Convert hashicorp/vault-ruby to GitHub Actions (#287)

* Add workflow hashicorp/vault-ruby/run-tests * SHA-pin all 3rd-party actions * Restrict workflow permissions * Add actionslint * Add dependabot * Add CODEOWNERS * Replace deprecated references * add new config Signed-off-by: Daniel Huckins <[email protected]> * remove app id Signed-off-by: Daniel Huckins <[email protected]> * Fixnum is deprecated Signed-off-by: Daniel Huckins <[email protected]> * add webrick Signed-off-by: Daniel Huckins <[email protected]> * update codeowners Signed-off-by: Daniel Huckins <[email protected]> * remove circleci Signed-off-by: Daniel Huckins <[email protected]> --------- Signed-off-by: Daniel Huckins <[email protected]> Co-authored-by: Daniel Huckins <[email protected]>
hashicorp · Apr 24, 2023 · 3764e56 · 3764e56
1 parent b34b02a
commit 3764e56
Show file tree

Hide file tree

Showing 9 changed files with 110 additions and 173 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,7 @@
+version: 2
+
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
@@ -0,0 +1,14 @@
+# If the repository is public, be sure to change to GitHub hosted runners
+name: Lint GitHub Actions Workflows
+on:
+  push:
+  pull_request:
+permissions:
+  contents: read
+jobs:
+  actionlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - name: "Check workflow files"
+        uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint:latest
diff --git a/.github/workflows/jira.yaml b/.github/workflows/jira.yaml
@@ -5,68 +5,62 @@ on:
     types: [opened, closed, reopened]
   issue_comment: # Also triggers when commenting on a PR from the conversation view
     types: [created]
-
 name: Jira Sync
-
 jobs:
   sync:
     runs-on: ubuntu-latest
     name: Jira sync
     steps:
-    - name: Login
-      uses: atlassian/[email protected]
-      env:
-        JIRA_BASE_URL: ${{ secrets.JIRA_SYNC_BASE_URL }}
-        JIRA_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }}
-        JIRA_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }}
-
-    - name: Preprocess
-      if: github.event.action == 'opened' || github.event.action == 'created'
-      id: preprocess
-      run: |
-        if [[ "${{ github.event_name }}" == "pull_request_target" ]]; then
-          echo "::set-output name=type::PR"
-        else
-          echo "::set-output name=type::ISS"
-        fi
-
-    - name: Create ticket
-      if: github.event.action == 'opened'
-      uses: tomhjp/[email protected]
-      with:
-        project: VAULT
-        issuetype: "GH Issue"
-        summary: "${{ github.event.repository.name }} [${{ steps.preprocess.outputs.type }} #${{ github.event.issue.number || github.event.pull_request.number }}]: ${{ github.event.issue.title || github.event.pull_request.title }}"
-        description: "${{ github.event.issue.body || github.event.pull_request.body }}\n\n_Created from GitHub Action for ${{ github.event.issue.html_url || github.event.pull_request.html_url }} from ${{ github.actor }}_"
-        # customfield_10089 is Issue Link custom field
-        # customfield_10091 is team custom field
-        extraFields: '{"fixVersions": [{"name": "TBD"}], "customfield_10091": ["ecosystem", "applications"], "customfield_10089": "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"}'
-
-    - name: Search
-      if: github.event.action != 'opened'
-      id: search
-      uses: tomhjp/[email protected]
-      with:
-        # cf[10089] is Issue Link custom field
-        jql: 'project = "VAULT" and cf[10089]="${{ github.event.issue.html_url || github.event.pull_request.html_url }}"'
-
-    - name: Sync comment
-      if: github.event.action == 'created' && steps.search.outputs.issue
-      uses: tomhjp/[email protected]
-      with:
-        issue: ${{ steps.search.outputs.issue }}
-        comment: "${{ github.actor }} ${{ github.event.review.state || 'commented' }}:\n\n${{ github.event.comment.body || github.event.review.body }}\n\n${{ github.event.comment.html_url || github.event.review.html_url }}"
-
-    - name: Close ticket
-      if: (github.event.action == 'closed' || github.event.action == 'deleted') && steps.search.outputs.issue
-      uses: atlassian/[email protected]
-      with:
-        issue: ${{ steps.search.outputs.issue }}
-        transition: Closed
-
-    - name: Reopen ticket
-      if: github.event.action == 'reopened' && steps.search.outputs.issue
-      uses: atlassian/[email protected]
-      with:
-        issue: ${{ steps.search.outputs.issue }}
-        transition: "Pending Triage"
+      - name: Login
+        uses: atlassian/gajira-login@ca13f8850ea309cf44a6e4e0c49d9aa48ac3ca4c # v3
+        env:
+          JIRA_BASE_URL: ${{ secrets.JIRA_SYNC_BASE_URL }}
+          JIRA_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }}
+          JIRA_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }}
+      - name: Preprocess
+        if: github.event.action == 'opened' || github.event.action == 'created'
+        id: preprocess
+        run: |
+          if [[ "${{ github.event_name }}" == "pull_request_target" ]]; then
+            echo "type=PR" >> "$GITHUB_OUTPUT"
+          else
+            echo "type=ISS" >> "$GITHUB_OUTPUT"
+          fi
+      - name: Create ticket
+        if: github.event.action == 'opened'
+        uses: tomhjp/gh-action-jira-create@3ed1789cad3521292e591a7cfa703215ec1348bf # v0.2.1
+        with:
+          project: VAULT
+          issuetype: "GH Issue"
+          summary: "${{ github.event.repository.name }} [${{ steps.preprocess.outputs.type }} #${{ github.event.issue.number || github.event.pull_request.number }}]: ${{ github.event.issue.title || github.event.pull_request.title }}"
+          description: "${{ github.event.issue.body || github.event.pull_request.body }}\n\n_Created from GitHub Action for ${{ github.event.issue.html_url || github.event.pull_request.html_url }} from ${{ github.actor }}_"
+          # customfield_10089 is Issue Link custom field
+          # customfield_10091 is team custom field
+          extraFields: '{"fixVersions": [{"name": "TBD"}], "customfield_10091": ["ecosystem", "applications"], "customfield_10089": "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"}'
+      - name: Search
+        if: github.event.action != 'opened'
+        id: search
+        uses: tomhjp/gh-action-jira-search@04700b457f317c3e341ce90da5a3ff4ce058f2fa # v0.2.2
+        with:
+          # cf[10089] is Issue Link custom field
+          jql: 'project = "VAULT" and cf[10089]="${{ github.event.issue.html_url || github.event.pull_request.html_url }}"'
+      - name: Sync comment
+        if: github.event.action == 'created' && steps.search.outputs.issue
+        uses: tomhjp/gh-action-jira-comment@6eb6b9ead70221916b6badd118c24535ed220bd9 # v0.2.0
+        with:
+          issue: ${{ steps.search.outputs.issue }}
+          comment: "${{ github.actor }} ${{ github.event.review.state || 'commented' }}:\n\n${{ github.event.comment.body || github.event.review.body }}\n\n${{ github.event.comment.html_url || github.event.review.html_url }}"
+      - name: Close ticket
+        if: (github.event.action == 'closed' || github.event.action == 'deleted') && steps.search.outputs.issue
+        uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3
+        with:
+          issue: ${{ steps.search.outputs.issue }}
+          transition: Closed
+      - name: Reopen ticket
+        if: github.event.action == 'reopened' && steps.search.outputs.issue
+        uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3
+        with:
+          issue: ${{ steps.search.outputs.issue }}
+          transition: "Pending Triage"
+permissions:
+  contents: read
diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml
@@ -0,0 +1,33 @@
+name: hashicorp/vault-ruby/run-tests
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        # https://endoflife.date/ruby
+        ruby: ["2.7", "3.0", "3.1", "3.2"]
+        vault: ["1.11.9", "1.12.5", "1.13.1"]
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+      - name: "Install vault cli"
+        run: |
+          curl -sLo vault.zip "https://releases.hashicorp.com/vault/${{ matrix.vault }}/vault_${{ matrix.vault }}_linux_amd64.zip"
+          unzip vault.zip
+          mkdir -p "$HOME/bin"
+          mv vault "$HOME/bin"
+          echo "$HOME/bin" >> "$GITHUB_PATH"
+      - run: bundle exec rake
+
+permissions:
+  contents: read
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -0,0 +1 @@
+* @hashicorp/vault-devex
diff --git a/spec/integration/api/auth_spec.rb b/spec/integration/api/auth_spec.rb
@@ -25,43 +25,6 @@ module Vault
       end
     end
 
