feat(sdk): normalize token exchange #2051
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Checks" | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| merge_group: | |
| branches: | |
| - main | |
| types: | |
| - checks_requested | |
| jobs: | |
| pr: | |
| name: Validate PR title | |
| if: contains(fromJSON('["pull_request", "pull_request_target"]'), github.event_name) | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| pull-requests: read | |
| steps: | |
| - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| go: | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| checks: write | |
| contents: read | |
| pull-requests: read | |
| strategy: | |
| matrix: | |
| directory: | |
| - examples | |
| - sdk | |
| - service | |
| - lib/ocrypto | |
| - lib/fixtures | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 | |
| with: | |
| go-version: "1.21.9" | |
| cache-dependency-path: | | |
| examples/go.sum | |
| protocol/go/go.sum | |
| sdk/go.sum | |
| service/go.sum | |
| - run: go mod download | |
| - run: go mod verify | |
| - name: golangci-lint | |
| #uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 | |
| uses: strantalis/golangci-lint-action@f4e979f5b36068d69d340547f66c991dca8b70ef | |
| with: | |
| version: v1.56 | |
| working-directory: ${{ matrix.directory }} | |
| skip-cache: true | |
| only-new-issues: ${{ (github.event_name == 'pull_request' || github.event_name == 'merge_group') }} | |
| args: --out-format=colored-line-number | |
| - name: Install softHSM | |
| if: matrix.directory == 'service' | |
| run: |- | |
| sudo apt-get install -y softhsm opensc openssl | |
| sudo chmod +x /etc/softhsm | |
| sudo chmod +r /etc/softhsm/softhsm2.conf | |
| mkdir -p $(pwd)/.tmp/tokens | |
| echo "directories.tokendir = $(pwd)/.tmp/tokens" > softhsm2.conf | |
| echo "log.level = DEBUG" >> softhsm2.conf | |
| echo "SOFTHSM2_CONF=$(pwd)/softhsm2.conf" >> "$GITHUB_ENV" | |
| - if: matrix.directory == 'service' | |
| run: .github/scripts/init-temp-keys.sh --hsm | |
| - run: go test ./... -short | |
| working-directory: ${{ matrix.directory }} | |
| - if: matrix.directory == 'service' | |
| run: go test ./service/integration -race -failfast | |
| integration: | |
| name: integration tests | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| matrix: | |
| crypto: | |
| - hsm | |
| - standard | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 | |
| with: | |
| go-version: "1.21.9" | |
| cache-dependency-path: | | |
| service/go.sum | |
| examples/go.sum | |
| protocol/go/go.sum | |
| sdk/go.sum | |
| - run: go mod download | |
| - run: go mod verify | |
| - name: Install softHSM | |
| if: matrix.crypto == 'hsm' | |
| run: |- | |
| sudo apt-get install -y softhsm opensc openssl | |
| sudo chmod +x /etc/softhsm | |
| sudo chmod +r /etc/softhsm/softhsm2.conf | |
| mkdir -p $(pwd)/.tmp/tokens | |
| echo "directories.tokendir = $(pwd)/.tmp/tokens" > softhsm2.conf | |
| echo "log.level = DEBUG" >> softhsm2.conf | |
| echo "SOFTHSM2_CONF=$(pwd)/softhsm2.conf" >> "$GITHUB_ENV" | |
| - run: docker compose up -d --wait --wait-timeout 240 | |
| - run: | | |
| .github/scripts/init-temp-keys.sh --hsm | |
| cp opentdf-with-hsm.yaml opentdf.yaml | |
| if: matrix.crypto == 'hsm' | |
| - run: | | |
| .github/scripts/init-temp-keys.sh | |
| cp opentdf-example.yaml opentdf.yaml | |
| if: matrix.crypto == 'standard' | |
| - run: go run ./service provision keycloak | |
| - uses: JarvusInnovations/background-action@313d37130873d82c33fc907b9b78e932aec8e990 | |
| name: start server in background | |
| with: | |
