From 6d5b1d83211f213680f1a0734d05bdad4df569ed Mon Sep 17 00:00:00 2001 From: Jochen Ehret Date: Fri, 13 Mar 2026 11:40:17 +0100 Subject: [PATCH 1/6] [DRAFT] Simplify S3 integration tests --- .github/actions/go-test-bootstrap/action.yml | 18 ++ .github/actions/s3-integration-run/action.yml | 16 +- .github/scripts/s3/assets/lambda_function.py | 10 +- .../scripts/s3/run-integration-aws-assume.sh | 6 +- .github/scripts/s3/run-integration-aws-iam.sh | 7 +- .github/scripts/s3/run-integration-aws.sh | 9 +- .../scripts/s3/run-integration-s3-compat.sh | 4 +- .github/workflows/s3-integration.yml | 218 +++++------------- s3/integration/aws_assume_role_test.go | 2 +- s3/integration/aws_esc_test.go | 2 +- s3/integration/aws_iam_role_test.go | 2 +- s3/integration/aws_isolated_region_test.go | 2 +- s3/integration/aws_public_read_only_test.go | 2 +- s3/integration/aws_us_east_test.go | 2 +- s3/integration/general_aws_test.go | 2 +- s3/integration/s3_compatible_test.go | 2 +- s3/integration/swift_signed_url_test.go | 2 +- 17 files changed, 112 insertions(+), 194 deletions(-) create mode 100644 .github/actions/go-test-bootstrap/action.yml diff --git a/.github/actions/go-test-bootstrap/action.yml b/.github/actions/go-test-bootstrap/action.yml new file mode 100644 index 0000000..6b8cffa --- /dev/null +++ b/.github/actions/go-test-bootstrap/action.yml @@ -0,0 +1,18 @@ +name: Set up Go test environment +description: Checks out code, sets up Go from go.mod, and installs Ginkgo. + +runs: + using: 'composite' + steps: + - name: Checkout code + uses: actions/checkout@v6 + + - name: Set up Go + uses: actions/setup-go@v6 + with: + go-version-file: go.mod + + - name: Install Ginkgo + shell: bash + run: go install github.com/onsi/ginkgo/v2/ginkgo@latest + diff --git a/.github/actions/s3-integration-run/action.yml b/.github/actions/s3-integration-run/action.yml index 92750d9..9beafce 100644 --- a/.github/actions/s3-integration-run/action.yml +++ b/.github/actions/s3-integration-run/action.yml @@ -12,14 +12,15 @@ inputs: description: 'AWS Region Name' required: true stack_name: - description: 'CloudFormation Stack Name (required for IAM tests)' - required: true + description: 'CloudFormation Stack Name (required for aws and aws-iam tests)' + required: false + default: '' test_type: description: 'Type of test to run (e.g.,aws, aws-iam, aws-assume)' required: true - focus_regex: - description: 'Ginkgo Focus Regex for tests to run' - required: false + label_filter: + description: 'Ginkgo Label Filter for tests to run' + required: true s3_endpoint_host: description: 'Custom S3 Endpoint Host' required: false @@ -43,15 +44,16 @@ runs: if [[ "${{inputs.test_type}}" == "aws" ]]; then export role_arn="${{inputs.role_arn}}" export s3_endpoint_host="${{inputs.s3_endpoint_host}}" - export focus_regex="${{inputs.focus_regex}}" + export label_filter="${{inputs.label_filter}}" echo "Running standard AWS integration tests..." ./.github/scripts/s3/run-integration-aws.sh elif [[ "${{inputs.test_type}}" == "aws-iam" ]]; then + export label_filter="${{inputs.label_filter}}" echo "Running AWS IAM role tests..." ./.github/scripts/s3/run-integration-aws-iam.sh elif [[ "${{inputs.test_type}}" == "aws-assume" ]]; then export assume_role_arn="${{inputs.role_arn}}" - export focus_regex="${{inputs.focus_regex}}" + export label_filter="${{inputs.label_filter}}" echo "Running AWS assume role tests..." ./.github/scripts/s3/run-integration-aws-assume.sh else diff --git a/.github/scripts/s3/assets/lambda_function.py b/.github/scripts/s3/assets/lambda_function.py index bcbbcf5..2f0f201 100644 --- a/.github/scripts/s3/assets/lambda_function.py +++ b/.github/scripts/s3/assets/lambda_function.py @@ -2,6 +2,7 @@ import logging import subprocess + def test_runner_handler(event, context): os.environ['S3_CLI_PATH'] = './s3cli' os.environ['BUCKET_NAME'] = event['bucket_name'] @@ -11,9 +12,14 @@ def test_runner_handler(event, context): logger = logging.getLogger() logger.setLevel(logging.DEBUG) + label_filter = event.get('label_filter', 'aws && iam-role') + try: - output = subprocess.check_output(['./integration.test', '-ginkgo.focus', 'AWS STANDARD IAM ROLE'], - env=os.environ, stderr=subprocess.STDOUT) + output = subprocess.check_output( + ['./integration.test', '-ginkgo.label-filter', label_filter], + env=os.environ, + stderr=subprocess.STDOUT, + ) logger.debug("INTEGRATION TEST OUTPUT:") logger.debug(output) except subprocess.CalledProcessError as e: diff --git a/.github/scripts/s3/run-integration-aws-assume.sh b/.github/scripts/s3/run-integration-aws-assume.sh index 2d42337..20fac17 100755 --- a/.github/scripts/s3/run-integration-aws-assume.sh +++ b/.github/scripts/s3/run-integration-aws-assume.sh @@ -12,11 +12,10 @@ source "${script_dir}/utils.sh" : "${access_key_id:?}" : "${secret_access_key:?}" : "${region_name:=unset}" -: "${focus_regex:?}" +: "${label_filter:?}" : "${assume_role_arn:=unset}" : "${s3_endpoint_host:=unset}" - # Just need these to get the stack info export AWS_ACCESS_KEY_ID=${access_key_id} export AWS_SECRET_ACCESS_KEY=${secret_access_key} @@ -32,5 +31,6 @@ export S3_HOST=${s3_endpoint_host} pushd "${repo_root}" > /dev/null echo -e "\n running tests with $(go version)..." - ginkgo -r --focus="${focus_regex}" s3/integration/ + echo "Selecting specs via label filter: ${label_filter}" + ginkgo -r --label-filter="${label_filter}" s3/integration/ popd > /dev/null diff --git a/.github/scripts/s3/run-integration-aws-iam.sh b/.github/scripts/s3/run-integration-aws-iam.sh index 471e7b9..e7cc677 100755 --- a/.github/scripts/s3/run-integration-aws-iam.sh +++ b/.github/scripts/s3/run-integration-aws-iam.sh @@ -13,6 +13,7 @@ source "${script_dir}/utils.sh" : "${secret_access_key:?}" : "${region_name:?}" : "${stack_name:?}" +: "${label_filter:?