Add HELM_SECRETS_DECRYPT_SECRETS_IN_TMP_DIR #2061
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
env: | |
WSLENV: "HELM_SECRETS_BACKEND:BATS_REPORT_FILENAME:BATS_TEST_NAME_PREFIX" | |
VERSION_HELM: v3.11.1 | |
VERSION_SOPS: v3.7.3 | |
VERSION_VALS: v0.24.0 | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- 'docs/**' | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
if: "!contains(github.event.head_commit.message, '[ci skip]')" | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Run the sh-checker | |
uses: luizm/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SHELLCHECK_OPTS: -x | |
with: | |
sh_checker_comment: true | |
sh_checker_exclude: "tests/assets tests/bats" | |
- name: Run the sh-checker | |
uses: luizm/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SHELLCHECK_OPTS: -x | |
with: | |
sh_checker_comment: true | |
sh_checker_exclude: "tests/" | |
sh_checker_shfmt_disable: true | |
sh_checker_shellcheck_disable: true | |
sh_checker_checkbashisms_enable: true | |
unit-tests: | |
runs-on: ${{ matrix.os }} | |
container: ${{ matrix.container }} | |
env: | |
HELM_SECRETS_WINDOWS_SHELL: ${{ matrix.shell == 'wsl' && 'wsl' || 'bash' }} | |
if: "!contains(github.event.head_commit.message, '[ci skip]')" | |
timeout-minutes: 20 | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest] | |
container: [""] | |
shell: [dash] | |
jobs: [4] | |
include: | |
- os: windows-latest | |
shell: bash | |
jobs: 1 | |
- os: windows-latest | |
shell: cygwin | |
jobs: 1 | |
- os: windows-latest | |
shell: wsl | |
jobs: 4 | |
- os: macos-latest | |
shell: bash 3.2 | |
jobs: 4 | |
- os: macos-latest | |
shell: bash 3.2 with coreutils | |
jobs: 4 | |
- os: ubuntu-latest | |
container: centos:7 | |
shell: bash 4.2 | |
jobs: 4 | |
- os: ubuntu-latest | |
container: registry.access.redhat.com/ubi8/ubi-minimal | |
shell: bash 4.4 | |
jobs: 4 | |
- os: ubuntu-latest | |
container: alpine | |
shell: zsh | |
jobs: 4 | |
- os: ubuntu-latest | |
container: alpine | |
shell: ash | |
jobs: 4 | |
- os: ubuntu-latest | |
container: ubuntu:22.04 | |
shell: posh | |
jobs: 4 | |
steps: | |
- name: Install dependencies | |
if: "matrix.container" | |
run: |- | |
if command -v apk > /dev/null; then | |
apk add --no-cache bash git gnupg parallel | |
elif command -v apt-get > /dev/null; then | |
apt-get update -qqy | |
apt-get install -qqy git unzip gnupg curl parallel | |
elif command -v yum > /dev/null; then | |
if [ "$(rpm -E %{rhel})" == "7" ]; then | |
yum-config-manager --add-repo='https://download.copr.fedorainfracloud.org/results/jkroepke/git/epel-$releasever-x86_64/' | |
rpm --import https://download.copr.fedorainfracloud.org/results/jkroepke/git/pubkey.gpg | |
fi | |
echo -e '[epel]\nname=Extra Packages for Enterprise Linux $releasever - $basearch\nmetalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir\nenabled=1\ngpgcheck=1\ngpgkey=https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' > /etc/yum.repos.d/epel.repo | |
yum install -y git-core unzip parallel | |
elif command -v microdnf > /dev/null; then | |
if [ "$(rpm -E %{rhel})" == "7" ]; then | |
echo -e '[copr:copr.fedorainfracloud.org:jkroepke:git]\nname=Copr repo for git owned by jkroepke\nbaseurl=https://download.copr.fedorainfracloud.org/results/jkroepke/git/epel-7-$basearch/\ntype=rpm-md\nenabled=0\ngpgcheck=1\ngpgkey=https://download.copr.fedorainfracloud.org/results/jkroepke/git/pubkey.gpg\nrepo_gpgcheck=0\nenabled=1\nenabled_metadata=1' > /etc/yum.repos.d/jkroepke-git.repo | |
fi | |
