Enable Github actions (#78)

Signed-off-by: Marcos Yacob <marcos.yacob@hpe.com>

.github/workflows/pr_build.yml

@@ -0,0 +1,29 @@
+name: PR Build
+on:
+  push: 
+    branches:
+      - master
+  pull_request: {}
+  workflow_dispatch: {}
+env:
+  GO_VERSION: 1.16.5
+  CHANGE_MINIKUBE_NONE_USER: true
+  TERM: xterm
+jobs:
+  test-all:
+    runs-on: ubuntu-18.04
+    timeout-minutes: 30
+    steps: 
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Setup go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: install minikube
+        id: minikube
+        uses: medyagh/setup-minikube@master
+      - name: Envoy
+        run: docker-compose/test-all.sh
+      - name: K8s
+        run: k8s/test-all.sh

docker-compose/metrics/spire/server/server.conf

@@ -1,6 +1,7 @@
 server {
     bind_address = "0.0.0.0"
     bind_port = "8081"
+    socket_path = "/tmp/spire-server/private/api.sock"
     trust_domain = "example.org"
     data_dir = "/opt/spire/data/server"
     log_level = "DEBUG"

docker-compose/metrics/test.sh

@@ -1,4 +1,3 @@
-
 #!/bin/bash
 
 norm=$(tput sgr0) || true
@@ -15,7 +14,7 @@ log() {
 
 clean-env() {
   log "Cleaning up..."
-  bash "${DIR}"/scripts/clean-env.sh > /dev/null
+  bash "${DIR}"/scripts/clean-env.sh
 }
 
 trap clean-env EXIT
@@ -23,8 +22,8 @@ trap clean-env EXIT
 
 log "Preparing environment..."
 clean-env
-bash "${DIR}"/scripts/set-env.sh > /dev/null
-bash "${DIR}"/scripts/create-workload-registration-entry.sh > /dev/null
+bash "${DIR}"/scripts/set-env.sh
+bash "${DIR}"/scripts/create-workload-registration-entry.sh
 
 log "Checking Statsd received metrics pushed by SPIRE..."
 
@@ -44,7 +43,7 @@ fi
 
 log "Checking that Prometheus can reach the endpoint exposed by SPIRE..."
 for ((i=0;i<60;i++)); do
-    if ! docker-compose -f "${DIR}"/docker-compose.yaml exec prometheus wget -S spire-server:8088/ | grep -qe "200 OK" ; then
+    if ! docker-compose -f "${DIR}"/docker-compose.yaml exec -T prometheus wget -S spire-server:8088/ 2>&1 | grep -qe "200 OK" ; then
 	sleep 1
 	continue
     fi

docker-compose/nested-spire/root/agent/agent.conf

@@ -3,7 +3,7 @@ agent {
     log_level = "DEBUG"
     server_address = "root-server"
     server_port = "8081"
-    socket_path ="/opt/spire/sockets/workload_api.sock"
+    socket_path = "/opt/spire/sockets/workload_api.sock"
     trust_bundle_path = "/opt/spire/conf/agent/bootstrap.crt"
     trust_domain = "example.org"
 }
@@ -22,6 +22,8 @@ plugins {
     }
     WorkloadAttestor "docker" {
         plugin_data {
+	    # GitHub worklow activate groups for testing
+	    #container_id_cgroup_matchers = [CGROUP_MATCHERS]
         }
     }
 }

docker-compose/nested-spire/scripts/set-env.sh

@@ -48,6 +48,15 @@ check-entry-is-propagated() {
 }
 
 
+# Configure the environment-dependent CGROUP matchers for the docker workload
+# attestors.
+CGROUP_MATCHERS="TEreso"
+if [ -n "${GITHUB_WORKFLOW}" ]; then
+    CGROUP_MATCHERS='"/actions_job/<id>"'
+fi
+sed -i.bak "s#\#container_id_cgroup_matchers#container_id_cgroup_matchers#" "${PARENT_DIR}"/root/agent/agent.conf
+sed -i.bak "s#CGROUP_MATCHERS#$CGROUP_MATCHERS#" "${PARENT_DIR}"/root/agent/agent.conf
+
 # create a shared folder for root agent socket to be accessed by nestedA and nestedB servers
 mkdir -p "${PARENT_DIR}"/sharedRootSocket
 

docker-compose/nested-spire/test.sh

@@ -30,10 +30,10 @@ trap clean-env EXIT
 
 log "Preparing Nested SPIRE environment..."
 clean-env
-bash "${DIR}"/scripts/set-env.sh > /dev/null
+bash "${DIR}"/scripts/set-env.sh
 
 log "Creating workload registration entries..."
-bash "${DIR}"/scripts/create-workload-registration-entries.sh > /dev/null
+bash "${DIR}"/scripts/create-workload-registration-entries.sh
 
 log "checking nested JWT-SVID..."
 # Fetch JWT-SVID and extract token

k8s/quickstart/test.sh

@@ -13,18 +13,15 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 MINIKUBEPROFILE="SPIRE-SYSTEMS-TEST"
 MINIKUBECMD="minikube -p ${MINIKUBEPROFILE}"
 CHECKINTERVAL=1
-if [ -n "${TRAVIS}" ]; then
-	# Use the default profile inside of Travis
-	MINIKUBECMD="/usr/local/bin/minikube"
-	# Travis is slow. Give our containers more time.
+if [ -n "${GITHUB_WORKFLOW}" ]; then
 	CHECKINTERVAL=5
 fi
 TMPDIR=$(mktemp -d)
 SERVERLOGS=${TMPDIR}/spire-server-logs.log
 
 start_minikube() {
-	# Travis will start up minikube (via .travis.yml)
-	if [ -z "${TRAVIS}" ]; then
+	# GH actions will start up minikube
+	if [ -z "${GITHUB_WORKFLOW}" ]; then
 		echo "${bold}Starting minikube... ${norm}"
 		${MINIKUBECMD} start
 		eval $(${MINIKUBECMD} docker-env)
@@ -36,8 +33,8 @@ tear_down_config() {
 }
 
 stop_minikube() {
-	# Don't stop the minikube inside of travis
-	if [ -z "${TRAVIS}" ]; then
+	# Don't stop the minikube inside of GH actions
+	if [ -z "${GITHUB_WORKFLOW}" ]; then
 		${MINIKUBECMD} stop > /dev/null || true
 	fi
 }

k8s/test-all.sh

@@ -39,3 +39,4 @@ if [ -n "${FAILED}" ]; then
 	fail "There were test failures"
 fi
 echo "${green}Done. All test passed!${norm}"
+