Implement activedirectory.rotate_credentials and ldap.rotate_static_credentials #1018
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Lint and Test | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| env: | |
| PYTEST_ADDOPTS: '--color=yes' | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: | |
| - "3.8" | |
| - "3.9" | |
| - "3.10" | |
| - "3.11" | |
| - "3.12" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| show-progress: false | |
| - name: Install Poetry | |
| uses: snok/install-poetry@v1.3.4 | |
| with: | |
| version: 1.6.1 | |
| virtualenvs-create: true | |
| virtualenvs-in-project: true | |
| - name: Set up Python ${{ matrix.python-version }} | |
| id: python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| allow-prereleases: true | |
| cache: poetry | |
| - name: Install dependencies | |
| if: steps.python.outputs.cache-hit != 'true' | |
| run: poetry install --no-interaction --no-root --with dev | |
| - name: Install library | |
| run: poetry install --no-interaction | |
| - name: Check formatting with `black` | |
| run: poetry run black --check . | |
| - name: Lint with `flake8` | |
| run: poetry run flake8 . --count --statistics | |
| - name: Check for typos | |
| run: poetry run typos --color always | |
| docs-tests: | |
| name: Documentation Tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| show-progress: false | |
| - name: Install Poetry | |
| uses: snok/install-poetry@v1.3.4 | |
| with: | |
| version: 1.6.1 | |
| virtualenvs-create: true | |
| virtualenvs-in-project: true | |
| - name: Set up Python | |
| id: python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.x" | |
| cache: poetry | |
| - name: Install dependencies | |
| run: poetry install --no-interaction --no-root --with dev,docs | |
| - name: Install library | |
| run: poetry install --no-interaction | |
| - name: Install Vault (for doctests) | |
| run: | | |
| curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - | |
| echo "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" \ | |
| | sudo tee /etc/apt/sources.list.d/hashicorp.list | |
| sudo apt update \ | |
| -o Dir::Etc::sourceparts="-" \ | |
| -o APT::Get::List-Cleanup="0" \ | |
| -o Dir::Etc::sourcelist="sources.list.d/hashicorp.list" | |
| sudo apt install \ | |
| vault-enterprise=1.7.2+ent \ | |
| ; | |
| # We disble cap_ipc_lock here as its generally incompatabile with GitHub | |
| # Actions' runtime environments. | |
| sudo setcap cap_ipc_lock= /usr/bin/vault | |
| - name: Sphinx - doctest Build | |
| working-directory: ./docs | |
| run: | | |
| poetry run make doctest | |
| unit-tests: | |
| name: Unit Tests | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: | |
| - "3.8" | |
| - "3.9" | |
| - "3.10" | |
| - "3.11" | |
| - "3.12" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| show-progress: false | |
| - name: Install Poetry | |
| uses: snok/install-poetry@v1.3.4 | |
| with: | |
| version: 1.6.1 | |
| virtualenvs-create: true | |
| virtualenvs-in-project: true | |
| - name: Set up Python ${{ matrix.python-version }} | |
| id: python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| allow-prereleases: true | |
| cache: poetry | |
| - name: Install dependencies | |
| if: steps.python.outputs.cache-hit != 'true' | |
| run: poetry install --no-interaction --no-root --with dev | |
| - name: Install library | |
| run: poetry install --no-interaction | |
| - name: pytest tests/unit_tests | |
| run: | | |
| poetry run pytest \ | |
| -rsxfE \ | |
| --cov=hvac \ | |
| --cov-report=xml:reports/coverage_units_py${{ matrix.python-version }}.xml \ | |
| tests/unit_tests | |
| - name: Upload unit tests coverage artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: coverage_reports | |
| path: reports/*.xml | |
| if-no-files-found: error | |
| retention-days: 1 | |
| integration-tests: | |
| name: Integration Tests | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: | |
| - "3.8" | |
| vault-version: | |
| - "vault-enterprise=1.6.*+ent" | |
| - "vault-enterprise=1.7.*+ent" | |
| - "vault=1.11.*" | |
| - "vault=1.12.*" | |
| - "vault=1.13.*" | |
| - "vault=1.14.*" | |
| - "vault=1.15.*" | |
| - "vault=1.16.*" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| show-progress: false | |
| - name: Install Poetry | |
| uses: snok/install-poetry@v1.3.4 | |
| with: | |
| version: 1.6.1 | |
| virtualenvs-create: true | |
| virtualenvs-in-project: true | |
| - name: Set up Python ${{ matrix.python-version }} | |
| id: python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| allow-prereleases: true | |
| cache: poetry | |
| - name: Install dependencies | |
| if: steps.python.outputs.cache-hit != 'true' | |
| run: poetry install --no-interaction --no-root --with dev | |
| - name: Install library | |
| run: poetry install --no-interaction | |
| - name: Install Vault and Consul (for integration tests) | |
| run: | | |
| curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - | |
| echo "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" \ | |
| | sudo tee /etc/apt/sources.list.d/hashicorp.list | |
| sudo apt update \ | |
| -o Dir::Etc::sourceparts="-" \ | |
| -o APT::Get::List-Cleanup="0" \ | |
| -o Dir::Etc::sourcelist="sources.list.d/hashicorp.list" | |
| sudo apt install \ | |
| consul \ | |
| ${{ matrix.vault-version }} \ | |
| ; | |
| # We disble cap_ipc_lock here as its generally incompatabile with GitHub | |
| # Actions' runtime environments. | |
| sudo setcap cap_ipc_lock= /usr/bin/vault | |
| - name: pytest tests/integration_tests | |
| env: | |
| COVFILE: coverage_integration_py${{ matrix.python-version }}_${{ matrix.vault-version }}.xml | |
| run: | | |
| poetry run pytest \ | |
| -rsxfE \ | |
| --cov=hvac \ | |
| --cov-report=xml:reports/${COVFILE//[^A-Za-z0-9\-_\.]/_} \ | |
| tests/integration_tests | |
| - name: Upload integration tests coverage artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: coverage_reports | |
| path: reports/*.xml | |
| if-no-files-found: error | |
| retention-days: 1 | |
| upload-to-codecov: | |
| name: Upload to Codecov | |
| runs-on: ubuntu-latest | |
| needs: | |
| - unit-tests | |
| - integration-tests | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| show-progress: false | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v3 | |
| - name: Upload to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| fail_ci_if_error: true |