kjuulh/dagger
Archived
1
0
Fork 0
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity

ci: Unify keys and add private key for testing purposes

Browse Source 
This commit enables PR's to run inegration tests by relying on keys with
only the necessary permissions to run on CI workloads

Signed-off-by: Marcos Lilljedahl <marcosnils@gmail.com>
This commit is contained in:
Marcos Lilljedahl 2022-03-30 18:05:17 -03:00
parent 9abdec252c
commit e47148ba64
7 changed files with 24 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/test-integration.yml vendored
View File

@ -57,11 +57,9 @@ jobs:
sudo chmod +x /usr/local/bin/sops sudo chmod +x /usr/local/bin/sops
- name: "Import Dagger private key" - name: "Import Dagger private key"
env:
DAGGER_AGE_KEY: ${{ secrets.DAGGER_AGE_KEY }}
run: | run: |
mkdir -p ~/.config/dagger mkdir -p ~/.config/dagger
echo "$DAGGER_AGE_KEY" > ~/.config/dagger/keys.txt cp ./tests/age_key.txt ~/.config/dagger/keys.txt
- name: "Expose GitHub Runtime" - name: "Expose GitHub Runtime"
uses: crazy-max/ghaction-github-runtime@v1 uses: crazy-max/ghaction-github-runtime@v1

4
.github/workflows/test-universe.yml vendored
View File

@ -49,11 +49,9 @@ jobs:
sudo chmod +x /usr/local/bin/sops sudo chmod +x /usr/local/bin/sops
- name: "Import Dagger private key" - name: "Import Dagger private key"
env:
DAGGER_AGE_KEY: ${{ secrets.DAGGER_AGE_KEY }}
run: | run: |
mkdir -p ~/.config/sops/age mkdir -p ~/.config/sops/age
echo "$DAGGER_AGE_KEY" > ~/.config/sops/age/keys.txt echo ./tests/age_key.txt ~/.config/sops/age/keys.txt
- name: "Expose GitHub Runtime" - name: "Expose GitHub Runtime"
uses: crazy-max/ghaction-github-runtime@v1 uses: crazy-max/ghaction-github-runtime@v1

8
pkg/universe.dagger.io/netlify/test/test.cue
View File

@ -13,7 +13,7 @@ import (
dagger.#Plan & { dagger.#Plan & {
client: commands: sops: { client: commands: sops: {
name: "sops" name: "sops"
args: ["-d", "../../test_secrets.yaml"] args: ["-d", "../../secrets_sops.yaml"]
stdout: dagger.#Secret stdout: dagger.#Secret
} }
@ -26,7 +26,7 @@ dagger.#Plan & {
format: "yaml" format: "yaml"
} }
token: testSecrets.output.netlifyToken.contents token: testSecrets.output.NETLIFY_TOKEN.contents
marker: "hello world" marker: "hello world"
@ -41,7 +41,7 @@ dagger.#Plan & {
simple: { simple: {
// Deploy to netlify // Deploy to netlify
deploy: netlify.#Deploy & { deploy: netlify.#Deploy & {
team: "blocklayer" team: "dagger-test"
token: common.token token: common.token
site: "dagger-test" site: "dagger-test"
contents: common.data.output contents: common.data.output
@ -57,7 +57,7 @@ dagger.#Plan & {
swapImage: { swapImage: {
// Deploy to netlify // Deploy to netlify
deploy: netlify.#Deploy & { deploy: netlify.#Deploy & {
team: "blocklayer" team: "dagger-test"
token: common.token token: common.token
site: "dagger-test" site: "dagger-test"
contents: common.data.output contents: common.data.output

