From a525a84c53a4700e294a18c917c296a57c929736 Mon Sep 17 00:00:00 2001 From: Eduard Filip Date: Mon, 3 Mar 2025 14:49:37 +0100 Subject: [PATCH] Refactor acceptance tests (#99) This workflow is the acceptance tests executed based on the following inputs: - secret references - whether the secrets are provided as a step output or environment variables. --- .github/workflows/acceptance-test.yml | 76 +++++++++++++ .github/workflows/test.yml | 151 ++++---------------------- 2 files changed, 97 insertions(+), 130 deletions(-) create mode 100644 .github/workflows/acceptance-test.yml diff --git a/.github/workflows/acceptance-test.yml b/.github/workflows/acceptance-test.yml new file mode 100644 index 0000000..ae1e0c0 --- /dev/null +++ b/.github/workflows/acceptance-test.yml @@ -0,0 +1,76 @@ +name: Acceptance test + +on: + workflow_call: + inputs: + secret: + required: true + type: string + secret-in-section: + required: true + type: string + multiline-secret: + required: true + type: string + export-env: + required: true + type: boolean + +jobs: + acceptance-test: + strategy: + matrix: + os: [ubuntu-latest, macos-latest] + auth: [connect, service-account] + exclude: + - os: macos-latest + auth: connect + runs-on: ${{ matrix.os }} + steps: + - name: Base checkout + uses: actions/checkout@v4 + - name: Launch 1Password Connect instance + if: ${{ matrix.auth == 'connect' }} + env: + OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} + run: | + echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json + docker compose -f tests/fixtures/docker-compose.yml up -d && sleep 10 + - name: Configure Service account + if: ${{ matrix.auth == 'service-account' }} + uses: ./configure + with: + service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + - name: Configure 1Password Connect + if: ${{ matrix.auth == 'connect' }} + uses: ./configure # 1password/load-secrets-action/configure@ + with: + connect-host: http://localhost:8080 + connect-token: ${{ secrets.OP_CONNECT_TOKEN }} + - name: Load secrets + id: load_secrets + uses: ./ # 1password/load-secrets-action@ + with: + export-env: ${{ inputs.export-env }} + env: + SECRET: ${{ inputs.secret }} + SECRET_IN_SECTION: ${{ inputs.secret-in-section }} + MULTILINE_SECRET: ${{ inputs.multiline-secret }} + - name: Assert test secret values [step output] + if: ${{ !inputs.export-env }} + env: + SECRET: ${{ steps.load_secrets.outputs.SECRET }} + SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }} + MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }} + run: ./tests/assert-env-set.sh + - name: Assert test secret values [exported env] + if: ${{ inputs.export-env }} + run: ./tests/assert-env-set.sh + - name: Remove secrets [exported env] + if: ${{ inputs.export-env }} + uses: ./ # 1password/load-secrets-action@ + with: + unset-previous: true + - name: Assert removed secrets [exported env] + if: ${{ inputs.export-env }} + run: ./tests/assert-env-unset.sh diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 099d309..5cad052 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,136 +14,27 @@ jobs: node-version: 20 - run: npm ci - run: npm test - test-with-output-secrets: - strategy: - matrix: - os: [ubuntu-latest, macos-latest] - auth: [connect, service-account] - exclude: - - os: macos-latest - auth: connect - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@v3 - - name: Launch 1Password Connect instance - if: ${{ matrix.auth == 'connect' }} - env: - OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} - run: | - echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json - docker compose -f tests/fixtures/docker-compose.yml up -d && sleep 10 - - name: Configure Service account - if: ${{ matrix.auth == 'service-account' }} - uses: ./configure - with: - service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - - name: Configure 1Password Connect - if: ${{ matrix.auth == 'connect' }} - uses: ./configure # 1password/load-secrets-action/configure@ - with: - connect-host: http://localhost:8080 - connect-token: ${{ secrets.OP_CONNECT_TOKEN }} - - name: Load secrets - id: load_secrets - uses: ./ # 1password/load-secrets-action@ - with: - export-env: false - env: - SECRET: op://acceptance-tests/test-secret/password - SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password - MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain - - name: Assert test secret values - env: - SECRET: ${{ steps.load_secrets.outputs.SECRET }} - SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }} - MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }} - run: ./tests/assert-env-set.sh + uses: ./.github/workflows/acceptance-test.yml + secrets: inherit + with: + secret: op://acceptance-tests/test-secret/password + secret-in-section: op://acceptance-tests/test-secret/test-section/password + multiline-secret: op://acceptance-tests/multiline-secret/notesPlain + export-env: false test-with-export-env: - strategy: - matrix: - os: [ubuntu-latest, macos-latest] - auth: [connect, service-account] - exclude: - - os: macos-latest - auth: connect - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@v3 - - name: Launch 1Password Connect instance - if: ${{ matrix.auth == 'connect' }} - env: - OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} - run: | - echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json - docker compose -f tests/fixtures/docker-compose.yml up -d && sleep 10 - - name: Configure Service account - if: ${{ matrix.auth == 'service-account' }} - uses: ./configure - with: - service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - - name: Configure 1Password Connect - if: ${{ matrix.auth == 'connect' }} - uses: ./configure # 1password/load-secrets-action/configure@ - with: - connect-host: http://localhost:8080 - connect-token: ${{ secrets.OP_CONNECT_TOKEN }} - - name: Load secrets - id: load_secrets - uses: ./ # 1password/load-secrets-action@ - env: - SECRET: op://acceptance-tests/test-secret/password - SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password - MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain - - name: Assert test secret values - run: ./tests/assert-env-set.sh - - name: Remove secrets - uses: ./ # 1password/load-secrets-action@ - with: - unset-previous: true - - name: Assert removed secrets - run: ./tests/assert-env-unset.sh + uses: ./.github/workflows/acceptance-test.yml + secrets: inherit + with: + secret: op://acceptance-tests/test-secret/password + secret-in-section: op://acceptance-tests/test-secret/test-section/password + multiline-secret: op://acceptance-tests/multiline-secret/notesPlain + export-env: true test-references-with-ids: - strategy: - matrix: - os: [ubuntu-latest, macos-latest] - auth: [connect, service-account] - exclude: - - os: macos-latest - auth: connect - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@v3 - - name: Launch 1Password Connect instance - if: ${{ matrix.auth == 'connect' }} - env: - OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} - run: | - echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json - docker compose -f tests/fixtures/docker-compose.yml up -d && sleep 10 - - name: Configure Service account - if: ${{ matrix.auth == 'service-account' }} - uses: ./configure - with: - service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - - name: Configure 1Password Connect - if: ${{ matrix.auth == 'connect' }} - uses: ./configure # 1password/load-secrets-action/configure@ - with: - connect-host: http://localhost:8080 - connect-token: ${{ secrets.OP_CONNECT_TOKEN }} - - name: Load secrets - id: load_secrets - uses: ./ # 1password/load-secrets-action@ - with: - export-env: false - env: - SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password - SECRET_IN_SECTION: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/Section_tco6nsqycj6jcbyx63h5isxcny/doxu3mhkozcznnk5vjrkpdqayy - MULTILINE_SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/ghtz3jvcc6dqmzc53d3r3eskge/notesPlain - - name: Assert test secret values - env: - SECRET: ${{ steps.load_secrets.outputs.SECRET }} - SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }} - MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }} - run: ./tests/assert-env-set.sh + uses: ./.github/workflows/acceptance-test.yml + secrets: inherit + with: + secret: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password + secret-in-section: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/Section_tco6nsqycj6jcbyx63h5isxcny/doxu3mhkozcznnk5vjrkpdqayy + multiline-secret: op://v5pz6venw4roosmkzdq2nhpv6u/ghtz3jvcc6dqmzc53d3r3eskge/notesPlain + export-env: false