Skip to content

Add id_token_signed_response_alg and userinfo_signed_response_alg #1165

Add id_token_signed_response_alg and userinfo_signed_response_alg

Add id_token_signed_response_alg and userinfo_signed_response_alg #1165

Workflow file for this run

name: CI
on:
push:
branches: [ main ]
tags:
- 'v*'
pull_request:
branches: [ main ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
CARGO_TERM_COLOR: always
CARGO_NET_GIT_FETCH_WITH_CLI: "true"
SCCACHE_GHA_ENABLED: "true"
RUSTC_WRAPPER: "sccache"
jobs:
opa-lint:
name: Lint and test OPA policies
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout the code
uses: actions/[email protected]
- name: Setup OPA
uses: open-policy-agent/[email protected]
with:
version: 0.64.1
- name: Lint policies
working-directory: ./policies
run: make lint
- name: Run OPA tests
working-directory: ./policies
run: make test
frontend-lint:
name: Check frontend style
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout the code
uses: actions/[email protected]
- name: Install Node
uses: actions/[email protected]
with:
node-version: 20
- name: Install Node dependencies
working-directory: ./frontend
run: npm ci
- name: Lint
working-directory: ./frontend
run: npm run lint
frontend-test:
name: Run the frontend test suite
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout the code
uses: actions/[email protected]
- name: Install Node
uses: actions/[email protected]
with:
node-version: 20
- name: Install Node dependencies
working-directory: ./frontend
run: npm ci
- name: Test
working-directory: ./frontend
run: npm test
rustfmt:
name: Check Rust style
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout the code
uses: actions/[email protected]
- name: Install toolchain
run: |
rustup toolchain install nightly
rustup default nightly
rustup component add rustfmt
- name: Check style
run: cargo fmt --all -- --check
cargo-deny:
name: Run `cargo deny` checks
runs-on: ubuntu-latest
env:
# We need to remove the sccache wrapper because we don't install it in this job
RUSTC_WRAPPER: ""
permissions:
contents: read
steps:
- name: Checkout the code
uses: actions/[email protected]
- name: Run `cargo-deny`
uses: EmbarkStudios/[email protected]
check-schema:
name: Check schema
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout the code
uses: actions/[email protected]
- name: Install Rust toolchain
run: |
rustup toolchain install stable
rustup default stable
- name: Setup sccache
uses: mozilla-actions/[email protected]
- name: Install Node
uses: actions/[email protected]
with:
node-version: 20
- name: Install Node dependencies
working-directory: ./frontend
run: npm ci
- name: Update the schemas
run: sh ./misc/update.sh
- name: Check that the workspace is clean
run: |
if ! [[ -z $(git status -s) ]]; then
echo "::error title=Workspace is not clean::Please run 'sh ./misc/update.sh' and commit the changes"
(
echo '## Diff after running `sh ./misc/update.sh`:'
echo
echo '```diff'
git diff
echo '```'
) >> $GITHUB_STEP_SUMMARY
exit 1
fi
clippy:
name: Run Clippy
needs: [rustfmt, opa-lint]
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout the code
uses: actions/[email protected]
- name: Install toolchain
run: |
rustup toolchain install 1.83.0
rustup default 1.83.0
rustup component add clippy
- name: Setup OPA
uses: open-policy-agent/[email protected]
with:
version: 0.64.1
- name: Compile OPA policies
working-directory: ./policies
run: make
- name: Setup sccache
uses: mozilla-actions/[email protected]
- name: Run clippy
run: |
cargo clippy --workspace --tests --bins --lib -- -D warnings
compile-test-artifacts:
name: Compile test artifacts
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/[email protected]
- name: Install toolchain
run: |
rustup toolchain install stable
rustup default stable
- name: Install nextest
uses: taiki-e/install-action@nextest
- name: Setup sccache
uses: mozilla-actions/[email protected]
- name: Build and archive tests
run: cargo nextest archive --workspace --archive-file nextest-archive.tar.zst
env:
SQLX_OFFLINE: '1'
- name: Upload archive to workflow
uses: actions/[email protected]
with:
name: nextest-archive
path: nextest-archive.tar.zst
test:
name: Run test suite with Rust stable
needs: [rustfmt, opa-lint, compile-test-artifacts]
runs-on: ubuntu-latest
permissions:
contents: read
strategy:
matrix:
partition: [1, 2]
services:
postgres:
image: docker.io/library/postgres:15.3
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- "5432:5432"
steps:
- name: Checkout the code
uses: actions/[email protected]
- run: mkdir -p ~/.cargo/bin
- name: Install nextest
uses: taiki-e/install-action@nextest
- name: Install Node
uses: actions/[email protected]
with:
node-version: 20
- name: Install Node dependencies
working-directory: ./frontend
run: npm ci
- name: Build the frontend
working-directory: ./frontend
run: npm run build
- name: Setup OPA
uses: open-policy-agent/[email protected]
with:
version: 0.64.1
- name: Compile OPA policies
working-directory: ./policies
run: make
- name: Download archive
uses: actions/download-artifact@v4
with:
name: nextest-archive
- name: Test
env:
DATABASE_URL: postgresql://postgres:postgres@localhost/postgres
run: |
~/.cargo/bin/cargo-nextest nextest run --archive-file nextest-archive.tar.zst \
--partition count:${{ matrix.partition }}/2 \
--retries 1
# --retries is a workaround for sqlx not playing nice with nextest
# Waiting for https://github.com/launchbadge/sqlx/pull/3334
syn2mas:
name: Check syn2mas
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout the code
uses: actions/[email protected]
- name: Install Node
uses: actions/[email protected]
with:
node-version-file: ./tools/syn2mas/.nvmrc
- name: Install Node dependencies
working-directory: ./tools/syn2mas
run: npm ci
- name: Lint
working-directory: ./tools/syn2mas
run: npm run lint
- name: Build
working-directory: ./tools/syn2mas
run: npm run build
tests-done:
name: Tests done
if: ${{ always() }}
needs:
- opa-lint
- frontend-lint
- frontend-test
- rustfmt
- cargo-deny
- clippy
- check-schema
- test
- syn2mas
runs-on: ubuntu-latest
steps:
- uses: matrix-org/done-action@v3
with:
needs: ${{ toJSON(needs) }}