Test

Canonical shared encryption config #2009

	name: Test
	on:
	pull_request:
	branches:
	- main
	paths-ignore:
	- '.github/workflows/release.yml' # ignore unrelated workflow
	- '.github/workflows/benchmark.yml' # ignore unrelated workflow
	push:
	branches:
	- main
	paths-ignore:
	- '.github/workflows/release.yml' # ignore unrelated workflow
	- '.github/workflows/benchmark.yml' # ignore unrelated workflow
	workflow_dispatch:

	env:
	CARGO_TERM_COLOR: always

	jobs:
	test:
	name: Test (PostgreSQL ${{ matrix.pg_version }})
	runs-on: blacksmith-16vcpu-ubuntu-2204
	strategy:
	fail-fast: false
	matrix:
	pg_version: [14, 15, 16, 17] # PG 18 not currently supported
	env:
	PG_VERSION: ${{ matrix.pg_version }}
	CS_ZEROKMS_HOST: https://us-east-1.aws.zerokms.cipherstashmanaged.net
	CS_CTS_HOST: https://ap-southeast-2.aws.cts.cipherstashmanaged.net
	timeout-minutes: 30

	steps:
	- uses: actions/checkout@v4
	- uses: ./.github/actions/setup-test

	- name: Decrypt secrets
	uses: cipherstash/secrets-action@main
	with:
	secrets-file: .github/secrets.env.encrypted
	env:
	CS_CLIENT_ID: ${{ secrets.CS_VAULT_CLIENT_ID }}
	CS_CLIENT_KEY: ${{ secrets.CS_VAULT_CLIENT_KEY }}
	CS_CLIENT_ACCESS_KEY: ${{ secrets.CS_VAULT_CLIENT_ACCESS_KEY }}
	CS_WORKSPACE_CRN: ${{ secrets.CS_VAULT_WORKSPACE_CRN }}

	- run: \|
	mise run postgres:up --extra-args "--detach --wait"

	- name: Run tests
	env:
	RUST_BACKTRACE: "1"
	run: \|
	mise run --output prefix test

	- uses: ./.github/actions/send-slack-notification
	with:
	channel: engineering
	webhook_url: ${{ secrets.SLACK_NOTIFICATION_WEBHOOK_URL }}

Provide feedback