@@ -19,43 +19,75 @@ concurrency:
1919 cancel-in-progress : true
2020
2121jobs :
22- build :
22+ build-go :
23+ name : Build Go
2324 runs-on : ubuntu-latest
24- strategy :
25- matrix :
26- lang : [go, rust]
2725 defaults :
2826 run :
29- working-directory : ${{matrix.lang}}
27+ working-directory : go
3028 steps :
31- - uses : actions/checkout@v4
29+ - name : Check out repository
30+ uses : actions/checkout@v4
31+
32+ - uses : actions/setup-go@v5
33+ with :
34+ go-version : " >=1.21.0"
35+ cache-dependency-path : go/go.sum
36+
37+ - name : Run build script
38+ run : " ./build.sh"
39+
40+ - name : Upload Go binary
41+ uses : actions/upload-artifact@v4
42+ with :
43+ name : go
44+ path : go/vault
45+
46+ build-rust :
47+ name : Build Rust and Python wheel
48+ runs-on : ubuntu-latest
49+ steps :
50+ - name : Check out repository
51+ uses : actions/checkout@v4
3252
3353 - uses : dtolnay/rust-toolchain@stable
34- if : ${{ matrix.lang == 'rust'}}
3554
3655 -
uses :
Swatinem/[email protected] 37- if : ${{ matrix.lang == 'rust'}}
3856 with :
3957 # The build script creates a `release` build so use separate cache
4058 key : " release"
4159
42- - uses : actions/setup-go@v5
43- if : ${{ matrix.lang == 'go'}}
60+ - name : Run build script
61+ run : " ./build.sh"
62+ working-directory : rust
63+
64+ - name : Upload Rust binary
65+ uses : actions/upload-artifact@v4
4466 with :
45- go-version : " >=1.21.0 "
46- cache-dependency- pathgo/go.sum
67+ name : rust
68+ path : rust/vault
4769
48- - name : Run build script for compiled languages
49- run : " ./build.sh"
70+ - uses : actions/setup-python@v5
71+ with :
72+ python-version : 3.x
73+
74+ - name : Build wheel
75+ uses : PyO3/maturin-action@v1
76+ with :
77+ args : |
78+ --release
79+ --out dist
80+ --find-interpreter
81+ --manifest-path python-pyo3/Cargo.toml
5082
51- - name : Upload built binaries
83+ name : Upload wheel
5284 uses : actions/upload-artifact@v4
5385 with :
54- name : ${{matrix.lang}}
55- path : ${{matrix.lang}}/vault
86+ name : python-wheel
87+ path : dist
5688
5789 tests :
58- needs : build
90+ needs : [ build-go, build-rust]
5991 runs-on : ubuntu-latest
6092 env :
6193 # VAULT_STACK overwrites default 'vault' for vaults
99131 run : pnpm install --frozen-lockfile && pnpm build
100132 working-directory : nodejs
101133
102- - name : Install Python vault
103- run : python -m pip install .
104- working-directory : python
134+ - name : Install Python PyO3 vault from wheel
135+ run : python -m pip install $(find bin -name '*.whl')
105136
106137 - name : Add execute rights and run --version for all versions
107138 run : |
@@ -111,10 +142,12 @@ jobs:
111142 bin/rust/vault --version
112143 nodejs/dist/cli/vault.js --version
113144
145+ # ####### CLI TESTS ########
146+
114147 - name : Check help output
115148 run : |
116149 echo "============================== Python Vault CLI =============================="
117- vault --help
150+ vault -h
118151 echo "------------------------------------------------------------------------------"
119152
120153 echo "================================= Go Vault CLI ==============================="
@@ -128,6 +161,12 @@ jobs:
128161 echo "=============================== Node.js Vault CLI ============================"
129162 nodejs/dist/cli/vault.js --help
130163
164+ name : Check Python version
165+ run : vault --version
166+
167+ - name : Check stack status with Rust CLI
168+ run : bin/rust/vault stack
169+
131170 - name : Store secret with Python
132171 run : vault -s 'secret-python' -v 'sha-${{github.sha}}' -w
133172
@@ -180,6 +219,8 @@ jobs:
180219 bin/rust/vault exists secret-rust | grep -q "key 'secret-rust' does not exist"
181220 bin/rust/vault exists secret-nodejs | grep -q "key 'secret-nodejs' does not exist"
182221
222+ # ####### CLI BINARY FILE TESTS ########
223+
183224 - name : Create dummy text file
