name: Test on: push: branches: - main pull_request: branches: - main jobs: tests: strategy: matrix: arch: ['linux-amd64', 'linux-arm64', 'darwin-amd64', 'windows-amd64'] runs-on: ${{ matrix.arch }} steps: - name: Checkout uses: actions/checkout@v4 - name: Setup go uses: actions/setup-go@v5 with: go-version-file: 'go.mod' - name: Setup Hashicorp Vault (on Linux) if: matrix.arch != 'darwin-amd64' && matrix.arch != 'windows-amd64' run: | wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list apt-get update && apt-get -y install vault - name: Setup Hashicorp Vault (on Windows) if: matrix.arch == 'windows-amd64' run: | $vaultVersion = "1.20.3" $vaultUrl = "https://releases.hashicorp.com/vault/$vaultVersion/vault_${vaultVersion}_windows_amd64.zip" Invoke-WebRequest -Uri $vaultUrl -OutFile "vault.zip" Expand-Archive -Path "vault.zip" -DestinationPath . & "./vault.exe" version shell: pwsh - name: Start Vault in background (on Unix) id: start-vault if: matrix.arch != 'windows-amd64' env: VAULT_ADDR: "https://127.0.0.1:8200" VAULT_SKIP_VERIFY: "true" run: | # Start Vault server in background echo "🔐 Starting Hashicorp Vault development server" vault server -dev -dev-root-token-id=root -dev-listen-address=127.0.0.1:8200 -dev-tls > vault.log 2>&1 & VAULT_PID=$! echo $VAULT_PID > vault.pid sleep 3 export VAULT_SKIP_VERIFY=true if ! vault status; then echo "❌ Vault failed to start. Logs ($(wc -l vault.log) lines):" cat vault.log exit 1 fi echo "✅ Vault started successfully with PID: $VAULT_PID" - name: Start Vault in background (on Windows) id: start-vault-windows if: matrix.arch == 'windows-amd64' shell: pwsh env: VAULT_ADDR: "https://127.0.0.1:8200" VAULT_SKIP_VERIFY: "true" run: | # Create directories New-Item -ItemType Directory -Path ".\vault-data" -Force New-Item -ItemType Directory -Path ".\vault-logs" -Force # Start Vault server with output redirected to log file $vaultArgs = @( "server", "-dev", "-dev-tls", "-dev-root-token-id=root", "-dev-listen-address=127.0.0.1:8200" ) # Start process and capture PID $process = Start-Process -FilePath "vault.exe" ` -ArgumentList $vaultArgs ` -PassThru ` -NoNewWindow ` -RedirectStandardOutput "vault-logs/stdout.log" ` -RedirectStandardError "vault-logs/stderr.log" $process.Id | Out-File -FilePath "vault-pid.txt" Write-Output "Vault process started with PID: $($process.Id)" ## Wait for Vault to become ready with timeout $timeout = 30 $counter = 0 $isReady = $false # Set environment variables for current step $env:VAULT_ADDR = "https://127.0.0.1:8200" $env:VAULT_TOKEN = "root" $env:VAULT_SKIP_VERIFY = "true" while ($counter -lt $timeout) { try { & "./vault.exe" status 2>$null if ($LASTEXITCODE -eq 0) { $isReady = $true Write-Output "Vault server is ready!" break } } catch { # Ignore errors during startup } Write-Output "Waiting for Vault to start... ($counter/$timeout)" Start-Sleep -Seconds 1 $counter++ } if (-not $isReady) { Write-Output "::error::Vault server failed to start within $timeout seconds" Write-Output "=== VAULT SERVER STDOUT ===" Get-Content "vault-logs/stdout.log" -ErrorAction SilentlyContinue Write-Output "=== VAULT SERVER STDERR ===" Get-Content "vault-logs/stderr.log" -ErrorAction SilentlyContinue exit 1 } - name: Setup Vault test data env: TEST_VAULT_KEY: ${{ vars.TEST_VAULT_KEY }} TEST_VAULT_VALUE: ${{ vars.TEST_VAULT_VALUE }} VAULT_ADDR: "https://127.0.0.1:8200" VAULT_TOKEN: root VAULT_SKIP_VERIFY: "true" run: | # Populate our test secrets echo "🔐 Populating test secrets:" vault kv put "${TEST_VAULT_KEY}" data="${TEST_VAULT_VALUE}" # Populate our test transit backend with key echo "🔐 Populating test transit backend:" vault secrets enable transit vault write -f transit/keys/test - name: Vet run: go vet -v ./... - name: Test env: TEST_VAULT_KEY: ${{ vars.TEST_VAULT_KEY }} TEST_VAULT_VALUE: ${{ vars.TEST_VAULT_VALUE }} VAULT_ADDR: "https://127.0.0.1:8200" VAULT_TOKEN: root VAULT_SKIP_VERIFY: "true" run: | go test -v ./... - name: Stop Vault (on Unix) if: always() && matrix.arch != 'windows-amd64' run: | if [ -f vault.pid ]; then kill $(cat vault.pid) 2>/dev/null || true rm -f vault.pid fi - name: Stop Vault (on Windows) if: always() && matrix.arch == 'windows-amd64' shell: pwsh run: | # Function to display logs function Show-VaultLogs { Write-Output "=== VAULT SERVER STDOUT (last 50 lines) ===" Get-Content "vault-logs/stdout.log" -ErrorAction SilentlyContinue | Select-Object -Last 50 Write-Output "=== VAULT SERVER STDERR (last 50 lines) ===" Get-Content "vault-logs/stderr.log" -ErrorAction SilentlyContinue | Select-Object -Last 50 } # Read PID from file (Gitea alternative to env vars) $vaultPid = $null if (Test-Path "vault-pid.txt") { $vaultPid = Get-Content "vault-pid.txt" -Raw Write-Output "Found Vault PID: $vaultPid" } # Check if previous steps failed $previousStepFailed = $false if ("${{ steps.start-vault.outcome }}" -eq "failure") { $previousStepFailed = $true Write-Output "Vault startup step failed" } # Stop the Vault process if we have a PID if ($vaultPid -and ($vaultPid -ne '')) { if ($previousStepFailed) { Write-Output "Previous step failed, showing Vault logs:" Show-VaultLogs } # Stop the Vault process try { Stop-Process -Id $vaultPid -Force -ErrorAction Stop Write-Output "Stopped Vault process $vaultPid" } catch { Write-Warning "Failed to stop process $vaultPid: $($_.Exception.Message)" } } # Clean up any remaining Vault processes $vaultProcesses = Get-Process -Name "vault" -ErrorAction SilentlyContinue if ($vaultProcesses) { Write-Output "Found additional Vault processes, stopping them..." $vaultProcesses | Stop-Process -Force -ErrorAction SilentlyContinue } # Always show logs if we're in a failure state if ($previousStepFailed -or "${{ job.status }}" -eq "failure") { Write-Output "Job failed, showing final Vault logs:" Show-VaultLogs } # Cleanup PID file if (Test-Path "vault-pid.txt") { Remove-Item "vault-pid.txt" -Force }