Workaround MSSQL CI failures with certificates containing negative se… #2238
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
paths-ignore: | |
- 'website/**' | |
- 'CHANGELOG.md' | |
workflow_dispatch: | |
permissions: | |
# Permission for checking out code | |
contents: read | |
jobs: | |
go-version: | |
runs-on: ubuntu-latest | |
outputs: | |
version: ${{ steps.go-version.outputs.version }} | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- id: go-version | |
run: echo "version=$(cat .go-version)" >> "$GITHUB_OUTPUT" | |
build: | |
needs: [go-version] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | |
with: | |
go-version-file: '.go-version' | |
cache: false | |
# setup-terraform is used to install the Terraform CLI. If we don't do | |
# this then the terraform-plugin-sdk will attempt to download it for each test! | |
- uses: hashicorp/setup-terraform@v3 | |
with: | |
terraform_version: '1.7.*' | |
terraform_wrapper: false | |
- name: Cache go build | |
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
~/Library/Caches/go-build | |
key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-golang- | |
- name: Build | |
run: | | |
make build | |
- name: Run unit tests | |
# here to short-circuit the acceptance tests, in the case of a failure. | |
env: | |
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
run: | | |
make test | |
acceptance: | |
needs: [go-version, build] | |
runs-on: custom-linux-large | |
strategy: | |
fail-fast: false | |
matrix: | |
image: | |
- "vault-enterprise:1.14.13-ent" | |
- "vault-enterprise:1.15.16-ent" | |
- "vault-enterprise:1.16.12-ent" | |
- "vault-enterprise:1.17.8-ent" | |
- "vault-enterprise:1.18.1-ent" | |
- "vault:latest" | |
services: | |
vault: | |
image: hashicorp/${{ matrix.image }} | |
env: | |
VAULT_DEV_ROOT_TOKEN_ID: root | |
VAULT_LICENSE: ${{ secrets.VAULT_LICENSE }} | |
VAULT_AUTH_CONFIG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
VAULT_LOCAL_CONFIG: | | |
{"plugin_directory": "/vault/plugins"} | |
options: >- | |
--health-cmd "VAULT_ADDR=http://127.0.0.1:8200 vault status" | |
--health-interval 1s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
- 8200:8200 | |
volumes: | |
- ${{ github.workspace }}:/vault/plugins | |
mysql: | |
image: docker.mirror.hashicorp.services/mysql:latest | |
env: | |
MYSQL_ROOT_PASSWORD: mysql | |
ports: | |
- 3306:3306 | |
mssql: | |
image: mcr.microsoft.com/mssql/server:2017-latest-ubuntu | |
env: | |
ACCEPT_EULA: Y | |
SA_PASSWORD: ${{ secrets.MSSQL_SA_PASSWORD }} | |
ports: | |
- 1433:1433 | |
mongo: | |
image: docker.mirror.hashicorp.services/mongo:latest | |
env: | |
MONGO_INITDB_ROOT_USERNAME: root | |
MONGO_INITDB_ROOT_PASSWORD: mongodb | |
MONGO_INITDB_DATABASE: admin | |
ports: | |
- 27017:27017 | |
postgres: | |
image: docker.mirror.hashicorp.services/postgres:latest | |
env: | |
POSTGRES_PASSWORD: secret | |
POSTGRES_DB: database | |
ports: | |
- 5432:5432 | |
couchbase: | |
image: docker.io/couchbase/server-sandbox:7.1.1 | |
ports: | |
- 8091:8091 | |
- 8092:8092 | |
- 8093:8093 | |
- 8094:8094 | |
- 11207:11207 | |
- 11210:11210 | |
- 18091:18091 | |
- 18092:18092 | |
- 18093:18093 | |
- 18094:18094 | |
options: >- | |
--health-cmd "curl -f http://Administrator:password@127.0.0.1:8091/sampleBuckets" | |
--health-interval 1s | |
--health-timeout 5s | |
--health-retries 60 | |
consul: | |
image: docker.mirror.hashicorp.services/hashicorp/consul:latest | |
env: | |
CONSUL_LOCAL_CONFIG: "{\"acl\":{\"enabled\":true}}" | |
ports: | |
