Merge pull request #1032 from godaddy/dependabot/go_modules/server/go… #4330
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Integration | |
on: | |
push: | |
branches: | |
# Push events on main branch | |
- main | |
# Push events to branches matching refs/heads/release- | |
- 'release-*' | |
pull_request: | |
branches: [ main ] | |
#### Global environment variables | |
env: | |
DYNAMODB_HOSTNAME: dynamodb | |
MYSQL_HOSTNAME: mysql | |
MYSQL_DATABASE: testdb | |
MYSQL_USERNAME: root | |
MYSQL_PASSWORD: Password123 | |
DISABLE_TESTCONTAINERS: true | |
AWS_ACCESS_KEY_ID: dummykey | |
AWS_SECRET_ACCESS_KEY: dummy_secret | |
AWS_DEFAULT_REGION: us-west-2 | |
AWS_REGION: us-west-2 | |
GO111MODULE: "on" | |
jobs: | |
#### Java | |
java-secure-memory: | |
name: Build Java Secure Memory | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
- name: Set up Java | |
uses: actions/setup-java@ddb82ce8a6ecf5ac3e80c3184839e6661546e4aa | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: 'maven' | |
- name: Build | |
run: | | |
cd java/secure-memory | |
./scripts/clean.sh | |
./scripts/build.sh | |
- name: Test | |
run: | | |
cd java/secure-memory | |
sudo prlimit --pid $$ --core=-1 | |
sudo prlimit --pid $$ --memlock=-1:-1 | |
./scripts/test.sh | |
release-java-secure-memory: | |
if: startsWith( github.ref, 'refs/heads/release-' ) && github.repository == 'godaddy/asherah' | |
name: Release Java Secure Memory | |
needs: java-secure-memory | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
with: | |
token: ${{ secrets.MERGE_TOKEN }} | |
- name: Fetch all tags | |
run: git fetch --prune --unshallow --tags | |
- name: Set up Maven Central Repository | |
uses: actions/setup-java@ddb82ce8a6ecf5ac3e80c3184839e6661546e4aa | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: 'maven' | |
server-id: ossrh | |
server-username: MAVEN_USERNAME | |
server-password: MAVEN_PASSWORD | |
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import | |
gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase | |
- name: Publish Java SecureMemory | |
run: | | |
cd java/secure-memory | |
BASE_VERSION=$(mvn -q -DforceStdout help:evaluate -Dexpression=project.version) | |
VERSION_SUFFIX=`echo ${BASE_VERSION} | cut -f2 -d'-'` | |
BRANCH=`echo ${GITHUB_REF#refs/heads/}` | |
if [[ "${BRANCH}" =~ release-.* && "${VERSION_SUFFIX}" != "alpha" ]]; then | |
./scripts/release_prod.sh | |
fi | |
env: | |
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} | |
MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} | |
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
java-app-encryption: | |
name: Build Java Application Encryption | |
needs: java-secure-memory | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
- name: Set up Java | |
uses: actions/setup-java@ddb82ce8a6ecf5ac3e80c3184839e6661546e4aa | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: 'maven' | |
- name: Build | |
run: | | |
cd java/app-encryption | |
./scripts/clean.sh | |
./scripts/build.sh | |
- name: Unit tests | |
run: | | |
cd java/app-encryption | |
sudo prlimit --pid $$ --core=-1 | |
sudo prlimit --pid $$ --memlock=-1:-1 | |
./scripts/test.sh | |
- name: Integration tests | |
run: | | |
cd java/app-encryption | |
sudo prlimit --pid $$ --core=-1 | |
sudo prlimit --pid $$ --memlock=-1:-1 | |
./scripts/integration_test.sh | |
release-java-app-Encryption: | |
if: startsWith( github.ref, 'refs/heads/release-' ) && github.repository == 'godaddy/asherah' | |
name: Release Java App Encryption | |
needs: java-app-encryption | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
with: | |
token: ${{ secrets.MERGE_TOKEN }} | |
- name: Fetch all tags | |
run: git fetch --prune --unshallow --tags | |
- name: Set up Maven Central Repository | |
uses: actions/setup-java@ddb82ce8a6ecf5ac3e80c3184839e6661546e4aa | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: 'maven' | |
server-id: ossrh | |
server-username: MAVEN_USERNAME | |
