Add Slack webhook exposed key handling #748
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: TestSuite | |
on: | |
push: | |
branches: | |
- "master" | |
- "dev" | |
workflow_dispatch: | |
inputs: | |
canarytokens-branch: | |
description: "Branch of the canarytokens repo to pull for build. Defaults to master" | |
required: false | |
jobs: | |
tests: | |
runs-on: ubuntu-latest | |
env: | |
AWS_REGION: 'eu-west-1' | |
permissions: | |
id-token: write | |
contents: read | |
services: | |
redis: | |
# TODO: ensure this is identical to whatever is in the compose files. Simple linter should suffice. | |
image: redis@sha256:03f00cd789243846888e2f834c762f53b224b9970b434a192b0f6b533d7e219c | |
# | |
ports: | |
# Opens tcp port 6379 on the host and service container | |
- 6379:6379 | |
# Set health checks to wait until redis has started | |
options: >- | |
--health-cmd "redis-cli ping" | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
mysql: | |
image: mysql@sha256:940fdfa3dc408fb792a8cceb21cafda4b7cd56ce4fbc32833766bdd2a57d6a4f | |
env: | |
MYSQL_ALLOW_EMPTY_PASSWORD: 1 | |
ports: | |
- 3307:3306 | |
options: >- | |
--health-cmd="mysqladmin ping" | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
strategy: | |
matrix: | |
python-version: ["3.10"] | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::211125554061:role/Canarytokens-staging-github-action | |
role-session-name: GitHubActions-${{ github.actor }}-${{ github.workflow }}-${{ github.run_id }}-${{ github.run_number }} | |
aws-region: ${{ env.AWS_REGION }} | |
- uses: actions/checkout@v3 | |
with: | |
ref: '${{ github.event.inputs.canarytokens-branch }}' | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v2 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Get full python version | |
id: full-python-version | |
run: | | |
echo ::set-output name=version::$(python -c "import sys; print('-'.join(str(v) for v in sys.version_info[:3]))") | |
- name: Install deps | |
run: | | |
sudo apt update -y | |
sudo apt install libzbar0 -y | |
sudo apt install wireguard | |
sudo apt install mysql-client | |
sudo apt-get install subversion | |
sudo apt-get install openssh-server | |
curl -sSL https://install.python-poetry.org | python - | |
poetry config virtualenvs.in-project true | |
sudo apt-get update -y | |
sudo apt-get install -y apt-transport-https ca-certificates curl | |
sudo apt-get update -y | |
sudo apt-get install -y osslsigncode | |
sudo apt install redis-tools | |
- name: Set up cache | |
uses: actions/cache@v1 | |
with: | |
path: .venv | |
key: venv-${{ runner.os }}-${{ steps.full-python-version.outputs.version }}-${{ hashFiles('**/poetry.lock') }} | |
- name: Install python dependencies | |
run: | | |
poetry install -E 'twisted web' | |
- name: Run unit tests | |
env: | |
CANARY_MAILGUN_DOMAIN_NAME: syruppdfs.com | |
CANARY_MAILGUN_BASE_URL: https://api.eu.mailgun.net | |
CANARY_ALERT_EMAIL_FROM_ADDRESS: [email protected] | |
CANARY_ALERT_EMAIL_FROM_DISPLAY: Canarytoken Mail | |
CANARY_ALERT_EMAIL_SUBJECT: Your Canarytoken was Triggered | |
# Here we gather coverage info on all tests. | |
run: | | |
mv frontend/frontend.env.dist frontend/frontend.env | |
mv switchboard/switchboard.env.dist switchboard/switchboard.env | |
export CANARY_AWSID_URL=$(aws ssm get-parameter --name "/staging/awsid_url" --with-decryption --region eu-west-1 | jq -r '.Parameter.Value') | |
export CANARY_TESTING_AWS_ACCESS_KEY_ID=${{ secrets.TESTING_AWS_ACCESS_KEY_ID }} | |
export CANARY_TESTING_AWS_SECRET_ACCESS_KEY=${{ secrets.TESTING_AWS_SECRET_ACCESS_KEY }} | |
export CANARY_SENDGRID_API_KEY=${{ secrets.TESTING_SENDGRID_API_KEY }} | |
export CANARY_MAILGUN_API_KEY=${{ secrets.TESTING_MAILGUN_API_KEY }} | |
export CANARY_SENTRY_ENVIRONMENT=ci | |
export CANARY_WEB_IMAGE_UPLOAD_PATH=../uploads | |
cd tests | |
poetry run coverage run --source=../canarytokens --omit="integration/test_custom_binary.py,integration/test_sql_server_token.py" -m pytest units --runv3 -v | |
- name: Check coverage is over threshold percentage for unit tests | |
# Here we check coverage info on all tests | |
run: | | |
cd tests | |
poetry run coverage report --omit="integration/test_custom_binary.py,integration/test_sql_server_token.py" --fail-under 85 | |
- name: Run integration tests (against local V3) | |
run: | | |
redis-cli flushall | |
mkdir uploads | |
make switchboard & | |
make frontend & | |
cd tests | |
sleep 10 | |
export TEST_NETWORK=`docker network ls | grep git | python -c "from sys import stdin; print(stdin.read().split()[1])"` | |
export TEST_HOST=`docker network inspect $TEST_NETWORK | jq '.[0].IPAM.Config[0].Gateway' | sed 's/"//g'` | |
LIVE=False poetry run coverage run --source=../canarytokens --omit=integration/test_custom_binary.py -m pytest integration --runv3 -v | |
windows-tests: | |
runs-on: windows-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install deps | |
run: | | |
python -m pip install --user pipx | |
python -m pipx ensurepath | |
python -m pipx install poetry==1.3.2 | |
- name: Install python dependencies | |
# poetry cache clear --all pypi ref: https://stackoverflow.com/questions/72551057/poetry-gives-toomanyindirects-error-suddenly | |
# Remove when this is resolved. | |
run: | | |
poetry config virtualenvs.in-project true | |
poetry cache clear --all pypi | |
poetry install -E 'twisted web' | |
- name: Integration Tests | |
run: | | |
$env:LIVE = 'True' | |
copy .\frontend\frontend.env.dist .\frontend\frontend.env | |
copy .\switchboard\switchboard.env.dist .\switchboard\switchboard.env | |
cd tests | |
$env:PSModulePath = ''; poetry run pytest .\integration\test_custom_binary.py --runv3 -v |