-    describe "#app_id" do
-      before(:context) do
-        @app_id  = "aeece56e-3f9b-40c3-8f85-781d3e9a8f68"
-        @user_id = "3b87be76-95cf-493a-a61b-7d5fc70870ad"
-
-        vault_test_client.sys.enable_auth("app-id", "app-id", nil)
-        vault_test_client.logical.write("auth/app-id/map/app-id/#{@app_id}", { value: "default" })
-        vault_test_client.logical.write("auth/app-id/map/user-id/#{@user_id}", { value: @app_id })
-
-        vault_test_client.sys.enable_auth("new-app-id", "app-id", nil)
-        vault_test_client.logical.write("auth/new-app-id/map/app-id/#{@app_id}", { value: "default" })
-        vault_test_client.logical.write("auth/new-app-id/map/user-id/#{@user_id}", { value: @app_id })
-      end
-
-      before do
-        subject.token = nil
-      end
-
-      it "authenticates and saves the token on the client" do
-        result = subject.auth.app_id(@app_id, @user_id)
-        expect(subject.token).to eq(result.auth.client_token)
-      end
-
-      it "authenticates with custom options" do
-        result = subject.auth.app_id(@app_id, @user_id, mount: "new-app-id")
-        expect(subject.token).to eq(result.auth.client_token)
-      end
-
-      it "raises an error if the authentication is bad" do
-        expect {
-          expect {
-            subject.auth.app_id("nope", "bad")
-          }.to raise_error(HTTPError)
-        }.to_not change(subject, :token)
-      end
-    end
-
     describe "#approle", vault: ">= 0.6.1" do
       before(:context) do
         @approle  = "sample-role-name"

diff --git a/spec/integration/api/sys/health_spec.rb b/spec/integration/api/sys/health_spec.rb
@@ -16,7 +16,7 @@ module Vault
         expect(result.standby?).to be(false)
         expect(result.replication_performance_mode).to be_a(String).or be(nil) # added in 0.9.2
         expect(result.replication_dr_mode).to be_a(String).or be(nil) # added in 0.9.2
-        expect(result.server_time_utc).to be_a(Fixnum)
+        expect(result.server_time_utc).to be_a(Integer)
         expect(result.version).to be_a(String).or be(nil) # added in 0.6.1
         expect(result.cluster_name).to be_a(String).or be(nil)
         expect(result.cluster_id).to be_a(String).or be(nil)

diff --git a/vault.gemspec b/vault.gemspec
@@ -29,4 +29,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rspec",   "~> 3.5"
   spec.add_development_dependency "yard",    "~> 0.9.24"
   spec.add_development_dependency "webmock", "~> 3.8.3"
+  spec.add_development_dependency "webrick", "~> 1.5"
 end