Skip to content

Add HELM_SECRETS_DECRYPT_SECRETS_IN_TMP_DIR #2060

Add HELM_SECRETS_DECRYPT_SECRETS_IN_TMP_DIR

Add HELM_SECRETS_DECRYPT_SECRETS_IN_TMP_DIR #2060

Workflow file for this run

---
name: CI
env:
WSLENV: "HELM_SECRETS_BACKEND:BATS_REPORT_FILENAME:BATS_TEST_NAME_PREFIX"
VERSION_HELM: v3.11.1
VERSION_SOPS: v3.7.3
VERSION_VALS: v0.24.0
on:
pull_request:
push:
branches:
- main
paths-ignore:
- 'docs/**'
jobs:
lint:
runs-on: ubuntu-latest
if: "!contains(github.event.head_commit.message, '[ci skip]')"
steps:
- uses: actions/checkout@v3
- name: Run the sh-checker
uses: luizm/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SHELLCHECK_OPTS: -x
with:
sh_checker_comment: true
sh_checker_exclude: "tests/assets tests/bats"
- name: Run the sh-checker
uses: luizm/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SHELLCHECK_OPTS: -x
with:
sh_checker_comment: true
sh_checker_exclude: "tests/"
sh_checker_shfmt_disable: true
sh_checker_shellcheck_disable: true
sh_checker_checkbashisms_enable: true
unit-tests:
runs-on: ${{ matrix.os }}
container: ${{ matrix.container }}
env:
HELM_SECRETS_WINDOWS_SHELL: ${{ matrix.shell == 'wsl' && 'wsl' || 'bash' }}
if: "!contains(github.event.head_commit.message, '[ci skip]')"
timeout-minutes: 20
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest]
container: [""]
shell: [dash]
jobs: [4]
include:
- os: windows-latest
shell: bash
jobs: 1
- os: windows-latest
shell: cygwin
jobs: 1
- os: windows-latest
shell: wsl
jobs: 4
- os: macos-latest
shell: bash 3.2
jobs: 4
- os: macos-latest
shell: bash 3.2 with coreutils
jobs: 4
- os: ubuntu-latest
container: centos:7
shell: bash 4.2
jobs: 4
- os: ubuntu-latest
container: registry.access.redhat.com/ubi8/ubi-minimal
shell: bash 4.4
jobs: 4
- os: ubuntu-latest
container: alpine
shell: zsh
jobs: 4
- os: ubuntu-latest
container: alpine
shell: ash
jobs: 4
- os: ubuntu-latest
container: ubuntu:22.04
shell: posh
jobs: 4
steps:
- name: Install dependencies
if: "matrix.container"
run: |-
if command -v apk > /dev/null; then
apk add --no-cache bash git gnupg parallel
elif command -v apt-get > /dev/null; then
apt-get update -qqy
apt-get install -qqy git unzip gnupg curl parallel
elif command -v yum > /dev/null; then
if [ "$(rpm -E %{rhel})" == "7" ]; then
yum-config-manager --add-repo='https://download.copr.fedorainfracloud.org/results/jkroepke/git/epel-$releasever-x86_64/'
rpm --import https://download.copr.fedorainfracloud.org/results/jkroepke/git/pubkey.gpg
fi
echo -e '[epel]\nname=Extra Packages for Enterprise Linux $releasever - $basearch\nmetalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir\nenabled=1\ngpgcheck=1\ngpgkey=https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' > /etc/yum.repos.d/epel.repo
yum install -y git-core unzip parallel
elif command -v microdnf > /dev/null; then
if [ "$(rpm -E %{rhel})" == "7" ]; then
echo -e '[copr:copr.fedorainfracloud.org:jkroepke:git]\nname=Copr repo for git owned by jkroepke\nbaseurl=https://download.copr.fedorainfracloud.org/results/jkroepke/git/epel-7-$basearch/\ntype=rpm-md\nenabled=0\ngpgcheck=1\ngpgkey=https://download.copr.fedorainfracloud.org/results/jkroepke/git/pubkey.gpg\nrepo_gpgcheck=0\nenabled=1\nenabled_metadata=1' > /etc/yum.repos.d/jkroepke-git.repo
fi
