Skip to content

Commit 340b52e

Browse files
committed
fix(ci): provide CS_* creds to bench-eql for fixture generation
With bench.sh now running test:sqlx:prep, fixture:generate:all encrypts via cipherstash-client and needs ZeroKMS auth (CS_CLIENT_ACCESS_KEY + CS_WORKSPACE_CRN) plus a client key (CS_CLIENT_ID + CS_CLIENT_KEY); without them it fails with 'Auth strategy error: Not authenticated'. Add the four secrets to the bench job env, mirroring test-eql.yml. (bench-eql triggers are push:main/schedule/dispatch, all main-repo, so no fork-PR creds exposure.)
1 parent 7febb01 commit 340b52e

1 file changed

Lines changed: 9 additions & 0 deletions

File tree

.github/workflows/bench-eql.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,15 @@ jobs:
4141

4242
env:
4343
POSTGRES_VERSION: "17"
44+
# test:sqlx:prep regenerates the per-type fixtures by encrypting plaintext
45+
# through cipherstash-client, which needs BOTH a ZeroKMS auth credential
46+
# (CS_CLIENT_ACCESS_KEY + CS_WORKSPACE_CRN) AND a client key (CS_CLIENT_ID +
47+
# CS_CLIENT_KEY). Without them fixture:generate:all fails with
48+
# "Auth strategy error: Not authenticated". Mirrors test-eql.yml.
49+
CS_CLIENT_ACCESS_KEY: ${{ secrets.CS_CLIENT_ACCESS_KEY }}
50+
CS_WORKSPACE_CRN: ${{ secrets.CS_WORKSPACE_CRN }}
51+
CS_CLIENT_ID: ${{ secrets.CS_CLIENT_ID }}
52+
CS_CLIENT_KEY: ${{ secrets.CS_CLIENT_KEY }}
4453

4554
steps:
4655
- uses: actions/checkout@v4

0 commit comments

Comments
 (0)