chore(sdk): add legacy decryption tests #3285
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: X-Test | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| inputs: | |
| platform-ref: | |
| required: false | |
| type: string | |
| default: main | |
| otdfctl-ref: | |
| required: false | |
| type: string | |
| default: main | |
| js-ref: | |
| required: false | |
| type: string | |
| default: main | |
| java-ref: | |
| required: false | |
| type: string | |
| default: main | |
| workflow_call: | |
| inputs: | |
| platform-ref: | |
| required: false | |
| type: string | |
| default: main | |
| otdfctl-ref: | |
| required: false | |
| type: string | |
| default: main | |
| js-ref: | |
| required: false | |
| type: string | |
| default: main | |
| java-ref: | |
| required: false | |
| type: string | |
| default: main | |
| schedule: | |
| - cron: "30 6 * * *" | |
| jobs: | |
| cross-client-test: | |
| timeout-minutes: 60 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: read | |
| env: | |
| PLATFORM_REF: "${{ inputs.platform-ref || 'main' }}" | |
| JS_REF: "${{ inputs.js-ref || 'main' }}" | |
| OTDFCTL_REF: "${{ inputs.otdfctl-ref || 'main' }}" | |
| JAVA_REF: "${{ inputs.java-ref || 'main' }}" | |
| steps: | |
| ######## SPIN UP PLATFORM BACKEND ############# | |
| - name: Check out and start up platform with deps/containers | |
| id: run-platform | |
| uses: opentdf/platform/test/start-up-with-containers@DSP-344-add-custom-keys-to-kas | |
| with: | |
| platform-ref: ${{ env.PLATFORM_REF }} | |
| extra-keys: >- | |
| [{ | |
| "kid": "golden-r1", | |
| "alg": "rsa:2048", | |
| "privateKey": "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDxAXgP2SjRPhKe\nO1OdLco7zsU+uMnvQFnTrc0W8eQ/vUGjP8HNABA3kKUeJZUGb4lyE5u62sBqD+Va\nOWh0tIRCIEPRC/tF3hTE5TeDJLJiY9N3R5P9OjWuFewnQFXIfTPqmrny1pYowfkd\nnbxBSzb/xTpk6K+yzkyrZdW1JvYdW/1CBGpo7qtfxflR3Cy13V15YDuVTD2rHUSj\nM2eYUU+b4HLoHvKZ87y18nwaOMOMMqbvp4xFoxckoE/XkuaHyH1UWI9HqCyFBrh+\nf24OPMP0N3qMCseXJc2CTBGSX4jKdB0WGqOpZdBxKWlKxLGlKAe9Ko1eYzUHdhhN\npBRmU4HzAgMBAAECggEAHRHhSoAWJU8Ibd+YEVBxoU8qiYs+iEZJz3eaUlcxAeMx\nJKDPHowQaLNgx0cfN5yChqkI0rwKE4EBWCWujM0tWtCLfY6la2MDPFCtpnrprWZ/\nHlca6aN40BvC1WU0M6+ucHDjVwA9MoNbKhBZocKRyr4ecgeDEd1CcDYjVetyKk4v\nTKIa7mvoNfRMT5dsmvUdRgtkvIaomLYoCVc7nK2d7C0WP/RaUWpJUUpZE+8lP3ze\no44HMMpeq+yyeXJhq6+PIErJfOChYJVjwOWCVJ99NRJ2RFU4kNu4gY2YcL6IRCV5\n6rfwsJwdKlLxTKVEZPCWVEa0TS+G4yQV8gu1LtvAwQKBgQD6Z5Hxw2R+bTFFyeOx\nMlDno8PvBlw4B3QrrWppk3f+m4261eSFdCMkZTZw81QjdGCJ/BTtMASaNWIWVyc1\nkslSg+ARPF5XEBEGpUmINRUotV9B7Wtq5Nid9xTlUoUPiuVVVU+eEvwTw8F/tgOu\nITwUM/uOYJdI16XfL4qtGxab0wKBgQD2ZCIbXK4BO5+8YC23YWymspTK/YShfoYA\nM8Ktxdp+xHGZoNzbx+mSd6vvvtWPhiayje2ppc82OsB+q6BYQOYTRowwdidWBETd\nM7/Q/QKg9Zn3kM+WA71KDtK3VIQBqZfYjevpTEqGjG9XN1apWZh80YeU3uhBuaSZ\nKns62AxNYQKBgAj8jpBOotymro4CoNlLJPwrNGzvnX+lRNYMczU2xaetjXiXFIx1\njo1P1JRZJzvegVhyY43fm0qtf8eteQrDKdZ8RR5ZPEmDmhjS9cCdpxS+7ZxAGQrN\nC7kflPBl9cCJC5H0bdcOd11+OQOMVLV7G9zdwLlrXgKPOrS30BJGVplhAoGAU+YM\n5xxL9AeFgPOPHZ6DDNBKckSZYRRgNLlrVRjGKdxiglmQWxZbppAxb9Wfitu3WZ2S\ni+31/RVMbtWqJ+MRdQbUvbu98UBK4re4XUWKG50F7JLW3NIxJoKdpeeVe6twFUFe\nT3a2+dHgJ+akD85+aiI+9KZil97K+YzJoWPn7IECgYB9O3ZiTlT3N3iuML+CCrv/\nEttS+1sWf1fdwq1Roosw3JWxuXC45KNn/lUsk0jvVJkMM/XDxG19E3NyltMWr2de\nj0o4TgFsOvXh6k1k7ftMwauFooAdIgkn9HPU7zwv7eAwWfOOxz57RvVnKKvcUq9F\nrELh+ivyqdpAYiJ1z4+0LA==\n-----END PRIVATE KEY-----\n", | |
