ci: Unify keys and add private key for testing purposes
This commit enables PR's to run inegration tests by relying on keys with only the necessary permissions to run on CI workloads Signed-off-by: Marcos Lilljedahl <marcosnils@gmail.com>
This commit is contained in:
Marcos Lilljedahl
parent
9abdec252c
commit
e47148ba64
4
.github/workflows/test-integration.yml
vendored
4
.github/workflows/test-integration.yml
vendored
@ -57,11 +57,9 @@ jobs:
|
||||
sudo chmod +x /usr/local/bin/sops
|
||||
|
||||
- name: "Import Dagger private key"
|
||||
env:
|
||||
DAGGER_AGE_KEY: ${{ secrets.DAGGER_AGE_KEY }}
|
||||
run: |
|
||||
mkdir -p ~/.config/dagger
|
||||
echo "$DAGGER_AGE_KEY" > ~/.config/dagger/keys.txt
|
||||
cp ./tests/age_key.txt ~/.config/dagger/keys.txt
|
||||
|
||||
- name: "Expose GitHub Runtime"
|
||||
uses: crazy-max/ghaction-github-runtime@v1
|
||||
|
||||
4
.github/workflows/test-universe.yml
vendored
4
.github/workflows/test-universe.yml
vendored
@ -49,11 +49,9 @@ jobs:
|
||||
sudo chmod +x /usr/local/bin/sops
|
||||
|
||||
- name: "Import Dagger private key"
|
||||
env:
|
||||
DAGGER_AGE_KEY: ${{ secrets.DAGGER_AGE_KEY }}
|
||||
run: |
|
||||
mkdir -p ~/.config/sops/age
|
||||
echo "$DAGGER_AGE_KEY" > ~/.config/sops/age/keys.txt
|
||||
echo ./tests/age_key.txt ~/.config/sops/age/keys.txt
|
||||
|
||||
- name: "Expose GitHub Runtime"
|
||||
uses: crazy-max/ghaction-github-runtime@v1
|
||||
|
||||
@ -13,7 +13,7 @@ import (
|
||||
dagger.#Plan & {
|
||||
client: commands: sops: {
|
||||
name: "sops"
|
||||
args: ["-d", "../../test_secrets.yaml"]
|
||||
args: ["-d", "../../secrets_sops.yaml"]
|
||||
stdout: dagger.#Secret
|
||||
}
|
||||
|
||||
@ -26,7 +26,7 @@ dagger.#Plan & {
|
||||
format: "yaml"
|
||||
}
|
||||
|
||||
token: testSecrets.output.netlifyToken.contents
|
||||
token: testSecrets.output.NETLIFY_TOKEN.contents
|
||||
|
||||
marker: "hello world"
|
||||
|
||||
@ -41,7 +41,7 @@ dagger.#Plan & {
|
||||
simple: {
|
||||
// Deploy to netlify
|
||||
deploy: netlify.#Deploy & {
|
||||
team: "blocklayer"
|
||||
team: "dagger-test"
|
||||
token: common.token
|
||||
site: "dagger-test"
|
||||
contents: common.data.output
|
||||
@ -57,7 +57,7 @@ dagger.#Plan & {
|
||||
swapImage: {
|
||||
// Deploy to netlify
|
||||
deploy: netlify.#Deploy & {
|
||||
team: "blocklayer"
|
||||
team: "dagger-test"
|
||||
token: common.token
|
||||
site: "dagger-test"
|
||||
contents: common.data.output
