Test AWSSigner with localstack #265
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Run KMS tests | |
on: | |
push: | |
workflow_dispatch: | |
permissions: {} | |
jobs: | |
test-kms: | |
runs-on: ubuntu-latest | |
if: github.repository_owner == 'secure-systems-lab' # only run upstream | |
permissions: | |
id-token: 'write' # for OIDC auth for GCP authentication | |
issues: 'write' # for filing an issue on failure | |
steps: | |
- name: Checkout securesystemslib | |
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 | |
- name: Set up Python | |
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d | |
with: | |
python-version: '3.x' | |
cache: 'pip' | |
cache-dependency-path: 'requirements*.txt' | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install --upgrade tox | |
- name: Authenticate to Google Cloud | |
uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c | |
with: | |
token_format: access_token | |
workload_identity_provider: projects/843741030650/locations/global/workloadIdentityPools/securesystemslib-tests/providers/securesystemslib-tests | |
service_account: [email protected] | |
- run: tox -e kms | |
- name: File an issue on failure | |
if: ${{ failure() }} | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea | |
with: | |
script: | | |
const repo = context.repo.owner + "/" + context.repo.repo | |
const issues = await github.rest.search.issuesAndPullRequests({ | |
q: "KMS+tests+failed+in:title+state:open+type:issue+repo:" + repo, | |
}) | |
if (issues.data.total_count > 0) { | |
console.log("Issue open already, not creating.") | |
} else { | |
await github.rest.issues.create({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
title: "KMS tests failed", | |
body: "Hey, it seems KMS tests have failed, please see - [workflow run](" + | |
"https://github.com/" + repo + "/actions/runs/" + context.runId + ")" | |
}) | |
console.log("New issue created.") | |
} |