| run: | | |
| go run ./service start | |
| wait-on: | | |
| tcp:localhost:8080 | |
| log-output-if: true | |
| wait-for: 90s | |
| - run: go install github.com/fullstorydev/grpcurl/cmd/grpcurl@v1.8.9 | |
| - run: grpcurl -plaintext localhost:8080 list | |
| - run: grpcurl -plaintext localhost:8080 grpc.health.v1.Health.Check | |
| - run: grpcurl -plaintext localhost:8080 kas.AccessService/PublicKey | |
| - run: curl --show-error --fail --insecure localhost:8080/kas/v2/kas_public_key | |
| - run: go run ./examples encrypt "Hello Virtru" | |
| - run: go run ./examples decrypt sensitive.txt.tdf | |
| - run: go run ./examples decrypt sensitive.txt.tdf | grep "Hello Virtru" | |
| image: | |
| name: image build | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: docker/build-push-action@v5.1.0 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: false | |
| buflint: | |
| name: Protocol Buffer Lint and Gencode Up-to-date check | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - uses: bufbuild/buf-setup-action@382440cdb8ec7bc25a68d7b4711163d95f7cc3aa | |
| - uses: bufbuild/buf-lint-action@044d13acb1f155179c606aaa2e53aea304d22058 | |
| with: | |
| input: service | |
| - uses: bufbuild/buf-breaking-action@a074e988ee34efcd4927079e79c611f428354c01 | |
| # TODO(#212) Block on breaking changes after protos are frozen | |
| continue-on-error: true | |
| with: | |
| input: service | |
| against: "https://github.com/opentdf/platform.git#branch=main,subdir=service" | |
| - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 | |
| with: | |
| go-version: "1.21.9" | |
| cache-dependency-path: | | |
| service/go.sum | |
| protocol/go/go.sum | |
| sdk/go.sum | |
| examples/go.sum | |
| - run: cd service && go get github.com/pseudomuto/protoc-gen-doc/cmd/protoc-gen-doc | |
| - run: cd service && go install github.com/pseudomuto/protoc-gen-doc/cmd/protoc-gen-doc | |
| - run: make proto-generate | |
| - name: Restore go.mod after installing protoc-gen-doc | |
| run: git restore {service,protocol/go}/go.{mod,sum} | |
| - run: git diff | |
| - run: git diff-files --ignore-submodules | |
| - name: Check that files have been formatted before PR submission | |
| run: git diff-files --quiet --ignore-submodules | |
| ci: | |
| needs: | |
| - buflint | |
| - go | |
| - image | |
| - integration | |
| - pr | |
| runs-on: ubuntu-latest | |
| if: always() | |
| steps: | |
| - if: contains(needs.*.result, 'failure') | |
| run: echo "Failed due to ${{ contains(needs.*.result, 'failure') }}" && exit 1 | |
| license: | |
| name: license check | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 | |
| with: | |
| go-version: "1.21.9" | |
| cache: false | |
| - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 | |
| id: deps-changed | |
| with: | |
| filters: | | |
| examples: | |
| - 'examplesk/go.*' | |
| service: | |
| - 'service/go.*' | |
| sdk: | |
| - 'sdk/go.*' | |
| - name: install go-licenses | |
| run: go install github.com/google/go-licenses@5348b744d0983d85713295ea08a20cca1654a45e | |
| - name: check service licenses | |
| if: steps.deps-changed.outputs.service == 'true' | |
| run: > | |
| go-licenses check --disallowed_types=forbidden --include_tests | |
| ./service | |
| - name: check sdk licenses | |
| if: steps.deps-changed.outputs.sdk == 'true' | |
| run: > | |
| go-licenses check --disallowed_types=forbidden --include_tests | |
| ./sdk | |
| - name: check examples licenses | |
| if: steps.deps-changed.outputs.examples == 'true' | |
| run: > | |
| go-licenses check --disallowed_types=forbidden --include_tests | |
| ./examples |