|
||||
|
||||
@ -1,21 +0,0 @@
|
||||
netlifyToken: ENC[AES256_GCM,data:DeTBgf73iiIDVJZ3i1Rd6Cn9KvJGwh7n8/u/zWKdpaMvU7R1X43JqMbZMg==,iv:0HmdJr7BHKQk+RrCWAzZCkU7BkJ5N5//otgwAgJnQ6w=,tag:DoVYsCnO6HMHXpakX4uBlA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnUEhWbjV3M29oUUJyWk81
|
||||
Wk1WQ1E0cmtuVlhNSGxkWUM3WmJXdUYvbzAwCjlFWW9IVmtmTjY1aU1LR2lxWFlT
|
||||
am9RemNqSDRWK2FDYk1xeGNiTFlWMFUKLS0tIFVrSzBCMERQbnhYb09ReVpFK00v
|
||||
TG5YUDlFVzlRRFBCdEhsNVlVK1dMRTgKx1TPZWWQiaU8iMni03/ekG+m4rFCcaa4
|
||||
JI+ED2d+8411BgZtlss/ukQtwskidvYTvetyWw2jes6o1lhfDv5q2A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-01-20T00:42:44Z"
|
||||
mac: ENC[AES256_GCM,data:N4dbowNmz34Hn/o1Ofv4g9Z5I7EzcYyrGpXSu9fkczd69zkTpv87uFamEdV/kQM2bbIEm9gS8d0oTi41qsC0iax368YUJmjG6xMptwrrA/mcjRzwXjlPrCZN9454srJw4NXWm0F5/aJQa4XlO65OCLZw+4WCz0wyAWwKzuQNAb0=,iv:EIG55jdEIbVp390uCVJ/rCjJO+s+CsAblH0/CIMNgIc=,tag:dcZDoMsBToikTQ83R0azag==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.1
|
||||
4
tests/age_key.txt
Normal file
4
tests/age_key.txt
Normal file
@ -0,0 +1,4 @@
|
||||
# Dagger CI
|
||||
# created: 2021-05-26T17:10:52-07:00
|
||||
# public key: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
|
||||
AGE-SECRET-KEY-1R8RRCL7NXA5SHW6HEZCJ5FJG2JJECSNVDHCF533W3CNDJGQL0AVQEA0JK7
|
||||
@ -1,8 +1,9 @@
|
||||
TestPAT: ENC[AES256_GCM,data:tLrYG8WCZah93gWkvltLzvxAhB1Tj7fmPZ/iZac8bjMo0+y74bq1qg==,iv:UD9s7flTy/FvW+NHg82l1xJruXldnSCRlRQpg5z7WO8=,tag:v35hzseqeY7V3P7J/hg28w==,type:str]
|
||||
DOCKERHUB_TOKEN: ENC[AES256_GCM,data:ZWXFsmZI/uf5VT/1Se4lvON4AK349sXclWI+kZrzabj7447U,iv:eTj0xRSwMjUUrokpIr7UohC07cO69WAsxO/NZXSsmLw=,tag:PjHp/PnIDL/dx4cjESpJgQ==,type:str]
|
||||
TestPAT: ENC[AES256_GCM,data:R6yLIJWAdXBiXtNewC9TNZoG92Stzebvc94XHaTjdg1H3iLkV9/J4w==,iv:TDIkf+YNFnqj1f9UFPcMfHblcpLT56cOlShpm5JaMkY=,tag:urFpg9cSg+7+nsf9DON1Fw==,type:str]
|
||||
NETLIFY_TOKEN: ENC[AES256_GCM,data:AyLLlXC3FuAwHuQLM5RRhzwKIZyFkucKBABLXeWBYLnF9oaEfhn/xBRCbw==,iv:QyMGzxp4NY2jgFgj6ZEW7sGXQdPBWHPfRrs196EHnLg=,tag:/IJYM6C/g9iNcY+IQrUvbA==,type:str]
|
||||
DOCKERHUB_TOKEN: ENC[AES256_GCM,data:oYROIHQZfR7c28aGvdDU3mURR/SBGhlbRsd84mNVAuxdy6S8,iv:RsVszAOxF19Z3i4HbWw4BKHCJdly8IT2gVOrQwE5Fgk=,tag:oks5BXxcU3UzoawzNkX7uw==,type:str]
|
||||
AWS:
|
||||
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:jH9qw1DFauiOILteQJP4hbcAL/A=,iv:4WBQsGoQtApT7vUgIjopq4dC1KME9wQU1I7oj6KQy/E=,tag:WbSDp5rFEVgmqprY+RcBuw==,type:str]
|
||||
