Add separate subcommands for encryption, decryption, rotating, editing, and setting values #856
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CLI | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
permissions: | |
contents: read | |
jobs: | |
build: | |
name: Build and test ${{ matrix.os }} ${{ matrix.arch }} | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
os: [linux, darwin, windows] | |
arch: [amd64, arm64] | |
exclude: | |
- os: windows | |
arch: arm64 | |
env: | |
VAULT_VERSION: "1.1.3" | |
VAULT_TOKEN: "root" | |
VAULT_ADDR: "http://127.0.0.1:8200" | |
steps: | |
- name: Set up Go 1.20 | |
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | |
with: | |
go-version: '1.20' | |
id: go | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
- uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Vendor Go Modules | |
run: make vendor | |
- name: Ensure clean working tree | |
run: git diff --exit-code | |
- name: Build Linux and Darwin | |
if: matrix.os != 'windows' | |
run: GOOS=${{ matrix.os }} GOARCH=${{ matrix.arch }} go build -o sops-${{ matrix.os }}-${{ matrix.arch }}-${{ github.sha }} -v ./cmd/sops | |
- name: Build Windows | |
if: matrix.os == 'windows' | |
run: GOOS=${{ matrix.os }} go build -o sops-${{ matrix.os }}-${{ github.sha }} -v ./cmd/sops | |
- name: Import test GPG keys | |
run: for i in 1 2 3 4 5; do gpg --import pgp/sops_functional_tests_key.asc && break || sleep 15; done | |
- name: Test | |
run: make test | |
- name: Upload artifact for Linux and Darwin | |
if: matrix.os != 'windows' | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
with: | |
name: sops-${{ matrix.os }}-${{ matrix.arch }}-${{ github.sha }} | |
path: sops-${{ matrix.os }}-${{ matrix.arch }}-${{ github.sha }} | |
- name: Upload artifact for Windows | |
if: matrix.os == 'windows' | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
with: | |
name: sops-${{ matrix.os }}-${{ github.sha }} | |
path: sops-${{ matrix.os }}-${{ github.sha }} | |
test: | |
name: Functional tests | |
runs-on: ubuntu-latest | |
needs: [build] | |
env: | |
VAULT_VERSION: "1.1.3" | |
VAULT_TOKEN: "root" | |
VAULT_ADDR: "http://127.0.0.1:8200" | |
steps: | |
- name: Install rustup | |
run: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain 1.70.0 | |
- name: Check out code | |
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
with: | |
name: sops-linux-amd64-${{ github.sha }} | |
- name: Move SOPS binary | |
run: mv sops-linux-amd64-${{ github.sha }} ./functional-tests/sops | |
- name: Make SOPS binary executable | |
run: chmod +x ./functional-tests/sops | |
- name: Download Vault | |
run: curl -O "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip" && sudo unzip vault_${VAULT_VERSION}_linux_amd64.zip -d /usr/local/bin/ | |
- name: Start Vault server | |
run: vault server -dev -dev-root-token-id="$VAULT_TOKEN" & | |
- name: Enable Vault KV | |
run: vault secrets enable -version=1 kv | |
- name: Import test GPG keys | |
run: for i in 1 2 3 4 5; do gpg --import pgp/sops_functional_tests_key.asc && break || sleep 15; done | |
- name: Run tests | |
run: cargo test | |
working-directory: ./functional-tests |