echo -e '[epel]\nname=Extra Packages for Enterprise Linux $releasever - $basearch\nmetalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir\nenabled=1\ngpgcheck=1\ngpgkey=https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8' > /etc/yum.repos.d/epel.repo | |
microdnf install --nodocs git-core unzip tar findutils diffutils parallel | |
fi | |
- name: Install zsh | |
if: "contains(matrix.shell, 'zsh')" | |
run: apk add zsh && ln -sf "$(command -v zsh)" /bin/sh | |
- name: Install posh | |
if: "contains(matrix.shell, 'posh')" | |
run: apt install -y posh && ln -sf "$(command -v posh)" /bin/sh | |
- name: Disable autocrlf | |
run: |- | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
if: "contains(matrix.os, 'windows-latest')" | |
# this is to fix https://github.com/actions/checkout/issues/760 | |
- run: git config --global --add safe.directory /__w/helm-secrets/helm-secrets | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- name: Setup Helm | |
uses: azure/[email protected] | |
with: | |
version: ${{ env.VERSION_HELM }} | |
- name: Setup Sops | |
uses: mdgreenwald/[email protected] | |
with: | |
version: ${{ env.VERSION_SOPS }} | |
- name: Setup vals | |
uses: jkroepke/[email protected] | |
with: | |
version: ${{ env.VERSION_VALS }} | |
- name: Setup Cygwin | |
if: "contains(matrix.shell, 'cygwin')" | |
uses: cygwin/cygwin-install-action@v4 | |
with: | |
platform: x64 | |
packages: gnupg2 | |
- name: Setup WSL | |
if: "contains(matrix.shell, 'wsl')" | |
uses: Vampire/setup-wsl@v2 | |
- name: Setup coreutils | |
if: "contains(matrix.shell, 'coreutils')" | |
run: |- | |
brew install coreutils | |
echo "/usr/local/opt/coreutils/libexec/gnubin" >> $GITHUB_PATH | |
- name: Setup parallel (mac OS) | |
if: "contains(matrix.os, 'macos-latest')" | |
run: brew install parallel | |
- name: Setup parallel (WSL) | |
if: "contains(matrix.shell, 'wsl')" | |
run: wsl bash -c 'apt-get update -qq && apt-get install -yqq parallel' | |
- name: Print Environment | |
run: |- | |
bash -c 'echo "Shell: $(readlink /bin/sh || readlink /var/select/sh || echo unknown)"' | |
bash tests/bats/core/bin/bats -v | |
sops --version | |
gpg --version | |
vals version | |
- name: Print Environment (Windows) | |
if: "contains(matrix.os, 'windows-latest')" | |
run: |- | |
scripts/wrapper/sh.cmd --version | |
scripts/wrapper/sh.cmd -c -- "uname -a" | |
- name: Run helm-secrets w/o bats | |
run: |- | |
helm plugin install "${{ github.event_name == 'pull_request' | |
&& format('{0}/{1}', github.server_url, github.event.pull_request.head.repo.full_name) | |
|| format('{0}/{1}', github.server_url, github.repository) | |
}}" --version "${{ github.event_name == 'pull_request' | |
&& github.head_ref | |
|| github.ref | |
}}" | |
helm secrets -v | |
- name: HELM_SECRETS_BACKEND=sops bats --tap -r tests/unit | |
run: ${{ contains(matrix.shell, 'wsl') && 'wsl' || '' }} bash tests/bats/core/bin/bats --jobs ${{ matrix.jobs }} --timing --tap --report-formatter junit -r tests/unit | |
env: | |
HELM_SECRETS_BACKEND: sops | |
BATS_TEST_NAME_PREFIX: "[${{ matrix.os }}|${{ matrix.shell }}|sops] " | |
BATS_REPORT_FILENAME: TEST-sops.xml | |
- name: HELM_SECRETS_BACKEND=vals bats --tap -r tests/unit | |
if: "!contains(matrix.shell, 'cygwin')" | |
run: ${{ contains(matrix.shell, 'wsl') && 'wsl' || '' }} bash tests/bats/core/bin/bats --jobs ${{ matrix.jobs }} --timing --tap --report-formatter junit -r tests/unit | |
env: | |
HELM_SECRETS_BACKEND: vals | |
BATS_TEST_NAME_PREFIX: "[${{ matrix.os }}|${{ matrix.shell }}|vals] " | |
BATS_REPORT_FILENAME: TEST-vals.xml | |
- name: Upload Test Report | |
uses: actions/upload-artifact@v3 | |
if: always() | |
with: | |
name: junit-test-results-${{ strategy.job-index }} | |