184225 run : echo "Vault test ${{ github.sha }} ${{ github.ref_name }}" > test.txt
185226
@@ -189,6 +230,9 @@ jobs:
189230 - name : Store zip file using Python
190231 run : vault --store --file "secret-${{github.sha}}.zip"
191232
233+ - name : Store zip file using Python overwrite
234+ run : vault store --overwrite --file "secret-${{github.sha}}.zip"
235+
192236 - name : Lookup the stored zip file and write to output
193237 run : vault -l "secret-${{github.sha}}.zip" > output-python.zip
194238
@@ -222,14 +266,18 @@ jobs:
222266 - name : Verify that keys have been deleted using Rust
223267 run : |
224268 bin/rust/vault exists secret-python | grep -q "key 'secret-python' does not exist"
225- bin/rust/vault exists secret-python-pyo3 | grep -q "key 'secret-python-pyo3' does not exist"
226269 bin/rust/vault exists secret-go | grep -q "key 'secret-go' does not exist"
227270 bin/rust/vault exists secret-rust | grep -q "key 'secret-rust' does not exist"
228271 bin/rust/vault exists secret-nodejs | grep -q "key 'secret-nodejs' does not exist"
229272
273+ # ####### PYTHON LIBRARY TESTS ########
274+
230275 - name : Check Python vault package
231276 run : python -m pip show nitor-vault
232277
278+ - name : Check stack status with Python library
279+ run : python -c "from n_vault import Vault; print(Vault().stack_status())"
280+
233281 - name : Store secret using Python library
234282 run : |
235283 python -c "from n_vault import Vault; Vault().store('secret-python-library', 'sha-${{github.sha}}')"
@@ -246,37 +294,14 @@ jobs:
246294 diff <(python -c "from n_vault import Vault; print(Vault().lookup('secret-python-library').decode('utf-8'), end='', flush=True)") <(echo -n sha-${{github.sha}})
247295
248296name : List with Python library
249- run : python -c "from n_vault import Vault; print('\n'.join(Vault().list_all()))"
297+ run : python -c "from n_vault import Vault; print('\n'.join(Vault().list_all()))" | wc -l | grep -q "1"
250298
251299 - name : Delete with Python library
252300 run : python -c "from n_vault import Vault; Vault().delete('secret-python-library')"
253301
254302 - name : Verify that key has been deleted with Rust
255303 run : bin/rust/vault exists secret-python-library | grep -q "key 'secret-python-library' does not exist"
256304
257- - name : Install Python PyO3 vault
258- run : python -m pip install --force-reinstall .
259- working-directory : python-pyo3
260-
261- - name : Check version
262- run : vault --version
263-
264- - name : Check help output
265- run : |
266- echo "============================ Python-pyo3 Vault CLI ==========================="
267- vault -h
268- echo "------------------------------------------------------------------------------"
269-
270- echo "================================ Rust Vault CLI =============================="
271- bin/rust/vault -h
272- echo "------------------------------------------------------------------------------"
273-
274- name : Store secret with Python-pyo3
275- run : vault -s 'secret-python-pyo3' -v 'sha-${{github.sha}}' -w
276-
277- - name : Validate storing worked Python-pyo3
278- run : diff <(vault -l secret-python-pyo3) <(echo -n sha-${{github.sha}})
279-
280305 - name : Store secret with Go
281306 run : bin/go/vault -s 'secret-go' -v 'sha-${{github.sha}}' -w
282307
@@ -286,91 +311,15 @@ jobs:
286311 - name : Store secret with Nodejs
287312 run : nodejs/dist/cli/vault.js s 'secret-nodejs' 'sha-${{github.sha}}' -w
288313
289- - name : Validate Go and Rust secret equality with Python-pyo3
290- run : diff <(vault -l secret-go) <(vault -l secret-rust)
291-
292- - name : Validate Python-pyo3 secret equality with Rust and Go
293- run : diff <(bin/rust/vault -l secret-python-pyo3) <(bin/go/vault -l secret-python-pyo3)
294-
295- - name : Validate Nodejs and Python-pyo3 secret equality with Nodejs
296- run : diff <(nodejs/dist/cli/vault.js l secret-nodejs) <(vault -l secret-python-pyo3)
