go/secret
1
0
Fork 0
Code Issues Pull Requests Actions Releases Activity

Windows CI support
Some checks failed
Test / tests (darwin-amd64) (push) Successful in 19s
Details
Test / tests (linux-amd64) (push) Successful in 25s
Details
Run Gosec / tests (push) Successful in 49s
Details
Test / tests (linux-arm64) (push) Successful in 2m58s
Details
Test / tests (windows-amd64) (push) Has been cancelled
Details

Browse Source
This commit is contained in:
maze
2025-09-09 13:30:30 +02:00
parent 8fb8b1693a
commit 32d97a8fbd
1 changed files with 144 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

150
.gitea/workflows/test.yaml
View File

@@ -12,7 +12,7 @@ jobs:
tests: tests:
strategy: strategy:
matrix: matrix:
arch: ['linux-amd64', 'linux-arm64', 'darwin-amd64'] arch: ['linux-amd64', 'linux-arm64', 'darwin-amd64', 'windows-amd64']
runs-on: ${{ matrix.arch }} runs-on: ${{ matrix.arch }}
steps: steps:
- name: Checkout - name: Checkout
@@ -23,14 +23,26 @@ jobs:
with: with:
go-version-file: 'go.mod' go-version-file: 'go.mod'
- name: Setup Hashicorp Vault - name: Setup Hashicorp Vault (on Linux)
if: matrix.arch != 'darwin-amd64' if: matrix.arch != 'darwin-amd64' && matrix.arch != 'windows-amd64'
run: | run: |
wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
apt-get update && apt-get -y install vault apt-get update && apt-get -y install vault
- name: Start Vault in background - name: Setup Hashicorp Vault (on Windows)
if: matrix.arch == 'windows-amd64'
run: |
$vaultVersion = "1.20.3"
$vaultUrl = "https://releases.hashicorp.com/vault/$vaultVersion/vault_${vaultVersion}_windows_amd64.zip"
Invoke-WebRequest -Uri $vaultUrl -OutFile "vault.zip"
Expand-Archive -Path "vault.zip" -DestinationPath .
& "./vault.exe" version
shell: pwsh
- name: Start Vault in background (on Unix)
id: start-vault
if: matrix.arch != 'windows-amd64'
env: env:
VAULT_ADDR: "https://127.0.0.1:8200" VAULT_ADDR: "https://127.0.0.1:8200"
VAULT_SKIP_VERIFY: "true" VAULT_SKIP_VERIFY: "true"
@@ -51,6 +63,73 @@ jobs:
echo "✅ Vault started successfully with PID: $VAULT_PID" echo "✅ Vault started successfully with PID: $VAULT_PID"
- name: Start Vault in background (on Windows)
id: start-vault-windows
if: matrix.arch == 'windows-amd64'
shell: pwsh
env:
VAULT_ADDR: "https://127.0.0.1:8200"
VAULT_SKIP_VERIFY: "true"
run: |
# Create directories
New-Item -ItemType Directory -Path ".\vault-data" -Force
New-Item -ItemType Directory -Path ".\vault-logs" -Force
# Start Vault server with output redirected to log file
$vaultArgs = @(
"server",
"-dev",
"-dev-tls",
"-dev-root-token-id=root",
"-dev-listen-address=127.0.0.1:8200"
)
# Start process and capture PID
$process = Start-Process -FilePath "vault.exe" `
-ArgumentList $vaultArgs `
-PassThru `
-NoNewWindow `
-RedirectStandardOutput "vault-logs/stdout.log" `
-RedirectStandardError "vault-logs/stderr.log"
$process.Id | Out-File -FilePath "vault-pid.txt"
Write-Output "Vault process started with PID: $($process.Id)"
## Wait for Vault to become ready with timeout
$timeout = 30
$counter = 0
$isReady = $false
# Set environment variables for current step
$env:VAULT_ADDR = "https://127.0.0.1:8200"
$env:VAULT_TOKEN = "root"
$env:VAULT_SKIP_VERIFY = "true"
while ($counter -lt $timeout) {
try {
& "./vault.exe" status 2>$null
if ($LASTEXITCODE -eq 0) {
$isReady = $true
Write-Output "Vault server is ready!"
break
}
} catch {
# Ignore errors during startup
}
Write-Output "Waiting for Vault to start... ($counter/$timeout)"
Start-Sleep -Seconds 1
$counter++
}
if (-not $isReady) {
Write-Output "::error::Vault server failed to start within $timeout seconds"
Write-Output "=== VAULT SERVER STDOUT ==="
Get-Content "vault-logs/stdout.log" -ErrorAction SilentlyContinue
Write-Output "=== VAULT SERVER STDERR ==="
Get-Content "vault-logs/stderr.log" -ErrorAction SilentlyContinue
exit 1
}
- name: Setup Vault test data - name: Setup Vault test data
env: env:
TEST_VAULT_KEY: ${{ vars.TEST_VAULT_KEY }} TEST_VAULT_KEY: ${{ vars.TEST_VAULT_KEY }}
@@ -81,11 +160,70 @@ jobs:
run: | run: |
go test -v ./... go test -v ./...
- name: Stop Vault (always run) - name: Stop Vault (on Unix)
if: always() if: always() && matrix.arch != 'windows-amd64'
run: | run: |
if [ -f vault.pid ]; then if [ -f vault.pid ]; then
kill $(cat vault.pid) 2>/dev/null || true kill $(cat vault.pid) 2>/dev/null || true
rm -f vault.pid rm -f vault.pid
fi fi
- name: Stop Vault (on Windows)
if: always() && matrix.arch == 'windows-amd64'
shell: pwsh
run: |
# Function to display logs
function Show-VaultLogs {
Write-Output "=== VAULT SERVER STDOUT (last 50 lines) ==="
Get-Content "vault-logs/stdout.log" -ErrorAction SilentlyContinue | Select-Object -Last 50
Write-Output "=== VAULT SERVER STDERR (last 50 lines) ==="
Get-Content "vault-logs/stderr.log" -ErrorAction SilentlyContinue | Select-Object -Last 50
}
# Read PID from file (Gitea alternative to env vars)
$vaultPid = $null
if (Test-Path "vault-pid.txt") {
$vaultPid = Get-Content "vault-pid.txt" -Raw
Write-Output "Found Vault PID: $vaultPid"
}
# Check if previous steps failed
$previousStepFailed = $false
if ("${{ steps.start-vault.outcome }}" -eq "failure") {
$previousStepFailed = $true
Write-Output "Vault startup step failed"
}
# Stop the Vault process if we have a PID
if ($vaultPid -and ($vaultPid -ne '')) {
if ($previousStepFailed) {
Write-Output "Previous step failed, showing Vault logs:"
Show-VaultLogs
}
# Stop the Vault process
try {
Stop-Process -Id $vaultPid -Force -ErrorAction Stop
Write-Output "Stopped Vault process $vaultPid"
} catch {
Write-Warning "Failed to stop process $vaultPid: $($_.Exception.Message)"
}
}
# Clean up any remaining Vault processes
$vaultProcesses = Get-Process -Name "vault" -ErrorAction SilentlyContinue
if ($vaultProcesses) {
Write-Output "Found additional Vault processes, stopping them..."
$vaultProcesses | Stop-Process -Force -ErrorAction SilentlyContinue
}
# Always show logs if we're in a failure state
if ($previousStepFailed -or "${{ job.status }}" -eq "failure") {
Write-Output "Job failed, showing final Vault logs:"
Show-VaultLogs
}
# Cleanup PID file
if (Test-Path "vault-pid.txt") {
Remove-Item "vault-pid.txt" -Force
}