feat: hardware security module's support #1510
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Check API For Breaking Changes" | |
on: | |
pull_request: | |
types: [opened, synchronize] | |
paths: | |
- "backend/src/server/routes/**" | |
- "backend/src/ee/routes/**" | |
jobs: | |
check-be-api-changes: | |
name: Check API Changes | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
steps: | |
- name: Checkout source | |
uses: actions/checkout@v3 | |
# - name: Setup Node 20 | |
# uses: actions/setup-node@v3 | |
# with: | |
# node-version: "20" | |
# uncomment this when testing locally using nektos/act | |
- uses: KengoTODA/actions-setup-docker-compose@v1 | |
if: ${{ env.ACT }} | |
name: Install `docker compose` for local simulations | |
with: | |
version: "2.14.2" | |
- name: 📦Build the latest image | |
run: docker build --tag infisical-api . | |
working-directory: backend | |
- name: Start postgres and redis | |
run: touch .env && docker compose -f docker-compose.dev.yml up -d db redis | |
- name: Start the server | |
run: | | |
echo "SECRET_SCANNING_GIT_APP_ID=793712" >> .env | |
echo "SECRET_SCANNING_PRIVATE_KEY=some-random" >> .env | |
echo "SECRET_SCANNING_WEBHOOK_SECRET=some-random" >> .env | |
docker run --name infisical-api -d -p 4000:4000 -e DB_CONNECTION_URI=$DB_CONNECTION_URI -e REDIS_URL=$REDIS_URL -e JWT_AUTH_SECRET=$JWT_AUTH_SECRET -e ENCRYPTION_KEY=$ENCRYPTION_KEY --env-file .env --entrypoint '/bin/sh' infisical-api -c "npm run migration:latest && ls && node dist/main.mjs" | |
env: | |
REDIS_URL: redis://172.17.0.1:6379 | |
DB_CONNECTION_URI: postgres://infisical:[email protected]:5432/infisical?sslmode=disable | |
JWT_AUTH_SECRET: something-random | |
ENCRYPTION_KEY: 4bnfe4e407b8921c104518903515b218 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: '1.21.5' | |
- name: Wait for container to be stable and check logs | |
run: | | |
SECONDS=0 | |
HEALTHY=0 | |
while [ $SECONDS -lt 60 ]; do | |
if docker ps | grep infisical-api | grep -q healthy; then | |
echo "Container is healthy." | |
HEALTHY=1 | |
break | |
fi | |
echo "Waiting for container to be healthy... ($SECONDS seconds elapsed)" | |
docker logs infisical-api | |
sleep 2 | |
SECONDS=$((SECONDS+2)) | |
done | |
if [ $HEALTHY -ne 1 ]; then | |
echo "Container did not become healthy in time" | |
exit 1 | |
fi | |
- name: Install openapi-diff | |
run: go install github.com/tufin/oasdiff@latest | |
- name: Running OpenAPI Spec diff action | |
run: oasdiff breaking https://app.infisical.com/api/docs/json http://localhost:4000/api/docs/json --fail-on ERR | |
- name: cleanup | |
run: | | |
docker compose -f "docker-compose.dev.yml" down | |
docker stop infisical-api | |
docker remove infisical-api |