echo -e '[epel]\nname=Extra Packages for Enterprise Linux $releasever - $basearch\nmetalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir\nenabled=1\ngpgcheck=1\ngpgkey=https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8' > /etc/yum.repos.d/epel.repo
microdnf install --nodocs git-core unzip tar findutils diffutils parallel
fi
- name: Install zsh
if: "contains(matrix.shell, 'zsh')"
run: apk add zsh && ln -sf "$(command -v zsh)" /bin/sh
- name: Install posh
if: "contains(matrix.shell, 'posh')"
run: apt install -y posh && ln -sf "$(command -v posh)" /bin/sh
- name: Disable autocrlf
run: |-
git config --global core.autocrlf false
git config --global core.eol lf
if: "contains(matrix.os, 'windows-latest')"
# this is to fix https://github.com/actions/checkout/issues/760
- run: git config --global --add safe.directory /__w/helm-secrets/helm-secrets
- uses: actions/checkout@v3
with:
submodules: true
- name: Setup Helm
uses: azure/[email protected]
with:
version: ${{ env.VERSION_HELM }}
- name: Setup Sops
uses: mdgreenwald/[email protected]
with:
version: ${{ env.VERSION_SOPS }}
- name: Setup vals
uses: jkroepke/[email protected]
with:
version: ${{ env.VERSION_VALS }}
- name: Setup Cygwin
if: "contains(matrix.shell, 'cygwin')"
uses: cygwin/cygwin-install-action@v4
with:
platform: x64
packages: gnupg2
- name: Setup WSL
if: "contains(matrix.shell, 'wsl')"
uses: Vampire/setup-wsl@v2
- name: Setup coreutils
if: "contains(matrix.shell, 'coreutils')"
run: |-
brew install coreutils
echo "/usr/local/opt/coreutils/libexec/gnubin" >> $GITHUB_PATH
- name: Setup parallel (mac OS)
if: "contains(matrix.os, 'macos-latest')"
run: brew install parallel
- name: Setup parallel (WSL)
if: "contains(matrix.shell, 'wsl')"
run: wsl bash -c 'apt-get update -qq && apt-get install -yqq parallel'
- name: Print Environment
run: |-
bash -c 'echo "Shell: $(readlink /bin/sh || readlink /var/select/sh || echo unknown)"'
bash tests/bats/core/bin/bats -v
sops --version
gpg --version
vals version
- name: Print Environment (Windows)
if: "contains(matrix.os, 'windows-latest')"
run: |-
scripts/wrapper/sh.cmd --version
scripts/wrapper/sh.cmd -c -- "uname -a"
- name: Run helm-secrets w/o bats
run: |-
helm plugin install "${{ github.event_name == 'pull_request'
&& format('{0}/{1}', github.server_url, github.event.pull_request.head.repo.full_name)
|| format('{0}/{1}', github.server_url, github.repository)
}}" --version "${{ github.event_name == 'pull_request'
&& github.head_ref
|| github.ref
}}"
helm secrets -v
- name: HELM_SECRETS_BACKEND=sops bats --tap -r tests/unit
run: ${{ contains(matrix.shell, 'wsl') && 'wsl' || '' }} bash tests/bats/core/bin/bats --jobs ${{ matrix.jobs }} --timing --tap --report-formatter junit -r tests/unit
env:
HELM_SECRETS_BACKEND: sops
BATS_TEST_NAME_PREFIX: "[${{ matrix.os }}|${{ matrix.shell }}|sops] "
BATS_REPORT_FILENAME: TEST-sops.xml
- name: HELM_SECRETS_BACKEND=vals bats --tap -r tests/unit
if: "!contains(matrix.shell, 'cygwin')"
run: ${{ contains(matrix.shell, 'wsl') && 'wsl' || '' }} bash tests/bats/core/bin/bats --jobs ${{ matrix.jobs }} --timing --tap --report-formatter junit -r tests/unit
env:
HELM_SECRETS_BACKEND: vals
BATS_TEST_NAME_PREFIX: "[${{ matrix.os }}|${{ matrix.shell }}|vals] "
BATS_REPORT_FILENAME: TEST-vals.xml
- name: Upload Test Report
