feat: Doc field encryption (#2817) #2150
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright 2022 Democratized Data Foundation | |
# | |
# Use of this software is governed by the Business Source License | |
# included in the file licenses/BSL.txt. | |
# | |
# As of the Change Date specified in that file, in accordance with | |
# the Business Source License, use of this software will be governed | |
# by the Apache License, Version 2.0, included in the file | |
# licenses/APL.txt. | |
name: Test And Upload Coverage Workflow | |
on: | |
pull_request: | |
branches: | |
- master | |
- develop | |
push: | |
tags: | |
- 'v[0-9]+.[0-9]+.[0-9]+' | |
branches: | |
- master | |
- develop | |
jobs: | |
run-tests: | |
name: Run tests matrix job | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest] | |
client-type: [go, http, cli] | |
database-type: [badger-file, badger-memory] | |
mutation-type: [gql, collection-named, collection-save] | |
lens-type: [wasm-time] | |
database-encryption: [false] | |
include: | |
- os: ubuntu-latest | |
client-type: go | |
database-type: badger-memory | |
mutation-type: collection-save | |
lens-type: wasm-time | |
database-encryption: true | |
- os: ubuntu-latest | |
client-type: go | |
database-type: badger-memory | |
mutation-type: collection-save | |
lens-type: wazero | |
database-encryption: false | |
- os: ubuntu-latest | |
client-type: go | |
database-type: badger-memory | |
mutation-type: collection-save | |
lens-type: wasmer | |
database-encryption: false | |
- os: macos-latest | |
client-type: go | |
database-type: badger-memory | |
mutation-type: collection-save | |
lens-type: wasm-time | |
database-encryption: false | |
## TODO: https://github.com/sourcenetwork/defradb/issues/2080 | |
## Uncomment the lines below to Re-enable the windows build once this todo is resolved. | |
## - os: windows-latest | |
## client-type: go | |
## database-type: badger-memory | |
## mutation-type: collection-save | |
## lens-type: wasm-time | |
## database-encryption: false | |
runs-on: ${{ matrix.os }} | |
# We run all runners via the bash shell to provide us with a consistent set of env variables and commands | |
defaults: | |
run: | |
shell: bash | |
env: | |
CGO_ENABLED: 1 | |
DEFRA_CLIENT_GO: ${{ matrix.client-type == 'go' }} | |
DEFRA_CLIENT_HTTP: ${{ matrix.client-type == 'http' }} | |
DEFRA_CLIENT_CLI: ${{ matrix.client-type == 'cli' }} | |
DEFRA_BADGER_MEMORY: ${{ matrix.database-type == 'badger-memory' }} | |
DEFRA_BADGER_FILE: ${{ matrix.database-type == 'badger-file' }} | |
DEFRA_BADGER_ENCRYPTION: ${{ matrix.database-encryption }} | |
DEFRA_MUTATION_TYPE: ${{ matrix.mutation-type }} | |
DEFRA_LENS_TYPE: ${{ matrix.lens-type }} | |
steps: | |
- name: Checkout code into the directory | |
uses: actions/checkout@v4 | |
- name: Setup Go environment explicitly | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: 'go.mod' | |
check-latest: true | |
cache: false | |
- name: Set cache paths | |
id: cache-paths | |
shell: bash | |
run: | | |
echo "GO_CACHE=$(go env GOCACHE)" >> "${GITHUB_OUTPUT}" | |
echo "GO_MODCACHE=$(go env GOMODCACHE)" >> "${GITHUB_OUTPUT}" | |
echo "CARGO_CACHE=~/.cargo" >> "${GITHUB_OUTPUT}" | |
- name: Go cache/restore | |
uses: actions/cache@v4 | |
with: | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.mod') }} | |
path: | | |
${{ steps.cache-paths.outputs.GO_CACHE }} | |
${{ steps.cache-paths.outputs.GO_MODCACHE }} | |
- name: Cargo cache/restore | |
# A very cool post: https://blog.arriven.wtf/posts/rust-ci-cache | |
uses: actions/cache@v4 | |
with: | |
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.toml') }} | |
# Here are some directories we shouldn't forget about: | |
# ~/.cargo/.* | |
# ~/.cargo/bin/ | |
# ~/.cargo/git/db/ | |
# ~/.cargo/registry/cache/ | |
# ~/.cargo/registry/index/ | |
# **/target/*/*.d | |
# **/target/*/*.rlib | |
# **/target/*/.fingerprint | |
# **/target/*/build | |
# **/target/*/deps | |
path: | | |
${{ steps.cache-paths.outputs.CARGO_CACHE }} | |
**/target/ | |
- name: Restore modified time | |
uses: chetan/git-restore-mtime-action@v2 | |
- name: Build dependencies | |
run: | | |
make deps:modules | |
make deps:test | |
- name: Run integration tests | |
run: make test:coverage | |
- name: Upload coverage artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
# Make sure the name is always unique per job as artifacts are now immutable. | |
# Note Issue: https://github.com/actions/upload-artifact/issues/478 | |
# Solve: https://github.com/actions/upload-artifact/issues/478#issuecomment-1885470013 | |
name: "coverage\ | |
_${{ matrix.os }}\ | |
_${{ matrix.client-type }}\ | |
_${{ matrix.database-type }}\ | |
_${{ matrix.mutation-type }}\ | |
_${{ matrix.lens-type }}\ | |
_${{ matrix.database-encryption }}\ | |
" | |
path: coverage.txt | |
if-no-files-found: error | |
retention-days: 7 | |
upload-coverage: | |
name: Upload test code coverage job | |
needs: run-tests | |
# Important to know: | |
# - We didn't use `if: always()` here, so this job doesn't run if we manually canceled. | |
# - `if: success()` is always implied unless `always()` or `failure()` is specified. | |
if: success() || failure() | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code into the directory | |
uses: actions/checkout@v4 | |
- name: Download coverage reports | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: coverage_* | |
# Note: https://github.com/actions/download-artifact/blob/main/docs/MIGRATION.md | |
merge-multiple: false | |
path: coverage_reports | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
name: defradb-codecov | |
files: coverage_reports/**/*.txt | |
flags: all-tests | |
os: 'linux' | |
fail_ci_if_error: true | |
verbose: true |