Refactor acceptance tests (#99)

This workflow is the acceptance tests executed based on the following inputs: - secret references - whether the secrets are provided as a step output or environment variables.
2025-03-03 14:49:37 +01:00
parent 6483669c68
commit a525a84c53
2 changed files with 97 additions and 130 deletions
--- a/.github/workflows/acceptance-test.yml
+++ b/.github/workflows/acceptance-test.yml
@@ -0,0 +1,76 @@
+name: Acceptance test
+
+on:
+  workflow_call:
+    inputs:
+      secret:
+        required: true
+        type: string
+      secret-in-section:
+        required: true
+        type: string
+      multiline-secret:
+        required: true
+        type: string
+      export-env:
+        required: true
+        type: boolean
+
+jobs:
+  acceptance-test:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+        auth: [connect, service-account]
+        exclude:
+          - os: macos-latest
+            auth: connect
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Base checkout
+        uses: actions/checkout@v4
+      - name: Launch 1Password Connect instance
+        if: ${{ matrix.auth == 'connect' }}
+        env:
+          OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
+        run: |
+          echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json
+          docker compose -f tests/fixtures/docker-compose.yml up -d && sleep 10
+      - name: Configure Service account
+        if: ${{ matrix.auth == 'service-account' }}
+        uses: ./configure
+        with:
+          service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
+      - name: Configure 1Password Connect
+        if: ${{ matrix.auth == 'connect' }}
+        uses: ./configure # 1password/load-secrets-action/configure@<version>
+        with:
+          connect-host: http://localhost:8080
+          connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
+      - name: Load secrets
+        id: load_secrets
+        uses: ./ # 1password/load-secrets-action@<version>
+        with:
+          export-env: ${{ inputs.export-env }}
+        env:
+          SECRET: ${{ inputs.secret }}
+          SECRET_IN_SECTION: ${{ inputs.secret-in-section }}
+          MULTILINE_SECRET: ${{ inputs.multiline-secret }}
+      - name: Assert test secret values [step output]
+        if: ${{ !inputs.export-env }}
+        env:
+          SECRET: ${{ steps.load_secrets.outputs.SECRET }}
+          SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
+          MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
+        run: ./tests/assert-env-set.sh
+      - name: Assert test secret values [exported env]
+        if: ${{ inputs.export-env }}
+        run: ./tests/assert-env-set.sh
+      - name: Remove secrets [exported env]
+        if: ${{ inputs.export-env }}
+        uses: ./ # 1password/load-secrets-action@<version>
+        with:
+          unset-previous: true
+      - name: Assert removed secrets [exported env]
+        if: ${{ inputs.export-env }}
+        run: ./tests/assert-env-unset.sh