fix: Replace legacy IVs with random IVs for encrypting "defaultEncryp… #3269
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow uses actions that are not certified by GitHub. | |
# They are provided by a third-party and are governed by | |
# separate terms of service, privacy policy, and support | |
# documentation. | |
name: at_client_sdk | |
on: | |
push: | |
branches: | |
- trunk | |
pull_request: | |
branches: | |
- trunk | |
permissions: # added using https://github.com/step-security/secure-workflows | |
contents: read | |
jobs: | |
unit_tests_and_code_analysis: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
dart-channel: [stable,beta] | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: dart-lang/setup-dart@e630b99d28a3b71860378cafdc2a067c71107f94 # v1.7.0 | |
with: | |
sdk: ${{ matrix.dart-channel}} | |
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version: 'stable' | |
cache-dependency-path: tools/osv-scanner/go.sum | |
# Install dependencies in at_client library | |
- name: Install dependencies in at_client | |
working-directory: packages/at_client | |
run: dart pub get | |
# Run analyzer in at_client library | |
- name: Analyze project source in at_client | |
working-directory: packages/at_client | |
run: dart analyze | |
# Run unit tests | |
- name: Run at_client unit tests, with code coverage measurement | |
working-directory: packages/at_client | |
run: dart test --concurrency=1 --coverage="coverage" | |
- name: Convert at_client coverage to LCOV format | |
working-directory: packages/at_client | |
run: dart run coverage:format_coverage --check-ignore --lcov --in=coverage --out=unit_test_coverage.lcov --report-on=lib | |
- name: Upload at_client coverage to Codecov | |
uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1 | |
with: | |
file: packages/at_client/unit_test_coverage.lcov | |
flags: at_client_unit_tests | |
# Adding flutter to path | |
- name: Installing Flutter | |
uses: britannio/action-install-flutter@a486b7e3148e54a76390d849100b9dee819ff810 # v1.1 | |
with: | |
version: stable | |
# Install dependencies of at_client_mobile | |
- name: Installing dependencies | |
working-directory: packages/at_client_mobile | |
run: flutter pub get | |
# Analyze at_client_mobile package | |
- name: flutter analyze | |
working-directory: packages/at_client_mobile | |
run: flutter analyze --no-fatal-infos | |
# Run unit tests | |
- name: Run at_client_mobile unit tests, with code coverage measurement | |
working-directory: packages/at_client_mobile | |
run: flutter test --concurrency=1 --coverage | |
- name: Convert at_client_mobile coverage to LCOV format | |
working-directory: packages/at_client_mobile | |
run: dart run coverage:format_coverage --lcov --check-ignore --in=coverage --out=unit_test_coverage.lcov --report-on=lib | |
- name: Upload at_client_mobile coverage to Codecov | |
uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1 | |
with: | |
file: packages/at_client_mobile/unit_test_coverage.lcov | |
flags: at_client_mobile_unit_tests | |
# Check formatting | |
- name: Check that code in packages is correctly formatted | |
working-directory: packages | |
run: dart format . -o none --set-exit-if-changed | |
# Runs osv-scanner to find any vulnerable Dart dependencies | |
# It needs to look at pubspec.lock files, which is why it's | |
# placed here, as the `dart pub get` above will create them | |
- name: Run osv-scanner | |
working-directory: packages | |
run: | | |
go install github.com/google/osv-scanner/cmd/osv-scanner@6316373e47d7e3e4b4fd3630c4bbc10987738de6 # v1.4.3 | |
osv-scanner --lockfile=./at_client/pubspec.lock | |
osv-scanner --lockfile=./at_client_mobile/pubspec.lock | |
functional_tests: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
dart-channel: [stable,beta] | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: dart-lang/setup-dart@e630b99d28a3b71860378cafdc2a067c71107f94 # v1.7.0 | |
with: | |
sdk: ${{ matrix.dart-channel}} | |
# Install dependencies in at_functional_test | |
- name: Install dependencies in at_functional_test | |
working-directory: tests/at_functional_test | |
run: dart pub get | |
- name: Add entry to hosts file | |
run: echo "127.0.0.1 vip.ve.atsign.zone" | sudo tee -a /etc/hosts | |
# Start docker container to run functional tests | |
- name: Start docker instance | |
working-directory: tests/at_functional_test/test | |
run: docker compose pull && docker compose up -d | |
- name: Check for docker container readiness | |
working-directory: tests/at_functional_test | |
run: dart run test/check_docker_readiness.dart | |
- name: Run PKAM | |
run: docker exec test-virtualenv-1 supervisorctl start pkamLoad | |
- name: Check test environment readiness | |
working-directory: tests/at_functional_test | |
run: dart run test/check_test_env.dart | |
# Run functional tests | |
- name: Run functional tests | |
working-directory: tests/at_functional_test | |
run: dart test --concurrency=1 --coverage="coverage" | |
- name: Convert coverage to LCOV format | |
working-directory: tests/at_functional_test | |
