From c00bca7ba5e8de7b9a774ad781c910dd2570ae3a Mon Sep 17 00:00:00 2001 From: maze Date: Tue, 9 Sep 2025 15:09:00 +0200 Subject: [PATCH] Move scripts out of the workflow itself --- .gitea/workflows/test.yaml | 107 +++---------------------------------- script/vault-install.ps1 | 7 +++ script/vault-install.sh | 6 +++ script/vault-setup.ps1 | 8 +++ script/vault-setup.sh | 12 +++++ script/vault-start.ps1 | 101 ++++++++++++++++++++++++++++++++++ script/vault-start.sh | 17 ++++++ 7 files changed, 159 insertions(+), 99 deletions(-) create mode 100755 script/vault-install.ps1 create mode 100755 script/vault-install.sh create mode 100755 script/vault-setup.ps1 create mode 100755 script/vault-setup.sh create mode 100755 script/vault-start.ps1 create mode 100755 script/vault-start.sh diff --git a/.gitea/workflows/test.yaml b/.gitea/workflows/test.yaml index 7066612..101b6f2 100644 --- a/.gitea/workflows/test.yaml +++ b/.gitea/workflows/test.yaml @@ -23,21 +23,15 @@ jobs: with: go-version-file: 'go.mod' - - name: Setup Hashicorp Vault (on Linux) + - name: Install Hashicorp Vault (on Linux) if: matrix.arch != 'darwin-amd64' && matrix.arch != 'windows-amd64' run: | - wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg - echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list - apt-get update && apt-get -y install vault + ./script/vault-install.sh - - name: Setup Hashicorp Vault (on Windows) + - name: Install Hashicorp Vault (on Windows) if: matrix.arch == 'windows-amd64' run: | - $vaultVersion = "1.20.3" - $vaultUrl = "https://releases.hashicorp.com/vault/$vaultVersion/vault_${vaultVersion}_windows_amd64.zip" - Invoke-WebRequest -Uri $vaultUrl -OutFile "vault.zip" - Expand-Archive -Path "vault.zip" -DestinationPath . - & "./vault.exe" version + & "./scripts/vault-install.ps1" shell: pwsh - name: Start Vault in background (on Unix) @@ -47,21 +41,7 @@ jobs: VAULT_ADDR: "https://127.0.0.1:8200" VAULT_SKIP_VERIFY: "true" run: | - # Start Vault server in background - echo "🔐 Starting Hashicorp Vault development server" - vault server -dev -dev-root-token-id=root -dev-listen-address=127.0.0.1:8200 -dev-tls > vault.log 2>&1 & - VAULT_PID=$! - echo $VAULT_PID > vault.pid - - sleep 3 - export VAULT_SKIP_VERIFY=true - if ! vault status; then - echo "❌ Vault failed to start. Logs ($(wc -l vault.log) lines):" - cat vault.log - exit 1 - fi - - echo "✅ Vault started successfully with PID: $VAULT_PID" + ./script/vault-start.sh - name: Start Vault in background (on Windows) id: start-vault-windows @@ -71,64 +51,7 @@ jobs: VAULT_ADDR: "https://127.0.0.1:8200" VAULT_SKIP_VERIFY: "true" run: | - # Create directories - New-Item -ItemType Directory -Path ".\vault-data" -Force - New-Item -ItemType Directory -Path ".\vault-logs" -Force - - # Start Vault server with output redirected to log file - $vaultArgs = @( - "server", - "-dev", - "-dev-tls", - "-dev-root-token-id=root", - "-dev-listen-address=127.0.0.1:8200" - ) - - # Start process and capture PID - $process = Start-Process -FilePath "vault.exe" ` - -ArgumentList $vaultArgs ` - -PassThru ` - -NoNewWindow ` - -RedirectStandardOutput "vault-logs/stdout.log" ` - -RedirectStandardError "vault-logs/stderr.log" - - $process.Id | Out-File -FilePath "vault-pid.txt" - Write-Output "Vault process started with PID: $($process.Id)" - - ## Wait for Vault to become ready with timeout - $timeout = 30 - $counter = 0 - $isReady = $false - - # Set environment variables for current step - $env:VAULT_ADDR = "https://127.0.0.1:8200" - $env:VAULT_TOKEN = "root" - $env:VAULT_SKIP_VERIFY = "true" - - while ($counter -lt $timeout) { - try { - & "./vault.exe" status 2>$null - if ($LASTEXITCODE -eq 0) { - $isReady = $true - Write-Output "Vault server is ready!" - exit 