Merge branch 'main' into rage-0.11.2 #1507
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Interoperability tests | |
| on: [push, repository_dispatch] | |
| jobs: | |
| build-rage: | |
| name: Build rage | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Create FiloSottile/age status | |
| if: always() && github.event.action == 'age-interop-request' | |
| run: | | |
| curl -X POST https://api.github.com/repos/FiloSottile/age/statuses/${{ github.event.client_payload.sha }} \ | |
| -H 'Accept: application/vnd.github.everest-preview+json' \ | |
| -H 'Authorization: token ${{ secrets.AGE_STATUS_ACCESS_TOKEN }}' \ | |
| --data '{"state": "pending", "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "description": "In progress", "context": "Interoperability tests / Build rage"}' | |
| - uses: actions/checkout@v4 | |
| - name: cargo build | |
| run: cargo build --release --features unstable | |
| working-directory: ./rage | |
| - name: Build the dummy plugin | |
| run: cargo build --release --example age-plugin-unencrypted | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: rage | |
| path: | | |
| target/release/rage | |
| target/release/rage-keygen | |
| target/release/examples/age-plugin-unencrypted | |
| - name: Update FiloSottile/age status with result | |
| if: always() && github.event.action == 'age-interop-request' | |
| run: | | |
| curl -X POST https://api.github.com/repos/FiloSottile/age/statuses/${{ github.event.client_payload.sha }} \ | |
| -H 'Accept: application/vnd.github.everest-preview+json' \ | |
| -H 'Authorization: token ${{ secrets.AGE_STATUS_ACCESS_TOKEN }}' \ | |
| --data '{"state": "${{ job.status }}", "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "description": "Finished", "context": "Interoperability tests / Build rage"}' | |
| build-age: | |
| name: Build age | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Create FiloSottile/age status | |
| if: always() && github.event.action == 'age-interop-request' | |
| run: | | |
| curl -X POST https://api.github.com/repos/FiloSottile/age/statuses/${{ github.event.client_payload.sha }} \ | |
| -H 'Accept: application/vnd.github.everest-preview+json' \ | |
| -H 'Authorization: token ${{ secrets.AGE_STATUS_ACCESS_TOKEN }}' \ | |
| --data '{"state": "pending", "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "description": "In progress", "context": "Interoperability tests / Build age"}' | |
| - name: Set up Go 1.24 | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.24 | |
| id: go | |
| - name: Use specified FiloSottile/age commit | |
| if: github.event.action == 'age-interop-request' | |
| run: echo "AGE_REF=${{ github.event.client_payload.sha }}" >> $GITHUB_ENV | |
| - name: Use FiloSottile/age current main | |
| if: github.event.action != 'age-interop-request' | |
| run: echo "AGE_REF=refs/heads/main" >> $GITHUB_ENV | |
| - name: Check out FiloSottile/age | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: FiloSottile/age | |
| ref: ${{ env.AGE_REF }} | |
| path: go-age/age | |
| - name: go build | |
| run: | | |
| cd $GITHUB_WORKSPACE/go-age/age | |
