chore(deps): bump codecov/codecov-action from 4.3.0 to 4.3.1 (#57) #98
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: E2E | |
| on: | |
| pull_request_target: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| KMSv1: | |
| runs-on: ubuntu-latest | |
| services: | |
| vault: | |
| image: hashicorp/vault:1.15 | |
| env: | |
| VAULT_DEV_ROOT_TOKEN_ID: root | |
| credentials: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| ports: | |
| - 8200:8200 | |
| registry: | |
| image: registry:2 | |
| ports: | |
| - 5000:5000 | |
| options: >- | |
| --name registry | |
| steps: | |
| - name: connect registry to kind | |
| run: | | |
| docker network create kind | |
| docker network connect kind registry | |
| - name: configure vault | |
| run: | | |
| curl -X POST -H "X-Vault-Token: root" -d '{"type":"transit"}' http://localhost:8200/v1/sys/mounts/transit | |
| curl -X PUT -H "X-Vault-Token: root" -d 'null' http://127.0.0.1:8200/v1/transit/keys/kms | |
| - name: checkout repo | |
| uses: actions/checkout@v4 | |
| - name: setup go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.21.1' | |
| cache: false | |
| - name: setup qemu | |
| uses: docker/setup-qemu-action@v3 | |
| - name: setup docker build | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver-opts: network=host | |
| - name: tag & push docker | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: true | |
| tags: localhost:5000/vault-kubernetes-kms | |
| - name: setup kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| cluster_name: kms | |
| node_image: "kindest/node:v1.27.1" | |
| config: scripts/kind-config_v1.yaml | |
| - name: create a simple k8s secret | |
| run: | | |
| kubectl create secret generic secret --from-literal="key=value" | |
| kubectl get secret secret -o json | jq '.data | map_values(@base64d)' | |
| kubectl -n kube-system exec etcd-kms-control-plane -- sh -c "ETCDCTL_API=3 etcdctl \ | |
| --endpoints=https://127.0.0.1:2379 \ | |
| --cert /etc/kubernetes/pki/etcd/server.crt \ | |
| --key /etc/kubernetes/pki/etcd/server.key \ | |
| --cacert /etc/kubernetes/pki/etcd/ca.crt \ | |
| get /registry/secrets/default/secret" | hexdump -C | |
| - name: rotate kms key | |
| run: | | |
| curl -X POST -H "X-Vault-Token: root" http://localhost:8200/v1/transit/keys/kms/rotate | |
| kubectl get secret secret -o json | jq '.data | map_values(@base64d)' | |
| KMSv2: | |
| runs-on: ubuntu-latest | |
| services: | |
| vault: | |
| image: hashicorp/vault:1.15 | |
| env: | |
| VAULT_DEV_ROOT_TOKEN_ID: root | |
| credentials: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| ports: | |
| - 8200:8200 | |
| registry: | |
| image: registry:2 | |
| ports: | |
| - 5000:5000 | |
| options: >- | |
| --name registry | |
| steps: | |
| - name: connect registry to kind | |
| run: | | |
| docker network create kind | |
| docker network connect kind registry | |
| - name: configure vault | |
| run: | | |
| curl -X POST -H "X-Vault-Token: root" -d '{"type":"transit"}' http://localhost:8200/v1/sys/mounts/transit | |
| curl -X PUT -H "X-Vault-Token: root" -d 'null' http://127.0.0.1:8200/v1/transit/keys/kms | |
| - name: checkout repo | |
| uses: actions/checkout@v4 | |
| - name: setup go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.21.1' | |
| cache: false | |
| - name: setup qemu | |
| uses: docker/setup-qemu-action@v3 | |
| - name: setup docker build | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver-opts: network=host | |
| - name: tag & push docker | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: true | |
| tags: localhost:5000/vault-kubernetes-kms | |
| - name: setup kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| cluster_name: kms | |
| node_image: "kindest/node:v1.29.2" | |
| config: scripts/kind-config_v2.yaml | |
| - name: create a simple k8s secret | |
| run: | | |
| kubectl create secret generic secret --from-literal="key=value" | |
| kubectl get secret secret -o json | jq '.data | map_values(@base64d)' | |
| kubectl -n kube-system exec etcd-kms-control-plane -- sh -c "ETCDCTL_API=3 etcdctl \ | |
| --endpoints=https://127.0.0.1:2379 \ | |
| --cert /etc/kubernetes/pki/etcd/server.crt \ | |
| --key /etc/kubernetes/pki/etcd/server.key \ | |
| --cacert /etc/kubernetes/pki/etcd/ca.crt \ | |
| get /registry/secrets/default/secret" | hexdump -C | |
| - name: rotate kms key | |
| run: | | |
| curl -X POST -H "X-Vault-Token: root" http://localhost:8200/v1/transit/keys/kms/rotate | |
| kubectl get secret secret -o json | jq '.data | map_values(@base64d)' |