opentdf
diff --git a/‎.github/workflows/build.yaml
Lines changed: 50 additions & 10 deletions b/‎.github/workflows/build.yaml
Lines changed: 50 additions & 10 deletions
diff --git a/‎.github/workflows/format.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/format.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/large-tests.yaml
Lines changed: 37 additions & 2 deletions b/‎.github/workflows/large-tests.yaml
Lines changed: 37 additions & 2 deletions
diff --git a/‎.github/workflows/publish-to.sh
Lines changed: 7 additions & 5 deletions b/‎.github/workflows/publish-to.sh
Lines changed: 7 additions & 5 deletions
diff --git a/‎.github/workflows/roundtrip/encrypt-decrypt.sh
Lines changed: 68 additions & 0 deletions b/‎.github/workflows/roundtrip/encrypt-decrypt.sh
Lines changed: 68 additions & 0 deletions
@@ -82,6 +82,41 @@ jobs:
       - run: npm run lint
       - run: npm pack
 
+  cli:
+    needs:
+      - lib
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./cli
+    timeout-minutes: 5
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+          cache-dependency-path: './cli/package-lock.json'
+      - uses: actions/download-artifact@v4
+        with:
+          name: opentdf-client-lib
+          path: lib/
+      - run: npm uninstall @opentdf/client && npm ci && npm i ../lib/opentdf-client-*.tgz
+      - run: npm test
+      - run: npm audit --omit dev && npm audit --audit-level high
+      - run: npm run license-check
+      - run: npm run lint
+      - run: npm pack
+      - name: Setup BATS
+        uses: mig4/setup-bats@v1
+        with:
+          bats-version: 1.2.1
+      - run: bats bin/opentdf.bats
+      - uses: actions/upload-artifact@v4
+        with:
+          name: opentdf-cli
+          path: ./cli/opentdf-cli-*.tgz
+
   web-app:
     needs:
       - lib
@@ -126,6 +161,8 @@ jobs:
 
   backend-roundtrip:
     needs:
+      - cli
+      - lib
       - web-app
     runs-on: ubuntu-latest
     defaults:
@@ -143,6 +180,10 @@ jobs:
         with:
           name: opentdf-client-lib
           path: lib/
+      - uses: actions/download-artifact@v4
+        with:
+          name: opentdf-cli
+          path: cli/
       - uses: yokawasa/[email protected]
         with:
           setup-tools: |
@@ -174,6 +215,7 @@ jobs:
   deliver-ghp:
     needs:
       - lib
+      - cli
       - web-app
       - scripts
       - backend-roundtrip
@@ -222,9 +264,8 @@ jobs:
           ${{ steps.guess-build-metadata.outputs.DIST_TAG }}
         env:
           NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - run:
-          echo "- [Client
-          Library](https://github.com/opentdf/client-web/pkgs/npm/client)">>$GITHUB_STEP_SUMMARY
+      - run: echo "- [Client Library](https://github.com/opentdf/client-web/pkgs/npm/client)">>$GITHUB_STEP_SUMMARY
+      - run: echo "- [Command Line Tool](https://github.com/opentdf/client-web/pkgs/npm/cli)">>$GITHUB_STEP_SUMMARY
       - name: trigger xtest
         run: >-
           curl -XPOST -u "virtru-cloudnative:${{secrets.PERSONAL_ACCESS_TOKEN}}"
@@ -235,7 +276,7 @@ jobs:
         env:
           FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }}
       - name: Publish documentation to gh-pages
-        uses: JamesIves/github-pages-deploy-action@v4.4.1
+        uses: JamesIves/github-pages-deploy-action@v4.6.0
         with:
           branch: gh-pages
           folder: lib/dist/docs
@@ -262,11 +303,10 @@ jobs:
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
       - run: >-
-          echo "- [Client Library](https://www.npmjs.com/package/@opentdf/client/v/${{
-          needs.deliver-ghp.outputs.FULL_VERSION }})">>$GITHUB_STEP_SUMMARY
+          echo "- [Client Library](https://www.npmjs.com/package/@opentdf/client/v/${{ needs.deliver-ghp.outputs.FULL_VERSION }})">>$GITHUB_STEP_SUMMARY
+      - run: >-
+          echo "- [Remote Store](https://www.npmjs.com/package/@opentdf/remote-store/v/${{ needs.deliver-ghp.outputs.FULL_VERSION }})">>$GITHUB_STEP_SUMMARY
       - run: >-
-          echo "- [Remote Store](https://www.npmjs.com/package/@opentdf/remote-store/v/${{
-          needs.deliver-ghp.outputs.FULL_VERSION }})">>$GITHUB_STEP_SUMMARY
+          echo "- [Command Line Tool](https://www.npmjs.com/package/@opentdf/cli/v/${{ needs.deliver-ghp.outputs.FULL_VERSION }})">>$GITHUB_STEP_SUMMARY
       - run: >-
-          echo "- [unpkg](https://unpkg.com/browse/@opentdf/client@${{
-          needs.deliver-ghp.outputs.FULL_VERSION }})">>$GITHUB_STEP_SUMMARY
+          echo "- [unpkg](https://unpkg.com/browse/@opentdf/client@${{ needs.deliver-ghp.outputs.FULL_VERSION }})">>$GITHUB_STEP_SUMMARY
@@ -29,7 +29,7 @@ jobs:
 
