EAR Support #177
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: KBS e2e (Docker Compose and Sample TEE) | |
on: | |
pull_request: | |
branches: | |
- main | |
env: | |
TEST_SECRET_CONTENT: shhhhh | |
TEST_SECRET_PATH: test-org/test-repo/test-secret | |
jobs: | |
e2e-test: | |
runs-on: ubuntu-latest | |
env: | |
RUSTC_VERSION: 1.76.0 | |
steps: | |
- name: Checkout KBS | |
uses: actions/checkout@v4 | |
- name: Install Rust ${{ env.RUSTC_VERSION }} (for client) | |
run: | | |
rustup update --no-self-update ${{ env.RUSTC_VERSION }} | |
rustup component add --toolchain ${{ env.RUSTC_VERSION }} rustc | |
rustup default ${{ env.RUSTC_VERSION }} | |
- name: Build client | |
run: | | |
cargo build --manifest-path tools/kbs-client/Cargo.toml --no-default-features --features sample_only --release | |
- name: Setup Client Keys | |
run: | | |
openssl genpkey -algorithm ed25519 > kbs/config/private.key | |
openssl pkey -in kbs/config/private.key -pubout -out kbs/config/public.pub | |
- name: Setup Token Keys | |
run: | | |
openssl ecparam -name prime256v1 -genkey -noout -out kbs/config/pkey.pem | |
openssl pkcs8 -topk8 -inform PEM -outform PEM -in kbs/config/pkey.pem -nocrypt -out kbs/config/as-private-key.pem | |
openssl ec -in kbs/config/as-private-key.pem -pubout -out kbs/config/as-public-key.pem | |
- name: Build KBS Cluster | |
run: docker compose build | |
- name: Start KBS cluster | |
run: docker compose up -d | |
- name: Set Resource | |
working-directory: target/release/ | |
run: | | |
echo "$TEST_SECRET_CONTENT" > test-secret | |
./kbs-client --url http://127.0.0.1:8080 config --auth-private-key ../../kbs/config/private.key set-resource --path "$TEST_SECRET_PATH" --resource-file test-secret | |
- name: Get Resource (negative) | |
working-directory: target/release/ | |
run: | | |
! ./kbs-client --url http://127.0.0.1:8080 get-resource --path "$TEST_SECRET_PATH" | |
- name: Update policy | |
working-directory: target/release/ | |
run: ./kbs-client --url http://127.0.0.1:8080 config --auth-private-key ../../kbs/config/private.key set-resource-policy --policy-file "$policy_path" | |
env: | |
policy_path: ../../kbs/test/data/policy_2.rego | |
- name: Get Resource | |
working-directory: target/release/ | |
run: ./kbs-client --url http://127.0.0.1:8080 get-resource --path "$TEST_SECRET_PATH" |