Skip to content

Go CI

Go CI #252

Workflow file for this run

name: Go CI
"on":
push:
branches:
- main
pull_request: null
workflow_dispatch: null
schedule:
- cron: "0 14 * * 1" # Mondays at 2pm UTC
jobs:
test:
needs: get_refs
strategy:
matrix:
go-version: [1.19.x, 1.20.x]
os:
- ubuntu-22.04
- macos-12
# - windows-2022 Can't install libzmq.
runs-on: ${{ matrix.os }}
steps:
- uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
- uses: actions/checkout@v4
- name: clone the tsp
uses: actions/checkout@v4
with:
repository: IronCoreLabs/tenant-security-proxy
ref: ${{ needs.get_refs.outputs.tenant-security-proxy }}
path: tenant-security-proxy
token: ${{ secrets.WORKFLOW_PAT }}
- uses: actions/cache@v4
with:
# In order:
# * Module download cache
# * Build cache (Linux)
# * Build cache (Mac)
# * Build cache (Windows)
# * Cargo registry
# * Cargo packages
# * TSP build
path: |
~/go/pkg/mod
~/.cache/go-build
~/Library/Caches/go-build
~\AppData\Local\go-build
~/.cargo/registry
~/.cargo/git
tenant-security-proxy/target
key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-${{ matrix.go-version }}-
- name: Decrypt TSC integration keys
uses: IronCoreLabs/ironhide-actions/decrypt@v3
with:
keys: ${{ secrets.IRONHIDE_KEYS }}
input: .env.integration.iron
- name: install zmq (linux)
if: ${{ runner.os == 'Linux' }}
run: sudo apt update && sudo apt install -y --no-install-recommends libzmq3-dev
- name: install zmq (mac)
if: ${{ runner.os == 'macOS' }}
run: brew install zmq coreutils
- name: Build TSP
working-directory: tenant-security-proxy
run: cargo build --release
- name: Run tests
run: |
cd tenant-security-proxy && env $(cat ../.env.integration) cargo run --release &
timeout 700 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:9000/ready)" =~ ''[01346-9][0-9][0-9]'' ]]; do sleep 5; done' || false
env $(cat .env.integration) go test ./... -v
lint:
runs-on: ubuntu-22.04
steps:
- uses: actions/setup-go@v5
with:
go-version: 1.20.x
- uses: actions/checkout@v4
- uses: golangci/golangci-lint-action@v5
with:
version: v1.53
# Look for a comment telling us what refs to use from the other repos we depend on.
# To add additional repositories, add them to "outputs" and to the "Setup list of required repos" step.
get_refs:
# Only run if it's on a PR.
if: github.base_ref != ''
runs-on: ubuntu-22.04
outputs:
tenant-security-proxy: ${{ steps.get_refs.outputs.tenant-security-proxy }}
steps:
- name: Setup list of required repos
run: |
echo tenant-security-proxy >> repos
- name: Get PR number
id: get_pr
run: |
PR=$(jq -r .pull_request.number "${GITHUB_EVENT_PATH}")
echo "PR is ${PR}"
# Sanity check that ${PR} is a number.
test "${PR}" -ge 0
echo "pr=${PR}" >> "$GITHUB_OUTPUT"
- name: Find Comment
uses: peter-evans/find-comment@v3
id: find_comment
with:
issue-number: ${{ steps.get_pr.outputs.pr }}
body-includes: CI_branches
- name: Parse refs
if: steps.find_comment.outputs.comment-id != 0
id: get_refs
env:
COMMENT_BODY: ${{ steps.find_comment.outputs.comment-body }}
run: |
# Extract the JSON part of the comment into a file.
echo "${COMMENT_BODY}" | tr '\n' ' ' | sed -e 's,^[^{]*,,' -e 's,[^}]*$,,' > refs.json
echo "Got JSON:"
cat refs.json && echo ""
# Sanity check that all repos in the JSON comment are ones that we know about.
jq -r 'keys[]' < refs.json > extra_repos
for REPO in $(cat repos) ; do
grep -v "^${REPO}\$" < extra_repos > temp || true
mv temp extra_repos
done
if [ -s extra_repos ] ; then
echo "Unrecognized repositories:"
cat extra_repos
exit 1
fi
# Emit an output variable for each repo.
for REPO in $(cat repos) ; do
REF=$(jq -r '.["'"${REPO}"'"]' < refs.json)
if [ "${REF}" = "null" ] ; then
REF="main"
fi
echo "${REPO}: ${REF}"
echo "${REPO}=${REF}" >> "$GITHUB_OUTPUT"
done
- name: Post a reaction (parsed your comment)
if: steps.get_refs.outcome == 'success'
uses: peter-evans/create-or-update-comment@v4
with:
issue-number: ${{ steps.get_pr.outputs.pr }}
comment-id: ${{ steps.find_comment.outputs.comment-id }}
reactions: eyes
- name: Post a reaction (unparsed comment)
if: steps.get_refs.outcome == 'failure'
uses: peter-evans/create-or-update-comment@v4
with:
issue-number: ${{ steps.get_pr.outputs.pr }}
comment-id: ${{ steps.find_comment.outputs.comment-id }}
reactions: confused