Refine e2e-enterprise pipeline and scripts

2026-05-23 17:25:54 +00:00 · 2026-05-11 17:03:26 +05:30 · 2026-05-11 17:03:26 +05:30 · 136b822494
commit 136b822494
parent 5305662f7f
3 changed files with 56 additions and 10 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -205,9 +205,14 @@ jobs:
      - name: Generate TLS Certificates
        if: ${{ !env.ACT }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GH_GET_RETRIES: 3
        run: |
-          curl -sSfL https://github.com/cloudflare/cfssl/releases/download/v1.6.5/cfssl_1.6.5_linux_amd64 -o /usr/local/bin/cfssl
+          # Source the getGH function for authenticated GitHub downloads with retries
-          curl -sSfL https://github.com/cloudflare/cfssl/releases/download/v1.6.5/cfssljson_1.6.5_linux_amd64 -o /usr/local/bin/cfssljson
+          source ./scripts/.functions
          getGH https://github.com/cloudflare/cfssl/releases/download/v1.6.5/cfssl_1.6.5_linux_amd64 /usr/local/bin/cfssl
          getGH https://github.com/cloudflare/cfssl/releases/download/v1.6.5/cfssljson_1.6.5_linux_amd64 /usr/local/bin/cfssljson
          chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson
          ./scripts/gen-tls-certs.sh
          cat .build/e2e-tls.env >> "$GITHUB_ENV"
--- a/scripts/.functions
+++ b/scripts/.functions
@ -0,0 +1,35 @@
 #!/usr/bin/env bash
 # Copyright IBM Corp. 2019, 2025
 # SPDX-License-Identifier: MIT
 # Adapted from: https://github.com/hashicorp/vault-secrets-operator/blob/main/hack/.functions
 # getGH downloads files from GitHub with optional authentication
 # Usage: getGH <url> [dest_file] [num_retries]
 function getGH() {
  local url="$1"
  local dest="$2"
  local num_retries="${3:-${GH_GET_RETRIES}}"
  headers=(
      '--header' "Accept: application/vnd.github+json"
      '--header' "X-GitHub-Api-Version: 2022-11-28"
  )
  if [ -n "${GITHUB_TOKEN}" ]; then
      headers+=(
          '--header' "Authorization: Bearer ${GITHUB_TOKEN}"
      )
  fi
  cmd=curl
  opts=('-sfSL')
  echo "Fetching ${url}"
  if [ -z "${dest}" ]; then
    opts+=('-O')
  else
    opts+=('-o' "${dest}")
  fi
  if [ -n "${num_retries}" ]; then
    opts+=('--retry' "${num_retries}")
  fi
  ${cmd} "${opts[@]}" "${headers[@]}" "${url}"
 }
--- a/scripts/gen-tls-certs.sh
+++ b/scripts/gen-tls-certs.sh
@ -11,17 +11,19 @@
 set -euo pipefail
-REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+pushd "$(git rev-parse --show-toplevel || echo .)" > /dev/null
-OUTDIR="$REPO_ROOT/.build/certs"
+
-ENVFILE="$REPO_ROOT/.build/e2e-tls.env"
+OUTDIR=".build/certs"
 ENVFILE=".build/e2e-tls.env"
 if ! command -v cfssl &>/dev/null || ! command -v cfssljson &>/dev/null; then
    echo "error: cfssl and cfssljson are required." >&2
    popd > /dev/null
    exit 1
 fi
 mkdir -p "$OUTDIR"
-cd "$OUTDIR"
+pushd "$OUTDIR" > /dev/null
 # ── cfssl signing config ──────────────────────────────────────────────────────
 cat > cfssl-config.json <<'EOF'
@ -92,15 +94,19 @@ rm -f ca.csr server.csr client.csr ca-key.pem cfssl-config.json
 # Ensure files are readable by the vault container user
 chmod 644 ./*.crt ./*.key
 popd > /dev/null
 # ── Copy vault server config ──────────────────────────────────────────────────
-cp "$REPO_ROOT/integrationTests/e2e-tls/configs/config.hcl" config.hcl
+cp "integrationTests/e2e-tls/configs/config.hcl" "$OUTDIR/config.hcl"
 # ── Write env file for local act usage ───────────────────────────────────────
 {
-    printf 'VAULTCA=%s\n'          "$(base64 < ca.crt     | tr -d '\n')"
+    printf 'VAULTCA=%s\n'          "$(base64 < "$OUTDIR/ca.crt"     | tr -d '\n')"
-    printf 'VAULT_CLIENT_CERT=%s\n' "$(base64 < client.crt | tr -d '\n')"
+    printf 'VAULT_CLIENT_CERT=%s\n' "$(base64 < "$OUTDIR/client.crt" | tr -d '\n')"
-    printf 'VAULT_CLIENT_KEY=%s\n'  "$(base64 < client.key | tr -d '\n')"
+    printf 'VAULT_CLIENT_KEY=%s\n'  "$(base64 < "$OUTDIR/client.key" | tr -d '\n')"
 } > "$ENVFILE"
 echo "Certs generated in $OUTDIR"
 echo "Env file written to $ENVFILE"
 popd > /dev/null