-
Notifications
You must be signed in to change notification settings - Fork 90
61 lines (49 loc) · 1.96 KB
/
kbs-docker-e2e.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
name: KBS e2e (Docker Compose and Sample TEE)
on:
pull_request:
branches:
- main
env:
TEST_SECRET_CONTENT: shhhhh
TEST_SECRET_PATH: test-org/test-repo/test-secret
jobs:
e2e-test:
runs-on: ubuntu-latest
env:
RUSTC_VERSION: 1.76.0
steps:
- name: Checkout KBS
uses: actions/checkout@v4
- name: Install Rust ${{ env.RUSTC_VERSION }} (for client)
run: |
rustup update --no-self-update ${{ env.RUSTC_VERSION }}
rustup component add --toolchain ${{ env.RUSTC_VERSION }} rustc
rustup default ${{ env.RUSTC_VERSION }}
- name: Build client
run: |
cargo build --manifest-path tools/kbs-client/Cargo.toml --no-default-features --features sample_only --release
- name: Setup Keys
run: |
openssl genpkey -algorithm ed25519 > kbs/config/private.key
openssl pkey -in kbs/config/private.key -pubout -out kbs/config/public.pub
- name: Build KBS Cluster
run: docker compose build
- name: Start KBS cluster
run: docker compose up -d
- name: Set Resource
working-directory: target/release/
run: |
echo "$TEST_SECRET_CONTENT" > test-secret
./kbs-client --url http://127.0.0.1:8080 config --auth-private-key ../../kbs/config/private.key set-resource --path "$TEST_SECRET_PATH" --resource-file test-secret
- name: Get Resource (negative)
working-directory: target/release/
run: |
! ./kbs-client --url http://127.0.0.1:8080 get-resource --path "$TEST_SECRET_PATH"
- name: Update policy
working-directory: target/release/
run: ./kbs-client --url http://127.0.0.1:8080 config --auth-private-key ../../kbs/config/private.key set-resource-policy --policy-file "$policy_path"
env:
policy_path: ../../kbs/test/data/policy_2.rego
- name: Get Resource
working-directory: target/release/
run: ./kbs-client --url http://127.0.0.1:8080 get-resource --path "$TEST_SECRET_PATH"