From 977c64f03bbeebe775f6407b1585b95dfe3619ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ji=C5=99=C3=AD=20=C4=8Ctvrtka?= Date: Wed, 18 Sep 2024 21:23:13 +0200 Subject: [PATCH] PMM-13132 Changes, CI. --- .github/workflows/admin.yml | 1 + .github/workflows/agent.yml | 1 + .github/workflows/encryption-rotation.yml | 94 +++++++++++++++++++++++ .github/workflows/managed.yml | 1 + .github/workflows/qan-api2.yml | 1 + .github/workflows/ui.yml | 1 + .github/workflows/update.yml | 1 + .github/workflows/vmproxy.yml | 1 + encryption-rotation/main_test.go | 8 +- 9 files changed, 106 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/encryption-rotation.yml diff --git a/.github/workflows/admin.yml b/.github/workflows/admin.yml index 588ce72241..d7e559ca63 100644 --- a/.github/workflows/admin.yml +++ b/.github/workflows/admin.yml @@ -14,6 +14,7 @@ on: - "agent/**" - "api-tests/**" - "docs/**" + - "encryption-rotation/**" - "managed/**" - "qan-api2/**" - "update/**" diff --git a/.github/workflows/agent.yml b/.github/workflows/agent.yml index 957d19720e..82b7cfe5bc 100644 --- a/.github/workflows/agent.yml +++ b/.github/workflows/agent.yml @@ -15,6 +15,7 @@ on: - "api-tests/**" - "cli-tests/**" - "docs/**" + - "encryption-rotation/**" - "managed/**" - "qan-api2/**" - "update/**" diff --git a/.github/workflows/encryption-rotation.yml b/.github/workflows/encryption-rotation.yml new file mode 100644 index 0000000000..b98dee96de --- /dev/null +++ b/.github/workflows/encryption-rotation.yml @@ -0,0 +1,94 @@ +name: 'Encryption Rotation Tool' + +on: + push: + branches: + - main + - v3 + - pmm-* + tags: + - v[0-9]+.[0-9]+.[0-9]+* + + pull_request: + paths-ignore: + - "admin/**" + - "agent/**" + - "api-tests/**" + - "cli-tests/**" + - "docs/**" + - "managed/**" + - "qan-api2/**" + - "update/**" + - "vmproxy/**" + - "ui/**" + +jobs: + test: + name: Tests + runs-on: ubuntu-22.04 + + continue-on-error: true + + env: + + defaults: + run: + working-directory: ${{ github.workspace }}/encryption-rotation + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Go release + uses: actions/setup-go@v5 + with: + go-version-file: ${{ github.workspace }}/go.mod + cache: false + + - name: Enable Go build cache + uses: actions/cache@v4 + with: + path: ~/.cache/go-build + key: ${{ runner.os }}-go-build-${{ github.ref }}-${{ hashFiles('**') }} + restore-keys: | + ${{ runner.os }}-go-build-${{ github.ref }}- + ${{ runner.os }}-go-build- + + - name: Enable Go modules cache + uses: actions/cache@v4 + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-modules-${{ hashFiles('**/go.sum') }} + restore-keys: ${{ runner.os }}-go-modules- + + - name: Download Go modules + run: go mod download -x + + - name: Build and install + run: make install + + - name: Launch containers + env: + ENV_UP_FLAGS: "--detach" + run: make env-up + + - name: Run tests + run: go test ./... + + - name: Upload coverage results + uses: codecov/codecov-action@v4 + with: + file: cover.out + flags: agent + env_vars: MYSQL_IMAGE,MONGO_IMAGE,POSTGRES_IMAGE,PMM_SERVER_IMAGE + fail_ci_if_error: false + token: ${{ secrets.CODECOV_TOKEN }} + + - name: Run debug commands