mirror of
https://github.com/bartvdbraak/keyweave.git
synced 2025-04-28 15:21:21 +00:00
111 lines
3.1 KiB
YAML
111 lines
3.1 KiB
YAML
name: Checks
|
|
|
|
permissions:
|
|
id-token: write
|
|
contents: read
|
|
|
|
env:
|
|
VAULT_NAME: bvdbkeyweavetweukvt1
|
|
|
|
on:
|
|
push:
|
|
branches: [ main ]
|
|
pull_request:
|
|
branches: [ main ]
|
|
|
|
jobs:
|
|
build:
|
|
name: Build Keyweave
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: dtolnay/rust-toolchain@stable
|
|
- name: Build project
|
|
run: cargo build --all --release
|
|
- uses: actions/upload-artifact@v3.1.3
|
|
with:
|
|
path: target/release/keyweave
|
|
|
|
bicep:
|
|
name: Deploy Azure resources
|
|
environment: bicep
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
LOCATION: eastus
|
|
DEPLOYMENT_NAME: keyweave-${{ github.run_id }}
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- uses: azure/login@v1
|
|
with:
|
|
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
|
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
|
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
- name: Deploy Bicep template
|
|
uses: azure/arm-deploy@v1
|
|
with:
|
|
scope: subscription
|
|
region: ${{ env.LOCATION }}
|
|
template: bicep/main.bicep
|
|
deploymentName: ${{ env.DEPLOYMENT_NAME }}
|
|
|
|
none-test:
|
|
name: Tests without access
|
|
needs: [build, bicep]
|
|
runs-on: ubuntu-latest
|
|
environment: none
|
|
steps:
|
|
- uses: actions/download-artifact@v3.0.2
|
|
- uses: azure/login@v1
|
|
with:
|
|
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
|
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
|
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
- name: Use Keyweave with No Access Policies
|
|
run: |
|
|
ls -la
|
|
tree
|
|
./keyweave --vault-name ${{ env.VAULT_NAME}}
|
|
|
|
get-test:
|
|
name: Tests with Get access
|
|
needs: [build, bicep]
|
|
runs-on: ubuntu-latest
|
|
environment: get
|
|
steps:
|
|
- uses: actions/download-artifact@v3.0.2
|
|
- uses: azure/login@v1
|
|
with:
|
|
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
|
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
|
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
- name: Use Keyweave with Only Get Access Policy
|
|
run: ./keyweave --vault-name ${{ env.VAULT_NAME}}
|
|
|
|
list-test:
|
|
name: Tests with List access
|
|
needs: [build, bicep]
|
|
runs-on: ubuntu-latest
|
|
environment: list
|
|
steps:
|
|
- uses: actions/download-artifact@v3.0.2
|
|
- uses: azure/login@v1
|
|
with:
|
|
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
|
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
|
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
- name: Use Keyweave with Only List Access Policy
|
|
run: ./keyweave --vault-name ${{ env.VAULT_NAME}}
|
|
get-list-test:
|
|
name: Tests with Get and List access
|
|
needs: [build, bicep]
|
|
runs-on: ubuntu-latest
|
|
environment: getlist
|
|
steps:
|
|
- uses: actions/download-artifact@v3.0.2
|
|
- uses: azure/login@v1
|
|
with:
|
|
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
|
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
|
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
- name: Use Keyweave with both Get and List Access Policies
|
|
run: ./keyweave --vault-name ${{ env.VAULT_NAME}}
|