Skip to content
test

build(deps): bump System.Security.Cryptography.Pkcs from 8.0.1 to 9.0.0 in /Notation.Plugin.AzureKeyVault #523

Sign in to view logs

build(deps): bump System.Security.Cryptography.Pkcs from 8.0.1 to 9.0.0 in /Notation.Plugin.AzureKeyVault

build(deps): bump System.Security.Cryptography.Pkcs from 8.0.1 to 9.0.0 in /Notation.Plugin.AzureKeyVault #523

Workflow file for this run

.github/workflows/test.yml at 6acdd11
---
# Github workflow for Notation Azure Key Vault plugin
name: test
on:
push:
branches:
- main
- release-*
pull_request:
branches:
- main
- release-*
permissions:
id-token: write # Require write permission to Fetch an OIDC token.
contents: read
jobs:
lint:
name: Lint Code Base
runs-on: ubuntu-latest
permissions:
contents: read
packages: read
statuses: write
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Lint Code Base
uses: super-linter/super-linter@v7
env:
VALIDATE_ALL_CODEBASE: false
DEFAULT_BRANCH: main
DEFAULT_WORKSPACE: ./Notation.Plugin.AzureKeyVault
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
FILTER_REGEX_EXCLUDE: '.*Tests/.*|.*.yml|.*/scripts/generate-certs.sh|.*.py'
VALIDATE_CHECKOV: false
VALIDATE_MARKDOWN: false
VALIDATE_JSCPD: false
VALIDATE_SHELL_SHFMT: false
test:
name: Unit Testing and Build
runs-on: ubuntu-latest
timeout-minutes: 5
permissions:
contents: read
steps:
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.0.x'
- name: Check out code into the project directory
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run unit tests
run: make test
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v4
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
- name: Build Linux Binary
run: |
# the binary will be used in E2E test
python3 ./scripts/build.py v0.0.1 linux-x64 --enable-aot
- name: Upload Linux artifact
uses: actions/upload-artifact@v4
with:
name: linux-amd64-binary
path: ./bin/artifacts/notation-azure-kv_0.0.1_linux_amd64.tar.gz
retention-days: 1
- name: Build macOS Binary
run: |
# the binary will be used in E2E test
python3 ./scripts/build.py v0.0.1 osx-x64
- name: Upload macOS artifact
uses: actions/upload-artifact@v4
with:
name: darwin-amd64-binary
path: ./bin/artifacts/notation-azure-kv_0.0.1_darwin_amd64.tar.gz
retention-days: 1
e2e-mariner-container:
name: E2E testing for Mariner container
runs-on: ubuntu-latest
environment: E2E
needs: test
steps:
- name: Check out code into the project directory
uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/download-artifact@v4
with:
name: linux-amd64-binary
path: ./bin/artifacts
- name: Prepare container registry
run: |
docker run --name registry --rm -d -p 5000:5000 registry:2
docker pull hello-world:latest
docker tag hello-world:latest localhost:5000/hello-world:v1
docker push localhost:5000/hello-world:v1
- name: Build notation-akv:v1 image
run: docker build -t notation-akv:v1 -f ./test/e2e/containerized/Dockerfile.mariner .
- name: Install OIDC Client from Core Package
run: npm install @actions/[email protected] @actions/http-client
- name: Write Id Token
uses: actions/github-script@v7
id: idtoken
with:
script: |
try {
const core = require('@actions/core')
const fs = require('fs')
let id_token = await core.getIDToken('api://AzureADTokenExchange')
fs.writeFileSync("./federated_token", id_token);
console.log(`Federated Token written to ./federated_token`);
} catch (error) {
core.setFailed(`Action failed with error: ${error.message}`);
}
- name: Run e2e
run: bash ./test/e2e/containerized/test.sh
env:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_FEDERATED_TOKEN_FILE: ./federated_token
e2e-linux:
name: E2E testing on Linux
runs-on: ubuntu-latest
environment: E2E
