From 93d71e6e887f2bf339f913a6684f90c6457e8513 Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Fri, 26 Dec 2025 17:52:12 -0800 Subject: [PATCH] Add GitHub Actions CI for S3 volume encryption tests - Add test-volume-encryption target to Makefile that starts server with -s3.encryptVolumeData - Add s3-volume-encryption job to GitHub Actions workflow - Tests run with integration build tag and 10m timeout - Server logs uploaded on failure for debugging --- .github/workflows/s3-sse-tests.yml | 50 ++++++++++++++++++++++++++++++ test/s3/sse/Makefile | 33 ++++++++++++++++++++ 2 files changed, 83 insertions(+) diff --git a/.github/workflows/s3-sse-tests.yml b/.github/workflows/s3-sse-tests.yml index 946e4735e..2a8c0b332 100644 --- a/.github/workflows/s3-sse-tests.yml +++ b/.github/workflows/s3-sse-tests.yml @@ -345,3 +345,53 @@ jobs: name: s3-sse-performance-logs path: test/s3/sse/weed-test*.log retention-days: 7 + + s3-volume-encryption: + name: S3 Volume Encryption Test + runs-on: ubuntu-22.04 + timeout-minutes: 20 + + steps: + - name: Check out code + uses: actions/checkout@v6 + + - name: Set up Go + uses: actions/setup-go@v6 + with: + go-version-file: 'go.mod' + id: go + + - name: Install SeaweedFS + run: | + go install -buildvcs=false + + - name: Run S3 Volume Encryption Integration Tests + timeout-minutes: 15 + working-directory: test/s3/sse + run: | + set -x + echo "=== System Information ===" + uname -a + free -h + + # Run volume encryption tests with -s3.encryptVolumeData flag + echo "🚀 Running S3 volume encryption integration tests..." + make test-volume-encryption || { + echo "❌ Volume encryption tests failed, checking logs..." + if [ -f /tmp/seaweedfs-sse-mini.log ]; then + echo "=== Server logs ===" + tail -100 /tmp/seaweedfs-sse-mini.log + fi + echo "=== Process information ===" + ps aux | grep -E "(weed|test)" || true + exit 1 + } + + - name: Upload server logs on failure + if: failure() + uses: actions/upload-artifact@v6 + with: + name: s3-volume-encryption-logs + path: /tmp/seaweedfs-sse-*.log + retention-days: 3 + diff --git a/test/s3/sse/Makefile b/test/s3/sse/Makefile index e646ef901..87c171486 100644 --- a/test/s3/sse/Makefile +++ b/test/s3/sse/Makefile @@ -470,3 +470,36 @@ dev-kms: setup-openbao @echo "OpenBao: $(OPENBAO_ADDR)" @echo "Token: $(OPENBAO_TOKEN)" @echo "Use 'make test-ssekms-integration' to run tests" + +# Volume encryption integration tests +test-volume-encryption: build-weed + @echo "🚀 Starting S3 volume encryption integration tests..." + @echo "Starting SeaweedFS cluster with volume encryption enabled..." + @# Start server with -s3.encryptVolumeData flag + @mkdir -p /tmp/seaweedfs-test-sse + @rm -f /tmp/seaweedfs-sse-*.log || true + @sed -e 's/ACCESS_KEY_PLACEHOLDER/$(ACCESS_KEY)/g' \ + -e 's/SECRET_KEY_PLACEHOLDER/$(SECRET_KEY)/g' \ + s3-config-template.json > /tmp/seaweedfs-s3.json + @echo "Starting weed mini with S3 volume encryption..." + @AWS_ACCESS_KEY_ID=$(ACCESS_KEY) AWS_SECRET_ACCESS_KEY=$(SECRET_KEY) GLOG_v=4 $(SEAWEEDFS_BINARY) mini \ + -dir=/tmp/seaweedfs-test-sse \ + -s3.port=$(S3_PORT) \ + -s3.config=/tmp/seaweedfs-s3.json \ + -s3.encryptVolumeData \ + -ip=127.0.0.1 \ + > /tmp/seaweedfs-sse-mini.log 2>&1 & echo $$! > /tmp/weed-mini.pid + @echo "Checking S3 service is ready..." + @for i in $$(seq 1 30); do \ + if curl -s http://127.0.0.1:$(S3_PORT) > /dev/null 2>&1; then \ + echo "✅ S3 service is ready"; \ + break; \ + fi; \ + sleep 1; \ + done + @echo "Running volume encryption integration tests..." + @trap '$(MAKE) -C $(TEST_DIR) stop-seaweedfs-safe || true' EXIT; \ + cd $(SEAWEEDFS_ROOT) && go test -v -tags=integration -timeout=10m -run "TestS3VolumeEncryption" ./test/s3/sse || exit 1; \ + echo "✅ Volume encryption tests completed successfully"; \ + $(MAKE) -C $(TEST_DIR) stop-seaweedfs-safe || true +