}" # Just need these to get the stack info and to create/invoke the Lambda function export AWS_ACCESS_KEY_ID=${access_key_id} @@ -24,11 +25,11 @@ bucket_name=$(get_stack_info_of "${stack_info}" "BucketName") iam_role_arn=$(get_stack_info_of "${stack_info}" "IamRoleArn") # Create JSON payload and base64 encode it -lambda_payload_json="{\"region\": \"${region_name}\", \"bucket_name\": \"${bucket_name}\", \"s3_host\": \"s3.amazonaws.com\"}" +lambda_payload_json="{\"region\": \"${region_name}\", \"bucket_name\": \"${bucket_name}\", \"s3_host\": \"s3.amazonaws.com\", \"label_filter\": \"${label_filter}\"}" lambda_payload_base64=$(echo -n "${lambda_payload_json}" | base64) lambda_log=$(mktemp -t "XXXXXX-lambda.log") -trap "cat ${lambda_log}" EXIT +trap 'cat "${lambda_log}"' EXIT # Go to the repository root (3 levels up from script directory) @@ -95,7 +96,7 @@ pushd "${repo_root}" > /dev/null echo "Lambda execution log output for ${log_stream_name}" tries=0 - > lambda_output.log + : > lambda_output.log while [[ ( "$(du lambda_output.log | cut -f 1)" -eq "0" ) && ( $tries -ne 20 ) ]] ; do sleep 2 tries=$((tries + 1)) diff --git a/.github/scripts/s3/run-integration-aws.sh b/.github/scripts/s3/run-integration-aws.sh index 747719c..f6ea687 100755 --- a/.github/scripts/s3/run-integration-aws.sh +++ b/.github/scripts/s3/run-integration-aws.sh @@ -14,15 +14,15 @@ source "${script_dir}/utils.sh" : "${secret_access_key:?}" : "${region_name:?}" : "${stack_name:?}" -: "${focus_regex:?}" +: "${role_arn:=}" +: "${label_filter:?}" : "${s3_endpoint_host:=unset}" - # Just need these to get the stack info export AWS_ACCESS_KEY_ID=${access_key_id} export AWS_SECRET_ACCESS_KEY=${secret_access_key} export AWS_DEFAULT_REGION=${region_name} -export AWS_ROLE_ARN=${role_arn} +export AWS_ROLE_ARN=${role_arn-} stack_info=$(get_stack_info "${stack_name}") if [ -n "${AWS_ROLE_ARN}" ]; then @@ -48,5 +48,6 @@ export S3_HOST=${s3_endpoint_host} pushd "${repo_root}" > /dev/null echo -e "\n running tests with $(go version)..." - ginkgo -r --focus="${focus_regex}" s3/integration/ + echo "Selecting specs via label filter: ${label_filter}" + ginkgo -r --label-filter="${label_filter}" s3/integration/ popd > /dev/null diff --git a/.github/scripts/s3/run-integration-s3-compat.sh b/.github/scripts/s3/run-integration-s3-compat.sh index e63b954..ce28dbd 100755 --- a/.github/scripts/s3/run-integration-s3-compat.sh +++ b/.github/scripts/s3/run-integration-s3-compat.sh @@ -15,6 +15,7 @@ source "${script_dir}/utils.sh" : "${bucket_name:?}" : "${s3_endpoint_host:?}" : "${s3_endpoint_port:?}" +: "${label_filter:=s3-compatible}" export ACCESS_KEY_ID=${access_key_id} export SECRET_ACCESS_KEY=${secret_access_key} @@ -24,5 +25,6 @@ export S3_PORT=${s3_endpoint_port} pushd "${repo_root}" > /dev/null echo -e "\n running tests with $(go version)..." - ginkgo -r --focus="S3 COMPATIBLE" s3/integration/ + echo "Selecting specs via label filter: ${label_filter}" + ginkgo -r --label-filter="${label_filter}" s3/integration/ popd > /dev/null diff --git a/.github/workflows/s3-integration.yml b/.github/workflows/s3-integration.yml index 8da38e0..f5c70b6 100644 --- a/.github/workflows/s3-integration.yml +++ b/.github/workflows/s3-integration.yml @@ -17,7 +17,7 @@ concurrency: cancel-in-progress: false jobs: - # AWS S3 US Integration Tests + # AWS S3 US Integration aws-s3-us-integration: name: AWS S3 US Integration runs-on: ubuntu-latest @@ -31,16 +31,8 @@ jobs: STACK_NAME: s3cli-iam S3_ENDPOINT_HOST: https://s3.amazonaws.com steps: - - name: Checkout code - uses: actions/checkout@v6 - - - name: Set up Go - uses: actions/setup-go@v6 - with: - go-version-file: go.mod - - - name: Install Ginkgo - run: go install github.com/onsi/ginkgo/v2/ginkgo@latest + - name: Set up test environment + uses: ./.github/actions/go-test-bootstrap - name: Setup AWS infrastructure uses: ./.github/actions/s3-integration-setup @@ -58,7 +50,7 @@ jobs: region_name: ${{ env.REGION_NAME }} stack_name: ${{ env.STACK_NAME }} s3_endpoint_host: ${{ env.S3_ENDPOINT_HOST }} - focus_regex: 'GENERAL AWS|AWS V2 REGION|AWS V4 REGION|AWS US-EAST-1' + label_filter: 'aws && static && (general || us-east-1)' test_type: 'aws' - name: Test IAM Roles @@ -68,6 +60,7 @@ jobs: secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} region_name: ${{ env.REGION_NAME }} stack_name: ${{ env.STACK_NAME }} + label_filter: 'aws && iam-role' test_type: 'aws-iam' - name: Test Assume Roles @@ -76,8 +69,9 @@ jobs: access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} region_name: ${{ env.REGION_NAME }} + stack_name: ${{ env.STACK_NAME }} role_arn: ${{ secrets.AWS_ROLE_ARN }} - focus_regex: 'AWS ASSUME ROLE' + label_filter: 'aws && assume-role' test_type: 'aws-assume' - name: Teardown AWS infrastructure @@ -89,167 +83,68 @@ jobs: region_name: ${{ env.REGION_NAME }} stack_name: ${{ env.STACK_NAME }} - # AWS S3 Public Read Integration - aws-s3-public-read-integration: - name: AWS S3 Public Read Integration - runs-on: ubuntu-latest - # Run on push/workflow_dispatch, skip forks and Dependabot on PRs - if: | - github.event_name == 'push' || - github.event_name == 'workflow_dispatch' || - (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]') - env: - REGION_NAME: us-east-1 - STACK_NAME: s3cli-public-bucket - S3_ENDPOINT_HOST: https://s3.amazonaws.com - steps: - - name: Checkout code - uses: actions/checkout@v6 - - - name: Set up Go - uses: actions/setup-go@v6 - with: - go-version-file: go.mod - - - name: Install Ginkgo - run: go install github.com/onsi/ginkgo/v2/ginkgo@latest - - - name: Setup AWS infrastructure - uses: ./.github/actions/s3-integration-setup - with: - access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} - secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - region_name: ${{ env.REGION_NAME }} - stack_name: ${{ env.STACK_NAME }} - - - name: Run public read tests - uses: ./.github/actions/s3-integration-run - with: - access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} - secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - region_name: ${{ env.REGION_NAME }} - stack_name: ${{ env.STACK_NAME }} - s3_endpoint_host: ${{ env.S3_ENDPOINT_HOST }} - focus_regex: 'PUBLIC READ ONLY' - test_type: 'aws' - - - name: Teardown AWS infrastructure - if: always() - uses: ./.github/actions/s3-integration-teardown - with: - access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} - secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - region_name: ${{ env.REGION_NAME }} - stack_name: ${{ env.STACK_NAME }} - - # AWS S3 Frankfurt Integration - aws-s3-frankfurt-integration: - name: AWS S3 Frankfurt Integration - runs-on: ubuntu-latest - # Run on push/workflow_dispatch, skip forks and Dependabot on PRs - if: | - github.event_name == 'push' || - github.event_name == 'workflow_dispatch' || - (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]') - env: - REGION_NAME: eu-central-1 - STACK_NAME: s3cli-private-bucket - S3_ENDPOINT_HOST: https://s3.eu-central-1.amazonaws.com - - steps: - - name: Checkout code - uses: actions/checkout@v6 - - - name: Set up Go - uses: actions/setup-go@v6 - with: - go-version-file: go.mod - - - name: Install Ginkgo - run: go install github.com/onsi/ginkgo/v2/ginkgo@latest - - - name: Setup AWS infrastructure - uses: ./.github/actions/s3-integration-setup - with: - access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} - secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - region_name: ${{ env.REGION_NAME }} - stack_name: ${{ env.STACK_NAME }} - - - name: Run Frankfurt region tests - uses: ./.github/actions/s3-integration-run - with: - access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} - secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - region_name: ${{ env.REGION_NAME }} - stack_name: ${{ env.STACK_NAME }} - s3_endpoint_host: ${{ env.S3_ENDPOINT_HOST }} - focus_regex: 'GENERAL AWS|AWS V4 REGION|AWS V4 ONLY REGION' - test_type: 'aws' - - - name: Teardown AWS infrastructure - if: always() - uses: ./.github/actions/s3-integration-teardown - with: - access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} - secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - region_name: ${{ env.REGION_NAME }} - stack_name: ${{ env.STACK_NAME }} - - # AWS European Sovereign Cloud Integration - aws-s3-esc-integration: - name: AWS S3 European Sovereign Cloud Integration + # AWS S3 Regional Integration + aws-s3-regional-integration: + name: AWS S3 ${{ matrix.name }} Integration runs-on: ubuntu-latest # Run on push/workflow_dispatch, skip forks and Dependabot on PRs if: | github.event_name == 'push' || github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]') - env: - REGION_NAME: eusc-de-east-1 - STACK_NAME: s3cli-private-bucket - S3_ENDPOINT_HOST: https://s3.eusc-de-east-1.amazonaws.eu - + strategy: + fail-fast: false + matrix: + include: + - name: Public Read + region_name: us-east-1 + stack_name: s3cli-public-bucket + s3_endpoint_host: https://s3.amazonaws.com + label_filter: 'aws && public-read' + use_esc_credentials: false + - name: Frankfurt + region_name: eu-central-1 + stack_name: s3cli-private-bucket + s3_endpoint_host: https://s3.eu-central-1.amazonaws.com + label_filter: 'aws && static && general' + use_esc_credentials: false + - name: European Sovereign Cloud + region_name: eusc-de-east-1 + stack_name: s3cli-private-bucket + s3_endpoint_host: https://s3.eusc-de-east-1.amazonaws.eu + label_filter: 'aws && esc' + use_esc_credentials: true steps: - - name: Checkout code - uses: actions/checkout@v6 - - - name: Set up Go - uses: actions/setup-go@v6 - with: - go-version-file: go.mod - - - name: Install Ginkgo - run: go install github.com/onsi/ginkgo/v2/ginkgo@latest + - name: Set up test environment + uses: ./.github/actions/go-test-bootstrap - name: Setup AWS infrastructure uses: ./.github/actions/s3-integration-setup with: - access_key_id: ${{ secrets.AWS_ESC_ACCESS_KEY_ID }} - secret_access_key: ${{ secrets.AWS_ESC_SECRET_ACCESS_KEY }} - region_name: ${{ env.REGION_NAME }} - stack_name: ${{ env.STACK_NAME }} + access_key_id: ${{ matrix.use_esc_credentials && secrets.AWS_ESC_ACCESS_KEY_ID || secrets.AWS_ACCESS_KEY_ID }} + secret_access_key: ${{ matrix.use_esc_credentials && secrets.AWS_ESC_SECRET_ACCESS_KEY || secrets.AWS_SECRET_ACCESS_KEY }} + region_name: ${{ matrix.region_name }} + stack_name: ${{ matrix.stack_name }} - - name: Run AWS ESC region tests + - name: Run regional tests uses: ./.github/actions/s3-integration-run with: - access_key_id: ${{ secrets.AWS_ESC_ACCESS_KEY_ID }} - secret_access_key: ${{ secrets.AWS_ESC_SECRET_ACCESS_KEY }} - region_name: ${{ env.REGION_NAME }} - stack_name: ${{ env.STACK_NAME }} - s3_endpoint_host: ${{ env.S3_ENDPOINT_HOST }} - focus_regex: 'AWS ESC' + access_key_id: ${{ matrix.use_esc_credentials && secrets.AWS_ESC_ACCESS_KEY_ID || secrets.AWS_ACCESS_KEY_ID }} + secret_access_key: ${{ matrix.use_esc_credentials && secrets.AWS_ESC_SECRET_ACCESS_KEY || secrets.AWS_SECRET_ACCESS_KEY }} + region_name: ${{ matrix.region_name }} + stack_name: ${{ matrix.stack_name }} + s3_endpoint_host: ${{ matrix.s3_endpoint_host }} + label_filter: ${{ matrix.label_filter }} test_type: 'aws' - name: Teardown AWS infrastructure if: always() uses: ./.github/actions/s3-integration-teardown with: - access_key_id: ${{ secrets.AWS_ESC_ACCESS_KEY_ID }} - secret_access_key: ${{ secrets.AWS_ESC_SECRET_ACCESS_KEY }} - region_name: ${{ env.REGION_NAME }} - stack_name: ${{ env.STACK_NAME }} - + access_key_id: ${{ matrix.use_esc_credentials && secrets.AWS_ESC_ACCESS_KEY_ID || secrets.AWS_ACCESS_KEY_ID }} + secret_access_key: ${{ matrix.use_esc_credentials && secrets.AWS_ESC_SECRET_ACCESS_KEY || secrets.AWS_SECRET_ACCESS_KEY }} + region_name: ${{ matrix.region_name }} + stack_name: ${{ matrix.stack_name }} s3-compatible-integration: name: S3 Compatible Integration @@ -260,16 +155,8 @@ jobs: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]') steps: - - name: Checkout code - uses: actions/checkout@v6 - - - name: Set up Go - uses: actions/setup-go@v6 - with: - go-version-file: go.mod - - - name: Install Ginkgo - run: go install github.com/onsi/ginkgo/v2/ginkgo@latest + - name: Set up test environment + uses: ./.github/actions/go-test-bootstrap - name: Run GCS S3 compatible tests run: | @@ -278,4 +165,5 @@ jobs: export bucket_name=storage-cli-test-aws-compat export s3_endpoint_host=storage.googleapis.com export s3_endpoint_port=443 - ./.github/scripts/s3/run-integration-s3-compat.sh \ No newline at end of file + export label_filter='s3-compatible' + ./.github/scripts/s3/run-integration-s3-compat.sh diff --git a/s3/integration/aws_assume_role_test.go b/s3/integration/aws_assume_role_test.go index af74fdd..e99e4c0 100644 --- a/s3/integration/aws_assume_role_test.go +++ b/s3/integration/aws_assume_role_test.go @@ -10,7 +10,7 @@ import ( . "github.com/onsi/gomega" ) -var _ = Describe("Testing AWS assume role ", func() { +var _ = Describe("Testing AWS assume role ", Label("aws", "assume-role"), func() { Context("with AWS ASSUME ROLE configurations", func() { It("get file from assumed role", func() { storageType := "s3" diff --git a/s3/integration/aws_esc_test.go b/s3/integration/aws_esc_test.go index 930ca62..703fa2e 100644 --- a/s3/integration/aws_esc_test.go +++ b/s3/integration/aws_esc_test.go @@ -10,7 +10,7 @@ import ( . "github.com/onsi/gomega" ) -var _ = Describe("Testing for AWS European Sovereign Cloud region", func() { +var _ = Describe("Testing for AWS European Sovereign Cloud region", Label("aws", "static", "esc"), func() { Context("with AWS ESC (static creds) configurations", func() { accessKeyID := os.Getenv("ACCESS_KEY_ID") secretAccessKey := os.Getenv("SECRET_ACCESS_KEY") diff --git a/s3/integration/aws_iam_role_test.go b/s3/integration/aws_iam_role_test.go index a4f22ad..bd976a7 100644 --- a/s3/integration/aws_iam_role_test.go +++ b/s3/integration/aws_iam_role_test.go @@ -10,7 +10,7 @@ import ( . "github.com/onsi/gomega" ) -var _ = Describe("Testing inside an AWS compute resource with an IAM role", func() { +var _ = Describe("Testing inside an AWS compute resource with an IAM role", Label("aws", "iam-role"), func() { Context("with AWS STANDARD IAM ROLE (env_or_profile creds) configurations", func() { bucketName := os.Getenv("BUCKET_NAME") region := os.Getenv("REGION") diff --git a/s3/integration/aws_isolated_region_test.go b/s3/integration/aws_isolated_region_test.go index 8c7d027..216e19f 100644 --- a/s3/integration/aws_isolated_region_test.go +++ b/s3/integration/aws_isolated_region_test.go @@ -10,7 +10,7 @@ import ( . "github.com/onsi/gomega" ) -var _ = Describe("Testing in any AWS region isolated from the US standard regions (i.e., cn-north-1)", func() { +var _ = Describe("Testing in any AWS region isolated from the US standard regions (i.e., cn-north-1)", Label("aws", "static", "isolated-region"), func() { Context("with AWS ISOLATED REGION (static creds) configurations", func() { It("fails with a config that specifies a valid region but invalid host", func() { storageType := "s3" diff --git a/s3/integration/aws_public_read_only_test.go b/s3/integration/aws_public_read_only_test.go index 785d4ed..849adfc 100644 --- a/s3/integration/aws_public_read_only_test.go +++ b/s3/integration/aws_public_read_only_test.go @@ -16,7 +16,7 @@ import ( . "github.com/onsi/gomega" ) -var _ = Describe("Testing gets against a public AWS S3 bucket", func() { +var _ = Describe("Testing gets against a public AWS S3 bucket", Label("aws", "public-read"), func() { Context("with PUBLIC READ ONLY (no creds) configuration", func() { It("can successfully get a publicly readable file", func() { storageType := "s3" diff --git a/s3/integration/aws_us_east_test.go b/s3/integration/aws_us_east_test.go index cd50570..496ba09 100644 --- a/s3/integration/aws_us_east_test.go +++ b/s3/integration/aws_us_east_test.go @@ -10,7 +10,7 @@ import ( . "github.com/onsi/gomega" ) -var _ = Describe("Testing only in us-east-1", func() { +var _ = Describe("Testing only in us-east-1", Label("aws", "static", "us-east-1"), func() { Context("with AWS US-EAST-1 (static creds) configurations", func() { accessKeyID := os.Getenv("ACCESS_KEY_ID") secretAccessKey := os.Getenv("SECRET_ACCESS_KEY") diff --git a/s3/integration/general_aws_test.go b/s3/integration/general_aws_test.go index 2871901..86fbb95 100644 --- a/s3/integration/general_aws_test.go +++ b/s3/integration/general_aws_test.go @@ -10,7 +10,7 @@ import ( . "github.com/onsi/gomega" ) -var _ = Describe("General testing for all AWS regions", func() { +var _ = Describe("General testing for all AWS regions", Label("aws", "static", "general"), func() { Context("with GENERAL AWS (static creds) configurations", func() { accessKeyID := os.Getenv("ACCESS_KEY_ID") secretAccessKey := os.Getenv("SECRET_ACCESS_KEY") diff --git a/s3/integration/s3_compatible_test.go b/s3/integration/s3_compatible_test.go index 698ed74..f1c5569 100644 --- a/s3/integration/s3_compatible_test.go +++ b/s3/integration/s3_compatible_test.go @@ -11,7 +11,7 @@ import ( . "github.com/onsi/gomega" ) -var _ = Describe("Testing in any non-AWS, S3 compatible storage service", func() { +var _ = Describe("Testing in any non-AWS, S3 compatible storage service", Label("s3-compatible"), func() { Context("with S3 COMPATIBLE (static creds) configurations", func() { accessKeyID := os.Getenv("ACCESS_KEY_ID") secretAccessKey := os.Getenv("SECRET_ACCESS_KEY") diff --git a/s3/integration/swift_signed_url_test.go b/s3/integration/swift_signed_url_test.go index 6bd502e..c129b75 100644 --- a/s3/integration/swift_signed_url_test.go +++ b/s3/integration/swift_signed_url_test.go @@ -11,7 +11,7 @@ import ( . "github.com/onsi/gomega" ) -var _ = Describe("Testing for working signed URLs all Swift/OpenStack regions", func() { +var _ = Describe("Testing for working signed URLs all Swift/OpenStack regions", Label("swift", "signed-url"), func() { Context("with GENERAL OpenStack/Swift (static creds) configurations", func() { var configPath string var contentFile string From d8e8b53418992403c9b2ebab335dc67c57b8291f Mon Sep 17 00:00:00 2001 From: Jochen Ehret Date: Fri, 13 Mar 2026 12:27:17 +0100 Subject: [PATCH 2/6] [DRAFT] Fix checkout step --- .github/actions/go-test-bootstrap/action.yml | 6 +----- .github/workflows/s3-integration.yml | 9 +++++++++ 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.github/actions/go-test-bootstrap/action.yml b/.github/actions/go-test-bootstrap/action.yml index 6b8cffa..dd18006 100644 --- a/.github/actions/go-test-bootstrap/action.yml +++ b/.github/actions/go-test-bootstrap/action.yml @@ -1,12 +1,9 @@ name: Set up Go test environment -description: Checks out code, sets up Go from go.mod, and installs Ginkgo. +description: Sets up Go from go.mod and installs Ginkgo. runs: using: 'composite' steps: - - name: Checkout code - uses: actions/checkout@v6 - - name: Set up Go uses: actions/setup-go@v6 with: @@ -15,4 +12,3 @@ runs: - name: Install Ginkgo shell: bash run: go install github.com/onsi/ginkgo/v2/ginkgo@latest - diff --git a/.github/workflows/s3-integration.yml b/.github/workflows/s3-integration.yml index f5c70b6..1af1069 100644 --- a/.github/workflows/s3-integration.yml +++ b/.github/workflows/s3-integration.yml @@ -31,6 +31,9 @@ jobs: STACK_NAME: s3cli-iam S3_ENDPOINT_HOST: https://s3.amazonaws.com steps: + - name: Checkout code + uses: actions/checkout@v6 + - name: Set up test environment uses: ./.github/actions/go-test-bootstrap @@ -115,6 +118,9 @@ jobs: label_filter: 'aws && esc' use_esc_credentials: true steps: + - name: Checkout code + uses: actions/checkout@v6 + - name: Set up test environment uses: ./.github/actions/go-test-bootstrap @@ -155,6 +161,9 @@ jobs: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]') steps: + - name: Checkout code + uses: actions/checkout@v6 + - name: Set up test environment uses: ./.github/actions/go-test-bootstrap From 25afb2d1ddd2a1dce31ec2989d55da929274d288 Mon Sep 17 00:00:00 2001 From: Jochen Ehret Date: Fri, 13 Mar 2026 13:00:38 +0100 Subject: [PATCH 3/6] [DRAFT] Refactor S3 integration tests into different actions --- .../s3-integration-run-aws-assume/action.yml | 34 ++++++++++ .../s3-integration-run-aws-iam/action.yml | 34 ++++++++++ .../actions/s3-integration-run-aws/action.yml | 43 +++++++++++++ .github/actions/s3-integration-run/action.yml | 63 ------------------- .github/workflows/s3-integration.yml | 13 ++-- 5 files changed, 115 insertions(+), 72 deletions(-) create mode 100644 .github/actions/s3-integration-run-aws-assume/action.yml create mode 100644 .github/actions/s3-integration-run-aws-iam/action.yml create mode 100644 .github/actions/s3-integration-run-aws/action.yml delete mode 100644 .github/actions/s3-integration-run/action.yml diff --git a/.github/actions/s3-integration-run-aws-assume/action.yml b/.github/actions/s3-integration-run-aws-assume/action.yml new file mode 100644 index 0000000..2caff2f --- /dev/null +++ b/.github/actions/s3-integration-run-aws-assume/action.yml @@ -0,0 +1,34 @@ +name: Run AWS S3 integration tests (assume role) +description: Runs AWS S3 assume-role integration tests using label-based selection. + +inputs: + access_key_id: + description: 'AWS Access Key ID' + required: true + secret_access_key: + description: 'AWS Secret Access Key' + required: true + region_name: + description: 'AWS Region Name' + required: true + role_arn: + description: 'AWS Role ARN to assume during tests' + required: true + label_filter: + description: 'Ginkgo Label Filter for tests to run' + required: true + +runs: + using: 'composite' + steps: + - name: Run AWS S3 assume-role integration tests + shell: bash + run: | + set -e + export access_key_id="${{inputs.access_key_id}}" + export secret_access_key="${{inputs.secret_access_key}}" + export region_name="${{inputs.region_name}}" + export assume_role_arn="${{inputs.role_arn}}" + export label_filter="${{inputs.label_filter}}" + ./.github/scripts/s3/run-integration-aws-assume.sh + diff --git a/.github/actions/s3-integration-run-aws-iam/action.yml b/.github/actions/s3-integration-run-aws-iam/action.yml new file mode 100644 index 0000000..3934fde --- /dev/null +++ b/.github/actions/s3-integration-run-aws-iam/action.yml @@ -0,0 +1,34 @@ +name: Run AWS S3 integration tests (IAM role) +description: Runs AWS S3 IAM role integration tests in Lambda using label-based selection. + +inputs: + access_key_id: + description: 'AWS Access Key ID' + required: true + secret_access_key: + description: 'AWS Secret Access Key' + required: true + region_name: + description: 'AWS Region Name' + required: true + stack_name: + description: 'CloudFormation Stack Name' + required: true + label_filter: + description: 'Ginkgo Label Filter for tests to run' + required: true + +runs: + using: 'composite' + steps: + - name: Run AWS S3 IAM integration tests + shell: bash + run: | + set -e + export access_key_id="${{inputs.access_key_id}}" + export secret_access_key="${{inputs.secret_access_key}}" + export region_name="${{inputs.region_name}}" + export stack_name="${{inputs.stack_name}}" + export label_filter="${{inputs.label_filter}}" + ./.github/scripts/s3/run-integration-aws-iam.sh + diff --git a/.github/actions/s3-integration-run-aws/action.yml b/.github/actions/s3-integration-run-aws/action.yml new file mode 100644 index 0000000..43219f4 --- /dev/null +++ b/.github/actions/s3-integration-run-aws/action.yml @@ -0,0 +1,43 @@ +name: Run AWS S3 integration tests (standard) +description: Runs AWS S3 integration tests using static credentials and label-based selection. + +inputs: + access_key_id: + description: 'AWS Access Key ID' + required: true + secret_access_key: + description: 'AWS Secret Access Key' + required: true + region_name: + description: 'AWS Region Name' + required: true + stack_name: + description: 'CloudFormation Stack Name' + required: true + label_filter: + description: 'Ginkgo Label Filter for tests to run' + required: true + s3_endpoint_host: + description: 'Custom S3 Endpoint Host' + required: false + role_arn: + description: 'AWS Role ARN used for cross-account profile setup when needed' + required: false + default: '' + +runs: + using: 'composite' + steps: + - name: Run AWS S3 standard integration tests + shell: bash + run: | + set -e + export access_key_id="${{inputs.access_key_id}}" + export secret_access_key="${{inputs.secret_access_key}}" + export region_name="${{inputs.region_name}}" + export stack_name="${{inputs.stack_name}}" + export s3_endpoint_host="${{inputs.s3_endpoint_host}}" + export role_arn="${{inputs.role_arn}}" + export label_filter="${{inputs.label_filter}}" + ./.github/scripts/s3/run-integration-aws.sh + diff --git a/.github/actions/s3-integration-run/action.yml b/.github/actions/s3-integration-run/action.yml deleted file mode 100644 index 9beafce..0000000 --- a/.github/actions/s3-integration-run/action.yml +++ /dev/null @@ -1,63 +0,0 @@ -name: Run AWS S3 Integration Tests -description: Runs integration tests against to aws infrastructure. - -inputs: - access_key_id: - description: 'AWS Access Key ID' - required: true - secret_access_key: - description: 'AWS Secret Access Key' - required: true - region_name: - description: 'AWS Region Name' - required: true - stack_name: - description: 'CloudFormation Stack Name (required for aws and aws-iam tests)' - required: false - default: '' - test_type: - description: 'Type of test to run (e.g.,aws, aws-iam, aws-assume)' - required: true - label_filter: - description: 'Ginkgo Label Filter for tests to run' - required: true - s3_endpoint_host: - description: 'Custom S3 Endpoint Host' - required: false - role_arn: - description: 'AWS Role ARN to test assume role functionality' - required: false - default: '' - -runs: - using: 'composite' - steps: - - name: Run AWS S3 Integration Tests - shell: bash - run: | - set -e - export access_key_id="${{inputs.access_key_id}}" - export secret_access_key="${{inputs.secret_access_key}}" - export region_name="${{inputs.region_name}}" - export stack_name="${{inputs.stack_name}}" - - if [[ "${{inputs.test_type}}" == "aws" ]]; then - export role_arn="${{inputs.role_arn}}" - export s3_endpoint_host="${{inputs.s3_endpoint_host}}" - export label_filter="${{inputs.label_filter}}" - echo "Running standard AWS integration tests..." - ./.github/scripts/s3/run-integration-aws.sh - elif [[ "${{inputs.test_type}}" == "aws-iam" ]]; then - export label_filter="${{inputs.label_filter}}" - echo "Running AWS IAM role tests..." - ./.github/scripts/s3/run-integration-aws-iam.sh - elif [[ "${{inputs.test_type}}" == "aws-assume" ]]; then - export assume_role_arn="${{inputs.role_arn}}" - export label_filter="${{inputs.label_filter}}" - echo "Running AWS assume role tests..." - ./.github/scripts/s3/run-integration-aws-assume.sh - else - echo "Error: Unknown test_type '${{inputs.test_type}}'" - echo "Valid options are: aws, aws-iam, aws-assume" - exit 1 - fi \ No newline at end of file diff --git a/.github/workflows/s3-integration.yml b/.github/workflows/s3-integration.yml index 1af1069..85edf6b 100644 --- a/.github/workflows/s3-integration.yml +++ b/.github/workflows/s3-integration.yml @@ -46,7 +46,7 @@ jobs: stack_name: ${{ env.STACK_NAME }} - name: Test Static Credentials - uses: ./.github/actions/s3-integration-run + uses: ./.github/actions/s3-integration-run-aws with: access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -54,28 +54,24 @@ jobs: stack_name: ${{ env.STACK_NAME }} s3_endpoint_host: ${{ env.S3_ENDPOINT_HOST }} label_filter: 'aws && static && (general || us-east-1)' - test_type: 'aws' - name: Test IAM Roles - uses: ./.github/actions/s3-integration-run + uses: ./.github/actions/s3-integration-run-aws-iam with: access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} region_name: ${{ env.REGION_NAME }} stack_name: ${{ env.STACK_NAME }} label_filter: 'aws && iam-role' - test_type: 'aws-iam' - name: Test Assume Roles - uses: ./.github/actions/s3-integration-run + uses: ./.github/actions/s3-integration-run-aws-assume with: access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} region_name: ${{ env.REGION_NAME }} - stack_name: ${{ env.STACK_NAME }} role_arn: ${{ secrets.AWS_ROLE_ARN }} label_filter: 'aws && assume-role' - test_type: 'aws-assume' - name: Teardown AWS infrastructure if: always() @@ -133,7 +129,7 @@ jobs: stack_name: ${{ matrix.stack_name }} - name: Run regional tests - uses: ./.github/actions/s3-integration-run + uses: ./.github/actions/s3-integration-run-aws with: access_key_id: ${{ matrix.use_esc_credentials && secrets.AWS_ESC_ACCESS_KEY_ID || secrets.AWS_ACCESS_KEY_ID }} secret_access_key: ${{ matrix.use_esc_credentials && secrets.AWS_ESC_SECRET_ACCESS_KEY || secrets.AWS_SECRET_ACCESS_KEY }} @@ -141,7 +137,6 @@ jobs: stack_name: ${{ matrix.stack_name }} s3_endpoint_host: ${{ matrix.s3_endpoint_host }} label_filter: ${{ matrix.label_filter }} - test_type: 'aws' - name: Teardown AWS infrastructure if: always() From 63cf81b97937656ae2d132385bbe1aff485b8e59 Mon Sep 17 00:00:00 2001 From: Jochen Ehret Date: Fri, 13 Mar 2026 13:09:23 +0100 Subject: [PATCH 4/6] [DRAFT] fix region-less test --- .github/workflows/s3-integration.yml | 2 +- s3/integration/general_aws_test.go | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/s3-integration.yml b/.github/workflows/s3-integration.yml index 85edf6b..655fe81 100644 --- a/.github/workflows/s3-integration.yml +++ b/.github/workflows/s3-integration.yml @@ -105,7 +105,7 @@ jobs: region_name: eu-central-1 stack_name: s3cli-private-bucket s3_endpoint_host: https://s3.eu-central-1.amazonaws.com - label_filter: 'aws && static && general' + label_filter: 'aws && static && general && !requires-default-region' use_esc_credentials: false - name: European Sovereign Cloud region_name: eusc-de-east-1 diff --git a/s3/integration/general_aws_test.go b/s3/integration/general_aws_test.go index 86fbb95..bd67ef8 100644 --- a/s3/integration/general_aws_test.go +++ b/s3/integration/general_aws_test.go @@ -33,7 +33,8 @@ var _ = Describe("General testing for all AWS regions", Label("aws", "static", " BucketName: bucketName, Region: region, }), - Entry("with host and without region", &config.S3Cli{ + // This case relies on default-region behavior and is excluded from regional endpoint jobs. + Entry("with host and without region", Label("requires-default-region"), &config.S3Cli{ AccessKeyID: accessKeyID, SecretAccessKey: secretAccessKey, BucketName: bucketName, From 85785f1a0ff89bbaa9c255f142278849818c72d6 Mon Sep 17 00:00:00 2001 From: Jochen Ehret Date: Fri, 13 Mar 2026 14:28:06 +0100 Subject: [PATCH 5/6] Revert "[DRAFT] Refactor S3 integration tests into different actions" This reverts commit 25afb2d1ddd2a1dce31ec2989d55da929274d288. --- .../s3-integration-run-aws-assume/action.yml | 34 ---------- .../s3-integration-run-aws-iam/action.yml | 34 ---------- .../actions/s3-integration-run-aws/action.yml | 43 ------------- .github/actions/s3-integration-run/action.yml | 63 +++++++++++++++++++ .github/workflows/s3-integration.yml | 13 ++-- 5 files changed, 72 insertions(+), 115 deletions(-) delete mode 100644 .github/actions/s3-integration-run-aws-assume/action.yml delete mode 100644 .github/actions/s3-integration-run-aws-iam/action.yml delete mode 100644 .github/actions/s3-integration-run-aws/action.yml create mode 100644 .github/actions/s3-integration-run/action.yml diff --git a/.github/actions/s3-integration-run-aws-assume/action.yml b/.github/actions/s3-integration-run-aws-assume/action.yml deleted file mode 100644 index 2caff2f..0000000 --- a/.github/actions/s3-integration-run-aws-assume/action.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: Run AWS S3 integration tests (assume role) -description: Runs AWS S3 assume-role integration tests using label-based selection. - -inputs: - access_key_id: - description: 'AWS Access Key ID' - required: true - secret_access_key: - description: 'AWS Secret Access Key' - required: true - region_name: - description: 'AWS Region Name' - required: true - role_arn: - description: 'AWS Role ARN to assume during tests' - required: true - label_filter: - description: 'Ginkgo Label Filter for tests to run' - required: true - -runs: - using: 'composite' - steps: - - name: Run AWS S3 assume-role integration tests - shell: bash - run: | - set -e - export access_key_id="${{inputs.access_key_id}}" - export secret_access_key="${{inputs.secret_access_key}}" - export region_name="${{inputs.region_name}}" - export assume_role_arn="${{inputs.role_arn}}" - export label_filter="${{inputs.label_filter}}" - ./.github/scripts/s3/run-integration-aws-assume.sh - diff --git a/.github/actions/s3-integration-run-aws-iam/action.yml b/.github/actions/s3-integration-run-aws-iam/action.yml deleted file mode 100644 index 3934fde..0000000 --- a/.github/actions/s3-integration-run-aws-iam/action.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: Run AWS S3 integration tests (IAM role) -description: Runs AWS S3 IAM role integration tests in Lambda using label-based selection. - -inputs: - access_key_id: - description: 'AWS Access Key ID' - required: true - secret_access_key: - description: 'AWS Secret Access Key' - required: true - region_name: - description: 'AWS Region Name' - required: true - stack_name: - description: 'CloudFormation Stack Name' - required: true - label_filter: - description: 'Ginkgo Label Filter for tests to run' - required: true - -runs: - using: 'composite' - steps: - - name: Run AWS S3 IAM integration tests - shell: bash - run: | - set -e - export access_key_id="${{inputs.access_key_id}}" - export secret_access_key="${{inputs.secret_access_key}}" - export region_name="${{inputs.region_name}}" - export stack_name="${{inputs.stack_name}}" - export label_filter="${{inputs.label_filter}}" - ./.github/scripts/s3/run-integration-aws-iam.sh - diff --git a/.github/actions/s3-integration-run-aws/action.yml b/.github/actions/s3-integration-run-aws/action.yml deleted file mode 100644 index 43219f4..0000000 --- a/.github/actions/s3-integration-run-aws/action.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: Run AWS S3 integration tests (standard) -description: Runs AWS S3 integration tests using static credentials and label-based selection. - -inputs: - access_key_id: - description: 'AWS Access Key ID' - required: true - secret_access_key: - description: 'AWS Secret Access Key' - required: true - region_name: - description: 'AWS Region Name' - required: true - stack_name: - description: 'CloudFormation Stack Name' - required: true - label_filter: - description: 'Ginkgo Label Filter for tests to run' - required: true - s3_endpoint_host: - description: 'Custom S3 Endpoint Host' - required: false - role_arn: - description: 'AWS Role ARN used for cross-account profile setup when needed' - required: false - default: '' - -runs: - using: 'composite' - steps: - - name: Run AWS S3 standard integration tests - shell: bash - run: | - set -e - export access_key_id="${{inputs.access_key_id}}" - export secret_access_key="${{inputs.secret_access_key}}" - export region_name="${{inputs.region_name}}" - export stack_name="${{inputs.stack_name}}" - export s3_endpoint_host="${{inputs.s3_endpoint_host}}" - export role_arn="${{inputs.role_arn}}" - export label_filter="${{inputs.label_filter}}" - ./.github/scripts/s3/run-integration-aws.sh - diff --git a/.github/actions/s3-integration-run/action.yml b/.github/actions/s3-integration-run/action.yml new file mode 100644 index 0000000..9beafce --- /dev/null +++ b/.github/actions/s3-integration-run/action.yml @@ -0,0 +1,63 @@ +name: Run AWS S3 Integration Tests +description: Runs integration tests against to aws infrastructure. + +inputs: + access_key_id: + description: 'AWS Access Key ID' + required: true + secret_access_key: + description: 'AWS Secret Access Key' + required: true + region_name: + description: 'AWS Region Name' + required: true + stack_name: + description: 'CloudFormation Stack Name (required for aws and aws-iam tests)' + required: false + default: '' + test_type: + description: 'Type of test to run (e.g.,aws, aws-iam, aws-assume)' + required: true + label_filter: + description: 'Ginkgo Label Filter for tests to run' + required: true + s3_endpoint_host: + description: 'Custom S3 Endpoint Host' + required: false + role_arn: + description: 'AWS Role ARN to test assume role functionality' + required: false + default: '' + +runs: + using: 'composite' + steps: + - name: Run AWS S3 Integration Tests + shell: bash + run: | + set -e + export access_key_id="${{inputs.access_key_id}}" + export secret_access_key="${{inputs.secret_access_key}}" + export region_name="${{inputs.region_name}}" + export stack_name="${{inputs.stack_name}}" + + if [[ "${{inputs.test_type}}" == "aws" ]]; then + export role_arn="${{inputs.role_arn}}" + export s3_endpoint_host="${{inputs.s3_endpoint_host}}" + export label_filter="${{inputs.label_filter}}" + echo "Running standard AWS integration tests..." + ./.github/scripts/s3/run-integration-aws.sh + elif [[ "${{inputs.test_type}}" == "aws-iam" ]]; then + export label_filter="${{inputs.label_filter}}" + echo "Running AWS IAM role tests..." + ./.github/scripts/s3/run-integration-aws-iam.sh + elif [[ "${{inputs.test_type}}" == "aws-assume" ]]; then + export assume_role_arn="${{inputs.role_arn}}" + export label_filter="${{inputs.label_filter}}" + echo "Running AWS assume role tests..." + ./.github/scripts/s3/run-integration-aws-assume.sh + else + echo "Error: Unknown test_type '${{inputs.test_type}}'" + echo "Valid options are: aws, aws-iam, aws-assume" + exit 1 + fi \ No newline at end of file diff --git a/.github/workflows/s3-integration.yml b/.github/workflows/s3-integration.yml index 655fe81..7d239ce 100644 --- a/.github/workflows/s3-integration.yml +++ b/.github/workflows/s3-integration.yml @@ -46,7 +46,7 @@ jobs: stack_name: ${{ env.STACK_NAME }} - name: Test Static Credentials - uses: ./.github/actions/s3-integration-run-aws + uses: ./.github/actions/s3-integration-run with: access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -54,24 +54,28 @@ jobs: stack_name: ${{ env.STACK_NAME }} s3_endpoint_host: ${{ env.S3_ENDPOINT_HOST }} label_filter: 'aws && static && (general || us-east-1)' + test_type: 'aws' - name: Test IAM Roles - uses: ./.github/actions/s3-integration-run-aws-iam + uses: ./.github/actions/s3-integration-run with: access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} region_name: ${{ env.REGION_NAME }} stack_name: ${{ env.STACK_NAME }} label_filter: 'aws && iam-role' + test_type: 'aws-iam' - name: Test Assume Roles - uses: ./.github/actions/s3-integration-run-aws-assume + uses: ./.github/actions/s3-integration-run with: access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} region_name: ${{ env.REGION_NAME }} + stack_name: ${{ env.STACK_NAME }} role_arn: ${{ secrets.AWS_ROLE_ARN }} label_filter: 'aws && assume-role' + test_type: 'aws-assume' - name: Teardown AWS infrastructure if: always() @@ -129,7 +133,7 @@ jobs: stack_name: ${{ matrix.stack_name }} - name: Run regional tests - uses: ./.github/actions/s3-integration-run-aws + uses: ./.github/actions/s3-integration-run with: access_key_id: ${{ matrix.use_esc_credentials && secrets.AWS_ESC_ACCESS_KEY_ID || secrets.AWS_ACCESS_KEY_ID }} secret_access_key: ${{ matrix.use_esc_credentials && secrets.AWS_ESC_SECRET_ACCESS_KEY || secrets.AWS_SECRET_ACCESS_KEY }} @@ -137,6 +141,7 @@ jobs: stack_name: ${{ matrix.stack_name }} s3_endpoint_host: ${{ matrix.s3_endpoint_host }} label_filter: ${{ matrix.label_filter }} + test_type: 'aws' - name: Teardown AWS infrastructure if: always() From 785bc1abc8a5fd781b2bcd9e4c4d3ddffd4464a0 Mon Sep 17 00:00:00 2001 From: Jochen Ehret Date: Fri, 13 Mar 2026 15:01:33 +0100 Subject: [PATCH 6/6] [DRAFT] Remove unnecessary comments --- .github/actions/s3-integration-run/action.yml | 2 +- .github/workflows/s3-integration.yml | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/actions/s3-integration-run/action.yml b/.github/actions/s3-integration-run/action.yml index 9beafce..12954c2 100644 --- a/.github/actions/s3-integration-run/action.yml +++ b/.github/actions/s3-integration-run/action.yml @@ -12,7 +12,7 @@ inputs: description: 'AWS Region Name' required: true stack_name: - description: 'CloudFormation Stack Name (required for aws and aws-iam tests)' + description: 'CloudFormation Stack Name' required: false default: '' test_type: diff --git a/.github/workflows/s3-integration.yml b/.github/workflows/s3-integration.yml index 7d239ce..9b69517 100644 --- a/.github/workflows/s3-integration.yml +++ b/.github/workflows/s3-integration.yml @@ -17,7 +17,6 @@ concurrency: cancel-in-progress: false jobs: - # AWS S3 US Integration aws-s3-us-integration: name: AWS S3 US Integration runs-on: ubuntu-latest @@ -86,7 +85,6 @@ jobs: region_name: ${{ env.REGION_NAME }} stack_name: ${{ env.STACK_NAME }} - # AWS S3 Regional Integration aws-s3-regional-integration: name: AWS S3 ${{ matrix.name }} Integration runs-on: ubuntu-latest