server-password: MAVEN_PASSWORD | |
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import | |
gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase | |
- name: Publish Java AppEncryption | |
run: | | |
cd java/app-encryption | |
BASE_VERSION=$(mvn -q -DforceStdout help:evaluate -Dexpression=project.version) | |
VERSION_SUFFIX=`echo ${BASE_VERSION} | cut -f2 -d'-'` | |
BRANCH=`echo ${GITHUB_REF#refs/heads/}` | |
if [[ "${BRANCH}" =~ release-.* && "${VERSION_SUFFIX}" != "alpha" ]]; then | |
./scripts/release_prod.sh | |
fi | |
env: | |
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} | |
MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} | |
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
java-reference-app: | |
name: Java Reference Application | |
needs: java-app-encryption | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
- name: Set up Java | |
uses: actions/setup-java@ddb82ce8a6ecf5ac3e80c3184839e6661546e4aa | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: 'maven' | |
- name: Build | |
run: | | |
cd samples/java/reference-app | |
./scripts/clean.sh | |
./scripts/build.sh | |
java-server: | |
name: Java Server Implementation | |
needs: java-app-encryption | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@ddb82ce8a6ecf5ac3e80c3184839e6661546e4aa | |
with: | |
distribution: 'temurin' | |
java-version: '17' | |
cache: 'maven' | |
- name: Build | |
run: | | |
cd server/java | |
./scripts/clean.sh | |
./scripts/build.sh | |
- name: Unit tests | |
run: | | |
cd server/java | |
sudo prlimit --pid $$ --core=-1 | |
sudo prlimit --pid $$ --memlock=-1:-1 | |
./scripts/test.sh | |
#### C# | |
csharp-logging: | |
name: Build C# Logging | |
runs-on: ubuntu-latest | |
container: | |
image: mcr.microsoft.com/dotnet/sdk:6.0 | |
options: --ulimit core=-1 --ulimit memlock=-1:-1 | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
- name: Git config - set workspace as safe | |
run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: Cache dotnet packages | |
uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146 | |
with: | |
path: ~/.nuget/packages | |
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}-v1 | |
- name: Build | |
run: | | |
cd csharp/Logging | |
./scripts/clean.sh | |
./scripts/build.sh | |
- name: Test | |
run: | | |
cd csharp/Logging | |
./scripts/test.sh | |
- name: Upload artifact | |
uses: actions/upload-artifact@65d862660abb392b8c4a3d1195a2108db131dd05 | |
with: | |
name: csharp-logging | |
path: | | |
csharp/Logging/Logging/bin/** | |
csharp/Logging/Logging/obj/** | |
release-csharp-logging: | |
if: startsWith( github.ref, 'refs/heads/release-' ) && github.repository == 'godaddy/asherah' | |
name: Release C# Logging | |
needs: csharp-logging | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
with: | |
token: ${{ secrets.MERGE_TOKEN }} | |
- name: Fetch all tags | |
run: git fetch --prune --unshallow --tags | |
- name: Cache dotnet packages | |
uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146 | |
with: | |
path: ~/.nuget/packages | |
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}-v1 | |
- name: Download artifact | |
uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b | |
with: | |
name: csharp-logging | |
path: ${{ github.workspace }}/csharp/Logging/Logging | |
- name: Publish C# Logging | |
run: | | |
sudo apt-get install -y libxml2-utils | |
cd csharp/Logging | |
BASE_VERSION=$(xmllint --xpath "//Project/PropertyGroup/Version/text()" Directory.Build.props) | |
VERSION_SUFFIX=`echo ${BASE_VERSION} | cut -f2 -d'-'` | |
BRANCH=`echo ${GITHUB_REF#refs/heads/}` | |
if [[ "${BRANCH}" =~ release-.* && "${VERSION_SUFFIX}" != "alpha" ]]; then | |
./scripts/release_prod.sh | |
fi | |
env: | |
NUGET_KEY: ${{ secrets.NUGET_KEY }} | |
NUGET_SOURCE: ${{ secrets.NUGET_SOURCE }} | |
csharp-secure-memory: | |
name: Build C# Secure Memory | |
needs: csharp-logging | |
runs-on: ubuntu-latest | |
container: | |