- 8500:8500 | |
- 8600:8600 | |
options: >- | |
--health-cmd "curl -f 'http://127.0.0.1:8500/v1/health/node/server-1'" | |
--health-interval 1s | |
--health-timeout 5s | |
--health-retries 5 | |
openldap: | |
image: docker.io/bitnami/openldap:2.6 | |
ports: | |
- 1389:1389 | |
- 1636:1636 | |
env: | |
LDAP_ADMIN_USERNAME: "admin" | |
LDAP_ADMIN_PASSWORD: "adminpassword" | |
LDAP_USERS: "alice,bob,foo" | |
LDAP_PASSWORDS: "password1,password2,password3" | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | |
with: | |
go-version-file: '.go-version' | |
cache: false | |
# setup-terraform is used to install the Terraform CLI. If we don't do | |
# this then the terraform-plugin-sdk will attempt to download it for each test! | |
- uses: hashicorp/setup-terraform@v3 | |
with: | |
terraform_version: '1.7.*' | |
terraform_wrapper: false | |
- name: Check Terraform CLI version | |
run: terraform --version | |
- name: Download external plugin | |
id: plugin | |
env: | |
PLUGIN: "vault-plugin-auth-jwt" | |
VERSION: "0.17.0" | |
run: | | |
ZIP="${PLUGIN}_${VERSION}_linux_amd64.zip" | |
SHA256SUMS="${PLUGIN}_${VERSION}_SHA256SUMS" | |
curl -sO "https://releases.hashicorp.com/${PLUGIN}/${VERSION}/{${ZIP},${SHA256SUMS}}" | |
shasum -a 256 -c "${PLUGIN}_${VERSION}_SHA256SUMS" --ignore-missing | |
unzip "${ZIP}"; rm "${ZIP}" "${SHA256SUMS}" | |
echo "command=${PLUGIN}" >> "${GITHUB_OUTPUT}" | |
- name: Cache go build | |
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
~/Library/Caches/go-build | |
key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-golang- | |
- name: Acceptance Tests | |
env: | |
VAULT_TOKEN: "root" | |
VAULT_ADDR: "http://localhost:8200" | |
# RUNS_IN_CONTAINER is false if not using jobs.<job_id>.container | |
RUNS_IN_CONTAINER: "false" | |
MYSQL_URL: "root:mysql@tcp(mysql:3306)/" | |
MYSQL_CONNECTION_URL: "{{username}}:{{password}}@tcp(mysql:3306)/" | |
MYSQL_CONNECTION_USERNAME: "root" | |
MYSQL_CONNECTION_PASSWORD: "mysql" | |
MONGODB_URL: "mongodb://root:mongodb@mongo:27017/admin?ssl=false" | |
MSSQL_URL: "sqlserver://sa:${{ secrets.MSSQL_SA_PASSWORD }}@mssql:1433" | |
# POSTGRES_URL is the standard root conn URL for Vault | |
POSTGRES_URL: "postgres://postgres:secret@postgres:5432/database?sslmode=disable" | |
# POSTGRES_URL_TEST is used by the TFVP test to connect directly to | |
# the postgres container. Note: the host is "localhost" because the | |
# TFVP tests do not run in the same docker network. | |
POSTGRES_URL_TEST: "postgres://postgres:secret@localhost:5432/database?sslmode=disable" | |
# POSTGRES_URL_ROOTLESS is used by Vault to connect to the postgres container. | |
POSTGRES_URL_ROOTLESS: "postgres://{{username}}:{{password}}@postgres:5432/database?sslmode=disable" | |
COUCHBASE_HOST: couchbase | |
COUCHBASE_USERNAME: Administrator | |
COUCHBASE_PASSWORD: password | |
CONSUL_HTTP_ADDR: "consul:8500" | |
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
LDAP_BINDDN: "cn=admin,dc=example,dc=org" | |
LDAP_BINDPASS: "adminpassword" | |
LDAP_URL: "ldap://openldap:1389" | |
VAULT_PLUGIN_COMMAND: ${{ steps.plugin.outputs.command }} | |
run: | | |
if [[ ${{ matrix.image }} =~ "-ent" ]]; then | |
target="testacc-ent" | |
else | |
target="testacc" | |
fi | |
make $target TESTARGS='-test.v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true SKIP_VAULT_NEXT_TESTS=true TF_ACC_K8S_SKIP_IN_CLUSTER=true | |
- name: "Generate Vault API Path Coverage Report" | |
run: | | |
go run cmd/coverage/main.go -openapi-doc=./testdata/openapi.json |