From e23df52c69e1a4b993b030a082f1fa314ac85c7e Mon Sep 17 00:00:00 2001 From: Eddy Filip Date: Mon, 10 Apr 2023 16:10:52 +0200 Subject: [PATCH 1/5] Update checkout version --- .github/workflows/test.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 695d547..9306aed 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -5,7 +5,7 @@ jobs: use-connect-without-export-env: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Launch 1Password Connect instance env: OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} @@ -35,7 +35,7 @@ jobs: use-connect-with-export-env: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Launch 1Password Connect instance env: OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} @@ -65,7 +65,7 @@ jobs: use-connect-with-references-with-id: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Launch 1Password Connect instance env: OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} @@ -95,7 +95,7 @@ jobs: use-service-account-without-export-env: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Load secrets id: load_secrets uses: ./ # 1password/load-secrets-action@ @@ -115,7 +115,7 @@ jobs: use-service-account-with-export-env: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Load secrets id: load_secrets uses: ./ # 1password/load-secrets-action@ @@ -129,7 +129,7 @@ jobs: use-service-account-with-references-with-id: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Load secrets id: load_secrets uses: ./ # 1password/load-secrets-action@ @@ -149,7 +149,7 @@ jobs: run-on-macos-12: runs-on: macos-12 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Load secrets id: load_secrets uses: ./ # 1password/load-secrets-action@ From 0b706bbe431a4936d1326a808d6c1706692c881a Mon Sep 17 00:00:00 2001 From: Eddy Filip Date: Mon, 10 Apr 2023 16:12:29 +0200 Subject: [PATCH 2/5] Add os matrix for tests --- .github/workflows/test.yml | 50 ++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 26 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9306aed..be324c0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -3,7 +3,10 @@ name: Run acceptance tests jobs: use-connect-without-export-env: - runs-on: ubuntu-latest + strategy: + matrix: + os: [ ubuntu-latest, macos-latest ] + runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 - name: Launch 1Password Connect instance @@ -33,7 +36,10 @@ jobs: MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }} run: ./tests/assert-env-set.sh use-connect-with-export-env: - runs-on: ubuntu-latest + strategy: + matrix: + os: [ ubuntu-latest, macos-latest ] + runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 - name: Launch 1Password Connect instance @@ -63,7 +69,10 @@ jobs: - name: Assert removed secrets run: ./tests/assert-env-unset.sh use-connect-with-references-with-id: - runs-on: ubuntu-latest + strategy: + matrix: + os: [ ubuntu-latest, macos-latest ] + runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 - name: Launch 1Password Connect instance @@ -93,7 +102,10 @@ jobs: MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }} run: ./tests/assert-env-set.sh use-service-account-without-export-env: - runs-on: ubuntu-latest + strategy: + matrix: + os: [ ubuntu-latest, macos-latest ] + runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 - name: Load secrets @@ -113,7 +125,10 @@ jobs: MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }} run: ./tests/assert-env-set.sh use-service-account-with-export-env: - runs-on: ubuntu-latest + strategy: + matrix: + os: [ ubuntu-latest, macos-latest ] + runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 - name: Load secrets @@ -127,7 +142,10 @@ jobs: - name: Assert test secret values run: ./tests/assert-env-set.sh use-service-account-with-references-with-id: - runs-on: ubuntu-latest + strategy: + matrix: + os: [ ubuntu-latest, macos-latest ] + runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 - name: Load secrets @@ -146,23 +164,3 @@ jobs: SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }} MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }} run: ./tests/assert-env-set.sh - run-on-macos-12: - runs-on: macos-12 - steps: - - uses: actions/checkout@v3 - - name: Load secrets - id: load_secrets - uses: ./ # 1password/load-secrets-action@ - with: - export-env: false - env: - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - SECRET: op://acceptance-tests/test-secret/password - SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password - MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain - - name: Assert test secret values - env: - SECRET: ${{ steps.load_secrets.outputs.SECRET }} - SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }} - MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }} - run: ./tests/assert-env-set.sh From 2e386ac3047996dddd86304ba6f8cd05427c5c3d Mon Sep 17 00:00:00 2001 From: Eddy Filip Date: Mon, 10 Apr 2023 16:37:39 +0200 Subject: [PATCH 3/5] Try an authentication matrix --- .github/workflows/test.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index be324c0..b5d6227 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -2,20 +2,28 @@ on: push name: Run acceptance tests jobs: - use-connect-without-export-env: + test-with-output-secrets: strategy: matrix: os: [ ubuntu-latest, macos-latest ] + auth: [ connnect, service-account ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 - name: Launch 1Password Connect instance + if: ${{ matrix.auth == 'connect' }} env: OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} run: | echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json docker-compose -f tests/fixtures/docker-compose.yml up -d && sleep 10 + - name: Configure Service account + if: ${{ matrix.auth == 'service-account' }} + uses: ./configure + with: + service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - name: Configure 1Password Connect + if: ${{ matrix.auth == 'connect' }} uses: ./configure # 1password/load-secrets-action/configure@ with: connect-host: localhost:8080 From 1ec261f63f73f8f78f8b4abc539d47768495aead Mon Sep 17 00:00:00 2001 From: Eddy Filip Date: Mon, 10 Apr 2023 16:46:08 +0200 Subject: [PATCH 4/5] exclude macos runners for Connect tests --- .github/workflows/test.