Skip to content

Test AWSSigner with localstack #265

Test AWSSigner with localstack

Test AWSSigner with localstack #265

Workflow file for this run

name: Run KMS tests
on:
push:
workflow_dispatch:
permissions: {}
jobs:
test-kms:
runs-on: ubuntu-latest
if: github.repository_owner == 'secure-systems-lab' # only run upstream
permissions:
id-token: 'write' # for OIDC auth for GCP authentication
issues: 'write' # for filing an issue on failure
steps:
- name: Checkout securesystemslib
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
- name: Set up Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d
with:
python-version: '3.x'
cache: 'pip'
cache-dependency-path: 'requirements*.txt'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install --upgrade tox
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c
with:
token_format: access_token
workload_identity_provider: projects/843741030650/locations/global/workloadIdentityPools/securesystemslib-tests/providers/securesystemslib-tests
service_account: [email protected]
- run: tox -e kms
- name: File an issue on failure
if: ${{ failure() }}
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with:
script: |
const repo = context.repo.owner + "/" + context.repo.repo
const issues = await github.rest.search.issuesAndPullRequests({
q: "KMS+tests+failed+in:title+state:open+type:issue+repo:" + repo,
})
if (issues.data.total_count > 0) {
console.log("Issue open already, not creating.")
} else {
await github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: "KMS tests failed",
body: "Hey, it seems KMS tests have failed, please see - [workflow run](" +
"https://github.com/" + repo + "/actions/runs/" + context.runId + ")"
})
console.log("New issue created.")
}