debug vault daemon in CI

nzlosh · nzlosh · commit c7d5b5d1be77 · 2026-05-20T18:22:44.000+02:00
diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml
@@ -19,14 +19,17 @@ jobs:
         include:
           - python-version-short: "3.9"
             python-version: 3.9.21
+            consul-version: "1.22.7-1"
             vault-version: "2.0.0-1"
             hvac-gh-tag: "v2.4.0"
           - python-version-short: "3.10"
             python-version: 3.10.16
+            consul-version: "1.22.7-1"
             vault-version: "2.0.0-1"
             hvac-gh-tag: "v2.4.0"
           - python-version-short: "3.11"
             python-version: 3.11.11
+            consul-version: "1.22.7-1"
             vault-version: "2.0.0-1"
             hvac-gh-tag: "v2.4.0"
     steps:
@@ -68,13 +71,31 @@ jobs:
             -o APT::Get::List-Cleanup="0" \
             -o Dir::Etc::sourcelist="sources.list.d/hashicorp.list"
 
-          sudo apt install consul vault=${{ matrix.vault-version }}
+          sudo apt install consul=${{ matrix.consul-version }} vault=${{ matrix.vault-version }}
 
           # We disble cap_ipc_lock here as its generally incompatabile with GitHub
           # Actions' runtime environments.
           sudo setcap cap_ipc_lock= /usr/bin/vault
-          sudo systemctl restart consul vault
-          sudo systemctl status consul vault
+
+          # Consul needs to be explicitly configured to start in the CI/CD environment.
+          sudo mkdir -p /srv/consul && sudo chown -R consul:consul /srv/consul
+          sudo tee /etc/consul.d/consul.hcl >/dev/null <<EOF
+          enable_debug = false
+          datacenter = "cicd"
+          data_dir = "/srv/consul"
+          ui_config{
+            enabled = false
+          }
+          server = true
+          bind_addr = "127.0.0.1"
+          client_addr = "127.0.0.1"
+          advertise_addr = "127.0.0.1"
+          retry_join = ["localhost"]
+          bootstrap_expect = 0
+          encrypt = "katpv2wgyY5Za8bGAHh7+URaeLJWh4g+gK0GBjmvQXA="
+          EOF
+          sudo systemctl restart consul
+          sudo systemctl restart vault
 
       - name: Setup hvac symlinks
         shell: bash
diff --git a/tests/vault_action_tests_base.py b/tests/vault_action_tests_base.py
@@ -1,6 +1,6 @@
 from st2tests.base import BaseActionTestCase
 
-from tests.utils import get_config_file_path
+# #from tests.utils import get_config_file_path
 from tests.utils.hvac_integration_test_case import HvacIntegrationTestCase
 
 
@@ -59,7 +59,9 @@ def tearDown(self):
 
     def build_dummy_pack_config(self, url="https://localhost:8200"):
         # based on create_client() in hvac/tests/utils/__init__.py
-        server_cert_path = get_config_file_path("server-cert.pem")
+        # CI/CD only has a self-signed cert.
+        # #server_cert_path = get_config_file_path("server-cert.pem")
+        server_cert_path = False
 
         token_result = self.client.auth.token.create(ttl=self.default_token_lease)
         token = token_result["auth"]["client_token"]
