diff --git a/.gitattributes b/.gitattributes deleted file mode 100644 index 00b39fdf..00000000 --- a/.gitattributes +++ /dev/null @@ -1,3 +0,0 @@ -*.secret filter=git-crypt diff=git-crypt -*.key filter=git-crypt diff=git-crypt -*.secret.* filter=git-crypt diff=git-crypt diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8b6209f9..47ec8853 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,26 +14,31 @@ jobs: - name: Check out uses: actions/checkout@v2 + - name: Set up Go + uses: actions/setup-go@v1 + with: + go-version: 1.16 + - name: Install Dependencies run: | - sudo apt-get update - sudo apt-get install -y --no-install-recommends shellcheck git-crypt - + # Cue export CUE_VERSION="$(grep cue ./go.mod | cut -d' ' -f2)" export CUE_TARBALL="cue_${CUE_VERSION}_linux_amd64.tar.gz" - echo "Installing cue version $CUE_VERSION" - curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sudo sh -s -- -b /usr/local/bin v1.23.8 - curl -L https://github.com/cuelang/cue/releases/download/${CUE_VERSION}/${CUE_TARBALL} | sudo tar zxf - -C /usr/local/bin - - name: Unlock secrets + # SOPS + sudo curl -L -o /usr/local/bin/sops https://github.com/mozilla/sops/releases/download/v3.6.1/sops-v3.6.1.linux + sudo chmod +x /usr/local/bin/sops + + # golangci + curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sudo sh -s -- -b /usr/local/bin v1.23.8 + + - name: Import PGP private key env: - GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} + SOPS_PGP_KEY: ${{ secrets.SOPS_PGP_KEY }} run: | - echo "$GIT_CRYPT_KEY" | base64 -d > /tmp/git-crypt-key - git-crypt unlock /tmp/git-crypt-key - rm -f /tmp/git-crypt-key + echo "$SOPS_PGP_KEY" | base64 -d | gpg --import - name: Login to Docker Hub uses: docker/login-action@v1 @@ -41,12 +46,6 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Set up Go - uses: actions/setup-go@v1 - with: - go-version: 1.16 - id: go - - name: Lint run: | make lint diff --git a/tests/test-lib.sh b/tests/test-lib.sh index 242ee92f..4b2858d3 100644 --- a/tests/test-lib.sh +++ b/tests/test-lib.sh @@ -127,14 +127,18 @@ test::one(){ return "$ret" } +# Similar to test::one, however tests will be skipped if secrets cannot be decrypted +test::secret(){ + local inputFile="$1" + shift + + if sops exec-file "$inputFile" echo > /dev/null 2>&1; then + test::one "$@" --input-yaml "$inputFile" + else + logger::warning "Skip \"$1\": secrets not available" + fi +} + disable(){ logger::warning "Test \"$2\" has been disabled." } - -secret(){ - if [ -z "${DAGGER_SECRETS_LOADED+x}" ] || [ "$DAGGER_SECRETS_LOADED" != "1" ]; then - logger::warning "Skip \"$2\": secrets not available" - else - "$@" - fi -} diff --git a/tests/test.secret b/tests/test.secret deleted file mode 100644 index 17fca195..00000000 Binary files a/tests/test.secret and /dev/null differ diff --git a/tests/test.sh b/tests/test.sh index ce5d936a..3f541367 100755 --- a/tests/test.sh +++ b/tests/test.sh @@ -6,11 +6,6 @@ readonly d=$(cd "$(dirname "${BASH_SOURCE[0]:-$PWD}")" 2>/dev/null 1>&2 && pwd) # shellcheck source=/dev/null . "$d/test-lib.sh" -# shellcheck source=/dev/null -if grep -q "DAGGER_SECRETS" "$d/test.secret"; then - source "$d/test.secret" -fi - # Point this to your dagger binary readonly DAGGER_BINARY="${DAGGER_BINARY:-$d/../cmd/dagger/dagger}" # The default arguments are a no-op, but having "anything" is a little cheat necessary for "${DAGGER_BINARY_ARGS[@]}" to not be empty down there