fix(sso): delete orphaned SSO secrets #2473
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Filter | |
# This workflow is triggered on pull requests | |
on: | |
pull_request: | |
# milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow). | |
types: [milestoned, opened, reopened, synchronize] | |
# Permissions for the GITHUB_TOKEN used by the workflow. | |
permissions: | |
id-token: write # Needed for OIDC-related operations. | |
contents: read # Allows reading the content of the repository. | |
pull-requests: read # Allows reading pull request metadata. | |
packages: read # Allows reading the published GHCR packages | |
# Default settings for all run commands in the workflow jobs. | |
defaults: | |
run: | |
shell: bash -e -o pipefail {0} # Ensures that scripts fail on error and pipefail is set. | |
# Abort prior jobs in the same workflow / PR | |
concurrency: | |
group: test-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
lint-check: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
- name: Use Node.js latest | |
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
with: | |
node-version: 20 | |
- name: Set up Homebrew | |
uses: Homebrew/actions/setup-homebrew@master | |
- name: Install UDS CLI | |
shell: bash | |
# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver | |
run: brew install defenseunicorns/tap/[email protected] | |
- name: Run Formatting Checks | |
run: uds run lint-check --no-progress | |
# This job checks if there are changes in specific paths source packages. | |
check-paths: | |
needs: lint-check | |
runs-on: ubuntu-latest | |
name: Select Jobs | |
outputs: | |
packages: ${{ steps.path-filter.outputs.changes }} | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
# Uses a custom action to filter paths for source packages. | |
- name: Check src paths | |
id: path-filter | |
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 | |
with: | |
filters: .github/filters.yaml | |
# This job triggers a separate workflow for each changed source package, if any. | |
run-package-test: | |
needs: check-paths | |
name: Schedule | |
strategy: | |
matrix: | |
package: ${{ fromJSON(needs.check-paths.outputs.packages) }} | |
flavor: [upstream, registry1, unicorn] | |
test_type: [install] | |
include: | |
- package: all | |
flavor: registry1 | |
test_type: upgrade | |
- package: all | |
flavor: upstream | |
test_type: upgrade | |
# Commented out until unicorn flavor has a published release | |
# - package: all | |
# flavor: unicorn | |
# test_type: upgrade | |
uses: ./.github/workflows/test.yaml | |
with: | |
package: ${{ matrix.package }} | |
flavor: ${{ matrix.flavor }} | |
test_type: ${{ matrix.test_type }} | |
secrets: inherit # Inherits all secrets from the parent workflow. |