       - name: Suggest user signoff
         if: steps.auto-commit.outputs.changes_detected == 'true'
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
 
@@ -32,6 +32,36 @@ jobs:
           name: opentdf-client-lib
           path: ./lib/opentdf-client-*.tgz
 
+  cli:
+    needs:
+      - lib
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./cli
+    timeout-minutes: 5
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+          cache-dependency-path: './cli/package-lock.json'
+      - uses: actions/download-artifact@v4
+        with:
+          name: opentdf-client-lib
+          path: lib/
+      - run: npm uninstall @opentdf/client && npm ci && npm i ../lib/opentdf-client-*.tgz
+      - run: npm test
+      - run: npm audit --omit dev --audit-level moderate
+      - run: npm run license-check
+      - run: npm run lint
+      - run: npm pack
+      - uses: actions/upload-artifact@v4
+        with:
+          name: opentdf-cli
+          path: ./cli/opentdf-cli-*.tgz
+
   web-app:
     needs:
       - lib
@@ -61,7 +91,8 @@ jobs:
 
   backend-roundtrip:
     needs:
-      - web-app
+      - cli
+      - lib
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -78,10 +109,14 @@ jobs:
         with:
           name: opentdf-client-lib
           path: lib/
+      - uses: actions/download-artifact@v4
+        with:
+          name: opentdf-cli
+          path: cli
       - name: Git clone backend
         run: |
           git clone https://github.com/opentdf/opentdf.git
-      - uses: yokawasa/action-setup-kube-tools@v0.9.2
+      - uses: yokawasa/action-setup-kube-tools@v0.11.1
         with:
           setup-tools: |
             kubectl
 
@@ -20,12 +20,14 @@ npm publish --access public --tag "$t"
 # Wait for npm publish to go through...
 sleep 5
 
-cd ../remote-store
+for x in remote-store cli; do
+  cd "../$x"
 
-npm version --no-git-tag-version --allow-same-version "$v"
-npm uninstall "@opentdf/client"
-npm install "@opentdf/client@$v"
-npm publish --access public --tag "$t"
+  npm version --no-git-tag-version --allow-same-version "$v"
+  npm uninstall "@opentdf/client"
+  npm install "@opentdf/client@$v"
+  npm publish --access public --tag "$t"
+done
 
 if [[ "$GITHUB_STEP_SUMMARY" ]]; then
   echo "### Published ${v} (${t})" >>"$GITHUB_STEP_SUMMARY"
 
@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+set -exuo pipefail
+
+APP_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null && pwd)"
+
+cd "$APP_DIR"
+
+counter=0
+
+_nano_test() {
+  counter=$((counter + 1))
+  plain="./sample-${counter}.txt"
+  echo "Hello World ${counter}" >"./${plain}"
+  npx "$1" --log-level DEBUG \
+    --kasEndpoint http://localhost:65432/api/kas \
+    --oidcEndpoint http://localhost:65432/auth/realms/tdf \
+    --auth tdf-client:123-456 \
+    --output sample.txt.ntdf \
+    encrypt "${plain}" \
+    --attributes https://example.com/attr/Classification/value/S,https://example.com/attr/COI/value/PRX
+
+  [ -f sample.txt.ntdf ]
+
+  npx "$2" --log-level DEBUG \
+    --kasEndpoint http://localhost:65432/api/kas \
+    --oidcEndpoint http://localhost:65432/auth/realms/tdf \
+    --auth tdf-client:123-456 \
+    --output sample_out.txt \
+    decrypt sample.txt.ntdf
+
+  [ -f sample_out.txt ] && diff "${plain}" sample_out.txt
+
+  echo "Roundtrip nanotdf $1 -> $2 successful!"
+  rm -f "${plain}" sample.txt.ntdf sample_out.txt
+}
+
+_nano_test @opentdf/cli @opentdf/cli
+
+_tdf3_test() {
+  counter=$((counter + 1))
+  plain="./sample-${counter}.txt"
+  echo "Hello World ${counter}" >"${plain}"
+  npx "$1" --log-level DEBUG \
+    --kasEndpoint http://localhost:65432/api/kas \
+    --oidcEndpoint http://localhost:65432/auth/realms/tdf \
+    --auth tdf-client:123-456 \
+    --output sample.txt.tdf \
+    encrypt "${plain}" \
+    --containerType tdf3 \
+    --attributes https://example.com/attr/Classification/value/S,https://example.com/attr/COI/value/PRX
+
+  [ -f sample.txt.tdf ]
+
+  npx "$2" --log-level DEBUG \
+    --kasEndpoint http://localhost:65432/api/kas \
+    --oidcEndpoint http://localhost:65432/auth/realms/tdf \
+    --auth tdf-client:123-456 \
+    --output sample_out.txt \
+    --containerType tdf3 \
+    decrypt sample.txt.tdf
+
+  [ -f sample_out.txt ] && diff "${plain}" sample_out.txt
+
+  echo "Roundtrip tdf3 $1 -> $2 successful!"
+  rm -f "${plain}" sample.txt.tdf sample_out.txt
+}
+
+_tdf3_test @opentdf/cli @opentdf/cli