-
Notifications
You must be signed in to change notification settings - Fork 258
158 lines (147 loc) · 6.39 KB
/
test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
name: TestSuite
on:
push:
branches:
- "py3_master"
- "master"
- "dev_v3"
- "dev"
jobs:
tests:
runs-on: ubuntu-latest
env:
AWS_REGION: 'eu-west-1'
permissions:
id-token: write
contents: read
services:
redis:
# TODO: ensure this is identical to whatever is in the compose files. Simple linter should suffice.
image: redis@sha256:03f00cd789243846888e2f834c762f53b224b9970b434a192b0f6b533d7e219c
#
ports:
# Opens tcp port 6379 on the host and service container
- 6379:6379
# Set health checks to wait until redis has started
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
mysql:
image: mysql@sha256:940fdfa3dc408fb792a8cceb21cafda4b7cd56ce4fbc32833766bdd2a57d6a4f
env:
MYSQL_ALLOW_EMPTY_PASSWORD: 1
ports:
- 3307:3306
options: >-
--health-cmd="mysqladmin ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
strategy:
matrix:
python-version: ["3.10"]
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::164951611079:role/Canarytokens-staging-github-action
role-session-name: GitHubActions-${{ github.actor }}-${{ github.workflow }}-${{ github.run_id }}-${{ github.run_number }}
aws-region: ${{ env.AWS_REGION }}
- uses: actions/checkout@v2
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.python-version }}
- name: Get full python version
id: full-python-version
run: |
echo ::set-output name=version::$(python -c "import sys; print('-'.join(str(v) for v in sys.version_info[:3]))")
- name: Install deps
run: |
sudo apt update -y
sudo apt install libzbar0 -y
sudo apt install wireguard
sudo apt install mysql-client
sudo apt-get install subversion
sudo apt-get install openssh-server
curl -sSL https://install.python-poetry.org | python -
poetry config virtualenvs.in-project true
sudo apt-get update -y
sudo apt-get install -y apt-transport-https ca-certificates curl
sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://dl.k8s.io/apt/doc/apt-key.gpg
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update -y
sudo apt-get install -y kubectl
sudo apt-get install -y osslsigncode
sudo apt install redis-tools
- name: Set up cache
uses: actions/cache@v1
with:
path: .venv
key: venv-${{ runner.os }}-${{ steps.full-python-version.outputs.version }}-${{ hashFiles('**/poetry.lock') }}
- name: Install python dependencies
run: |
poetry install -E 'twisted web'
- name: Check pre-commit is happy
run: |
poetry run pre-commit install
SKIP=no-commit-to-branch poetry run pre-commit run --all-files
- name: Run unit tests
env:
CANARY_MAILGUN_DOMAIN_NAME: syruppdfs.com
CANARY_MAILGUN_BASE_URL: https://api.eu.mailgun.net
CANARY_ALERT_EMAIL_FROM_ADDRESS: [email protected]
CANARY_ALERT_EMAIL_FROM_DISPLAY: Canarytoken Mail
CANARY_ALERT_EMAIL_SUBJECT: Your Canarytoken was Triggered
# Here we gather coverage info on all tests.
run: |
mv frontend/frontend.env.dist frontend/frontend.env
mv switchboard/switchboard.env.dist switchboard/switchboard.env
export CANARY_AWSID_URL=$(aws ssm get-parameter --name "/staging/awsid_url" --with-decryption --region eu-west-1 | jq -r '.Parameter.Value')
export CANARY_TESTING_AWS_ACCESS_KEY_ID=${{ secrets.TESTING_AWS_ACCESS_KEY_ID }}
export CANARY_TESTING_AWS_SECRET_ACCESS_KEY=${{ secrets.TESTING_AWS_SECRET_ACCESS_KEY }}
export CANARY_SENDGRID_API_KEY=${{ secrets.TESTING_SENDGRID_API_KEY }}
export CANARY_MAILGUN_API_KEY=${{ secrets.TESTING_MAILGUN_API_KEY }}
export CANARY_SENTRY_ENVIRONMENT=ci
export CANARY_WEB_IMAGE_UPLOAD_PATH=../uploads
cd tests
poetry run coverage run --source=../canarytokens --omit="integration/test_custom_binary.py,integration/test_sql_server_token.py" -m pytest units --runv3 -v
- name: Check coverage is over threshold percentage for unit tests
# Here we check coverage info on all tests
run: |
cd tests
poetry run coverage report --omit="integration/test_custom_binary.py,integration/test_sql_server_token.py" --fail-under 90
- name: Run integration tests (against local V3)
run: |
redis-cli flushall
mkdir uploads
make switchboard &
make frontend &
cd tests
sleep 10
export TEST_NETWORK=`docker network ls | grep git | python -c "from sys import stdin; print(stdin.read().split()[1])"`
export TEST_HOST=`docker network inspect $TEST_NETWORK | jq '.[0].IPAM.Config[0].Gateway' | sed 's/"//g'`
LIVE=False poetry run coverage run --source=../canarytokens --omit=integration/test_custom_binary.py -m pytest integration --runv3 -v
windows-tests:
runs-on: windows-latest
steps:
- uses: actions/checkout@v2
- name: Install deps
run: |
python -m pip install --user pipx
python -m pipx ensurepath
python -m pipx install poetry==1.3.2
- name: Install python dependencies
# poetry cache clear --all pypi ref: https://stackoverflow.com/questions/72551057/poetry-gives-toomanyindirects-error-suddenly
# Remove when this is resolved.
run: |
poetry config virtualenvs.in-project true
poetry cache clear --all pypi
poetry install -E 'twisted web'
- name: Integration Tests
run: |
$env:LIVE = 'True'
cd tests
poetry run coverage run --source=.\integration -m pytest .\integration\test_custom_binary.py --runv3