297-
298- - name : Delete secret with Python-pyo3
299- run : vault -d 'secret-python-pyo3'
300-
301- - name : Delete secret with Python-pyo3
302- run : vault -d 'secret-rust'
303-
304- - name : Delete secret with Python-pyo3
305- run : vault -d 'secret-go'
314+ - name : List with Python library
315+ run : python -c "from n_vault import Vault; print('\n'.join(Vault().list_all()))"
306316
307- - name : Delete secret with Python-pyo3
308- run : vault -d 'secret-nodejs'
317+ - name : Delete all keys with Python library
318+ run : python -c "from n_vault import Vault; Vault().delete_many(Vault().list_all())"
309319
310- - name : Verify that keys have been deleted using Python-pyo3
320+ - name : Verify that keys have been deleted using Python
311321 run : |
312322 vault exists secret-python | grep -q "key 'secret-python' does not exist"
313- vault exists secret-python-pyo3 | grep -q "key 'secret-python-pyo3' does not exist"
314323 vault exists secret-go | grep -q "key 'secret-go' does not exist"
315324 vault exists secret-rust | grep -q "key 'secret-rust' does not exist"
316325 vault exists secret-nodejs | grep -q "key 'secret-nodejs' does not exist"
317-
318- name : Store zip file using Python-pyo3
319- run : vault store --file "secret-${{github.sha}}.zip"
320-
321- - name : Lookup the stored zip file and write to output
322- run : vault lookup "secret-${{github.sha}}.zip" > output-python-pyo3.zip
323-
324- - name : Extract the retrieved zip file
325- run : unzip output-python-pyo3.zip -d extracted-python-pyo3
326-
327- - name : Verify the extracted file content
328- run : diff extracted-python-pyo3/test.txt test.txt
329-
330- - name : Delete secret with Python-pyo3
331- run : vault delete "secret-${{github.sha}}.zip"
332-
333- - name : Verify that key has been deleted with Rust
334- run : bin/rust/vault exists secret-${{github.sha}}.zip | grep -q "does not exist"
335-
336- - name : Verify that key has been deleted with Python-pyo3
337- run : vault exists secret-${{github.sha}}.zip | grep -q "does not exist"
338-
339- - name : Check Python vault package
340- run : python -m pip show nitor-vault
341-
342- - name : Check stack status with Python library
343- run : python -c "from n_vault import Vault; print(Vault().stack_status())"
344-
345- - name : Check stack status with Rust CLI
346- run : bin/rust/vault stack
347-
348- - name : Delete all keys with Python library
349- run : python -c "from n_vault import Vault; Vault().delete_many(Vault().list_all())"
350-
351- - name : List with Python library
352- run : python -c "from n_vault import Vault; print('\n'.join(Vault().list_all()))" | grep -ve '^\s*$' | wc -l | grep -q "0"
353-
354- - name : Store secret using Python library
355- run : |
356- python -c "from n_vault import Vault; Vault().store('secret-python-library', 'sha-${{github.sha}}')"
357-
358- name : Verify secret using Python library
359- run : |
360- python -c "from n_vault import Vault; print('true') if Vault().exists('secret-python-library') else print('false')" | grep -q "true"
361-
362- name : Validate storing worked with Rust
363- run : diff <(bin/rust/vault -l secret-python-library) <(echo -n sha-${{github.sha}})
364-
365- - name : Lookup with Python library
366- run : |
367- diff <(python -c "from n_vault import Vault; print(Vault().lookup('secret-python-library').decode('utf-8'), end='', flush=True)") <(echo -n sha-${{github.sha}})
368-
369- name : List with Python library
370- run : python -c "from n_vault import Vault; print('\n'.join(Vault().list_all()))" | wc -l | grep -q "1"
371-
372- - name : Delete with Python library
373- run : python -c "from n_vault import Vault; Vault().delete('secret-python-library')"
374-
375- - name : Verify that key has been deleted with Rust
376- run : bin/rust/vault exists secret-python-library | grep -q "key 'secret-python-library' does not exist"
0 commit comments