needs: test
steps:
- name: Check out code into the project directory
uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/download-artifact@v4
with:
name: linux-amd64-binary
path: ./bin/artifacts
- name: Run download server locally
run: |
nohup python3 -m http.server --directory ./bin/artifacts/ &
# prepare the environment variables for E2E
artifactName=notation-azure-kv_0.0.1_linux_amd64.tar.gz
checksum=$(shasum -a 256 "./bin/artifacts/$artifactName" | awk '{print $1}')
echo "pluginChecksum=$checksum" >> "$GITHUB_ENV"
echo "pluginDownloadURL=http://localhost:8000/$artifactName" >> "$GITHUB_ENV"
- name: Prepare container registry
run: |
docker run --name registry --rm -d -p 5000:5000 registry:2
docker pull hello-world:latest
docker tag hello-world:latest localhost:5000/hello-world:v1
docker push localhost:5000/hello-world:v1
- name: Azure login
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: E2E testing
uses: ./test/e2e
with:
pluginDownloadURL: ${{ env.pluginDownloadURL }}
pluginChecksum: ${{ env.pluginChecksum }}
e2e-windows:
name: E2E testing on Windows
runs-on: windows-latest
environment: E2E
needs: test
steps:
- name: Check out code into the project directory
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.0.x'
- name: Build Windows Binary
run: python3 ./scripts/build.py v0.0.1 win-x64 --enable-aot
- name: Run download server locally
run: |
# wsl bash
bash -c 'nohup python3 -m http.server --directory ./bin/artifacts/ &'
# Prepare the environment variables for E2E
$artifactName = "notation-azure-kv_0.0.1_windows_amd64.zip"
$checksum = (Get-FileHash ".\bin\artifacts\$artifactName" -Algorithm SHA256).Hash
"pluginChecksum=$checksum" | Out-File -Append -FilePath $Env:GITHUB_ENV
"pluginDownloadURL=http://localhost:8000/$artifactName" | Out-File -Append -FilePath $Env:GITHUB_ENV
shell: pwsh
- name: Prepare container registry
run: |
docker run --name registry --rm -d -p 5000:5000 junjiegaomsft/registry:v2.8.2-ltsc2022
docker pull hello-world:latest
docker tag hello-world:latest localhost:5000/hello-world:v1
docker push localhost:5000/hello-world:v1
shell: pwsh
- name: Azure login
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: E2E testing
uses: ./test/e2e
with:
pluginDownloadURL: ${{ env.pluginDownloadURL }}
pluginChecksum: ${{ env.pluginChecksum }}
e2e-macos:
name: E2E testing on macOS
runs-on: macos-13
environment: E2E
needs: test
steps:
- name: Check out code into the project directory
uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/download-artifact@v4
with:
name: darwin-amd64-binary
path: ./bin/artifacts
- name: Run download server locally
run: |
nohup python3 -m http.server --directory ./bin/artifacts/ &
# prepare the environment variables for E2E
artifactName=notation-azure-kv_0.0.1_darwin_amd64.tar.gz
checksum=$(shasum -a 256 "./bin/artifacts/$artifactName" | awk '{print $1}')
echo "pluginChecksum=$checksum" >> "$GITHUB_ENV"
echo "pluginDownloadURL=http://localhost:8000/$artifactName" >> "$GITHUB_ENV"
- name: Prepare container registry
run: |
# start zot registry
wget -O zot https://github.com/project-zot/zot/releases/download/v2.0.0-rc7/zot-darwin-amd64-minimal
chmod +x zot
nohup ./zot serve ./test/e2e/zot/config.json &
# install oras
wget -O oras.tar.gz https://github.com/oras-project/oras/releases/download/v1.1.0/oras_1.1.0_darwin_amd64.tar.gz
tar -zxf oras.tar.gz
./oras push localhost:5000/hello-world:v1 --artifact-type application/octet-stream ./LICENSE
- name: Azure login
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: E2E testing
uses: ./test/e2e
with:
pluginDownloadURL: ${{ env.pluginDownloadURL }}
pluginChecksum: ${{ env.pluginChecksum }}