image: mcr.microsoft.com/dotnet/sdk:6.0 | |
options: --ulimit core=-1 --ulimit memlock=-1:-1 | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
- name: Git config - set workspace as safe | |
run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: Cache dotnet packages | |
uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146 | |
with: | |
path: ~/.nuget/packages | |
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}-v1 | |
- name: Build | |
run: | | |
cd csharp/SecureMemory | |
./scripts/clean.sh | |
./scripts/build.sh | |
- name: Test | |
run: | | |
cd csharp/SecureMemory | |
./scripts/test.sh | |
- name: Upload artifact | |
uses: actions/upload-artifact@65d862660abb392b8c4a3d1195a2108db131dd05 | |
with: | |
name: csharp-secure-memory | |
path: | | |
csharp/SecureMemory/SecureMemory/bin/** | |
csharp/SecureMemory/SecureMemory/obj/** | |
csharp/SecureMemory/PlatformNative/bin/** | |
csharp/SecureMemory/PlatformNative/obj/** | |
release-csharp-secure-memory: | |
if: startsWith( github.ref, 'refs/heads/release-' ) && github.repository == 'godaddy/asherah' | |
name: Release C# Secure Memory | |
needs: csharp-secure-memory | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
with: | |
token: ${{ secrets.MERGE_TOKEN }} | |
- name: Fetch all tags | |
run: git fetch --prune --unshallow --tags | |
- name: Cache dotnet packages | |
uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146 | |
with: | |
path: ~/.nuget/packages | |
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}-v1 | |
- name: Download artifact | |
uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b | |
with: | |
name: csharp-secure-memory | |
path: | | |
${{ github.workspace }}/csharp/SecureMemory/SecureMemory | |
${{ github.workspace }}/csharp/SecureMemory/PlatformNative | |
- name: Publish C# Secure Memory | |
run: | | |
sudo apt-get install -y libxml2-utils | |
cd csharp/SecureMemory | |
BASE_VERSION=$(xmllint --xpath "//Project/PropertyGroup/Version/text()" Directory.Build.props) | |
VERSION_SUFFIX=`echo ${BASE_VERSION} | cut -f2 -d'-'` | |
BRANCH=`echo ${GITHUB_REF#refs/heads/}` | |
if [[ "${BRANCH}" =~ release-.* && "${VERSION_SUFFIX}" != "alpha" ]]; then | |
./scripts/release_prod.sh | |
fi | |
env: | |
NUGET_KEY: ${{ secrets.NUGET_KEY }} | |
NUGET_SOURCE: ${{ secrets.NUGET_SOURCE }} | |
csharp-app-encryption: | |
name: Build C# Application Encryption | |
needs: csharp-secure-memory | |
runs-on: ubuntu-latest | |
container: | |
image: mcr.microsoft.com/dotnet/sdk:6.0 | |
options: --ulimit core=-1 --ulimit memlock=-1:-1 | |
services: | |
dynamodb: | |
image: amazon/dynamodb-local | |
mysql: | |
image: mysql:5.7 | |
env: | |
MYSQL_ROOT_PASSWORD: ${{ env.MYSQL_PASSWORD }} | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
- name: Git config - set workspace as safe | |
run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: Cache dotnet packages | |
uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146 | |
with: | |
path: ~/.nuget/packages | |
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}-v1 | |
- name: Build | |
run: | | |
cd csharp/AppEncryption | |
./scripts/clean.sh | |
./scripts/build.sh | |
- name: Unit tests | |
run: | | |
cd csharp/AppEncryption | |
./scripts/test.sh | |
- name: Integration tests | |
run: | | |
cd csharp/AppEncryption | |
./scripts/integration_test.sh | |
- name: Upload artifact | |
uses: actions/upload-artifact@65d862660abb392b8c4a3d1195a2108db131dd05 | |
with: | |
name: csharp-app-encryption | |
path: | | |
csharp/AppEncryption/AppEncryption/bin/** | |
csharp/AppEncryption/AppEncryption/obj/** | |
csharp/AppEncryption/Crypto/bin/** | |
csharp/AppEncryption/Crypto/obj/** | |
release-csharp-app-encryption: | |
if: startsWith( github.ref, 'refs/heads/release-' ) && github.repository == 'godaddy/asherah' | |
name: Release C# App Encryption | |
needs: csharp-app-encryption | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
with: | |
token: ${{ secrets.MERGE_TOKEN }} | |
