github-infisical-secrets-check-action/.github/workflows/test.yml at c09d15c7989faeb70fdb7b6c28d3787955b63ed4 · guibranco/github-infisical-secrets-check-action · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
name: Test

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  bats-matrix:
    name: Bats tests (${{ matrix.os }})
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
    steps:
      - uses: actions/checkout@v5
      - name: Set up Bats
        if: matrix.os != 'windows-latest'
        run: |
          sudo apt-get update || true
          sudo apt-get install -y bats || brew install bats-core
      - name: Set up Bats (Windows)
        if: matrix.os == 'windows-latest'
        run: |
          choco install bats
      - name: Run Bats tests
        run: bats tests/test_action.bats

  coverage:
    name: Coverage (kcov)
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v5
      - name: Install kcov
        run: sudo apt-get update && sudo apt-get install -y kcov
      - name: Run Bats with coverage
        run: |
          kcov --include-path=. coverage bats tests/test_action.bats || true
      - name: Upload coverage artifact
        uses: actions/upload-artifact@v4
        with:
          name: coverage
          path: coverage/

  gh-tests:
    name: Native GitHub Action tests
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v5
      - name: Safe repo test
        id: safe
        run: |
          mkdir safe-repo && cd safe-repo
          git init -q
          echo "hello world" > file.txt
          git add file.txt
          git commit -m "Initial commit" -q
      - name: Run action (safe)
        id: run-safe
        uses: ./
        with:
          path: safe-repo
        continue-on-error: false
      - name: Assert safe output
        run: |
          echo "secrets-leaked=${{ steps.run-safe.outputs.secrets-leaked }}"
          test "${{ steps.run-safe.outputs.secrets-leaked }}" = "0"

      - name: Leaky repo test
        id: leaky
        run: |
          mkdir leaky-repo && cd leaky-repo
          git init -q
          echo "FAKE_SECRET=abcd1234abcd1234abcd1234abcd1234" > .env
          git add .env
          git commit -m "Add fake secret" -q
      - name: Run action (leaky)
        id: run-leaky
        uses: ./
        with:
          path: leaky-repo
        continue-on-error: true
      - name: Assert leaky output
        run: |
          echo "secrets-leaked=${{ steps.run-leaky.outputs.secrets-leaked }}"
          test "${{ steps.run-leaky.outputs.secrets-leaked }}" -gt 0