| go build filippo.io/age/cmd/age | |
| go build filippo.io/age/cmd/age-keygen | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: age | |
| path: | | |
| go-age/age/age | |
| go-age/age/age-keygen | |
| - name: Update FiloSottile/age status with result | |
| if: always() && github.event.action == 'age-interop-request' | |
| run: | | |
| curl -X POST https://api.github.com/repos/FiloSottile/age/statuses/${{ github.event.client_payload.sha }} \ | |
| -H 'Accept: application/vnd.github.everest-preview+json' \ | |
| -H 'Authorization: token ${{ secrets.AGE_STATUS_ACCESS_TOKEN }}' \ | |
| --data '{"state": "${{ job.status }}", "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "description": "Finished", "context": "Interoperability tests / Build age"}' | |
| test: | |
| name: ${{ matrix.alice }} -> ${{ matrix.bob }} [${{ matrix.recipient }}] | |
| runs-on: ubuntu-latest | |
| needs: [build-rage, build-age] | |
| strategy: | |
| matrix: | |
| alice: [rage, age] | |
| bob: [rage, age] | |
| recipient: [x25519, tag, tagpq, ssh-rsa, ssh-ed25519, plugin] | |
| include: | |
| - identity: true | |
| - recipient: tag | |
| identity: false | |
| - recipient: tagpq | |
| identity: false | |
| fail-fast: false | |
| steps: | |
| - name: Create FiloSottile/age status | |
| if: always() && github.event.action == 'age-interop-request' | |
| run: | | |
| curl -X POST https://api.github.com/repos/FiloSottile/age/statuses/${{ github.event.client_payload.sha }} \ | |
| -H 'Accept: application/vnd.github.everest-preview+json' \ | |
| -H 'Authorization: token ${{ secrets.AGE_STATUS_ACCESS_TOKEN }}' \ | |
| --data '{"state": "pending", "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "description": "In progress", "context": "Interoperability tests / ${{ matrix.alice }} -> ${{ matrix.bob }} [${{ matrix.recipient }}]"}' | |
| # Download the binaries to test | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: rage | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: age | |
| - run: chmod +x rage | |
| - run: chmod +x rage-keygen | |
| - run: chmod +x age | |
| - run: chmod +x age-keygen | |
| # Prepare the plugin environment | |
| - name: Prepare the plugin environment | |
| if: matrix.recipient == 'plugin' | |
| run: | | |
| chmod +x ./examples/age-plugin-unencrypted | |
| mkdir -p ~/.local/bin | |
| mv ./examples/age-plugin-unencrypted ~/.local/bin | |
| # Prepare the test environment | |
| - name: Install dos2unix for simulating Windows files | |
| run: sudo apt update && sudo apt install dos2unix | |
| - name: Set up the X25519 identity and recipient | |
| if: matrix.recipient == 'x25519' | |
| run: | | |
| echo "AGE-SECRET-KEY-1TRYTV7PQS5XPUYSTAQZCD7DQCWC7Q77YJD7UVFJRMW4J82Q6930QS70MRX" >key.txt | |
| echo "age1y8m84r6pwd4da5d45zzk03rlgv2xr7fn9px80suw3psrahul44ashl0usm" >key.txt.pub | |
| echo "AGE_PUBKEY=-r age1y8m84r6pwd4da5d45zzk03rlgv2xr7fn9px80suw3psrahul44ashl0usm" >> $GITHUB_ENV | |
| - name: Set up the age tag recipient | |
| if: matrix.recipient == 'tag' | |
| run: | | |
| echo "age1tag1qt8lw0ual6avlwmwatk888yqnmdamm7xfd0wak53ut6elz5c4swx2yqdj4e" >key.txt.pub | |
