Refactor CI Workflow for Efficiency and Clarity (#41)

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>

.github/actions/setup-env/action.yaml

@@ -0,0 +1,24 @@
+name: 'Setup Environment'
+description: 'Install Protoc and Rust toolchain, and set up Rust dependencies cache'
+runs:
+  using: 'composite'
+  steps:
+    - name: Install Protoc
+      uses: arduino/setup-protoc@v2
+
+    - name: Cache Rust dependencies
+      uses: actions/cache@v2
+      with:
+        path: |
+          ~/.cargo/registry
+          ~/.cargo/git
+          target
+        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-cargo-
+
+    - name: Setup Rust toolchain
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: nightly
+        components: rustfmt, clippy

.github/workflows/ci.yml

@@ -3,40 +3,45 @@ name: Continuous Integration
 on: [push, pull_request]
 
 jobs:
-  format:
-    name: Execute rustfmt and clippy
+  lint-and-setup:
+    name: Setup and Lint Rust Code
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-
-      - name: Install Protoc
-        uses: arduino/setup-protoc@v2
-
-      - name: Setup Rust toolchain
-        uses: actions-rs/toolchain@v1
-        with:
-          toolchain: nightly
-          components: rustfmt, clippy
-
-      - name: Execute rustfmt
-        run: cargo +nightly fmt
-
-      - name: Execute clippy
-        run: cargo +nightly clippy
+      - name: Check out code
+        uses: actions/checkout@v3
+      - name: Install dependencies and common setup
+        uses: ./.github/actions/setup-env
+      - name: Lint Rust code with rustfmt and clippy
+        run: |
+          cargo +nightly fmt
+          cargo +nightly clippy
+
+  build:
+    name: Build Rust Project
+    runs-on: ubuntu-latest
+    needs: lint-and-setup
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+      - name: Install dependencies and common setup
+        uses: ./.github/actions/setup-env
+      - name: Build Rust project
+        run: cargo build
 
   test:
-    name: Execute the test script
+    name: Run SPIFFE Integration Tests
     runs-on: ubuntu-latest
+    env:
+      SPIFFE_ENDPOINT_SOCKET: unix:/tmp/spire-agent/public/api.sock
+    needs: build
     steps:
-      - uses: actions/checkout@v3
-
-      - name: Install Protoc
-        uses: arduino/setup-protoc@v2
-
-      - name: Setup Rust toolchain
-        uses: actions-rs/toolchain@v1
-        with:
-          toolchain: stable
-
-      - name: Run the script
-        run: ./ci.sh
+      - name: Check out code
+        uses: actions/checkout@v3
+      - name: Install dependencies and common setup
+        uses: ./.github/actions/setup-env
+      - name: Start SPIRE
+        run: ./scripts/run-spire.sh &
+      - name: Execute spiffe Integration Tests
+        run: RUST_BACKTRACE=1 cargo test --features integration-tests
+      - name: Clean up SPIRE
+        run: ./scripts/cleanup-spire.sh

scripts/cleanup-spire.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+killall -9 spire-agent || true
+killall -9 spire-server || true
+rm -f /tmp/spire-server/private/api.sock
+rm -f /tmp/spire-agent/public/api.sock

scripts/run-spire.sh

@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+
+# Constants
+spire_version="1.7.1"
+spire_folder="spire-${spire_version}"
+spire_server_log_file="/tmp/spire-server/server.log"
+spire_agent_log_file="/tmp/spire-agent/agent.log"
+agent_id="spiffe://example.org/myagent"
+
+# Helper function to wait for a service to be available
+function wait_for_service() {
+  local command="$1"
+  local description="$2"
+  local log_file="$3"
+
+  for i in {1..10}; do
+    if ${command} >/dev/null 2>&1; then
+      return 0
+    fi
+    sleep 1
+  done
+
+  [ -n "${log_file}" ] && cat ${log_file} >&2
+  echo "${description} failed to start" >&2
+  exit 1
+}
+
+# Main script starts here
+set -euf -o pipefail
+
+# Install and run a SPIRE server
+curl -s -N -L https://github.com/spiffe/spire/releases/download/v${spire_version}/spire-${spire_version}-linux-amd64-glibc.tar.gz | tar xz
+pushd "${spire_folder}"
+mkdir -p /tmp/spire-server
+bin/spire-server run -config conf/server/server.conf > "${spire_server_log_file}" 2>&1 &
+wait_for_service "bin/spire-server healthcheck" "SPIRE Server" "${spire_server_log_file}"
+
+# Run the SPIRE agent with the joint token
+bin/spire-server token generate -spiffeID ${agent_id} > token
+cut -d ' ' -f 2 token > token_stripped
+mkdir -p /tmp/spire-agent
+bin/spire-agent run -config conf/agent/agent.conf -joinToken "$(< token_stripped)" > "${spire_agent_log_file}" 2>&1 &
+wait_for_service "bin/spire-agent healthcheck" "SPIRE Agent" "${spire_agent_log_file}"
+
+# Register workloads
+for service in "myservice" "myservice2"; do
+  bin/spire-server entry create -parentID ${agent_id} -spiffeID spiffe://example.org/${service} -selector unix:uid:$(id -u) -ttl 5
+  sleep 10  # Derived from the default Agent sync interval
+done
+
+popd

tests/workload_api_client_test.rs

@@ -1,4 +1,4 @@
-// These tests requires a running SPIRE server and agent with workloads registered (see script `ci.sh`).
+// These tests requires a running SPIRE server and agent with workloads registered (see `scripts/run-spire.sh`).
 
 #[cfg(feature = "integration-tests")]
 mod integration_tests {