- name: Fetch all tags | |
run: git fetch --prune --unshallow --tags | |
- name: Cache dotnet packages | |
uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146 | |
with: | |
path: ~/.nuget/packages | |
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}-v1 | |
- name: Download artifact | |
uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b | |
with: | |
name: csharp-app-encryption | |
path: ${{ github.workspace }}/csharp/AppEncryption/AppEncryption | |
- name: Publish App Encryption | |
run: | | |
sudo apt-get install -y libxml2-utils | |
cd csharp/AppEncryption | |
BASE_VERSION=$(xmllint --xpath "//Project/PropertyGroup/Version/text()" Directory.Build.props) | |
VERSION_SUFFIX=`echo ${BASE_VERSION} | cut -f2 -d'-'` | |
BRANCH=`echo ${GITHUB_REF#refs/heads/}` | |
if [[ "${BRANCH}" =~ release-.* && "${VERSION_SUFFIX}" != "alpha" ]]; then | |
./scripts/release_prod.sh | |
fi | |
env: | |
NUGET_KEY: ${{ secrets.NUGET_KEY }} | |
NUGET_SOURCE: ${{ secrets.NUGET_SOURCE }} | |
csharp-reference-app: | |
name: C# Reference Application | |
needs: csharp-app-encryption | |
runs-on: ubuntu-latest | |
container: | |
image: mcr.microsoft.com/dotnet/sdk:6.0 | |
options: --ulimit core=-1 --ulimit memlock=-1:-1 | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
- name: Git config - set workspace as safe | |
run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: Cache dotnet packages | |
uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146 | |
with: | |
path: ~/.nuget/packages | |
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}-v1 | |
- name: Build | |
run: | | |
cd samples/csharp/ReferenceApp | |
./scripts/clean.sh | |
./scripts/build.sh | |
#### Go | |
go-secure-memory: | |
name: Build Go Secure Memory | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
- name: Set up Go 1.19 | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 | |
with: | |
go-version: '1.19' | |
cache-dependency-path: 'go/*/go.sum' | |
- name: Install gotestsum | |
run: go install gotest.tools/gotestsum@latest | |
- name: Build | |
run: | | |
cd go/securememory | |
./scripts/build.sh | |
- name: Unit tests | |
run: | | |
cd go/securememory | |
sudo prlimit --pid $$ --core=-1 | |
sudo prlimit --pid $$ --memlock=-1:-1 | |
./scripts/test.sh | |
- name: Benchmark tests | |
run: | | |
cd go/securememory | |
sudo prlimit --pid $$ --core=-1 | |
sudo prlimit --pid $$ --memlock=-1:-1 | |
./scripts/benchmark_test.sh | |
- name: Static analysis | |
run: | | |
cd go/securememory | |
./scripts/lint.sh | |
release-go-secure-memory: | |
if: startsWith( github.ref, 'refs/heads/release-' ) && github.repository == 'godaddy/asherah' | |
name: Release Go Secure Memory | |
needs: go-secure-memory | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
with: | |
token: ${{ secrets.MERGE_TOKEN }} | |
- name: Fetch all tags | |
run: git fetch --prune --unshallow --tags | |
- name: Set up Go 1.19 | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 | |
with: | |
go-version: '1.19' | |
cache-dependency-path: 'go/*/go.sum' | |
- name: Publish Go Secure Memory | |
run: | | |
cd go/securememory | |
BASE_VERSION=$(cat .versionfile) | |
VERSION_SUFFIX=`echo ${BASE_VERSION} | cut -f2 -d'-'` | |
BRANCH=`echo ${GITHUB_REF#refs/heads/}` | |
if [[ "${BRANCH}" =~ release-.* && "${VERSION_SUFFIX}" != "alpha" ]]; then | |
./scripts/release_prod.sh | |
fi | |
go-app-encryption: | |
name: Build Go Application Encryption | |
needs: go-secure-memory | |
runs-on: ubuntu-latest | |
container: | |
image: golang:1.19 | |
options: --ulimit core=-1 --ulimit memlock=-1:-1 | |
services: | |
dynamodb: | |
image: amazon/dynamodb-local | |
mysql: | |
image: mysql:5.7 | |
env: | |
MYSQL_ROOT_PASSWORD: Password123 | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
- name: Set up Go 1.19 | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 | |
with: | |
go-version: '1.19' | |
cache-dependency-path: 'go/*/go.sum' | |
