mirror of
https://github.com/getsops/sops.git
synced 2026-02-05 12:45:21 +01:00
9293a93bcd
Bumps the ci group with 5 updates: | Package | From | To | | --- | --- | --- | | [actions/setup-go](https://github.com/actions/setup-go) | `5.3.0` | `5.4.0` | | [actions/cache](https://github.com/actions/cache) | `4.2.2` | `4.2.3` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.1` | `4.6.2` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.9` | `4.2.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.11` | `3.28.12` | Updates `actions/setup-go` from 5.3.0 to 5.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](f111f3307d...0aaccfd150) Updates `actions/cache` from 4.2.2 to 4.2.3 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](d4323d4df1...5a3ec84eff) Updates `actions/upload-artifact` from 4.6.1 to 4.6.2 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](4cec3d8aa0...ea165f8d65) Updates `actions/download-artifact` from 4.1.9 to 4.2.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](cc20338598...95815c38cf) Updates `github/codeql-action` from 3.28.11 to 3.28.12 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](6bb031afdd...5f8171a638) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci ... Signed-off-by: dependabot[bot] <support@github.com>
155 lines
5.1 KiB
YAML
155 lines
5.1 KiB
YAML
name: CLI
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
build:
|
|
name: Build and test ${{ matrix.os }} ${{ matrix.arch }} ${{ matrix.go-version }}
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
os: [linux, darwin, windows]
|
|
arch: [amd64, arm64]
|
|
go-version: ['1.22', '1.23']
|
|
exclude:
|
|
- os: windows
|
|
arch: arm64
|
|
env:
|
|
VAULT_VERSION: "1.14.0"
|
|
VAULT_TOKEN: "root"
|
|
VAULT_ADDR: "http://127.0.0.1:8200"
|
|
steps:
|
|
- name: Set up Go ${{ matrix.go-version }}
|
|
uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
|
|
with:
|
|
go-version: ${{ matrix.go-version }}
|
|
id: go
|
|
|
|
- name: Check out code into the Go module directory
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
|
|
with:
|
|
path: ~/go/pkg/mod
|
|
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-
|
|
|
|
- name: Vendor Go Modules
|
|
run: make vendor
|
|
|
|
- name: Restore go/toolchain lines of go.mod
|
|
run: python3 .github/utils/patch-go.mod.py
|
|
|
|
- name: Ensure clean working tree
|
|
run: git diff --exit-code
|
|
|
|
- name: Build ${{ matrix.os }}
|
|
if: matrix.os != 'windows'
|
|
run: GOOS=${{ matrix.os }} GOARCH=${{ matrix.arch }} go build -o sops-${{ matrix.go-version }}-${{ matrix.os }}-${{ matrix.arch }}-${{ github.sha }} -v ./cmd/sops
|
|
|
|
- name: Build ${{ matrix.os }}
|
|
if: matrix.os == 'windows'
|
|
run: GOOS=${{ matrix.os }} go build -o sops-${{ matrix.go-version }}-${{ matrix.os }}-${{ github.sha }} -v ./cmd/sops
|
|
|
|
- name: Import test GPG keys
|
|
run: for i in 1 2 3 4 5; do gpg --import pgp/sops_functional_tests_key.asc && break || sleep 15; done
|
|
|
|
- name: Test
|
|
run: make test
|
|
|
|
- name: Upload artifact for ${{ matrix.os }}
|
|
if: matrix.os != 'windows'
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: sops-${{ matrix.go-version }}-${{ matrix.os }}-${{ matrix.arch }}-${{ github.sha }}
|
|
path: sops-${{ matrix.go-version }}-${{ matrix.os }}-${{ matrix.arch }}-${{ github.sha }}
|
|
|
|
- name: Upload artifact for ${{ matrix.os }}
|
|
if: matrix.os == 'windows'
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: sops-${{ matrix.go-version }}-${{ matrix.os }}-${{ github.sha }}
|
|
path: sops-${{ matrix.go-version }}-${{ matrix.os }}-${{ github.sha }}
|
|
test:
|
|
name: Functional tests
|
|
runs-on: ubuntu-latest
|
|
needs: [build]
|
|
strategy:
|
|
matrix:
|
|
go-version: ['1.22']
|
|
env:
|
|
VAULT_VERSION: "1.14.0"
|
|
VAULT_TOKEN: "root"
|
|
VAULT_ADDR: "http://127.0.0.1:8200"
|
|
steps:
|
|
- name: Check out code
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
persist-credentials: false
|
|
|
|
# Rustup will detect toolchain version and profile from rust-toolchain.toml
|
|
# It will download and install the toolchain and components automatically
|
|
# and make them available for subsequent commands
|
|
- name: Install Rust toolchain
|
|
run: rustup show
|
|
|
|
- name: Show Rust version
|
|
run: cargo --version
|
|
|
|
- uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
|
|
with:
|
|
name: sops-${{ matrix.go-version }}-linux-amd64-${{ github.sha }}
|
|
|
|
- name: Move SOPS binary
|
|
run: mv sops-${{ matrix.go-version }}-linux-amd64-${{ github.sha }} ./functional-tests/sops
|
|
|
|
- name: Make SOPS binary executable
|
|
run: chmod +x ./functional-tests/sops
|
|
|
|
- name: Download Vault
|
|
run: curl -O "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip" && sudo unzip vault_${VAULT_VERSION}_linux_amd64.zip -d /usr/local/bin/
|
|
|
|
- name: Start Vault server
|
|
run: vault server -dev -dev-root-token-id="$VAULT_TOKEN" &
|
|
|
|
- name: Enable Vault KV
|
|
run: vault secrets enable -version=1 kv
|
|
|
|
- name: Import test GPG keys
|
|
run: for i in 1 2 3 4 5; do gpg --import pgp/sops_functional_tests_key.asc && break || sleep 15; done
|
|
|
|
- name: Run tests
|
|
run: cargo test
|
|
working-directory: ./functional-tests
|
|
|
|
# The 'check' job should depend on all other jobs so it's possible to configure branch protection only for 'check'
|
|
# instead of having to explicitly list all individual jobs that need to pass.
|
|
check:
|
|
if: always()
|
|
|
|
needs:
|
|
- build
|
|
- test
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Decide whether the needed jobs succeeded or failed
|
|
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
|
|
with:
|
|
allowed-failures: docs, linters
|
|
allowed-skips: non-voting-flaky-job
|
|
jobs: ${{ toJSON(needs) }}
|