uses: actions/upload-artifact@v3
if: always()
with:
name: junit-test-results-${{ strategy.job-index }}
path: 'TEST-*.xml'
retention-days: 1
coverage:
runs-on: ubuntu-latest
if: "!contains(github.event.head_commit.message, '[ci skip]')"
env:
BATSLIB_TEMP_PRESERVE: "0"
BATSLIB_TEMP_PRESERVE_ON_FAILURE: "0"
steps:
- uses: actions/checkout@v3
with:
submodules: true
fetch-depth: 0
- name: Setup Ruby 3.0
uses: ruby/setup-ruby@v1
with:
ruby-version: "3.0"
- name: Setup Helm
uses: azure/[email protected]
with:
version: ${{ env.VERSION_HELM }}
- name: Setup Sops
uses: mdgreenwald/[email protected]
with:
version: ${{ env.VERSION_SOPS }}
- name: Setup vals
uses: jkroepke/[email protected]
with:
version: ${{ env.VERSION_VALS }}
- name: Install bashcov
run: bundle install
- name: Print Environment
run: |-
bash -c 'echo "Shell: $(readlink /bin/sh || readlink /var/select/sh)"'
bash tests/bats/core/bin/bats -v
sops --version
gpg --version
vals version
- name: Prepare bashcov
run: grep -rl 'env sh' scripts | xargs sed -i 's/env sh/env bash/'
- name: bashcov bats --tap -r tests/unit
run: bashcov -- tests/bats/core/bin/bats --tap -r tests/unit
env:
HELM_SECRETS_BACKEND: sops
BASHCOV_COMMAND_NAME: helm-secrets:sops
- name: bashcov bats --tap -r tests/unit
run: bashcov -- tests/bats/core/bin/bats --tap -r tests/unit
env:
HELM_SECRETS_BACKEND: vals
BASHCOV_COMMAND_NAME: helm-secrets:vals
- uses: codecov/codecov-action@v3
with:
files: ./coverage/coverage.xml
fail_ci_if_error: true
- run: rm -rf ./coverage/
- uses: helm/[email protected]
- name: bashcov bats --tap -r tests/it
run: bashcov -- tests/bats/core/bin/bats --tap -r tests/it
env:
BASHCOV_COMMAND_NAME: helm-secrets:it
- uses: codecov/codecov-action@v3
with:
files: ./coverage/coverage.xml
fail_ci_if_error: true
integration-tests:
runs-on: ubuntu-latest
if: "!contains(github.event.head_commit.message, '[ci skip]')"
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest]
container: [""]
shell: [dash]
jobs: [4]
steps:
- uses: helm/[email protected]
- run: kubectl cluster-info
- uses: actions/checkout@v3
with:
submodules: true
- name: Setup Helm
uses: azure/[email protected]
with:
version: ${{ env.VERSION_HELM }}
- name: Setup Sops
uses: mdgreenwald/[email protected]
with:
version: ${{ env.VERSION_SOPS }}
- name: Setup vals
uses: jkroepke/[email protected]
with:
version: ${{ env.VERSION_VALS }}
- name: Print Environment
run: |-
echo "Shell: $(readlink /bin/sh || readlink /var/select/sh)"
bash tests/bats/core/bin/bats -v
sops --version
gpg --version
vals version
- name: helm plugin install
run: helm plugin install .
- run: bash tests/bats/core/bin/bats --jobs ${{ matrix.jobs }} --timing --tap --report-formatter junit -r tests/it
env:
BATS_TEST_NAME_PREFIX: "[${{ matrix.os }}|${{ matrix.shell }}|sops] "
BATS_REPORT_FILENAME: TEST-sops.xml
- name: Upload Test Report
uses: actions/upload-artifact@v3
if: always()
with:
name: junit-test-results-it-${{ strategy.job-index }}
path: 'TEST-*.xml'
retention-days: 1
if-no-files-found: error
report:
runs-on: ubuntu-latest
if: always()
needs:
- unit-tests
- integration-tests
steps:
- uses: actions/download-artifact@v3
with:
path: .
- name: Publish Test Report
uses: mikepenz/action-junit-report@v3
with:
report_paths: '**/TEST-*.xml'
detailed_summary: true