- name: Install gotestsum | |
run: go install gotest.tools/gotestsum@latest | |
- name: Build | |
run: | | |
cd go/appencryption | |
./scripts/build.sh | |
- name: Unit tests | |
run: | | |
cd go/appencryption | |
./scripts/test.sh | |
- name: Integration tests | |
run: | | |
cd go/appencryption | |
./scripts/integration_test.sh | |
- name: Benchmark tests | |
run: | | |
cd go/appencryption | |
./scripts/benchmark_test.sh | |
- name: Static analysis | |
run: | | |
cd go/appencryption | |
./scripts/lint.sh | |
release-go-app-encryption: | |
if: startsWith( github.ref, 'refs/heads/release-' ) && github.repository == 'godaddy/asherah' | |
name: Release Go App Encryption | |
needs: go-app-encryption | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
with: | |
token: ${{ secrets.MERGE_TOKEN }} | |
- name: Fetch all tags | |
run: git fetch --prune --unshallow --tags | |
- name: Set up Go 1.19 | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 | |
with: | |
go-version: '1.19' | |
cache-dependency-path: 'go/*/go.sum' | |
- name: Publish Go App Encryption | |
run: | | |
cd go/appencryption | |
BASE_VERSION=$(cat .versionfile) | |
VERSION_SUFFIX=`echo ${BASE_VERSION} | cut -f2 -d'-'` | |
BRANCH=`echo ${GITHUB_REF#refs/heads/}` | |
if [[ "${BRANCH}" =~ release-.* && "${VERSION_SUFFIX}" != "alpha" ]]; then | |
./scripts/release_prod.sh | |
fi | |
go-reference-app: | |
name: Go Reference Application | |
needs: go-app-encryption | |
runs-on: ubuntu-latest | |
container: | |
image: golang:1.19 | |
options: --ulimit core=-1 --ulimit memlock=-1:-1 | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
- name: Git config - set workspace as safe | |
run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: Set up Go 1.19 | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 | |
with: | |
go-version: '1.19' | |
cache-dependency-path: 'go/*/go.sum' | |
- name: Install gotestsum | |
run: go install gotest.tools/gotestsum@latest | |
- name: Build | |
run: | | |
cd samples/go/referenceapp | |
./scripts/build.sh | |
- name: Static analysis | |
run: | | |
cd samples/go/referenceapp | |
./scripts/lint.sh | |
go-server: | |
name: Go Server Implementation | |
needs: go-app-encryption | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
- name: Git config - set workspace as safe | |
run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: Set up Go 1.19 | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 | |
with: | |
go-version: '1.19' | |
cache-dependency-path: 'go/*/go.sum' | |
- name: Install gotestsum | |
run: go install gotest.tools/gotestsum@latest | |
- name: Build | |
run: | | |
cd server/go | |
./scripts/build.sh | |
- name: Unit tests | |
run: | | |
cd server/go | |
sudo prlimit --pid $$ --core=-1 | |
sudo prlimit --pid $$ --memlock=-1:-1 | |
./scripts/test.sh | |
- name: Static analysis | |
run: | | |
cd server/go | |
./scripts/lint.sh | |
#### Cross-Language | |
server-samples: | |
name: Server Samples | |
needs: [ java-server, go-server ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
- name: Install build tools | |
run: | | |
sudo apt-get update | |
sudo apt-get -y upgrade --fix-missing | |
sudo apt-get install -y build-essential | |
- name: Set up JDK 17 | |
uses: actions/setup-java@ddb82ce8a6ecf5ac3e80c3184839e6661546e4aa | |
with: | |
distribution: 'temurin' | |
java-version: '17' | |
cache: 'maven' | |
- name: Set up Go 1.19 | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 | |
with: | |
go-version: '1.19' | |
cache-dependency-path: 'go/*/go.sum' | |
- name: Set up Python 3.7 | |
uses: actions/setup-python@db9987b4c1f10f0404fa60ee629f675fafbd6763 | |
with: | |
python-version: 3.7 | |
- name: Set up NodeJS 13 | |
uses: actions/setup-node@a9893b0cfb0821c9c7b5fec28a6a2e6cdd5e20a4 | |
with: | |
node-version: 13.x | |
- name: Extract branch name | |
shell: bash | |
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" | |
id: extract_branch | |
- name: Build the Java project | |
run: | | |
mvn -v | |
# Delete previous builds and rebuild from the current branch | |
rm -rf ~/.m2/repository/com/godaddy/asherah/grpc-server ~/.m2/repository/com/godaddy/asherah/appencryption | |
mvn --no-transfer-progress clean install -f java/app-encryption/pom.xml -DskipTests | |
mvn --no-transfer-progress clean install -f server/java/pom.xml -DskipTests | |
- name: Test clients | |
run: | | |
cd server/samples/clients | |
./test_clients.sh | |
tests-cross-language: | |
name: Cross-Language Tests | |
needs: [ java-app-encryption, csharp-app-encryption, go-app-encryption, java-server, go-server ] | |
runs-on: ubuntu-latest | |
services: | |
mysql: | |
image: mysql:5.7 | |
env: | |
MYSQL_DATABASE: ${{ env.MYSQL_DATABASE }} | |
MYSQL_ROOT_PASSWORD: ${{ env.MYSQL_PASSWORD }} | |
ports: | |
- 3306 | |
options: --health-cmd "mysqladmin ping" --health-interval 10s --health-timeout 5s --health-retries 10 | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 | |
- name: Initialize RDBMS based metastore | |
run: | | |
mysql -h 127.0.0.1 -P${{ job.services.mysql.ports[3306] }} -u ${{ env.MYSQL_USERNAME }} -p${{ env.MYSQL_PASSWORD }} -e "CREATE TABLE ${{ env.MYSQL_DATABASE }}.encryption_key ( | |
id VARCHAR(255) NOT NULL, | |
created TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, | |
key_record TEXT NOT NULL, | |
PRIMARY KEY (id, created), | |
INDEX (created) | |
);" | |
- name: Set up JDK 17 | |
uses: actions/setup-java@ddb82ce8a6ecf5ac3e80c3184839e6661546e4aa | |
with: | |
distribution: 'temurin' | |
java-version: '17' | |
cache: 'maven' | |
- name: Set up C# | |
uses: actions/setup-dotnet@0f534f5829b2e991ed7d67169d882659f921a60d | |
with: | |
dotnet-version: '3.1.x' | |
- name: Set up Go 1.19 | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 | |
with: | |
go-version: '1.19' | |
cache-dependency-path: 'go/*/go.sum' | |
- name: Set up Python 3.8 | |
uses: actions/setup-python@db9987b4c1f10f0404fa60ee629f675fafbd6763 | |
with: | |
python-version: 3.8 | |
- name: Extract branch name | |
shell: bash | |
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" | |
id: extract_branch | |
- name: Cache dotnet packages | |
uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146 | |
with: | |
path: ~/.nuget/packages | |
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}-v1 | |
- name: Build the Java project | |
run: | | |
# Delete previous builds and rebuild from the current branch | |
rm -rf ~/.m2/repository/com/godaddy/asherah/grpc-server ~/.m2/repository/com/godaddy/asherah/appencryption | |
mvn --no-transfer-progress clean install -f java/app-encryption/pom.xml -DskipTests | |
mvn --no-transfer-progress clean install -f server/java/pom.xml -DskipTests | |
cd tests/cross-language/java | |
./scripts/build.sh | |
- name: Build the C# project | |
run: | | |
cd tests/cross-language/csharp | |
./scripts/clean.sh | |
# Workaround for https://github.com/SpecFlowOSS/SpecFlow/issues/1912#issue-583000545 | |
export MSBUILDSINGLELOADCONTEXT=1 | |
./scripts/build.sh | |
- name: Lint & Build the Go project | |
run: | | |
cd tests/cross-language/go | |
./scripts/lint.sh | |
go mod edit -replace github.com/godaddy/asherah/go/appencryption=../../../go/appencryption | |
go install github.com/cucumber/godog/cmd/godog@latest | |
echo "GOPATH: ${GOPATH}" | |
echo "PATH: ${PATH}" | |
echo "GOBIN: ${GOBIN}" | |
./scripts/build.sh | |
- name: Test | |
env: | |
TEST_DB_NAME: ${{ env.MYSQL_DATABASE }} | |
TEST_DB_PASSWORD: ${{ env.MYSQL_PASSWORD }} | |
TEST_DB_USER: ${{ env.MYSQL_USERNAME }} | |
TEST_DB_HOSTNAME: localhost | |
TEST_DB_PORT: ${{ job.services.mysql.ports[3306] }} | |
ASHERAH_SERVICE_NAME: service | |
ASHERAH_PRODUCT_NAME: product | |
ASHERAH_KMS_MODE: static | |
run: | | |
export JAVA_AE_VERSION=$(mvn -f java/app-encryption/pom.xml -q -DforceStdout help:evaluate -Dexpression=project.version) | |
cd tests/cross-language/ | |
./scripts/encrypt_all.sh | |
./scripts/decrypt_all.sh |