kbs: Bail if the jwk sets cannot be downloaded #497
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: KBS e2e (Docker Compose and Sample TEE) | |
on: | |
pull_request: | |
branches: | |
- main | |
env: | |
TEST_SECRET_CONTENT: shhhhh | |
TEST_SECRET_PATH: test-org/test-repo/test-secret | |
jobs: | |
e2e-test: | |
runs-on: ubuntu-latest | |
env: | |
RUSTC_VERSION: 1.76.0 | |
steps: | |
- name: Checkout KBS | |
uses: actions/checkout@v4 | |
- name: Install Rust ${{ env.RUSTC_VERSION }} (for client) | |
uses: actions-rust-lang/setup-rust-toolchain@v1 | |
with: | |
toolchain: ${{ env.RUSTC_VERSION }} | |
components: rustfmt, clippy | |
- name: Build client | |
run: | | |
cargo build --manifest-path tools/kbs-client/Cargo.toml --no-default-features --features sample_only --release | |
- name: Setup Keys | |
run: | | |
openssl genpkey -algorithm ed25519 > kbs/config/private.key | |
openssl pkey -in kbs/config/private.key -pubout -out kbs/config/public.pub | |
- name: Build KBS Cluster | |
run: docker compose build | |
- name: Start KBS cluster | |
run: docker compose up -d | |
- name: Set Resource | |
working-directory: target/release/ | |
run: | | |
echo "$TEST_SECRET_CONTENT" > test-secret | |
./kbs-client --url http://127.0.0.1:8080 config --auth-private-key ../../kbs/config/private.key set-resource --path "$TEST_SECRET_PATH" --resource-file test-secret | |
- name: Get Resource (negative) | |
working-directory: target/release/ | |
run: | | |
! ./kbs-client --url http://127.0.0.1:8080 get-resource --path "$TEST_SECRET_PATH" | |
- name: Update policy | |
working-directory: target/release/ | |
run: ./kbs-client --url http://127.0.0.1:8080 config --auth-private-key ../../kbs/config/private.key set-resource-policy --policy-file "$policy_path" | |
env: | |
policy_path: ../../kbs/test/data/policy_2.rego | |
- name: Get Resource | |
working-directory: target/release/ | |
run: ./kbs-client --url http://127.0.0.1:8080 get-resource --path "$TEST_SECRET_PATH" |