Add GitHub Actions CI for S3 volume encryption tests

- Add test-volume-encryption target to Makefile that starts server with -s3.encryptVolumeData
- Add s3-volume-encryption job to GitHub Actions workflow
- Tests run with integration build tag and 10m timeout
- Server logs uploaded on failure for debugging

.github/workflows/s3-sse-tests.yml

@@ -345,3 +345,53 @@ jobs:
           name: s3-sse-performance-logs
           path: test/s3/sse/weed-test*.log
           retention-days: 7
+
+  s3-volume-encryption:
+    name: S3 Volume Encryption Test
+    runs-on: ubuntu-22.04
+    timeout-minutes: 20
+    
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v6
+
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: 'go.mod'
+        id: go
+
+      - name: Install SeaweedFS
+        run: |
+          go install -buildvcs=false
+
+      - name: Run S3 Volume Encryption Integration Tests
+        timeout-minutes: 15
+        working-directory: test/s3/sse
+        run: |
+          set -x
+          echo "=== System Information ==="
+          uname -a
+          free -h
+          
+          # Run volume encryption tests with -s3.encryptVolumeData flag
+          echo "🚀 Running S3 volume encryption integration tests..."
+          make test-volume-encryption || {
+            echo "❌ Volume encryption tests failed, checking logs..."
+            if [ -f /tmp/seaweedfs-sse-mini.log ]; then
+              echo "=== Server logs ==="
+              tail -100 /tmp/seaweedfs-sse-mini.log
+            fi
+            echo "=== Process information ==="
+            ps aux | grep -E "(weed|test)" || true
+            exit 1
+          }
+
+      - name: Upload server logs on failure
+        if: failure()
+        uses: actions/upload-artifact@v6
+        with:
+          name: s3-volume-encryption-logs
+          path: /tmp/seaweedfs-sse-*.log
+          retention-days: 3
+

test/s3/sse/Makefile

@@ -470,3 +470,36 @@ dev-kms: setup-openbao
 	@echo "OpenBao: $(OPENBAO_ADDR)"
 	@echo "Token: $(OPENBAO_TOKEN)"
 	@echo "Use 'make test-ssekms-integration' to run tests"
+
+# Volume encryption integration tests
+test-volume-encryption: build-weed
+	@echo "🚀 Starting S3 volume encryption integration tests..."
+	@echo "Starting SeaweedFS cluster with volume encryption enabled..."
+	@# Start server with -s3.encryptVolumeData flag
+	@mkdir -p /tmp/seaweedfs-test-sse
+	@rm -f /tmp/seaweedfs-sse-*.log || true
+	@sed -e 's/ACCESS_KEY_PLACEHOLDER/$(ACCESS_KEY)/g' \
+	     -e 's/SECRET_KEY_PLACEHOLDER/$(SECRET_KEY)/g' \
+	     s3-config-template.json > /tmp/seaweedfs-s3.json
+	@echo "Starting weed mini with S3 volume encryption..."
+	@AWS_ACCESS_KEY_ID=$(ACCESS_KEY) AWS_SECRET_ACCESS_KEY=$(SECRET_KEY) GLOG_v=4 $(SEAWEEDFS_BINARY) mini \
+		-dir=/tmp/seaweedfs-test-sse \
+		-s3.port=$(S3_PORT) \
+		-s3.config=/tmp/seaweedfs-s3.json \
+		-s3.encryptVolumeData \
+		-ip=127.0.0.1 \
+		> /tmp/seaweedfs-sse-mini.log 2>&1 & echo $$! > /tmp/weed-mini.pid
+	@echo "Checking S3 service is ready..."
+	@for i in $$(seq 1 30); do \
+		if curl -s http://127.0.0.1:$(S3_PORT) > /dev/null 2>&1; then \
+			echo "✅ S3 service is ready"; \
+			break; \
+		fi; \
+		sleep 1; \
+	done
+	@echo "Running volume encryption integration tests..."
+	@trap '$(MAKE) -C $(TEST_DIR) stop-seaweedfs-safe || true' EXIT; \
+	cd $(SEAWEEDFS_ROOT) && go test -v -tags=integration -timeout=10m -run "TestS3VolumeEncryption" ./test/s3/sse || exit 1; \
+	echo "✅ Volume encryption tests completed successfully"; \
+	$(MAKE) -C $(TEST_DIR) stop-seaweedfs-safe || true
+