--data '{"state": "${{ job.status }}", "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "description": "Finished", "context": "Interoperability tests / ${{ matrix.alice }} -> ${{ matrix.bob }} [${{ matrix.recipient }}]"}'