21
pkg/universe.dagger.io/test_secrets.yaml
View File

@ -1,21 +0,0 @@
netlifyToken: ENC[AES256_GCM,data:DeTBgf73iiIDVJZ3i1Rd6Cn9KvJGwh7n8/u/zWKdpaMvU7R1X43JqMbZMg==,iv:0HmdJr7BHKQk+RrCWAzZCkU7BkJ5N5//otgwAgJnQ6w=,tag:DoVYsCnO6HMHXpakX4uBlA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnUEhWbjV3M29oUUJyWk81
Wk1WQ1E0cmtuVlhNSGxkWUM3WmJXdUYvbzAwCjlFWW9IVmtmTjY1aU1LR2lxWFlT
am9RemNqSDRWK2FDYk1xeGNiTFlWMFUKLS0tIFVrSzBCMERQbnhYb09ReVpFK00v
TG5YUDlFVzlRRFBCdEhsNVlVK1dMRTgKx1TPZWWQiaU8iMni03/ekG+m4rFCcaa4
JI+ED2d+8411BgZtlss/ukQtwskidvYTvetyWw2jes6o1lhfDv5q2A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-01-20T00:42:44Z"
mac: ENC[AES256_GCM,data:N4dbowNmz34Hn/o1Ofv4g9Z5I7EzcYyrGpXSu9fkczd69zkTpv87uFamEdV/kQM2bbIEm9gS8d0oTi41qsC0iax368YUJmjG6xMptwrrA/mcjRzwXjlPrCZN9454srJw4NXWm0F5/aJQa4XlO65OCLZw+4WCz0wyAWwKzuQNAb0=,iv:EIG55jdEIbVp390uCVJ/rCjJO+s+CsAblH0/CIMNgIc=,tag:dcZDoMsBToikTQ83R0azag==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.1

4
tests/age_key.txt Normal file
View File

@ -0,0 +1,4 @@
# Dagger CI
# created: 2021-05-26T17:10:52-07:00
# public key: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
AGE-SECRET-KEY-1R8RRCL7NXA5SHW6HEZCJ5FJG2JJECSNVDHCF533W3CNDJGQL0AVQEA0JK7

