Skip to content

Test get-vault-secrets action #307

Test get-vault-secrets action

Test get-vault-secrets action #307

name: Test get-vault-secrets action
on:
push:
branches:
- main
paths:
- "actions/get-vault-secrets/**"
- ".github/workflows/test-get-vault-secrets.yaml"
pull_request:
paths:
- "actions/get-vault-secrets/**"
- ".github/workflows/test-get-vault-secrets.yaml"
types:
- edited
- opened
- ready_for_review
- synchronize
merge_group:
permissions:
contents: read
id-token: write
jobs:
test:
strategy:
matrix:
instance:
- dev
- ops
- invalid
runs-on: ubuntu-latest
# The `get-vault-secrets` action only works when run from a `grafana`
# repository, so skip this test if the PR is from a different repository. We
# will still get a run of this workflow for the change before merging, as we
# use merge queues.
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.owner.login == 'grafana'
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Test Vault Action
id: test-vault-action
uses: ./actions/get-vault-secrets
continue-on-error: true
with:
vault_instance: ${{ matrix.instance }}
repo_secrets: |
INSTANCE=test-get-vault-secret:instance
- name: Check secret value is ${{ matrix.instance }}
if: matrix.instance != 'invalid'
run: |
if [[ "${{ env.INSTANCE }}" != "${{ matrix.instance }}" ]]; then
echo "Test failed: secret value does not match vault_instance input"
exit 1
fi
- name: Ensure 'invalid' errored
if: matrix.instance == 'invalid' && steps.test-vault-action.outcome != 'failure'
run: |
echo "Test failed: 'invalid' should have errored"
exit 1
bats-test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup BATS testing framework
uses: mig4/setup-bats@af9a00deb21b5d795cabfeaa8d9060410377686d # v1.2.0
- name: Run tests
run: |
cd actions/get-vault-secrets
./translate-secrets.bats