0 - } - } catch { - # Ignore errors during startup - } - Write-Output "Waiting for Vault to start... ($counter/$timeout)" - Start-Sleep -Seconds 1 - $counter++ - } - - if (-not $isReady) { - Write-Output "::error::Vault server failed to start within $timeout seconds" - Write-Output "=== VAULT SERVER STDOUT ===" - Get-Content "vault-logs/stdout.log" -ErrorAction SilentlyContinue - Write-Output "=== VAULT SERVER STDERR ===" - Get-Content "vault-logs/stderr.log" -ErrorAction SilentlyContinue - exit 1 - } + & "./scripts/vault-start.ps1" - name: Setup Vault test data (on Unix) if: matrix.arch != 'windows-amd64' @@ -139,14 +62,7 @@ jobs: VAULT_TOKEN: root VAULT_SKIP_VERIFY: "true" run: | - # Populate our test secrets - echo "🔐 Populating test secrets:" - vault kv put "${TEST_VAULT_KEY}" data="${TEST_VAULT_VALUE}" - - # Populate our test transit backend with key - echo "🔐 Populating test transit backend:" - vault secrets enable transit - vault write -f transit/keys/test + ./script/vault-setup.sh - name: Setup Vault test data (on Windows) if: matrix.arch == 'windows-amd64' @@ -156,14 +72,7 @@ jobs: VAULT_SKIP_VERIFY: "true" shell: pwsh run: | - # Populate our test secrets - Write-Output "🔐 Populating test secrets:" - & "./vault.exe" vault kv put "${{ vars.TEST_VAULT_KEY }}" data="${{ vars.TEST_VAULT_VALUE }}" - - # Populate our test transit backend with key - Write-Output "🔐 Populating test transit backend:" - & "./vault.exe" vault secrets enable transit - & "./vault.exe" vault write -f transit/keys/test + & "./scripts/vault-setup.ps1" - name: Vet run: go vet -v ./... diff --git a/script/vault-install.ps1 b/script/vault-install.ps1 new file mode 100755 index 0000000..881369c --- /dev/null +++ b/script/vault-install.ps1 @@ -0,0 +1,7 @@ +$vaultVersion = "1.20.3" +$vaultUrl = "https://releases.hashicorp.com/vault/$vaultVersion/vault_${vaultVersion}_windows_amd64.zip" +Write-Output "🌍 Downloading Vault ${vaultVersion}" +Invoke-WebRequest -Uri $vaultUrl -OutFile "vault.zip" +Write-Output "⚡️ Extracting vault_${vaultVersion}_windows_amd64.zip" +Expand-Archive -Path "vault.zip" -DestinationPath . +& "./vault.exe" version \ No newline at end of file diff --git a/script/vault-install.sh b/script/vault-install.sh new file mode 100755 index 0000000..a2a970d --- /dev/null +++ b/script/vault-install.sh @@ -0,0 +1,6 @@ +#!/bin/bash +wget -O - https://apt.releases.hashicorp.com/gpg | \ + sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg +echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | \ + sudo tee /etc/apt/sources.list.d/hashicorp.list +sudo apt-get update && sudo apt-get -y install vault \ No newline at end of file diff --git a/script/vault-setup.ps1 b/script/vault-setup.ps1 new file mode 100755 index 0000000..a97b197 --- /dev/null +++ b/script/vault-setup.ps1 @@ -0,0 +1,8 @@ +# Populate our test secrets +Write-Output "🔐 Populating test secrets:" +& "./vault.exe" vault kv put "${{ vars.TEST_VAULT_KEY }}" data="${{ vars.TEST_VAULT_VALUE }}" + +# Populate our test transit backend with key +Write-Output "🔐 Populating test transit backend:" +& "./vault.exe" vault secrets enable transit +& "./vault.exe" vault write -f transit/keys/test \ No newline at end of file diff --git a/script/vault-setup.sh b/script/vault-setup.sh new file mode 100755 index 0000000..6ffebce --- /dev/null +++ b/script/vault-setup.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +set -u + +# Populate our test secrets +echo "🔐 Populating test secrets:" +vault kv put "${TEST_VAULT_KEY}" data="${TEST_VAULT_VALUE}" + +# Populate our test transit backend with key +echo "🔐 Populating test transit backend:" +vault secrets enable transit +vault write -f transit/keys/test \ No newline at end of file diff --git a/script/vault-start.ps1 b/script/vault-start.ps1 new file mode 100755 index 0000000..b156628 --- /dev/null +++ b/script/vault-start.ps1 @@ -0,0 +1,101 @@ +# Create directories +New-Item -ItemType Directory -Path ".