name: test-cli-ui on: workflow_call: inputs: artifact-name: type: string required: true permissions: contents: read actions: read jobs: bats: runs-on: ${{ fromJSON(vars.RUNNER) }} name: CLI tests steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Import GPG key for Boundary pass keystore id: import_gpg uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0 with: gpg_private_key: ${{ secrets.ENOS_GPG_PRIVATE_KEY }} passphrase: ${{ secrets.ENOS_GPG_PASSPHRASE }} - name: Trust the pass keystore GPG key id: trust_gpg run: | gpg -a --encrypt -r ${{ secrets.ENOS_GPG_UID }} --trust-model always echo "trusted-key ${{ secrets.ENOS_GPG_UID }}" >> ~/.gnupg/gpg.conf cat ~/.gnupg/gpg.conf - name: Set up Bats CLI UI tests dependency cache id: dep-cache uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: /tmp/bats-cli-ui-deps key: enos-bats-cli-ui-deps-jq-1.6-password-store-1.7.4-vault-1.12.2 - name: Set up Node for Bats install uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: 16 - name: Install Bats via NPM # Use npm so this workflow is portable on multiple runner distros run: npm install --location=global bats - name: Download jq for Bats CLI UI tests if: steps.dep-cache.outputs.cache-hit != 'true' # NOTE: if you update the jq version make sure to update the dep cache key run: | mkdir -p /tmp/bats-cli-ui-deps wget https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -O /tmp/bats-cli-ui-deps/jq-bin - name: Install jq for Bats CLI UI tests run: | chmod +x /tmp/bats-cli-ui-deps/jq-bin sudo cp /tmp/bats-cli-ui-deps/jq-bin /usr/local/bin/jq - name: Download and unzip pass for Boundary keyring if: steps.dep-cache.outputs.cache-hit != 'true' # NOTE: if you update the password store version make sure to update the dep cache key run: | mkdir -p /tmp/bats-cli-ui-deps/pass wget https://git.zx2c4.com/password-store/snapshot/password-store-1.7.4.tar.xz -O /tmp/bats-cli-ui-deps/pass/pass.tar.xz cd /tmp/bats-cli-ui-deps/pass tar -xvf pass.tar.xz - name: Install pass for Boundary keyring run: | cd /tmp/bats-cli-ui-deps/pass/password-store-1.7.4 sudo make install pass init ${{ secrets.ENOS_GPG_UID }} - name: Download Vault AMD64 binary for integration testing if: steps.dep-cache.outputs.cache-hit != 'true' run: | wget https://releases.hashicorp.com/vault/1.12.2/vault_1.12.2_linux_amd64.zip -O /tmp/bats-cli-ui-deps/vault.zip - name: Install Vault run: | unzip /tmp/bats-cli-ui-deps/vault.zip -d /usr/local/bin - name: Download Linux AMD64 Boundary bundle uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: ${{ inputs.artifact-name }} path: /tmp - name: Unpack boundary bundle run: | unzip -o /tmp/${{ inputs.artifact-name }} -d /usr/local/bin rm /tmp/${{ inputs.artifact-name }} - name: Versions run: | echo "go version:" go version echo "bats version:" bats --version echo "jq version:" jq --version echo "gpg version:" gpg --version echo "pass version:" pass --version echo "bash version:" bash --version echo "boundary version:" boundary version echo "vault version:" vault version - name: Run cli bats tests run: | export VAULT_ADDR=http://127.0.0.1:8200 export VAULT_TOKEN=boundarytok make -C internal/tests/cli test-vault-up until vault status; do docker container inspect boundary-cli-tests-vault &> /dev/null || exit 255; sleep 1; done make test-cli - name: Cleanup if: success() || failure() run: | make -C internal/tests/cli test-vault-down - name: Send Slack message if: ${{ failure() }} uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d # v2.0.0 with: method: chat.postMessage token: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_TOKEN }} payload: | channel: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_CHANNEL_ID }} text: ":x: bats tests failed: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n*Branch:* ${{ github.event.ref }}\n*SHA:* <${{ github.event.head_commit.url }}|${{ github.event.after }}>"