Move scripts out of the workflow itself
Some checks failed
Some checks failed
This commit is contained in:
@@ -23,21 +23,15 @@ jobs:
|
||||
with:
|
||||
go-version-file: 'go.mod'
|
||||
|
||||
- name: Setup Hashicorp Vault (on Linux)
|
||||
- name: Install Hashicorp Vault (on Linux)
|
||||
if: matrix.arch != 'darwin-amd64' && matrix.arch != 'windows-amd64'
|
||||
run: |
|
||||
wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
|
||||
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
|
||||
apt-get update && apt-get -y install vault
|
||||
./script/vault-install.sh
|
||||
|
||||
- name: Setup Hashicorp Vault (on Windows)
|
||||
- name: Install Hashicorp Vault (on Windows)
|
||||
if: matrix.arch == 'windows-amd64'
|
||||
run: |
|
||||
$vaultVersion = "1.20.3"
|
||||
$vaultUrl = "https://releases.hashicorp.com/vault/$vaultVersion/vault_${vaultVersion}_windows_amd64.zip"
|
||||
Invoke-WebRequest -Uri $vaultUrl -OutFile "vault.zip"
|
||||
Expand-Archive -Path "vault.zip" -DestinationPath .
|
||||
& "./vault.exe" version
|
||||
& "./scripts/vault-install.ps1"
|
||||
shell: pwsh
|
||||
|
||||
- name: Start Vault in background (on Unix)
|
||||
@@ -47,21 +41,7 @@ jobs:
|
||||
VAULT_ADDR: "https://127.0.0.1:8200"
|
||||
VAULT_SKIP_VERIFY: "true"
|
||||
run: |
|
||||
# Start Vault server in background
|
||||
echo "🔐 Starting Hashicorp Vault development server"
|
||||
vault server -dev -dev-root-token-id=root -dev-listen-address=127.0.0.1:8200 -dev-tls > vault.log 2>&1 &
|
||||
VAULT_PID=$!
|
||||
echo $VAULT_PID > vault.pid
|
||||
|
||||
sleep 3
|
||||
export VAULT_SKIP_VERIFY=true
|
||||
if ! vault status; then
|
||||
echo "❌ Vault failed to start. Logs ($(wc -l vault.log) lines):"
|
||||
cat vault.log
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "✅ Vault started successfully with PID: $VAULT_PID"
|
||||
./script/vault-start.sh
|
||||
|
||||
- name: Start Vault in background (on Windows)
|
||||
id: start-vault-windows
|
||||
@@ -71,64 +51,7 @@ jobs:
|
||||
VAULT_ADDR: "https://127.0.0.1:8200"
|
||||
VAULT_SKIP_VERIFY: "true"
|
||||
run: |
|
||||
# Create directories
|
||||
New-Item -ItemType Directory -Path ".\vault-data" -Force
|
||||
New-Item -ItemType Directory -Path ".\vault-logs" -Force
|
||||
|
||||
# Start Vault server with output redirected to log file
|
||||
$vaultArgs = @(
|
||||
"server",
|
||||
"-dev",
|
||||
"-dev-tls",
|
||||
"-dev-root-token-id=root",
|
||||
"-dev-listen-address=127.0.0.1:8200"
|
||||
)
|
||||
|
||||
# Start process and capture PID
|
||||
$process = Start-Process -FilePath "vault.exe" `
|
||||
-ArgumentList $vaultArgs `
|
||||
-PassThru `
|
||||
-NoNewWindow `
|
||||
-RedirectStandardOutput "vault-logs/stdout.log" `
|
||||
-RedirectStandardError "vault-logs/stderr.log"
|
||||
|
||||
$process.Id | Out-File -FilePath "vault-pid.txt"
|
||||
Write-Output "Vault process started with PID: $($process.Id)"
|
||||
|
||||
## Wait for Vault to become ready with timeout
|
||||
$timeout = 30
|
||||
$counter = 0
|
||||
$isReady = $false
|
||||
|
||||
# Set environment variables for current step
|
||||
$env:VAULT_ADDR = "https://127.0.0.1:8200"
|
||||
$env:VAULT_TOKEN = "root"
|
||||
$env:VAULT_SKIP_VERIFY = "true"
|
||||
|
||||
while ($counter -lt $timeout) {
|
||||
try {
|
||||
& "./vault.exe" status 2>$null
|
||||
if ($LASTEXITCODE -eq 0) {
|
||||
$isReady = $true
|
||||
Write-Output "Vault server is ready!"
|
||||
exit 0
|
||||
}
|
||||
} catch {
|
||||
# Ignore errors during startup
|
||||
}
|
||||
Write-Output "Waiting for Vault to start... ($counter/$timeout)"
|
||||
Start-Sleep -Seconds 1
|
||||
$counter++
|
||||
}
|
||||
|
||||
if (-not $isReady) {
|
||||
Write-Output "::error::Vault server failed to start within $timeout seconds"
|
||||
Write-Output "=== VAULT SERVER STDOUT ==="
|
||||
Get-Content "vault-logs/stdout.log" -ErrorAction SilentlyContinue
|
||||
Write-Output "=== VAULT SERVER STDERR ==="
|
||||
Get-Content "vault-logs/stderr.log" -ErrorAction SilentlyContinue
|
||||
exit 1
|
||||
}
|
||||
& "./scripts/vault-start.ps1"
|
||||
|
||||
- name: Setup Vault test data (on Unix)
|
||||
if: matrix.arch != 'windows-amd64'
|
||||
@@ -139,14 +62,7 @@ jobs:
|
||||
VAULT_TOKEN: root
|
||||
VAULT_SKIP_VERIFY: "true"
|
||||
run: |
|
||||
# Populate our test secrets
|
||||
echo "🔐 Populating test secrets:"
|
||||
vault kv put "${TEST_VAULT_KEY}" data="${TEST_VAULT_VALUE}"
|
||||
|
||||
# Populate our test transit backend with key
|
||||
echo "🔐 Populating test transit backend:"
|
||||
vault secrets enable transit
|
||||
vault write -f transit/keys/test
|
||||
./script/vault-setup.sh
|
||||
|
||||
- name: Setup Vault test data (on Windows)
|
||||
if: matrix.arch == 'windows-amd64'
|
||||
@@ -156,14 +72,7 @@ jobs:
|
||||
VAULT_SKIP_VERIFY: "true"
|
||||
shell: pwsh
|
||||
run: |
|
||||
# Populate our test secrets
|
||||
Write-Output "🔐 Populating test secrets:"
|
||||
& "./vault.exe" vault kv put "${{ vars.TEST_VAULT_KEY }}" data="${{ vars.TEST_VAULT_VALUE }}"
|
||||
|
||||
# Populate our test transit backend with key
|
||||
Write-Output "🔐 Populating test transit backend:"
|
||||
& "./vault.exe" vault secrets enable transit
|
||||
& "./vault.exe" vault write -f transit/keys/test
|
||||
& "./scripts/vault-setup.ps1"
|
||||
|
||||
- name: Vet
|
||||
run: go vet -v ./...
|
||||
|
||||
Reference in New Issue
Block a user