Skip to content

feat: Doc field encryption (#2817) #2150

feat: Doc field encryption (#2817)

feat: Doc field encryption (#2817) #2150

# Copyright 2022 Democratized Data Foundation
#
# Use of this software is governed by the Business Source License
# included in the file licenses/BSL.txt.
#
# As of the Change Date specified in that file, in accordance with
# the Business Source License, use of this software will be governed
# by the Apache License, Version 2.0, included in the file
# licenses/APL.txt.
name: Test And Upload Coverage Workflow
on:
pull_request:
branches:
- master
- develop
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
branches:
- master
- develop
jobs:
run-tests:
name: Run tests matrix job
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest]
client-type: [go, http, cli]
database-type: [badger-file, badger-memory]
mutation-type: [gql, collection-named, collection-save]
lens-type: [wasm-time]
database-encryption: [false]
include:
- os: ubuntu-latest
client-type: go
database-type: badger-memory
mutation-type: collection-save
lens-type: wasm-time
database-encryption: true
- os: ubuntu-latest
client-type: go
database-type: badger-memory
mutation-type: collection-save
lens-type: wazero
database-encryption: false
- os: ubuntu-latest
client-type: go
database-type: badger-memory
mutation-type: collection-save
lens-type: wasmer
database-encryption: false
- os: macos-latest
client-type: go
database-type: badger-memory
mutation-type: collection-save
lens-type: wasm-time
database-encryption: false
## TODO: https://github.com/sourcenetwork/defradb/issues/2080
## Uncomment the lines below to Re-enable the windows build once this todo is resolved.
## - os: windows-latest
## client-type: go
## database-type: badger-memory
## mutation-type: collection-save
## lens-type: wasm-time
## database-encryption: false
runs-on: ${{ matrix.os }}
# We run all runners via the bash shell to provide us with a consistent set of env variables and commands
defaults:
run:
shell: bash
env:
CGO_ENABLED: 1
DEFRA_CLIENT_GO: ${{ matrix.client-type == 'go' }}
DEFRA_CLIENT_HTTP: ${{ matrix.client-type == 'http' }}
DEFRA_CLIENT_CLI: ${{ matrix.client-type == 'cli' }}
DEFRA_BADGER_MEMORY: ${{ matrix.database-type == 'badger-memory' }}
DEFRA_BADGER_FILE: ${{ matrix.database-type == 'badger-file' }}
DEFRA_BADGER_ENCRYPTION: ${{ matrix.database-encryption }}
DEFRA_MUTATION_TYPE: ${{ matrix.mutation-type }}
DEFRA_LENS_TYPE: ${{ matrix.lens-type }}
steps:
- name: Checkout code into the directory
uses: actions/checkout@v4
- name: Setup Go environment explicitly
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
check-latest: true
cache: false
- name: Set cache paths
id: cache-paths
shell: bash
run: |
echo "GO_CACHE=$(go env GOCACHE)" >> "${GITHUB_OUTPUT}"
echo "GO_MODCACHE=$(go env GOMODCACHE)" >> "${GITHUB_OUTPUT}"
echo "CARGO_CACHE=~/.cargo" >> "${GITHUB_OUTPUT}"
- name: Go cache/restore
uses: actions/cache@v4
with:
key: ${{ runner.os }}-go-${{ hashFiles('**/go.mod') }}
path: |
${{ steps.cache-paths.outputs.GO_CACHE }}
${{ steps.cache-paths.outputs.GO_MODCACHE }}
- name: Cargo cache/restore
# A very cool post: https://blog.arriven.wtf/posts/rust-ci-cache
uses: actions/cache@v4
with:
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.toml') }}
# Here are some directories we shouldn't forget about:
# ~/.cargo/.*
# ~/.cargo/bin/
# ~/.cargo/git/db/
# ~/.cargo/registry/cache/
# ~/.cargo/registry/index/
# **/target/*/*.d
# **/target/*/*.rlib
# **/target/*/.fingerprint
# **/target/*/build
# **/target/*/deps
path: |
${{ steps.cache-paths.outputs.CARGO_CACHE }}
**/target/
- name: Restore modified time
uses: chetan/git-restore-mtime-action@v2
- name: Build dependencies
run: |
make deps:modules
make deps:test
- name: Run integration tests
run: make test:coverage
- name: Upload coverage artifact
uses: actions/upload-artifact@v4
with:
# Make sure the name is always unique per job as artifacts are now immutable.
# Note Issue: https://github.com/actions/upload-artifact/issues/478
# Solve: https://github.com/actions/upload-artifact/issues/478#issuecomment-1885470013
name: "coverage\
_${{ matrix.os }}\
_${{ matrix.client-type }}\
_${{ matrix.database-type }}\
_${{ matrix.mutation-type }}\
_${{ matrix.lens-type }}\
_${{ matrix.database-encryption }}\
"
path: coverage.txt
if-no-files-found: error
retention-days: 7
upload-coverage:
name: Upload test code coverage job
needs: run-tests
# Important to know:
# - We didn't use `if: always()` here, so this job doesn't run if we manually canceled.
# - `if: success()` is always implied unless `always()` or `failure()` is specified.
if: success() || failure()
runs-on: ubuntu-latest
steps:
- name: Checkout code into the directory
uses: actions/checkout@v4
- name: Download coverage reports
uses: actions/download-artifact@v4
with:
pattern: coverage_*
# Note: https://github.com/actions/download-artifact/blob/main/docs/MIGRATION.md
merge-multiple: false
path: coverage_reports
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
name: defradb-codecov
files: coverage_reports/**/*.txt
flags: all-tests
os: 'linux'
fail_ci_if_error: true
verbose: true