Skip to content

feat: Secure atKeys with pass-phrase #1898

feat: Secure atKeys with pass-phrase

feat: Secure atKeys with pass-phrase #1898

Workflow file for this run

# This workflows runs when
# 1. pull_request raised to trunk branch.
# 2. tag created on at_tools repository
name: at_libraries
on:
push:
tags:
- 'v*.*.*'
branches:
- trunk
pull_request:
branches:
- trunk
permissions: # added using https://github.com/step-security/secure-workflows
contents: read
jobs:
build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
package:
- at_contact
- at_server_status
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dart-lang/setup-dart@0a8a0fc875eb934c15d08629302413c671d3f672 # v1.6.5
with:
sdk: stable
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: 'stable'
cache-dependency-path: tools/osv-scanner/go.sum
- name: Install dependencies in ${{ matrix.package }}
working-directory: packages/${{ matrix.package }}
run: dart pub get
- name: Analyze project source in ${{ matrix.package }}
working-directory: packages/${{ matrix.package }}
run: dart analyze
# Runs osv-scanner to find any vulnerable Dart dependencies
# It needs to look at pubspec.lock files, which is why it's
# placed here, as the `dart pub get` above will create them
- name: Run osv-scanner
working-directory: packages/${{ matrix.package }}
run: |
go install github.com/google/osv-scanner/cmd/osv-scanner@6316373e47d7e3e4b4fd3630c4bbc10987738de6 # v1.4.3
osv-scanner --lockfile=./pubspec.lock
build_and_test:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
package:
- at_lookup
- at_chops
- at_onboarding_cli
- at_commons
- at_utils
- at_cli_commons
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dart-lang/setup-dart@0a8a0fc875eb934c15d08629302413c671d3f672 # v1.6.5
with:
sdk: stable
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: 'stable'
cache-dependency-path: tools/osv-scanner/go.sum
- name: Install dependencies in ${{ matrix.package }}
working-directory: packages/${{ matrix.package }}
run: dart pub get
- name: Analyze project source in ${{ matrix.package }}
working-directory: packages/${{ matrix.package }}
run: dart analyze
- name: run tests
working-directory: packages/${{ matrix.package }}
run: dart test --concurrency=1
# Runs osv-scanner to find any vulnerable Dart dependencies
# It needs to look at pubspec.lock files, which is why it's
# placed here, as the `dart pub get` above will create them
- name: Run osv-scanner
working-directory: packages/${{ matrix.package }}
run: |
go install github.com/google/osv-scanner/cmd/osv-scanner@6316373e47d7e3e4b4fd3630c4bbc10987738de6 # v1.4.3
osv-scanner --lockfile=./pubspec.lock
functional_tests_at_onboarding_cli:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
package:
- at_onboarding_cli_functional_tests
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dart-lang/setup-dart@0a8a0fc875eb934c15d08629302413c671d3f672 # v1.6.5
with:
sdk: stable
#functional tests for at_onboarding_cli
- name: add entry to hosts file
run: echo "127.0.0.1 vip.ve.atsign.zone" | sudo tee -a /etc/hosts
- name: Get functional test dependencies
working-directory: tests/${{ matrix.package }}
run: dart pub get
- name: Start docker instance
working-directory: tests/${{ matrix.package }}
run: sudo docker compose up -d
- name: Check for docker container readiness
working-directory: tests/${{ matrix.package }}
run: dart run check_docker_readiness.dart
# commented since onboarding tests throw atsign already activated exception
# - name: run pkamLoad on docker-image
# run: sudo docker exec at_onboarding_cli_functional_tests_virtualenv_1 supervisorctl start pkamLoad
# - name: Check test environment readiness
# working-directory: tests/${{ matrix.package }}
# run: dart run check_test_env.dart
- name: run tests
working-directory: tests/${{ matrix.package }}
run: dart test --concurrency=1
- name: kill docker image
working-directory: tests/${{ matrix.package }}
run: sudo docker compose down