add BackendSecurityPolicy for traffic (authN/authZ) from gateway to provider #93
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests using Secrets | |
| # This workflow is triggered on pushes to the main branch and pull requests to the main branch. | |
| # If the PR is coming from a fork, the workflow is triggered only if the PR gets labeled with 'safe to test', | |
| # which can only be added by the maintainers. | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| pull_request_target: | |
| types: [labeled] | |
| branches: | |
| - main | |
| jobs: | |
| extproc_tests: | |
| name: External Processor | |
| if: ( github.event.pull_request.head.repo.fork == false ) || | |
| ( contains(github.event.pull_request.labels.*.name, 'safe to test') ) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| if: github.event.pull_request.head.repo.fork == false | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| if: contains(github.event.pull_request.labels.*.name, 'safe to test') | |
| - uses: actions/setup-go@v5 | |
| with: | |
| cache: false | |
| go-version-file: go.mod | |
| - uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| ~/go/bin | |
| key: extproc-tests-${{ hashFiles('**/go.mod', '**/go.sum', '**/Makefile') }} | |
| - name: Install Envoy | |
| env: | |
| # TODO: use the latest envoy after 1.33 is released. | |
| ENVOY_VERSION: envoyproxy/envoy-dev:latest | |
| run: | | |
| export ENVOY_BIN_DIR=$HOME/envoy/bin | |
| mkdir -p $ENVOY_BIN_DIR | |
| docker run -v $ENVOY_BIN_DIR:/tmp/coraza -w /tmp/coraza \ | |
| --entrypoint /bin/cp ${ENVOY_VERSION} /usr/local/bin/envoy . | |
| echo $ENVOY_BIN_DIR >> $GITHUB_PATH | |
| - name: Run unit tests | |
| env: | |
| TEST_AWS_ACCESS_KEY_ID: ${{ secrets.AWS_BEDROCK_USER_AWS_ACCESS_KEY_ID }} | |
| TEST_AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_BEDROCK_USER_AWS_SECRET_ACCESS_KEY }} | |
| TEST_OPENAI_API_KEY: ${{ secrets.ENVOY_AI_GATEWAY_OPENAI_API_KEY }} | |
| run: make test-extproc-e2e |