| "cert": "-----BEGIN CERTIFICATE-----\nMIIC/TCCAeWgAwIBAgIUDiCm76cjcg4Wd862cEzTzLqSzFswDQYJKoZIhvcNAQEL\nBQAwDjEMMAoGA1UEAwwDa2FzMB4XDTI0MTIxODIwMzUxNFoXDTI1MTIxODIwMzUx\nNFowDjEMMAoGA1UEAwwDa2FzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEA8QF4D9ko0T4SnjtTnS3KO87FPrjJ70BZ063NFvHkP71Boz/BzQAQN5ClHiWV\nBm+JchObutrAag/lWjlodLSEQiBD0Qv7Rd4UxOU3gySyYmPTd0eT/To1rhXsJ0BV\nyH0z6pq58taWKMH5HZ28QUs2/8U6ZOivss5Mq2XVtSb2HVv9QgRqaO6rX8X5Udws\ntd1deWA7lUw9qx1EozNnmFFPm+By6B7ymfO8tfJ8GjjDjDKm76eMRaMXJKBP15Lm\nh8h9VFiPR6gshQa4fn9uDjzD9Dd6jArHlyXNgkwRkl+IynQdFhqjqWXQcSlpSsSx\npSgHvSqNXmM1B3YYTaQUZlOB8wIDAQABo1MwUTAdBgNVHQ4EFgQUVl6EWRsZE5kf\nXR6EC9LDStsR1howHwYDVR0jBBgwFoAUVl6EWRsZE5kfXR6EC9LDStsR1howDwYD\nVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAJysUw1bQkm+UdIWubPVo\nh/h1YoSHMEmwtphLflMDiJvm1GIjFM5zVgnpmkiI9DVCAs8vyhHe+UVCgiCAMqU9\nuu1jYxXY54v8nx+Ps3X1snylIs82JHKXT1AJaXECSi0DwIuF3hIyPUJpK9AJ/PqC\nOvhq3sMX5p0D3bmk8518rRwkSZ2a7jn5qvLa6P0g4Ph32j5UdRmgvsgh/jJk7PkK\nHuf86yZ4KbkgU6kMs4rTOLNIBmMJlm7R9xrGMVwK8X/NPZWV4fBNQZPIJw7svNzo\npe60OK4cT0G0/LHEOGxCLpmxjq2+xedKkrmq6PrRZquL386RyjkCZh6F5AWJCqB9\n4g==\n-----END CERTIFICATE-----\n" | |
| }] | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| with: | |
| repository: opentdf/tests | |
| path: otdftests # use different name bc other repos might have tests directories | |
| - name: Set up Node 20 | |
| uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af | |
| with: | |
| node-version: "20.x" | |
| registry-url: https://npm.pkg.github.com | |
| - name: Set up Python 3.10 | |
| uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b | |
| with: | |
| python-version: "3.10" | |
| - uses: bufbuild/buf-setup-action@2211e06e8cf26d628cda2eea15c95f8c42b080b3 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up JDK | |
| uses: actions/setup-java@5896cecc08fd8a1fbdfaf517e29b571164b031f7 | |
| with: | |
| java-version: "11" | |
| distribution: "adopt" | |
| server-id: github | |
| ######## CHECKOUT WEB SDK ############# | |
| - name: Check out web-sdk | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| with: | |
| repository: opentdf/web-sdk | |
| path: web-sdk | |
| ref: ${{ env.JS_REF }} | |
| ######## SETUP THE JS CLI ############# | |
| - name: build the js cli | |
| id: build-web-sdk | |
| run: | | |
| make clean | |
| make cli | |
| CLI_NAME=$(cd cli && npm pkg get name | tr -d \") | |
| CLI_VERSION=$(cd cli && npm pkg get version | tr -d \") | |
| echo "CLI_PATH=cli/$(echo "$CLI_NAME" | tr -d @ | sed s1/1-1)-$CLI_VERSION.tgz" >>$GITHUB_OUTPUT | |
| working-directory: web-sdk | |
| - name: update packages | |
| run: |- | |
| npm un @opentdf/cli || true | |
| npm ci | |
| npm i ../../web-sdk/${{ steps.build-web-sdk.outputs.CLI_PATH }} | |
| npm list | |
| working-directory: otdftests/xtest | |
| ######## CHECKOUT GO CLI ############# | |
| - name: Check out otdfctl | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| with: | |
