From 4c749feaf1a5eef8083280909ad7b2947af43c72 Mon Sep 17 00:00:00 2001 From: Floris van der Grinten Date: Wed, 19 May 2021 15:01:33 +0200 Subject: [PATCH] Add test workflow --- .github/workflows/test.yml | 77 +++++++++++++++++++++++++++++++ tests/fixtures/docker-compose.yml | 20 ++++++++ 2 files changed, 97 insertions(+) create mode 100644 .github/workflows/test.yml create mode 100644 tests/fixtures/docker-compose.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..a254ba8 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,77 @@ +on: push +name: Run acceptance tests + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Launch 1Password Connect instance + env: + OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} + run: | + echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json + docker-compose -f tests/fixtures/docker-compose.yml up -d && sleep 10 + - name: Load secrets + uses: ./ + env: + OP_CONNECT_HOST: http://localhost:8080 + OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }} + SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password + MULTILINE_SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/ghtz3jvcc6dqmzc53d3r3eskge/notesPlain + - name: Print environment variables with masked secrets + run: printenv + - name: Assert test secret values + env: + EXPECTED_SECRET: RGVhciBzZWN1cml0eSByZXNlYXJjaGVyLCB0aGlzIGlzIGp1c3QgYSBkdW1teSBzZWNyZXQuIFBsZWFzZSBkb24ndCByZXBvcnQgaXQu + EXPECTED_MULTILINE_SECRET: |- + -----BEGIN PRIVATE KEY----- + RGVhciBzZWN1cml0eSByZXNlYXJjaGVyLApXaGls + ZSB3ZSBkZWVwbHkgYXBwcmVjaWF0ZSB5b3VyIHZp + Z2lsYW5jZSBhbmQgZWZmb3J0cyB0byBtYWtlIHRo + ZSB3b3JsZCBtb3JlIHNlY3VyZSwgSSdtIGFmcmFp + ZCBJIG11c3QgdGVsbCB5b3UgdGhhdCB0aGlzIHZh + bHVlIGlzIG5vdCBhIGFjdHVhbCBwcml2YXRlIGtl + eS4gCkl0J3MgYSBqdXN0IGEgZHVtbXkgc2VjcmV0 + IHRoYXQgd2UgdXNlIHRvIHRlc3QgdmFyaW91cyAx + UGFzc3dvcmQgc2VjcmV0cyBpbnRlZ3JhdGlvbnMu + IApTbyBwbGVhc2UgZG9uJ3QgcmVwb3J0IGl0IQo= + -----END PRIVATE KEY----- + run: | + if [ "$SECRET" != "$EXPECTED_SECRET" ]; then + echo -e "Expected test SECRET to be set to:\n$EXPECTED_SECRET\nBut got:\n$SECRET" + exit 1 + fi + + if [ "$MULTILINE_SECRET" != "$EXPECTED_MULTILINE_SECRET" ]; then + echo -e "Expected MULTILINE_SECRET to be set to:\n$EXPECTED_MULTILINE_SECRET\nBut got:\n$MULTILINE_SECRET" + exit 1 + fi + - name: Remove secrets + uses: ./ + with: + unset-previous: true + - name: Print environment variables with secrets removed + run: printenv + - name: Assert removed secrets + run: | + if [ -n "$SECRET" ] || [ -n "$MULTILINE_SECRET" ]; then + echo "Expected secrets from 1Password to be unset" + exit 1 + fi + - name: Load secret again + uses: ./ + env: + OP_CONNECT_HOST: http://localhost:8080 + OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }} + SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password + - name: Print environment variables with masked secrets + run: printenv + - name: Assert test secret value + env: + EXPECTED_SECRET: RGVhciBzZWN1cml0eSByZXNlYXJjaGVyLCB0aGlzIGlzIGp1c3QgYSBkdW1teSBzZWNyZXQuIFBsZWFzZSBkb24ndCByZXBvcnQgaXQu + run: | + if [ "$SECRET" != "$EXPECTED_SECRET" ]; then + echo -e "Expected test SECRET to be set to:\n$EXPECTED_SECRET\nBut got:\n$SECRET" + exit 1 + fi diff --git a/tests/fixtures/docker-compose.yml b/tests/fixtures/docker-compose.yml new file mode 100644 index 0000000..cd2f518 --- /dev/null +++ b/tests/fixtures/docker-compose.yml @@ -0,0 +1,20 @@ +version: "3.4" + +services: + op-connect-api: + image: 1password/connect-api:latest + ports: + - "8080:8080" + volumes: + - "$PWD/1password-credentials.json:/home/opuser/.op/1password-credentials.json" + - "data:/home/opuser/.op/data" + op-connect-sync: + image: 1password/connect-sync:latest + ports: + - "8081:8080" + volumes: + - "$PWD/1password-credentials.json:/home/opuser/.op/1password-credentials.json" + - "data:/home/opuser/.op/data" + +volumes: + data: