feat: Secure atKeys with pass-phrase #1898
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflows runs when | |
# 1. pull_request raised to trunk branch. | |
# 2. tag created on at_tools repository | |
name: at_libraries | |
on: | |
push: | |
tags: | |
- 'v*.*.*' | |
branches: | |
- trunk | |
pull_request: | |
branches: | |
- trunk | |
permissions: # added using https://github.com/step-security/secure-workflows | |
contents: read | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
package: | |
- at_contact | |
- at_server_status | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: dart-lang/setup-dart@0a8a0fc875eb934c15d08629302413c671d3f672 # v1.6.5 | |
with: | |
sdk: stable | |
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version: 'stable' | |
cache-dependency-path: tools/osv-scanner/go.sum | |
- name: Install dependencies in ${{ matrix.package }} | |
working-directory: packages/${{ matrix.package }} | |
run: dart pub get | |
- name: Analyze project source in ${{ matrix.package }} | |
working-directory: packages/${{ matrix.package }} | |
run: dart analyze | |
# Runs osv-scanner to find any vulnerable Dart dependencies | |
# It needs to look at pubspec.lock files, which is why it's | |
# placed here, as the `dart pub get` above will create them | |
- name: Run osv-scanner | |
working-directory: packages/${{ matrix.package }} | |
run: | | |
go install github.com/google/osv-scanner/cmd/osv-scanner@6316373e47d7e3e4b4fd3630c4bbc10987738de6 # v1.4.3 | |
osv-scanner --lockfile=./pubspec.lock | |
build_and_test: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
package: | |
- at_lookup | |
- at_chops | |
- at_onboarding_cli | |
- at_commons | |
- at_utils | |
- at_cli_commons | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: dart-lang/setup-dart@0a8a0fc875eb934c15d08629302413c671d3f672 # v1.6.5 | |
with: | |
sdk: stable | |
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version: 'stable' | |
cache-dependency-path: tools/osv-scanner/go.sum | |
- name: Install dependencies in ${{ matrix.package }} | |
working-directory: packages/${{ matrix.package }} | |
run: dart pub get | |
- name: Analyze project source in ${{ matrix.package }} | |
working-directory: packages/${{ matrix.package }} | |
run: dart analyze | |
- name: run tests | |
working-directory: packages/${{ matrix.package }} | |
run: dart test --concurrency=1 | |
# Runs osv-scanner to find any vulnerable Dart dependencies | |
# It needs to look at pubspec.lock files, which is why it's | |
# placed here, as the `dart pub get` above will create them | |
- name: Run osv-scanner | |
working-directory: packages/${{ matrix.package }} | |
run: | | |
go install github.com/google/osv-scanner/cmd/osv-scanner@6316373e47d7e3e4b4fd3630c4bbc10987738de6 # v1.4.3 | |
osv-scanner --lockfile=./pubspec.lock | |
functional_tests_at_onboarding_cli: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
package: | |
- at_onboarding_cli_functional_tests | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: dart-lang/setup-dart@0a8a0fc875eb934c15d08629302413c671d3f672 # v1.6.5 | |
with: | |
sdk: stable | |
#functional tests for at_onboarding_cli | |
- name: add entry to hosts file | |
run: echo "127.0.0.1 vip.ve.atsign.zone" | sudo tee -a /etc/hosts | |
- name: Get functional test dependencies | |
working-directory: tests/${{ matrix.package }} | |
run: dart pub get | |
- name: Start docker instance | |
working-directory: tests/${{ matrix.package }} | |
run: sudo docker compose up -d | |
- name: Check for docker container readiness | |
working-directory: tests/${{ matrix.package }} | |
run: dart run check_docker_readiness.dart | |
# commented since onboarding tests throw atsign already activated exception | |
# - name: run pkamLoad on docker-image | |
# run: sudo docker exec at_onboarding_cli_functional_tests_virtualenv_1 supervisorctl start pkamLoad | |
# - name: Check test environment readiness | |
# working-directory: tests/${{ matrix.package }} | |
# run: dart run check_test_env.dart | |
- name: run tests | |
working-directory: tests/${{ matrix.package }} | |
run: dart test --concurrency=1 | |
- name: kill docker image | |
working-directory: tests/${{ matrix.package }} | |
run: sudo docker compose down |