| repository: opentdf/otdfctl | |
| path: otdfctl | |
| ref: ${{ env.OTDFCTL_REF }} | |
| ######## SETUP THE GO CLI ############# | |
| - name: Prepare go cli | |
| run: |- | |
| for m in lib/fixtures lib/ocrypto protocol/go sdk; do | |
| go mod edit -replace github.com/opentdf/platform/${m}=../${{ steps.run-platform.outputs.platform-working-dir }}/${m} | |
| done | |
| go mod tidy | |
| go build . | |
| cp ./otdfctl ../otdftests/xtest/sdk/go/otdfctl | |
| working-directory: otdfctl | |
| ####### CHECKOUT JAVA SDK ############## | |
| - name: Check out java-sdk | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| with: | |
| repository: opentdf/java-sdk | |
| path: java-sdk | |
| ref: ${{ env.JAVA_REF }} | |
| ####### SETUP JAVA CLI ############## | |
| - name: Build java cli | |
| run: | | |
| mvn --batch-mode clean install -DskipTests | |
| env: | |
| BUF_INPUT_HTTPS_USERNAME: opentdf-bot | |
| BUF_INPUT_HTTPS_PASSWORD: ${{ secrets.PERSONAL_ACCESS_TOKEN_OPENTDF }} | |
| working-directory: java-sdk | |
| - name: Move java cli to xtest | |
| run: |- | |
| cp cmdline/target/cmdline.jar ../otdftests/xtest/sdk/java/cmdline.jar | |
| working-directory: java-sdk | |
| ######## RUN THE TESTS ############# | |
| - name: Install test dependencies | |
| run: |- | |
| pip install -r requirements.txt | |
| working-directory: otdftests/xtest | |
| # When the schema gets merged into the spec repo, we can just rely on that as a source of truth | |
| - name: Get manifest schema from platform repo | |
| run: |- | |
| curl -L -o manifest.schema.json https://raw.githubusercontent.com/opentdf/platform/main/sdk/schema/manifest.schema.json | |
| working-directory: otdftests/xtest | |
| - name: Validate xtests | |
| if: ${{ !inputs }} | |
| run: |- | |
| pytest test_nano.py test_self.py | |
| working-directory: otdftests/xtest | |
| - name: Run legacy decryption tests | |
| run: |- | |
| pytest -v test_legacy.py | |
| working-directory: otdftests/xtest | |
| env: | |
| PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' | |
| - name: Run xtests | |
| run: |- | |
| pytest -v test_tdfs.py | |
| working-directory: otdftests/xtest | |
| env: | |
| PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' | |
| SCHEMA_FILE: 'manifest.schema.json' | |
| ######## ATTRIBUTE BASED CONFIGURATION ############# | |
| - name: Start additional kas | |
| uses: opentdf/platform/test/start-additional-kas@main | |
| with: | |
| kas-port: 8181 | |
| kas-name: alpha | |
| - name: Start additional kas | |
| uses: opentdf/platform/test/start-additional-kas@main | |
| with: | |
| kas-port: 8282 | |
| kas-name: beta | |
| - name: Start additional kas | |
| uses: opentdf/platform/test/start-additional-kas@main | |
| with: | |
| kas-port: 8383 | |
| kas-name: gamma | |
| - name: Start additional kas | |
| uses: opentdf/platform/test/start-additional-kas@main | |
| with: | |
| kas-port: 8484 | |
| kas-name: delta | |
| - name: Run attribute based configuration tests | |
| run: |- | |
| pytest test_abac.py | |
| working-directory: otdftests/xtest | |
| env: | |
| PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' |