| echo "AGE_PUBKEY=-r age1tag1qt8lw0ual6avlwmwatk888yqnmdamm7xfd0wak53ut6elz5c4swx2yqdj4e" >> $GITHUB_ENV | |
| - name: Set up the age tagpq recipient | |
| if: matrix.recipient == 'tagpq' | |
| run: | | |
| echo "age1tagpq1m3e4wvp6hzcrn9exhy0ae3xfx2sjymp594k3tg7j4dpmj922we65vtnmrt2pyallax8669zqkr2pmfchptr4n38kug2xmcmp3adk2lnjqu00x5kxz5pvhmrltvfh9wuq973pcx35cnq8syn9qd3tzpehgztl4xpzr3tpd67g8af9trnjpc05gh7wu536aq4qt2y8zhsm4tvrfpsfl36qs5fpzysnk3sp9w77qzeg49357xex40v4s2lvt620swyys7u8yxdcnu4rkkwxdmt55gsuc3h5c5swahnegjgqwc60hn085ec3sjztwm45l44y3j2at9t6v9zra4ek3kek6waecqm98yaxl37w0d2zra626nz63jdm5sg59w7lyptw83zm6fntd8d0x03a9z6h9prfgpygzar6zrxjcrt4cdctk2mhf95s4a6v4zklfd49xhpsaeujm57thx2x3e3hwzc86ftfhmq5mkxxz3d6r8ws24xj4qfn73eyezg2wy094e3why592pghz27ruq3vkyegrv80eftnw9wqzwgvnwyseaus0yt84fylzrpzp6x2fguxuqjmgudr8xd33qm30evdpxd3jvjg8qh4q60kyq80jgff369k7nrepdc38grd2dava520excqp0ey0x39khx8ry03yffcatgv84fsx5j49djpapedsy693zute5xv5g2ewzrlj5se7akvkc4g4vmzhputpq8eyj9wz5dz6qtn7g3cfpd95nahw4ytspan0feyye04dcylv24ege7zkaj004gjwcxqxfqu2quawa83sx452jqjn8t48czp0xspwgnmvjyhttzzy6nhq8xzkdwnvsfefkwva6asrqc93zjn4rly5gnlv93xy3uzmr39szvjnf63426qzyeyvguc4vdcquwgsxgq236afcpqz866ny4tn7ckc0umefj242rt5vtvwqzzrvfev2mpvqcufp9pqvefyv4ftyuhgausfzuaadsczeykmft5wv3frzgrcp9ztr93h478ke4t86spp2uhyjkj73mp9g92ddk2fpv7v3njzsqgwhq3789sqrgkskehn0zjscckhwftyq4vet7vrlx2hs5kd9cwnq6t0djffhh3zquh4j3p0yaj9z2rc9wykg0usqw7983rrgur9jg8rnnqypwcz2lyclnnc705fc5g3an93ps60q6mxqp85u0ewtxdjlqcks84yduft0a0g6e7naew3v9u2d08knarvajn8q3gq9pgxde3s7nx94lus48wwvw2xjm7k82tvylec2393jdsuvch2xpe77w8hpv9nvsxfsrs270njpmfvpmgyk2cffl9tjp3qqcc4dfkf5rme2dg0x7ew8g39www5smm705q5da4eqvnqwrkavtq6xje9ss38hnkglz4eddz8f5qruvqmq2ff9l22gwkv8h432rdkysy0grkul8e2fedvkyyapfxt760udcgu92m54wl9yavmj4ga3ph9r5n99cjrq6wj5v33x33fe5vkjvfwnnt40wuv2hyexc9f4ylyqv9ldqq9epd4yuv8vrsfx2qy2kqz08kqhnzspy6s0x8fa5c2xkg5y2q0rvz4vnk7rp0acg6eksc3t7cxnn8y7glkjsqja3p56uz6vvhcw55d3ysad0hvsqxpjnc7svenf2gc5xn5kyr0et2vvyruxlnpqcdpqh9pzplumy5yzjxftyzh9ujfw0jq7ee60zx2x23p0jzyh9dvmly8p9h9ysptlqu7kwnejd65dnr75a0np2fvke8xen38r57w6z3wz3mycjmmn267wwxndfh9jdps7uxtct2wwfgamkpa5ap8s96lhfjztpwcm6fguhphu38yunu2v4vz3syzrvgwtqpemkewzp766nyu6texxvjlaemnhyyqutkcy6a42vqfsz49rw5wr4gt70r4vdaasehqjg46fnyts4sthrxadfllha3avu49wsj2c4jx" >key.txt.pub | |
| echo "AGE_PUBKEY=-r age1tagpq1m3e4wvp6hzcrn9exhy0ae3xfx2sjymp594k3tg7j4dpmj922we65vtnmrt2pyallax8669zqkr2pmfchptr4n38kug2xmcmp3adk2lnjqu00x5kxz5pvhmrltvfh9wuq973pcx35cnq8syn9qd3tzpehgztl4xpzr3tpd67g8af9trnjpc05gh7wu536aq4qt2y8zhsm4tvrfpsfl36qs5fpzysnk3sp9w77qzeg49357xex40v4s2lvt620swyys7u8yxdcnu4rkkwxdmt55gsuc3h5c5swahnegjgqwc60hn085ec3sjztwm45l44y3j2at9t6v9zra4ek3kek6waecqm98yaxl37w0d2zra626nz63jdm5sg59w7lyptw83zm6fntd8d0x03a9z6h9prfgpygzar6zrxjcrt4cdctk2mhf95s4a6v4zklfd49xhpsaeujm57thx2x3e3hwzc86ftfhmq5mkxxz3d6r8ws24xj4qfn73eyezg2wy094e3why592pghz27ruq3vkyegrv80eftnw9wqzwgvnwyseaus0yt84fylzrpzp6x2fguxuqjmgudr8xd33qm30evdpxd3jvjg8qh4q60kyq80jgff369k7nrepdc38grd2dava520excqp0ey0x39khx8ry03yffcatgv84fsx5j49djpapedsy693zute5xv5g2ewzrlj5se7akvkc4g4vmzhputpq8eyj9wz5dz6qtn7g3cfpd95nahw4ytspan0feyye04dcylv24ege7zkaj004gjwcxqxfqu2quawa83sx452jqjn8t48czp0xspwgnmvjyhttzzy6nhq8xzkdwnvsfefkwva6asrqc93zjn4rly5gnlv93xy3uzmr39szvjnf63426qzyeyvguc4vdcquwgsxgq236afcpqz866ny4tn7ckc0umefj242rt5vtvwqzzrvfev2mpvqcufp9pqvefyv4ftyuhgausfzuaadsczeykmft5wv3frzgrcp9ztr93h478ke4t86spp2uhyjkj73mp9g92ddk2fpv7v3njzsqgwhq3789sqrgkskehn0zjscckhwftyq4vet7vrlx2hs5kd9cwnq6t0djffhh3zquh4j3p0yaj9z2rc9wykg0usqw7983rrgur9jg8rnnqypwcz2lyclnnc705fc5g3an93ps60q6mxqp85u0ewtxdjlqcks84yduft0a0g6e7naew3v9u2d08knarvajn8q3gq9pgxde3s7nx94lus48wwvw2xjm7k82tvylec2393jdsuvch2xpe77w8hpv9nvsxfsrs270njpmfvpmgyk2cffl9tjp3qqcc4dfkf5rme2dg0x7ew8g39www5smm705q5da4eqvnqwrkavtq6xje9ss38hnkglz4eddz8f5qruvqmq2ff9l22gwkv8h432rdkysy0grkul8e2fedvkyyapfxt760udcgu92m54wl9yavmj4ga3ph9r5n99cjrq6wj5v33x33fe5vkjvfwnnt40wuv2hyexc9f4ylyqv9ldqq9epd4yuv8vrsfx2qy2kqz08kqhnzspy6s0x8fa5c2xkg5y2q0rvz4vnk7rp0acg6eksc3t7cxnn8y7glkjsqja3p56uz6vvhcw55d3ysad0hvsqxpjnc7svenf2gc5xn5kyr0et2vvyruxlnpqcdpqh9pzplumy5yzjxftyzh9ujfw0jq7ee60zx2x23p0jzyh9dvmly8p9h9ysptlqu7kwnejd65dnr75a0np2fvke8xen38r57w6z3wz3mycjmmn267wwxndfh9jdps7uxtct2wwfgamkpa5ap8s96lhfjztpwcm6fguhphu38yunu2v4vz3syzrvgwtqpemkewzp766nyu6texxvjlaemnhyyqutkcy6a42vqfsz49rw5wr4gt70r4vdaasehqjg46fnyts4sthrxadfllha3avu49wsj2c4jx" >> $GITHUB_ENV | |
| - name: Generate an ssh-rsa key | |
| if: matrix.recipient == 'ssh-rsa' | |
| run: ssh-keygen -t rsa -N "" -f key.txt | |
| - name: Generate an ssh-ed25519 key | |
| if: matrix.recipient == 'ssh-ed25519' | |
| run: ssh-keygen -t ed25519 -N "" -f key.txt | |
| - name: Set the corresponding SSH recipient | |
| if: matrix.recipient == 'ssh-rsa' || matrix.recipient == 'ssh-ed25519' | |
| run: echo "AGE_PUBKEY=-R key.txt.pub" >> $GITHUB_ENV | |
| - name: Set up the plugin identity and recipient | |
| if: matrix.recipient == 'plugin' | |
| run: | | |
| age-plugin-unencrypted >key.txt | |
| echo "age1unencrypted1k5fr0r" >key.txt.pub | |
| echo "AGE_PUBKEY=-r age1unencrypted1k5fr0r" >> $GITHUB_ENV | |
| - name: Store key.txt in case we need it | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_key.txt | |
| path: key.txt | |
| # Tests! | |
| - name: Encrypt to file | |
| run: echo "Test string" | ./${{ matrix.alice }} -o test.age $AGE_PUBKEY | |
| - name: Decrypt from file | |
| run: ./${{ matrix.bob }} -d -i key.txt test.age | grep -q "^Test string$" | |
| if: matrix.identity | |
| - name: Store test.age | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test.age | |
| path: test.age | |
| - name: Generate a file to encrypt | |
| run: echo "2 test 2 string" > test2.txt | |
| - name: Encrypt to ASCII-armored file | |
| run: ./${{ matrix.alice }} -a -o test2.age $AGE_PUBKEY test2.txt | |
| - name: Decrypt from ASCII-armored file | |
| if: matrix.identity | |
| run: ./${{ matrix.bob }} -d -i key.txt test2.age | grep -q "^2 test 2 string$" | |
| - name: Store test2.age | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test2.age | |
| path: test2.age | |
| - name: Convert file to CRLF | |
| run: unix2dos test2.age | |
| - name: Decrypt from ASCII-armored CRLF file | |
| if: matrix.identity | |
