Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 20 additions & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,12 @@ jobs:

- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
# Needed so barbacane-test's build.rs can compile the fixture WASM
# plugins (streaming-echo, body-echo). Without the target it fails with
# exit 101 and the streaming/body integration tests panic on the
# missing .wasm.
targets: wasm32-unknown-unknown

- name: Cache cargo registry
uses: actions/cache@v5
Expand All @@ -288,8 +294,20 @@ jobs:
run: chmod +x target/debug/barbacane

- name: Run integration tests
# Run gateway integration tests from barbacane-test crate
run: cargo test -p barbacane-test --lib -- --test-threads=2
# Run the full barbacane-test suite: the lib tests plus every
# integration binary in tests/*.rs. The `security` target is excluded
# here because it needs PostgreSQL and the control-plane binary — it has
# its own `security-suite` job below. Targets are discovered rather than
# hard-coded so new suites are picked up automatically.
run: |
targets=$(ls crates/barbacane-test/tests/*.rs \
| xargs -n1 basename | sed 's/\.rs$//' \
| grep -vx security \
| sed 's/^/--test /' | tr '\n' ' ')
echo "Running integration targets: $targets"
# --no-fail-fast so a failure in one binary doesn't hide failures in
# the binaries that would run after it; we want the full picture.
cargo test -p barbacane-test --lib $targets --no-fail-fast -- --test-threads=2

# Adversarial security suite (crates/barbacane-test/tests/security/). Runs the
# gateway (and, for authz, the control plane) end-to-end, so it needs the
Expand Down
140 changes: 130 additions & 10 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions crates/barbacane-test/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ thiserror = { workspace = true }
rcgen = { workspace = true }
rustls = { workspace = true }
base64 = { workspace = true }
# ES256 signing of test JWTs. The jwt-auth plugin enforces real signatures in
# the production WASM (skip_signature_validation is honored only under cfg(test)
# of the plugin's own unit tests), so integration tests must sign properly.
p256 = { version = "0.13", features = ["ecdsa"] }
wiremock = "0.6"
tokio-tungstenite = { workspace = true }
futures-util = { workspace = true }
Expand Down
31 changes: 23 additions & 8 deletions crates/barbacane-test/build.rs
Original file line number Diff line number Diff line change
Expand Up @@ -48,20 +48,35 @@ fn main() {

for plugin in FIXTURE_PLUGINS {
let plugin_dir = root.join(plugin.dir);
let wasm_path = plugin_dir
.join("target/wasm32-unknown-unknown/release")
.join(plugin.wasm);
let release_dir = plugin_dir.join("target/wasm32-unknown-unknown/release");
let wasm_path = release_dir.join(plugin.wasm);

// Re-run if any source file in the plugin changes.
// Re-run if any source file or the manifest changes.
println!("cargo:rerun-if-changed={}/src", plugin_dir.display());
println!("cargo:rerun-if-changed={}/Cargo.toml", plugin_dir.display());
println!(
"cargo:rerun-if-changed={}/plugin.toml",
plugin_dir.display()
);

if wasm_path.exists() {
// Already built — skip (incremental builds use rerun-if-changed above).
continue;
if !wasm_path.exists() {
build_fixture_plugin(&plugin_dir, &wasm_path, plugin.wasm);
}

build_fixture_plugin(&plugin_dir, &wasm_path, plugin.wasm);
// The compiler reads a plugin's capabilities from a `plugin.toml` in the
// same directory as its .wasm. These fixtures keep plugin.toml at the
// crate root, so copy it next to the built wasm — otherwise capability
// enforcement sees no declared host functions and rejects the plugin.
let src_toml = plugin_dir.join("plugin.toml");
let dst_toml = release_dir.join("plugin.toml");
if src_toml.exists() && release_dir.exists() {
if let Err(e) = std::fs::copy(&src_toml, &dst_toml) {
println!(
"cargo:warning=failed to copy {} plugin.toml next to wasm: {}",
plugin.wasm, e
);
}
}
}
}

Expand Down
Loading