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:oR+i0k/escdAGX0hUWTpGGQvbbiU4BWlb3983lpcA1tI1egTj6Nmpg==,iv:iXPaZvjg03htTPiOMER5+iLP2qzdOJTfnq7xSHbFTAs=,tag:fa66HZubWdceC864bjXoDQ==,type:str]
|
||||
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:KahWpPHbl+rv1RGOJHfl+g76FgQ=,iv:iDAYBuCJ4xMKLf4dHM50hq7B22nVXRd/nxAynwgjlns=,tag:+aBqWay5U//pT5b3RSGYWw==,type:str]
|
||||
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:mlEQJPJxsnaaXvB0L3SeNbAbY+rsKP4J01NzCvtQsyOMN35COXETDQ==,iv:NH5zhV5akMXcH+Gx/DvVHdOrl31kaIDwtyw1IF0gzHg=,tag:NL3uBHqHDFT80FqbflMVtw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -12,14 +13,14 @@ sops:
|
||||
- recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVaUprdU9CUFpGdFRTazA5
|
||||
Wll2RzVjUlhvRUVDbU1aVVhKV204Wjg3azFVCmdhYXZFTEl2TGFPTk83cmxjK2hM
|
||||
RVNGZHBoSDZmQ1RKL0Y3S0ZHMUxEd2MKLS0tIDJaZWdsYVVuUXJPVkVCVlNPQkVG
|
||||
eUt4NEUyVXVaa1FBVWhoeEJSTVpiWnMKJXNDKz9mf7zmb1oJ9BXgkDDfz2QUg/fJ
|
||||
Sx2jlW7s1TuiH8GeL4jxw5Euh0DFw6YZO9j05dcygJslZWtLopUHAQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTa2ZOR3U1YzRNNGhwMHZx
|
||||
dG5yUFlyK2VMZGVaWkcxdzRwMk5oQjB1MVY4CnJKMTVONksvZHIrQkJIcWZpVXhK
|
||||
aUR1N0dtazM1ODFzS01CVmlVeERKeUEKLS0tIHh4OEVtc1BMbU9MRXRoOGJQakhj
|
||||
cjgrby94cDZ0SW51UFNjVmpjVFNCeE0K9/OH1T2xiNSu27uTE6fqyzZfAIzpSNdL
|
||||
q/1B8YeDrRGg/jYYW53bLlwmcBzAK89JdE/RtFnLnqJ203mhrnpIWw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-02-18T17:21:55Z"
|
||||
mac: ENC[AES256_GCM,data:50O/LO+8z+Dqm3wx8xaJGyL+nQ3KShQgDAYnV+GEjaacwBGhPSbwK5M/JxR98mq0PlikbHl0cv5CfUpvkShIuTdrz68QSsxn1KcVgiJeW5s8v2+0dJGEjOzy8ASnHm3uG0msB6cD00hrECc7htjaHCWk55cMlKliGUNNAh5Q28g=,iv:IujDY2mWrhfQNI1D40hev4yFNiqQSv8k4KN7kvpe7LQ=,tag:DfvoOkSxX1YIWPqAY31ifA==,type:str]
|
||||
lastmodified: "2022-03-30T20:59:45Z"
|
||||
mac: ENC[AES256_GCM,data:lfCIakVD8rd5PV38i9uz1z0btv/EQdlDbluxnZ+7fH9TDaKzLEgMhBrI/uOT8JImzVkgLB084nRPvfmIDQneAsE+lNakcWkUYHibxSjMr9fibaRnBSUFh3MfXf1zogKdIYjeoOdHyOAC7xus303ASJbebF45BiRVun+rjLIf1Pk=,iv:3K9RJzPymURK58zuHRil412rLmkQ4Mbz3B7zXW74aMw=,tag:haRsB73PQ9FPp1h265J3ew==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.1
|
||||
version: 3.7.2
|
||||
|
||||
@ -24,7 +24,7 @@ dagger.#Plan & {
|
||||
}
|
||||
|
||||
testRepo: core.#GitPull & {
|
||||
remote: "https://github.com/dagger/dagger.git"
|
||||
remote: "https://github.com/dagger/test.git"
|
||||
ref: "main"
|
||||
auth: {
|
||||
username: "dagger-test"
|
||||
|
||||
Reference in New Issue
Block a user