nix: update vendor hash #1

Summary
Jobs
- test
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/e2e_openssl.yml at b64e680

	name: E2E Test OpenSSL

	on:
	workflow_dispatch:
	inputs:
	use_release_cli:
	description: Use a release version of the Nunki CLI
	required: false
	type: boolean
	push:

	env:
	container_registry: ghcr.io/edgelesssys
	azure_resource_group: nunki-ci

	jobs:
	test:
	runs-on: ubuntu-22.04
	permissions:
	contents: read
	packages: write
	steps:
	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

	- name: Install Nix
	uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
	with:
	github_access_token: ${{ secrets.GITHUB_TOKEN }}

	- name: Use Nix Cache
	uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
	with:
	name: edgelesssys
	authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
	installCommand: nix profile install github:cachix/cachix/cd12acd9245ac9b7e010aa3acac49f37824fdad2 --accept-flake-config # remove on v14.1/v15

	- name: Log in to ghcr.io Container registry
	uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Login to Azure
	uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
	with:
	creds: ${{ secrets.NUNKI_CI_INFRA_AZURE }}

	- name: Enter Nix development environment
	uses: nicknovitski/nix-develop@a2060d116a50b36dfab02280af558e73ab52427d # v1.1.0

	- name: Create justfile.env
	run: \|
	cat <<EOF > justfile.env
	container_registry=${{ env.container_registry }}
	azure_resource_group=${{ env.azure_resource_group }}
	EOF

	- name: Get Credentials for CI Cluster
	run: \|
	just get-credentials

	- name: Download Nunki CLI
	if: ${{ inputs.use_release_cli }}
	shell: bash
	run: \|
	curl -fLo nunki https://github.com/edgelesssys/nunki/releases/download/latest/nunki

	- name: Build Nunki CLI
	if: ${{ !inputs.use_release_cli }}
	run: \|
	nix build .#cli
	ln -s result-cli/bin/nunki nunki

	- name: Build Containers and Template the Deployment
	shell: bash
	run: \|
	COORDINATOR_IMAGE=$(just coordinator \| tail -1)
	INITIALIZER_IMAGE=$(just initializer \| tail -1)
	OPENSSL_IMAGE=$(just openssl \| tail -1)
	yq eval -i "(select(document_index == 0) \| .spec.template.spec.containers[0].image) = \"$COORDINATOR_IMAGE\"" e2e/openssl/deployment/coordinator.yml

	# Unfortunately, yq doesn't allow us to update multiple files at once
	yq eval -i "(select(document_index == 0) \| .spec.template.spec.containers[0].image) = \"$OPENSSL_IMAGE\"" e2e/openssl/deployment/openssl-backend.yml
	yq eval -i "(select(document_index == 0) \| .spec.template.spec.initContainers[0].image) = \"$INITIALIZER_IMAGE\"" e2e/openssl/deployment/openssl-backend.yml
	yq eval -i "(select(document_index == 0) \| .spec.template.spec.containers[0].image) = \"$OPENSSL_IMAGE\"" e2e/openssl/deployment/openssl-frontend.yml
	yq eval -i "(select(document_index == 0) \| .spec.template.spec.initContainers[0].image) = \"$INITIALIZER_IMAGE\"" e2e/openssl/deployment/openssl-frontend.yml
	yq eval -i "(select(document_index == 0) \| .spec.template.spec.containers[0].image) = \"$OPENSSL_IMAGE\"" e2e/openssl/deployment/openssl-client.yml
	yq eval -i "(select(document_index == 0) \| .spec.template.spec.initContainers[0].image) = \"$INITIALIZER_IMAGE\"" e2e/openssl/deployment/openssl-client.yml

	- name: Generate Policies
	shell: bash
	run: \|
	./nunki generate e2e/openssl/deployment/*.yml

	- name: Deploy
	shell: bash
	run: \|
	kubectl apply -f e2e/openssl/deployment/ns.yml
	kubectl apply -f e2e/openssl/deployment

	- name: Set Manifest
	shell: bash
	run : \|
	nix run .#kubectl-wait-ready -- e2e-test coordinator
	nix run .#kubectl-wait-ready -- e2e-test port-forwarder-coordinator
	kubectl -n e2e-test port-forward pod/port-forwarder-coordinator 1313 &
	PID=$!
	nix run .#wait-for-port-listen -- 1313
	./nunki set -c localhost:1313 -m manifest.json e2e/openssl/deployment
	kill $PID

	- name: Verify the Coordinator
	shell: bash
	run: \|
	nix run .#kubectl-wait-ready -- e2e-test coordinator
	nix run .#kubectl-wait-ready -- e2e-test port-forwarder-coordinator
	kubectl -n e2e-test port-forward pod/port-forwarder-coordinator 1313 &
	PID=$!
	nix run .#wait-for-port-listen -- 1313
	./nunki verify -c localhost:1313 -o ./verify
	kill $PID

	- name: Run E2E Test
	shell: bash
	run: \|
	nix run .#kubectl-wait-ready -- e2e-test openssl-frontend
	nix run .#kubectl-wait-ready -- e2e-test openssl-backend
	nix run .#kubectl-wait-ready -- e2e-test openssl-client
	go test -v -count=1 -timeout 10m --tags=e2e ./e2e/openssl

	- name: Undeploy
	if: always()
	run: \|
	kubectl delete -f e2e/openssl/deployment/ns.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

nix: update vendor hash #1

Workflow file

nix: update vendor hash #1

Jobs

Run details

Workflow file for this run