From 2f4dace719ab78c903f12bc329e062d3a537c2bc Mon Sep 17 00:00:00 2001 From: Bart van der Braak Date: Tue, 21 Nov 2023 13:15:49 +0100 Subject: [PATCH] feat: end-to-end test workflow --- .github/workflows/e2e.yml | 109 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 .github/workflows/e2e.yml diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml new file mode 100644 index 0000000..ad429a4 --- /dev/null +++ b/.github/workflows/e2e.yml @@ -0,0 +1,109 @@ +name: Checks + +permissions: + id-token: write + contents: read + +on: + push: + branches: [ main ] + paths: [ 'bicep/**', 'src/**', 'Cargo.toml', 'Cargo.lock', '.github/workflows/e2e.yml' ] + pull_request: + branches: [ main ] + paths: [ 'bicep/**', 'src/**', 'Cargo.toml', 'Cargo.lock', '.github/workflows/e2e.yml' ] + +jobs: + bicep: + name: Deploy Azure resources + environment: bicep + runs-on: ubuntu-latest + env: + LOCATION: eastus + DEPLOYMENT_NAME: keyweave-${{ github.run_id }} + steps: + - uses: actions/checkout@v3 + - uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: Validate Bicep template + uses: azure/arm-deploy@v1 + with: + scope: subscription + region: ${{ env.LOCATION }} + template: infra/bicep/main.bicep + parameters: infra/bicep/main.params.json + deploymentName: ${{ env.DEPLOYMENT_NAME }} + additionalArguments: "--what-if" + + - name: Deploy Bicep template + if: github.ref == 'refs/heads/main' + uses: azure/arm-deploy@v1 + with: + scope: subscription + region: ${{ env.LOCATION }} + template: infra/bicep/main.bicep + parameters: infra/bicep/main.params.json + deploymentName: ${{ env.DEPLOYMENT_NAME }} + none-test: + needs: bicep + runs-on: ubuntu-latest + environment: 1-none + steps: + - uses: actions/checkout@v4 + - name: Log into Azure + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - uses: dtolnay/rust-toolchain@stable + - name: Use Keyweave with No Access Policies + run: cargo run -- --vault-name bvdbkeyweavetweukvt1 + get-test: + needs: bicep + runs-on: ubuntu-latest + environment: 2-get + steps: + - uses: actions/checkout@v4 + - name: Log into Azure + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - uses: dtolnay/rust-toolchain@stable + - name: Use Keyweave with Only Get Access Policy + run: cargo run -- --vault-name bvdbkeyweavetweukvt1 + list-test: + needs: bicep + runs-on: ubuntu-latest + environment: 3-list + steps: + - uses: actions/checkout@v4 + - name: Log into Azure + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - uses: dtolnay/rust-toolchain@stable + - name: Use Keyweave with Only List Access Policy + run: cargo run -- --vault-name bvdbkeyweavetweukvt1 + get-list-test: + needs: bicep + runs-on: ubuntu-latest + environment: 4-get-list + steps: + - uses: actions/checkout@v4 + - name: Log into Azure + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - uses: dtolnay/rust-toolchain@stable + - name: Use Keyweave with both Get and List Access Policies + run: cargo run -- --vault-name bvdbkeyweavetweukvt1