mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-14 11:57:59 +00:00
f181500e98
* wip: basic structure of scaleway provider Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * test: add some tests for GetAllSecrets Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: implement PushSecret Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * test: improved test fixtures Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: allow finding secrets by project using the path property Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: add delete secret method Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * Delete dupplicate of push remote ref test implem Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: add capability to use a secret for configuring access token Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: implement GetSecretMap Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: filtering by name and projetc id Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * test: add test for finding secret by name regexp Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: config validation Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * fix: handle situation where no namespace is specified and we cannot provide a default Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: reference secrets by id or name Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * fix: invalid request caused by pagination handling Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: log the error when failing to access secret version Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * fix: pass context to sdk where missing Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: add a cache for reducing AccessSecretVersion() calls Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * refacto: use GetSecret with name instead of ListSecrets Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: allow using secret name in ExternalSecrets Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: use latest_enabled instead of latest Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * refacto: optimized PushSecret and improved its test coverage Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * fix: doesConfigDependOnNamespace was always true Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: use new api with refactored name-based endpoints Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * remove useless todo Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * fix: use secret names as key for GetAllSecrets Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: support gjson propery lookup Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: e2e tests Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * test: e2e test using secret to store api key Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * test: cleanup left over resources on the secret manager before each e2e run Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * doc: add doc for scaleway provider Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * refacto: fix lint issues Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * test: cleanup code in e2e was commented Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: the previous version is disabled when we push to a secret Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * doc: add comments to ScalewayProvider struct to point to console and doc Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: add missing e2e env vars for scaleway Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * docs: add scaleway to support/stability table Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Julien Loctaux <no.mail@jloc.fr> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
109 lines
3.6 KiB
YAML
109 lines
3.6 KiB
YAML
# Run secret-dependent e2e tests only after /ok-to-test approval
|
|
on:
|
|
pull_request:
|
|
repository_dispatch:
|
|
types: [ok-to-test-command]
|
|
|
|
permissions:
|
|
id-token: write
|
|
checks: write
|
|
contents: read
|
|
|
|
name: e2e tests
|
|
|
|
env:
|
|
# Common versions
|
|
GO_VERSION: '1.19'
|
|
GINKGO_VERSION: 'v2.8.0'
|
|
DOCKER_BUILDX_VERSION: 'v0.4.2'
|
|
KIND_VERSION: 'v0.17.0'
|
|
KIND_IMAGE: 'kindest/node:v1.26.0'
|
|
|
|
# Common users. We can't run a step 'if secrets.GHCR_USERNAME != ""' but we can run
|
|
# a step 'if env.GHCR_USERNAME' != ""', so we copy these to succinctly test whether
|
|
# credentials have been provided before trying to run steps that need them.
|
|
GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
|
|
GCP_SM_SA_JSON: ${{ secrets.GCP_SM_SA_JSON}}
|
|
GCP_GKE_ZONE: ${{ secrets.GCP_GKE_ZONE}}
|
|
GCP_GSA_NAME: ${{ secrets.GCP_GSA_NAME}} # Goolge Service Account
|
|
GCP_KSA_NAME: ${{ secrets.GCP_KSA_NAME}} # Kubernetes Service Account
|
|
GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID}}
|
|
|
|
AWS_REGION: "eu-central-1"
|
|
AWS_OIDC_ROLE_ARN: ${{ secrets.AWS_OIDC_ROLE_ARN }}
|
|
|
|
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID}}
|
|
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET}}
|
|
TENANT_ID: ${{ secrets.TENANT_ID}}
|
|
VAULT_URL: ${{ secrets.VAULT_URL}}
|
|
SCALEWAY_API_URL: ${{ secrets.SCALEWAY_API_URL }}
|
|
SCALEWAY_REGION: ${{ secrets.SCALEWAY_REGION }}
|
|
SCALEWAY_PROJECT_ID: ${{ secrets.SCALEWAY_PROJECT_ID }}
|
|
SCALEWAY_ACCESS_KEY: ${{ secrets.SCALEWAY_ACCESS_KEY }}
|
|
SCALEWAY_SECRET_KEY: ${{ secrets.SCALEWAY_SECRET_KEY }}
|
|
|
|
jobs:
|
|
|
|
integration-trusted:
|
|
runs-on: ubuntu-latest
|
|
if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.actor !='dependabot[bot]'
|
|
steps:
|
|
|
|
- name: Branch based PR checkout
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Fetch History
|
|
run: git fetch --prune --unshallow
|
|
|
|
- uses: ./.github/actions/e2e
|
|
|
|
# Repo owner has commented /ok-to-test on a (fork-based) pull request
|
|
integration-fork:
|
|
runs-on: ubuntu-latest
|
|
if: github.event_name == 'repository_dispatch'
|
|
steps:
|
|
|
|
# Check out merge commit
|
|
- name: Fork based /ok-to-test checkout
|
|
uses: actions/checkout@v3
|
|
with:
|
|
ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge'
|
|
|
|
- name: Fetch History
|
|
run: git fetch --prune --unshallow
|
|
|
|
- uses: ./.github/actions/e2e
|
|
|
|
# Update check run called "integration-fork"
|
|
- uses: actions/github-script@v6
|
|
id: update-check-run
|
|
if: ${{ always() }}
|
|
env:
|
|
number: ${{ github.event.client_payload.pull_request.number }}
|
|
job: ${{ github.job }}
|
|
# Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run
|
|
conclusion: ${{ job.status }}
|
|
with:
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
script: |
|
|
const { data: pull } = await github.rest.pulls.get({
|
|
...context.repo,
|
|
pull_number: process.env.number
|
|
});
|
|
const ref = pull.head.sha;
|
|
console.log("\n\nPR sha: " + ref)
|
|
const { data: checks } = await github.rest.checks.listForRef({
|
|
...context.repo,
|
|
ref
|
|
});
|
|
console.log("\n\nPR CHECKS: " + checks)
|
|
const check = checks.check_runs.filter(c => c.name === process.env.job);
|
|
console.log("\n\nPR Filtered CHECK: " + check)
|
|
console.log(check)
|
|
const { data: result } = await github.rest.checks.update({
|
|
...context.repo,
|
|
check_run_id: check[0].id,
|
|
status: 'completed',
|
|
conclusion: process.env.conclusion
|
|
});
|
|
return result;
|