\vault-data" -Force -ErrorAction SilentlyContinue +New-Item -ItemType Directory -Path ".\vault-logs" -Force -ErrorAction SilentlyContinue + +# Start Vault server +$vaultArgs = @( + "server", + "-dev", + "-dev-tls", + "-dev-root-token-id=root", + "-dev-listen-address=127.0.0.1:8200" +) + +Write-Output "✅ Starting Vault server..." +$process = Start-Process -FilePath ".\vault.exe" ` + -ArgumentList $vaultArgs ` + -PassThru ` + -NoNewWindow ` + -RedirectStandardOutput "vault-logs/stdout.log" ` + -RedirectStandardError "vault-logs/stderr.log" + +$vaultPid = $process.Id +Write-Output "✅ Vault process started with PID: $vaultPid" + +# Wait for Vault to become ready using port check +$timeout = 30 +$counter = 0 +$isReady = $false +$vaultPort = 8200 + +Write-Output "🕐 Waiting for Vault to start on port $vaultPort..." + +while ($counter -lt $timeout) { + # Check if process is still running + if (-not (Get-Process -Id $vaultPid -ErrorAction SilentlyContinue)) { + Write-Output "❌ Vault process died unexpectedly!" + break + } + + # Check if port is listening + try { + $tcpClient = New-Object System.Net.Sockets.TcpClient + $asyncResult = $tcpClient.BeginConnect("127.0.0.1", $vaultPort, $null, $null) + $wait = $asyncResult.AsyncWaitHandle.WaitOne(1000, $false) + if ($wait) { + $tcpClient.EndConnect($asyncResult) + $tcpClient.Close() + $isReady = $true + Write-Output "✅ Vault server is listening on port $vaultPort!" + break + } + $tcpClient.Close() + } catch { + # Port not ready yet + } + + Write-Output "🕐 Waiting for Vault to start... ($counter/$timeout)" + Start-Sleep -Seconds 1 + $counter++ +} + +if (-not $isReady) { + Write-Output "❌ Vault server failed to start within $timeout seconds" + + # Show process status + Write-Output "=== PROCESS STATUS ===" + Get-Process -Id $vaultPid -ErrorAction SilentlyContinue | Format-List * + + # Show logs + Write-Output "=== STDOUT (last 20 lines) ===" + Get-Content "vault-logs/stdout.log" -ErrorAction SilentlyContinue | Select-Object -Last 20 + + Write-Output "=== STDERR (last 20 lines) ===" + Get-Content "vault-logs/stderr.log" -ErrorAction SilentlyContinue | Select-Object -Last 20 + + # Cleanup + Stop-Process -Id $vaultPid -Force -ErrorAction SilentlyContinue + exit 1 +} + +# Set environment variables +$env:VAULT_ADDR = "https://127.0.0.1:8200" +$env:VAULT_TOKEN = "test-token" +$env:VAULT_SKIP_VERIFY = "true" + +# Final check with vault status (with timeout) +Write-Output "🕐 Performing final status check..." +$statusCheck = Start-Process -FilePath ".\vault.exe" ` + -ArgumentList "status" ` + -PassThru ` + -NoNewWindow ` + -Wait ` + -TimeoutSec 10 + +if ($LASTEXITCODE -ne 0) { + Write-Output "❌ Vault status check failed after startup" + Write-Output "❌ Status exit code: $LASTEXITCODE" + exit 1 +} + +Write-Output "✅ Vault server started successfully!" diff --git a/script/vault-start.sh b/script/vault-start.sh new file mode 100755 index 0000000..e7f8652 --- /dev/null +++ b/script/vault-start.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +# Start Vault server in background +echo "🔐 Starting Hashicorp Vault development server" +vault server -dev -dev-root-token-id=root -dev-listen-address=127.0.0.1:8200 -dev-tls > vault.log 2>&1 & +VAULT_PID=$! +echo $VAULT_PID > vault.pid + +sleep 3 +export VAULT_SKIP_VERIFY=true +if ! vault status; then + echo "❌ Vault failed to start. Logs ($(wc -l vault.log) lines):" + cat vault.log + exit 1 +fi + +echo "✅ Vault started successfully with PID: $VAULT_PID" \ No newline at end of file