run: dart run coverage:format_coverage --check-ignore --lcov --in=coverage --out=functional_test_coverage.lcov --report-on=../../packages/at_client/lib | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1 | |
with: | |
file: tests/at_functional_test/functional_test_coverage.lcov | |
flags: functional_tests | |
# stop docker containers | |
- name: stop docker containers | |
working-directory: tests/at_functional_test/test | |
run: docker compose down | |
end2end_tests_prep: | |
# Don't run on PRs from a fork as the secrets aren't available | |
if: ${{ github.event.pull_request.head.repo.fork == false }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: update image on cicd VMs | |
# Needs a secret, so don't run for Dependabot PRs | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
uses: appleboy/ssh-action@7eaf76671a0d7eec5d98ee897acda4f968735a17 # v1.2.0 | |
with: | |
host: "cicd1.atsign.wtf,cicd2.atsign.wtf" | |
username: ubuntu | |
key: ${{ secrets.CICD_SSH_KEY }} | |
script: | | |
scriptURL="https://raw.githubusercontent.com/atsign-foundation/at_client_sdk/trunk/tools/${HOSTNAME}/update_ce2e_images.sh" | |
echo "$scriptURL" | |
wget -q -O update_ce2e_images.sh "$scriptURL" | |
./update_ce2e_images.sh | |
# The Job runs end-to-end tests between two atSign's running on server trunk branch | |
end2end_tests: | |
needs: [ end2end_tests_prep ] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: dart-lang/setup-dart@e630b99d28a3b71860378cafdc2a067c71107f94 # v1.7.0 | |
with: | |
sdk: stable | |
- name: Install dependencies in at_client | |
working-directory: packages/at_client | |
run: dart pub get | |
# Install dependencies in at_end2end_test | |
- name: Install dependencies in at_end2end_test | |
working-directory: tests/at_end2end_test | |
run: dart pub get | |
# Populate at_credentials.dart from CICD_DATA_DART secret | |
- name: Get CICD keys into place | |
# Needs a secret, so don't run for Dependabot PRs | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
run: echo "${{secrets.AT_CICD_CREDENTIALS}}" > tests/at_end2end_test/lib/src/at_credentials.dart | |
# Move the config file in-place | |
- name: Config for @cicd1/2 | |
run: mv tests/at_end2end_test/config/config12.yaml tests/at_end2end_test/config/config.yaml | |
# Run end-to-end test | |
- name: End to end test | |
# Needs a secret, so don't run for Dependabot PRs | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
working-directory: tests/at_end2end_test | |
run: dart test --concurrency=1 --coverage="coverage" | |
- name: Convert coverage to LCOV format | |
# Needs tests to have run, so don't run for Dependabot PRs | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
working-directory: tests/at_end2end_test | |
run: dart run coverage:format_coverage --check-ignore --lcov --in=coverage --out=end2end_test_coverage.lcov --report-on=lib | |
- name: Upload coverage to Codecov | |
# Needs LCOV report to upload, so don't run for Dependabot PRs | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1 | |
with: | |
file: tests/at_end2end_test/end2end_test_coverage.lcov | |
flags: end2end_tests | |
# The Job runs end-to-end tests between server code running on trunk branch and canary (production ready) server | |
end2end_test_14: | |
needs: [ end2end_tests ] | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: dart-lang/setup-dart@e630b99d28a3b71860378cafdc2a067c71107f94 # v1.7.0 | |
with: | |
sdk: stable | |
- name: Install dependencies in at_client | |
working-directory: packages/at_client | |
run: dart pub get | |
# Install dependencies in at_end2end_test | |
- name: Install dependencies in at_end2end_test | |
working-directory: tests/at_end2end_test | |
run: dart pub get | |
# Populate at_credentials.dart from CICD_DATA_DART secret | |
- name: Get CICD keys into place | |
# Needs a secret, so don't run for Dependabot PRs | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
run: echo "${{secrets.AT_CICD_CREDENTIALS}}" > tests/at_end2end_test/lib/src/at_credentials.dart | |
# Move the config file in-place | |
- name: Config for @cicd1/4 | |
run: mv tests/at_end2end_test/config/config14.yaml tests/at_end2end_test/config/config.yaml | |
- name: Submit and approve enrollment request | |
working-directory: tests/at_end2end_test | |
run: dart run test/enrollment_setup.dart | |
# Run end-to-end test | |
- name: End to end test | |
# Needs a secret, so don't run for Dependabot PRs | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
working-directory: tests/at_end2end_test | |
run: dart test --concurrency=1 | |
# Makes all the enrollment requests inactive. The pending enrollment request are set to denied state and | |
# the approved enrollment requests are set to revoked state. | |
- name: Enrollment setup teardown | |
# Even if the tests fail in the above step, we need to clean up the enrollments. | |
# Therefore, we set this to "!cancelled()" to ensure this step runs regardless of the outcome of the previous step. | |
if: ${{ !cancelled() }} | |
working-directory: tests/at_end2end_test | |
run: dart run test/enrollment_teardown.dart |