Skip to content

fix(sso): delete orphaned SSO secrets #2473

fix(sso): delete orphaned SSO secrets

fix(sso): delete orphaned SSO secrets #2473

name: Filter
# This workflow is triggered on pull requests
on:
pull_request:
# milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow).
types: [milestoned, opened, reopened, synchronize]
# Permissions for the GITHUB_TOKEN used by the workflow.
permissions:
id-token: write # Needed for OIDC-related operations.
contents: read # Allows reading the content of the repository.
pull-requests: read # Allows reading pull request metadata.
packages: read # Allows reading the published GHCR packages
# Default settings for all run commands in the workflow jobs.
defaults:
run:
shell: bash -e -o pipefail {0} # Ensures that scripts fail on error and pipefail is set.
# Abort prior jobs in the same workflow / PR
concurrency:
group: test-${{ github.ref }}
cancel-in-progress: true
jobs:
lint-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Use Node.js latest
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: 20
- name: Set up Homebrew
uses: Homebrew/actions/setup-homebrew@master
- name: Install UDS CLI
shell: bash
# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
run: brew install defenseunicorns/tap/[email protected]
- name: Run Formatting Checks
run: uds run lint-check --no-progress
# This job checks if there are changes in specific paths source packages.
check-paths:
needs: lint-check
runs-on: ubuntu-latest
name: Select Jobs
outputs:
packages: ${{ steps.path-filter.outputs.changes }}
steps:
- name: Checkout the code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# Uses a custom action to filter paths for source packages.
- name: Check src paths
id: path-filter
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
with:
filters: .github/filters.yaml
# This job triggers a separate workflow for each changed source package, if any.
run-package-test:
needs: check-paths
name: Schedule
strategy:
matrix:
package: ${{ fromJSON(needs.check-paths.outputs.packages) }}
flavor: [upstream, registry1, unicorn]
test_type: [install]
include:
- package: all
flavor: registry1
test_type: upgrade
- package: all
flavor: upstream
test_type: upgrade
# Commented out until unicorn flavor has a published release
# - package: all
# flavor: unicorn
# test_type: upgrade
uses: ./.github/workflows/test.yaml
with:
package: ${{ matrix.package }}
flavor: ${{ matrix.flavor }}
test_type: ${{ matrix.test_type }}
secrets: inherit # Inherits all secrets from the parent workflow.