| run: ./${{ matrix.bob }} -d -i key.txt test2.age | grep -q "^2 test 2 string$" | |
| - name: Store CRLF-ed test2.age | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test2.age | |
| path: test2.age | |
| - name: Pipes! | |
| if: matrix.identity | |
| run: echo "Test string 3 - ASCII Drift" | ./${{ matrix.alice }} $AGE_PUBKEY | tee --output-error=warn test3.age | ./${{ matrix.bob }} -d -i key.txt | grep -q "^Test string 3 - ASCII Drift$" | |
| - name: Store test3.age | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test3.age | |
| path: test3.age | |
| - name: Explicit stdout during encryption | |
| run: ./${{ matrix.alice }} -a -o - $AGE_PUBKEY test2.txt >test4.age | |
| - name: Explicit stdin during decryption | |
| if: matrix.identity | |
| run: cat test4.age | ./${{ matrix.bob }} -d -i key.txt - | grep -q "^2 test 2 string$" | |
| - name: Store test4.age | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test4.age | |
| path: test4.age | |
| - name: Generate a file to encrypt | |
| run: echo "Test 5" > test5.txt | |
| - name: Encrypt to identity in a named pipe | |
| if: matrix.identity | |
| run: ./${{ matrix.alice }} -e -i <(cat key.txt) -o test5.age test5.txt | |
| - name: Decrypt with identity in a named pipe | |
| if: matrix.identity | |
| run: ./${{ matrix.bob }} -d -i <(cat key.txt) test5.age | grep -q "^Test 5$" | |
| - name: Store test5.age | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test5.age | |
| path: test5.age | |
| - name: Encrypt to recipient in standard input | |
| run: cat key.txt.pub | ./${{ matrix.alice }} -e -R - -o test6.age test5.txt | |
| - name: Decrypt with identity in standard input | |
| if: matrix.identity | |
| run: cat key.txt | ./${{ matrix.bob }} -d -i - test6.age | grep -q "^Test 5$" | |
| - name: Store test6.age | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: ${{ matrix.alice }}_${{ matrix.bob }}_${{ matrix.recipient }}_test6.age | |
| path: test6.age | |
| - name: Keygen prevents overwriting an existing file | |
| if: matrix.identity | |
| run: | | |
| touch do_not_overwrite_key.txt | |
| if $(./${{ matrix.alice }}-keygen -o do_not_overwrite_key.txt); then | |
| false | |
| else | |
| true | |
| fi | |
| - name: Keygen supports conversion from stdin | |
| if: matrix.identity | |
| run: ./${{ matrix.alice }}-keygen | ./${{ matrix.bob }}-keygen -y | |
| - name: Keygen supports conversion from file | |
| if: matrix.recipient == 'x25519' | |
| run: ./${{ matrix.alice }}-keygen -y key.txt | |
| - name: Update FiloSottile/age status with result | |
| if: always() && github.event.action == 'age-interop-request' | |
| run: | | |
| curl -X POST https://api.github.com/repos/FiloSottile/age/statuses/${{ github.event.client_payload.sha }} \ | |
| -H 'Accept: application/vnd.github.everest-preview+json' \ | |
| -H 'Authorization: token ${{ secrets.AGE_STATUS_ACCESS_TOKEN }}' \ | |
| --data '{"state": "${{ job.status }}", "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "description": "Finished", "context": "Interoperability tests / ${{ matrix.alice }} -> ${{ matrix.bob }} [${{ matrix.recipient }}]"}' |