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b5d6227..05f9de4 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -6,7 +6,10 @@ jobs: strategy: matrix: os: [ ubuntu-latest, macos-latest ] - auth: [ connnect, service-account ] + auth: [ connect, service-account ] + exclude: + - os: macos-latest + auth: connect runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 @@ -46,7 +49,7 @@ jobs: use-connect-with-export-env: strategy: matrix: - os: [ ubuntu-latest, macos-latest ] + os: [ ubuntu-latest ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 @@ -79,7 +82,7 @@ jobs: use-connect-with-references-with-id: strategy: matrix: - os: [ ubuntu-latest, macos-latest ] + os: [ ubuntu-latest ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 From 9bb44334eb1783a814c48f91d3d643f7c31d3ed2 Mon Sep 17 00:00:00 2001 From: Eddy Filip Date: Mon, 10 Apr 2023 16:52:51 +0200 Subject: [PATCH 5/5] Compress tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since we use matrices now for os and authentication type, we’ve optimized the yaml file to have only 3 jobs, each one making 3 separate piepeline tests (2 for service accounts, 1 for Connect) --- .github/workflows/test.yml | 93 +++++++++++--------------------------- 1 file changed, 26 insertions(+), 67 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 05f9de4..a92e835 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -46,20 +46,31 @@ jobs: SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }} MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }} run: ./tests/assert-env-set.sh - use-connect-with-export-env: + test-with-export-env: strategy: matrix: - os: [ ubuntu-latest ] + os: [ ubuntu-latest, macos-latest ] + auth: [ connect, service-account ] + exclude: + - os: macos-latest + auth: connect runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 - name: Launch 1Password Connect instance + if: ${{ matrix.auth == 'connect' }} env: OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} run: | echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json docker-compose -f tests/fixtures/docker-compose.yml up -d && sleep 10 + - name: Configure Service account + if: ${{ matrix.auth == 'service-account' }} + uses: ./configure + with: + service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - name: Configure 1Password Connect + if: ${{ matrix.auth == 'connect' }} uses: ./configure # 1password/load-secrets-action/configure@ with: connect-host: http://localhost:8080 @@ -79,20 +90,31 @@ jobs: unset-previous: true - name: Assert removed secrets run: ./tests/assert-env-unset.sh - use-connect-with-references-with-id: + test-references-with-ids: strategy: matrix: - os: [ ubuntu-latest ] + os: [ ubuntu-latest, macos-latest ] + auth: [ connect, service-account ] + exclude: + - os: macos-latest + auth: connect runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 - name: Launch 1Password Connect instance + if: ${{ matrix.auth == 'connect' }} env: OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} run: | echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json docker-compose -f tests/fixtures/docker-compose.yml up -d && sleep 10 + - name: Configure Service account + if: ${{ matrix.auth == 'service-account' }} + uses: ./configure + with: + service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - name: Configure 1Password Connect + if: ${{ matrix.auth == 'connect' }} uses: ./configure # 1password/load-secrets-action/configure@ with: connect-host: http://localhost:8080 @@ -112,66 +134,3 @@ jobs: SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }} MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }} run: ./tests/assert-env-set.sh - use-service-account-without-export-env: - strategy: - matrix: - os: [ ubuntu-latest, macos-latest ] - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@v3 - - name: Load secrets - id: load_secrets - uses: ./ # 1password/load-secrets-action@ - with: - export-env: false - env: - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - SECRET: op://acceptance-tests/test-secret/password - SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password - MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain - - name: Assert test secret values - env: - SECRET: ${{ steps.load_secrets.outputs.SECRET }} - SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }} - MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }} - run: ./tests/assert-env-set.sh - use-service-account-with-export-env: - strategy: - matrix: - os: [ ubuntu-latest, macos-latest ] - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@v3 - - name: Load secrets - id: load_secrets - uses: ./ # 1password/load-secrets-action@ - env: - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - SECRET: op://acceptance-tests/test-secret/password - SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password - MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain - - name: Assert test secret values - run: ./tests/assert-env-set.sh - use-service-account-with-references-with-id: - strategy: - matrix: - os: [ ubuntu-latest, macos-latest ] - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@v3 - - name: Load secrets - id: load_secrets - uses: ./ # 1password/load-secrets-action@ - with: - export-env: false - env: - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password - SECRET_IN_SECTION: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/Section_tco6nsqycj6jcbyx63h5isxcny/doxu3mhkozcznnk5vjrkpdqayy - MULTILINE_SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/ghtz3jvcc6dqmzc53d3r3eskge/notesPlain - - name: Assert test secret values - env: - SECRET: ${{ steps.load_secrets.outputs.SECRET }} - SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }} - MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }} - run: ./tests/assert-env-set.sh