path: 'TEST-*.xml' | |
retention-days: 1 | |
coverage: | |
runs-on: ubuntu-latest | |
if: "!contains(github.event.head_commit.message, '[ci skip]')" | |
env: | |
BATSLIB_TEMP_PRESERVE: "0" | |
BATSLIB_TEMP_PRESERVE_ON_FAILURE: "0" | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
fetch-depth: 0 | |
- name: Setup Ruby 3.0 | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: "3.0" | |
- name: Setup Helm | |
uses: azure/[email protected] | |
with: | |
version: ${{ env.VERSION_HELM }} | |
- name: Setup Sops | |
uses: mdgreenwald/[email protected] | |
with: | |
version: ${{ env.VERSION_SOPS }} | |
- name: Setup vals | |
uses: jkroepke/[email protected] | |
with: | |
version: ${{ env.VERSION_VALS }} | |
- name: Install bashcov | |
run: bundle install | |
- name: Print Environment | |
run: |- | |
bash -c 'echo "Shell: $(readlink /bin/sh || readlink /var/select/sh)"' | |
bash tests/bats/core/bin/bats -v | |
sops --version | |
gpg --version | |
vals version | |
- name: Prepare bashcov | |
run: grep -rl 'env sh' scripts | xargs sed -i 's/env sh/env bash/' | |
- name: bashcov bats --tap -r tests/unit | |
run: bashcov -- tests/bats/core/bin/bats --tap -r tests/unit | |
env: | |
HELM_SECRETS_BACKEND: sops | |
BASHCOV_COMMAND_NAME: helm-secrets:sops | |
- name: bashcov bats --tap -r tests/unit | |
run: bashcov -- tests/bats/core/bin/bats --tap -r tests/unit | |
env: | |
HELM_SECRETS_BACKEND: vals | |
BASHCOV_COMMAND_NAME: helm-secrets:vals | |
- uses: codecov/codecov-action@v3 | |
with: | |
files: ./coverage/coverage.xml | |
fail_ci_if_error: true | |
- run: rm -rf ./coverage/ | |
- uses: helm/[email protected] | |
- name: bashcov bats --tap -r tests/it | |
run: bashcov -- tests/bats/core/bin/bats --tap -r tests/it | |
env: | |
BASHCOV_COMMAND_NAME: helm-secrets:it | |
- uses: codecov/codecov-action@v3 | |
with: | |
files: ./coverage/coverage.xml | |
fail_ci_if_error: true | |
integration-tests: | |
runs-on: ubuntu-latest | |
if: "!contains(github.event.head_commit.message, '[ci skip]')" | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest] | |
container: [""] | |
shell: [dash] | |
jobs: [4] | |
steps: | |
- uses: helm/[email protected] | |
- run: kubectl cluster-info | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- name: Setup Helm | |
uses: azure/[email protected] | |
with: | |
version: ${{ env.VERSION_HELM }} | |
- name: Setup Sops | |
uses: mdgreenwald/[email protected] | |
with: | |
version: ${{ env.VERSION_SOPS }} | |
- name: Setup vals | |
uses: jkroepke/[email protected] | |
with: | |
version: ${{ env.VERSION_VALS }} | |
- name: Print Environment | |
run: |- | |
echo "Shell: $(readlink /bin/sh || readlink /var/select/sh)" | |
bash tests/bats/core/bin/bats -v | |
sops --version | |
gpg --version | |
vals version | |
- name: helm plugin install | |
run: helm plugin install . | |
- run: bash tests/bats/core/bin/bats --jobs ${{ matrix.jobs }} --timing --tap --report-formatter junit -r tests/it | |
env: | |
BATS_TEST_NAME_PREFIX: "[${{ matrix.os }}|${{ matrix.shell }}|sops] " | |
BATS_REPORT_FILENAME: TEST-sops.xml | |
- name: Upload Test Report | |
uses: actions/upload-artifact@v3 | |
if: always() | |
with: | |
name: junit-test-results-it-${{ strategy.job-index }} | |
path: 'TEST-*.xml' | |
retention-days: 1 | |
if-no-files-found: error | |
report: | |
runs-on: ubuntu-latest | |
if: always() | |
needs: | |
- unit-tests | |
- integration-tests | |
steps: | |
- uses: actions/download-artifact@v3 | |
with: | |
path: . | |
- name: Publish Test Report | |
uses: mikepenz/action-junit-report@v3 | |
with: | |
report_paths: '**/TEST-*.xml' | |
detailed_summary: true |