e2e-test: fix binary build on self-hosted runners #8
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: KBS e2e (Docker Compose and Sample TEE) | |
on: | |
pull_request: | |
branches: | |
- main | |
env: | |
TEST_SECRET_CONTENT: shhhhh | |
TEST_SECRET_PATH: test-org/test-repo/test-secret | |
jobs: | |
e2e-test: | |
runs-on: ubuntu-latest | |
env: | |
RUSTC_VERSION: 1.76.0 | |
steps: | |
- name: Checkout KBS | |
uses: actions/checkout@v4 | |
- name: Install Rust ${{ env.RUSTC_VERSION }} (for client) | |
run: | | |
rustup update --no-self-update ${{ env.RUSTC_VERSION }} | |
rustup component add --toolchain ${{ env.RUSTC_VERSION }} rustc | |
rustup default ${{ env.RUSTC_VERSION }} | |
- name: Build client | |
run: | | |
cargo build --manifest-path tools/kbs-client/Cargo.toml --no-default-features --features sample_only --release | |
- name: Setup Keys | |
run: | | |
openssl genpkey -algorithm ed25519 > kbs/config/private.key | |
openssl pkey -in kbs/config/private.key -pubout -out kbs/config/public.pub | |
- name: Build KBS Cluster | |
run: docker compose build | |
- name: Start KBS cluster | |
run: docker compose up -d | |
- name: Set Resource | |
working-directory: target/release/ | |
run: | | |
echo "$TEST_SECRET_CONTENT" > test-secret | |
./kbs-client --url http://127.0.0.1:8080 config --auth-private-key ../../kbs/config/private.key set-resource --path "$TEST_SECRET_PATH" --resource-file test-secret | |
- name: Get Resource (negative) | |
working-directory: target/release/ | |
run: | | |
! ./kbs-client --url http://127.0.0.1:8080 get-resource --path "$TEST_SECRET_PATH" | |
- name: Update policy | |
working-directory: target/release/ | |
run: ./kbs-client --url http://127.0.0.1:8080 config --auth-private-key ../../kbs/config/private.key set-resource-policy --policy-file "$policy_path" | |
env: | |
policy_path: ../../kbs/test/data/policy_2.rego | |
- name: Get Resource | |
working-directory: target/release/ | |
run: ./kbs-client --url http://127.0.0.1:8080 get-resource --path "$TEST_SECRET_PATH" |