ci: add nomad and consul tests, only run tests when they change
All checks were successful
development / Check commit compliance (push) Successful in 5s
pull-requests-open / Check commit compliance (pull_request) Successful in 7s

This commit is contained in:
Bertrand Lanson 2024-09-16 19:43:52 +02:00
parent 74180864f8
commit 3a6586719b
Signed by: lanson
SSH Key Fingerprint: SHA256:/nqc6HGqld/PS208F6FUOvZlUzTS0rGpNNwR5O2bQBw
3 changed files with 99 additions and 2 deletions

View File

@ -0,0 +1,48 @@
---
name: test
on:
pull_request:
types:
- opened
- edited
- synchronize
branches:
- main
paths:
- roles/consul/**
jobs:
retrieve-credentials:
name: Retrieve Credentials
runs-on: ubuntu-latest
outputs:
registry-username: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_USERNAME }}
registry-token: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_TOKEN }}
steps:
- name: Get secrets from vault
id: import-secrets
uses: hashicorp/vault-action@v3
with:
url: "https://vault.ednz.fr"
method: approle
roleId: ${{ secrets.VAULT_APPROLE_ID }}
secretId: ${{ secrets.VAULT_APPROLE_SECRET_ID }}
secrets: |
kv/data/applications/gitea/users/actions username | GITEA_ACTIONS_USERNAME ;
kv/data/applications/gitea/users/actions token_write | GITEA_ACTIONS_TOKEN ;
end_to_end_vault:
needs: retrieve-credentials
strategy:
matrix:
test_os:
["debian11", "debian12", "ubuntu2004", "ubuntu2204", "ubuntu2404"]
scenario: ["consul_default", "consul_with_acl_enabled"]
uses: ./.gitea/workflows/e2e-tests.yml
with:
role: vault
scenario: ${{ matrix.scenario }}
test_os: ${{ matrix.test_os }}
secrets:
GITEA_ACTIONS_USERNAME: ${{ needs.retrieve-credentials.outputs.registry-username }}
GITEA_ACTIONS_TOKEN: ${{ needs.retrieve-credentials.outputs.registry-token }}

View File

@ -0,0 +1,48 @@
---
name: test
on:
pull_request:
types:
- opened
- edited
- synchronize
branches:
- main
paths:
- roles/nomad/**
jobs:
retrieve-credentials:
name: Retrieve Credentials
runs-on: ubuntu-latest
outputs:
registry-username: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_USERNAME }}
registry-token: ${{ steps.import-secrets.outputs.GITEA_ACTIONS_TOKEN }}
steps:
- name: Get secrets from vault
id: import-secrets
uses: hashicorp/vault-action@v3
with:
url: "https://vault.ednz.fr"
method: approle
roleId: ${{ secrets.VAULT_APPROLE_ID }}
secretId: ${{ secrets.VAULT_APPROLE_SECRET_ID }}
secrets: |
kv/data/applications/gitea/users/actions username | GITEA_ACTIONS_USERNAME ;
kv/data/applications/gitea/users/actions token_write | GITEA_ACTIONS_TOKEN ;
end_to_end_vault:
needs: retrieve-credentials
strategy:
matrix:
test_os:
["debian11", "debian12", "ubuntu2004", "ubuntu2204", "ubuntu2404"]
scenario: ["nomad_default", "nomad_with_acl_enabled"]
uses: ./.gitea/workflows/e2e-tests.yml
with:
role: vault
scenario: ${{ matrix.scenario }}
test_os: ${{ matrix.test_os }}
secrets:
GITEA_ACTIONS_USERNAME: ${{ needs.retrieve-credentials.outputs.registry-username }}
GITEA_ACTIONS_TOKEN: ${{ needs.retrieve-credentials.outputs.registry-token }}

View File

@ -8,8 +8,9 @@ on:
- synchronize
branches:
- main
# paths:
# - roles/vault/**
paths:
- roles/vault/**
- plugins/modules/vault_unseal.py
jobs:
retrieve-credentials: