97 lines
3.3 KiB
YAML
97 lines
3.3 KiB
YAML
name: Acceptance test
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
secret:
|
|
required: true
|
|
type: string
|
|
secret-in-section:
|
|
required: true
|
|
type: string
|
|
multiline-secret:
|
|
required: true
|
|
type: string
|
|
export-env:
|
|
required: true
|
|
type: boolean
|
|
|
|
jobs:
|
|
acceptance-test:
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-latest, macos-latest]
|
|
auth: [connect, service-account]
|
|
exclude:
|
|
- os: macos-latest
|
|
auth: connect
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- name: Base checkout
|
|
uses: actions/checkout@v4
|
|
if: |
|
|
github.event_name != 'repository_dispatch' &&
|
|
(
|
|
github.ref == 'refs/heads/main' ||
|
|
(
|
|
github.event_name == 'pull_request' &&
|
|
github.event.pull_request.head.repo.full_name == github.repository
|
|
)
|
|
)
|
|
- name: Fork based /ok-to-test checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ github.event.client_payload.pull_request.head.sha }}
|
|
if: |
|
|
github.event_name == 'repository_dispatch' &&
|
|
github.event.client_payload.slash_command.args.named.sha != '' &&
|
|
contains(
|
|
github.event.client_payload.pull_request.head.sha,
|
|
github.event.client_payload.slash_command.args.named.sha
|
|
)
|
|
- name: Launch 1Password Connect instance
|
|
if: ${{ matrix.auth == 'connect' }}
|
|
env:
|
|
OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
|
|
run: |
|
|
echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json
|
|
docker compose -f tests/fixtures/docker-compose.yml up -d && sleep 10
|
|
- name: Configure Service account
|
|
if: ${{ matrix.auth == 'service-account' }}
|
|
uses: ./configure
|
|
with:
|
|
service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
|
|
- name: Configure 1Password Connect
|
|
if: ${{ matrix.auth == 'connect' }}
|
|
uses: ./configure # 1password/load-secrets-action/configure@<version>
|
|
with:
|
|
connect-host: http://localhost:8080
|
|
connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
|
|
- name: Load secrets
|
|
id: load_secrets
|
|
uses: ./ # 1password/load-secrets-action@<version>
|
|
with:
|
|
export-env: ${{ inputs.export-env }}
|
|
env:
|
|
SECRET: ${{ inputs.secret }}
|
|
SECRET_IN_SECTION: ${{ inputs.secret-in-section }}
|
|
MULTILINE_SECRET: ${{ inputs.multiline-secret }}
|
|
- name: Assert test secret values [step output]
|
|
if: ${{ !inputs.export-env }}
|
|
env:
|
|
SECRET: ${{ steps.load_secrets.outputs.SECRET }}
|
|
SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
|
|
MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
|
|
run: ./tests/assert-env-set.sh
|
|
- name: Assert test secret values [exported env]
|
|
if: ${{ inputs.export-env }}
|
|
run: ./tests/assert-env-set.sh
|
|
- name: Remove secrets [exported env]
|
|
if: ${{ inputs.export-env }}
|
|
uses: ./ # 1password/load-secrets-action@<version>
|
|
with:
|
|
unset-previous: true
|
|
- name: Assert removed secrets [exported env]
|
|
if: ${{ inputs.export-env }}
|
|
run: ./tests/assert-env-unset.sh
|