25
tests/secrets_sops.yaml
View File

@ -1,8 +1,9 @@
TestPAT: ENC[AES256_GCM,data:tLrYG8WCZah93gWkvltLzvxAhB1Tj7fmPZ/iZac8bjMo0+y74bq1qg==,iv:UD9s7flTy/FvW+NHg82l1xJruXldnSCRlRQpg5z7WO8=,tag:v35hzseqeY7V3P7J/hg28w==,type:str] TestPAT: ENC[AES256_GCM,data:R6yLIJWAdXBiXtNewC9TNZoG92Stzebvc94XHaTjdg1H3iLkV9/J4w==,iv:TDIkf+YNFnqj1f9UFPcMfHblcpLT56cOlShpm5JaMkY=,tag:urFpg9cSg+7+nsf9DON1Fw==,type:str]
DOCKERHUB_TOKEN: ENC[AES256_GCM,data:ZWXFsmZI/uf5VT/1Se4lvON4AK349sXclWI+kZrzabj7447U,iv:eTj0xRSwMjUUrokpIr7UohC07cO69WAsxO/NZXSsmLw=,tag:PjHp/PnIDL/dx4cjESpJgQ==,type:str] NETLIFY_TOKEN: ENC[AES256_GCM,data:AyLLlXC3FuAwHuQLM5RRhzwKIZyFkucKBABLXeWBYLnF9oaEfhn/xBRCbw==,iv:QyMGzxp4NY2jgFgj6ZEW7sGXQdPBWHPfRrs196EHnLg=,tag:/IJYM6C/g9iNcY+IQrUvbA==,type:str]
DOCKERHUB_TOKEN: ENC[AES256_GCM,data:oYROIHQZfR7c28aGvdDU3mURR/SBGhlbRsd84mNVAuxdy6S8,iv:RsVszAOxF19Z3i4HbWw4BKHCJdly8IT2gVOrQwE5Fgk=,tag:oks5BXxcU3UzoawzNkX7uw==,type:str]
AWS: AWS:
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:jH9qw1DFauiOILteQJP4hbcAL/A=,iv:4WBQsGoQtApT7vUgIjopq4dC1KME9wQU1I7oj6KQy/E=,tag:WbSDp5rFEVgmqprY+RcBuw==,type:str] AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:KahWpPHbl+rv1RGOJHfl+g76FgQ=,iv:iDAYBuCJ4xMKLf4dHM50hq7B22nVXRd/nxAynwgjlns=,tag:+aBqWay5U//pT5b3RSGYWw==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:oR+i0k/escdAGX0hUWTpGGQvbbiU4BWlb3983lpcA1tI1egTj6Nmpg==,iv:iXPaZvjg03htTPiOMER5+iLP2qzdOJTfnq7xSHbFTAs=,tag:fa66HZubWdceC864bjXoDQ==,type:str] AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:mlEQJPJxsnaaXvB0L3SeNbAbY+rsKP4J01NzCvtQsyOMN35COXETDQ==,iv:NH5zhV5akMXcH+Gx/DvVHdOrl31kaIDwtyw1IF0gzHg=,tag:NL3uBHqHDFT80FqbflMVtw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -12,14 +13,14 @@ sops:
- recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVaUprdU9CUFpGdFRTazA5 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTa2ZOR3U1YzRNNGhwMHZx
Wll2RzVjUlhvRUVDbU1aVVhKV204Wjg3azFVCmdhYXZFTEl2TGFPTk83cmxjK2hM dG5yUFlyK2VMZGVaWkcxdzRwMk5oQjB1MVY4CnJKMTVONksvZHIrQkJIcWZpVXhK
RVNGZHBoSDZmQ1RKL0Y3S0ZHMUxEd2MKLS0tIDJaZWdsYVVuUXJPVkVCVlNPQkVG aUR1N0dtazM1ODFzS01CVmlVeERKeUEKLS0tIHh4OEVtc1BMbU9MRXRoOGJQakhj
eUt4NEUyVXVaa1FBVWhoeEJSTVpiWnMKJXNDKz9mf7zmb1oJ9BXgkDDfz2QUg/fJ cjgrby94cDZ0SW51UFNjVmpjVFNCeE0K9/OH1T2xiNSu27uTE6fqyzZfAIzpSNdL
Sx2jlW7s1TuiH8GeL4jxw5Euh0DFw6YZO9j05dcygJslZWtLopUHAQ== q/1B8YeDrRGg/jYYW53bLlwmcBzAK89JdE/RtFnLnqJ203mhrnpIWw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-02-18T17:21:55Z" lastmodified: "2022-03-30T20:59:45Z"
mac: ENC[AES256_GCM,data:50O/LO+8z+Dqm3wx8xaJGyL+nQ3KShQgDAYnV+GEjaacwBGhPSbwK5M/JxR98mq0PlikbHl0cv5CfUpvkShIuTdrz68QSsxn1KcVgiJeW5s8v2+0dJGEjOzy8ASnHm3uG0msB6cD00hrECc7htjaHCWk55cMlKliGUNNAh5Q28g=,iv:IujDY2mWrhfQNI1D40hev4yFNiqQSv8k4KN7kvpe7LQ=,tag:DfvoOkSxX1YIWPqAY31ifA==,type:str] mac: ENC[AES256_GCM,data:lfCIakVD8rd5PV38i9uz1z0btv/EQdlDbluxnZ+7fH9TDaKzLEgMhBrI/uOT8JImzVkgLB084nRPvfmIDQneAsE+lNakcWkUYHibxSjMr9fibaRnBSUFh3MfXf1zogKdIYjeoOdHyOAC7xus303ASJbebF45BiRVun+rjLIf1Pk=,iv:3K9RJzPymURK58zuHRil412rLmkQ4Mbz3B7zXW74aMw=,tag:haRsB73PQ9FPp1h265J3ew==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.1 version: 3.7.2

2
tests/tasks/gitpull/private_repo.cue
View File

@ -24,7 +24,7 @@ dagger.#Plan & {
} }
testRepo: core.#GitPull & { testRepo: core.#GitPull & {
remote: "https://github.com/dagger/dagger.git" remote: "https://github.com/dagger/test.git"
ref: "main" ref: "main"
auth: { auth: {
username: "dagger-test" username: "dagger-test"