on failure + if: ${{ failure() }} + run: | + echo "--- Environment variables ---" + env | sort + echo "--- GO Environment ---" + go env | sort + git status diff --git a/.github/workflows/managed.yml b/.github/workflows/managed.yml index 170bf9835c..66476ef61e 100644 --- a/.github/workflows/managed.yml +++ b/.github/workflows/managed.yml @@ -15,6 +15,7 @@ on: - 'api-tests/**' - 'cli-tests/**' - 'docs/**' + - "encryption-rotation/**" - 'qan-api2/**' - 'update/**' - 'vmproxy/**' diff --git a/.github/workflows/qan-api2.yml b/.github/workflows/qan-api2.yml index 2cee867f7f..8f1d00a6ae 100644 --- a/.github/workflows/qan-api2.yml +++ b/.github/workflows/qan-api2.yml @@ -16,6 +16,7 @@ on: - "api-tests/**" - "cli-tests/**" - "docs/**" + - "encryption-rotation/**" - "managed/**" - "update/**" - "vmproxy/**" diff --git a/.github/workflows/ui.yml b/.github/workflows/ui.yml index b243ef265e..2ca2d99678 100644 --- a/.github/workflows/ui.yml +++ b/.github/workflows/ui.yml @@ -15,6 +15,7 @@ on: - "api-tests/**" - "cli-tests/**" - "docs/**" + - "encryption-rotation/**" - "managed/**" - "managed-dev/**" - "qan-api2/**" diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml index c0b325c860..f20e8b9cc7 100644 --- a/.github/workflows/update.yml +++ b/.github/workflows/update.yml @@ -15,6 +15,7 @@ on: - "api-tests/**" - "cli-tests/**" - "docs/**" + - "encryption-rotation/**" - "managed/**" - "qan-api2/**" - "vmproxy/**" diff --git a/.github/workflows/vmproxy.yml b/.github/workflows/vmproxy.yml index 94753ca9a6..f55754c6fd 100644 --- a/.github/workflows/vmproxy.yml +++ b/.github/workflows/vmproxy.yml @@ -16,6 +16,7 @@ on: - "api-tests/**" - "cli-tests/**" - "docs/**" + - "encryption-rotation/**" - "managed/**" - "qan-api2/**" - "update/**" diff --git a/encryption-rotation/main_test.go b/encryption-rotation/main_test.go index 13940f51cc..1a8a05c7af 100644 --- a/encryption-rotation/main_test.go +++ b/encryption-rotation/main_test.go @@ -36,8 +36,10 @@ import ( const ( encryptionKeyTestPath = "/srv/pmm-encryption-rotation-test.key" originEncryptionKey = `CMatkOIIEmQKWAowdHlwZS5nb29nbGVhcGlzLmNvbS9nb29nbGUuY3J5cHRvLnRpbmsuQWVzR2NtS2V5EiIaIKDxOKZxwiJl5Hj6oPZ/unTzmAvfwHWzZ1Wli0vac15YGAEQARjGrZDiCCAB` - originUsernameHash = `AYxEFsZVZMH7UErzcQ8vbm3lVza//yRF6o/yTH7tcRD0PAwsESt6c/d0BzM=` - originPasswordHash = `AYxEFsa5GYg97cnETVOU/A7ZPjrG7A1je3qlu+g5pKI/uH2ndz3lzCaZwkU=` //nolint:gosec + // pmm-managed-username encrypted with originEncryptionKey + originUsernameHash = `AYxEFsbCFxg31sCqO4KlCsqASFYNeHapjT+vf8seEhsQrN5hWOCuvCSxd/ZERv8RODu3oX4=` + // pmm-managed-password encrypted with originEncryptionKey + originPasswordHash = `AYxEFsajO8X5rrXG4ocOEE4ltWuaNmy7Uz0GyDgZ/Q04O2biFah5IdkenQ9ehXwv+nyiwDw=` //nolint:gosec ) func TestEncryptionRotation(t *testing.T) { @@ -63,7 +65,7 @@ func TestEncryptionRotation(t *testing.T) { func createOriginEncryptionKey() error { encryption.DefaultEncryptionKeyPath = encryptionKeyTestPath - return os.WriteFile(encryptionKeyTestPath, []byte(originEncryptionKey), 0o600) + return os.WriteFile(encryptionKeyTestPath, []byte(originEncryptionKey), 0o644) } func insertTestData(db *sql.DB) error {