feat: add auto-revoke mechanism for stale API tokens #6630
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| # We want to call this workflow during release too | |
| workflow_call: | |
| permissions: | |
| contents: read | |
| jobs: | |
| build_and_test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| app: | |
| - main-module | |
| - cli | |
| - controlplane | |
| - artifact-cas | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Set up Go | |
| uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache-dependency-path: go.sum | |
| - name: Go Module tidy check | |
| run: | | |
| go mod tidy | |
| git diff --exit-code -- go.mod go.sum | |
| # Generate any possible migration from a schema change that way | |
| # we can detect any migration file that has not been checked in to git | |
| # This could happen if the developer ran make generate but didn't run make migration_sync | |
| - name: Generate migrations | |
| if: ${{ matrix.app == 'controlplane' }} | |
| env: | |
| ATLAS_VERSION: v1.1.0 | |
| run: | | |
| wget -q https://release.ariga.io/atlas/atlas-linux-amd64-$ATLAS_VERSION -O /tmp/atlas | |
| sudo install /tmp/atlas /usr/local/bin/atlas | |
| make -C app/controlplane migration_sync | |
| # Check that the generated ent code is up to date | |
| # see https://entgo.io/docs/ci/ | |
| - uses: ent/contrib/ci@e38dfb6484dfbe64b8bd060fe6a219a1aa5da770 # master | |
| name: "Check all ent generated code is checked in" | |
| if: ${{ matrix.app != 'main-module' }} | |
| with: | |
| working-directory: app/${{ matrix.app }} | |
| tidy: true | |
| # Check that the generated API code is up to date | |
| # We install the tools and run the protoc generation before checking differences | |
| - name: "Check all API generated code is checked in" | |
| if: ${{ matrix.app == 'main-module' }} | |
| run: | | |
| make init-api-tools | |
| make api | |
| if [ -n "$(git status --porcelain)" ]; then | |
| echo "Error: The Git repository is dirty (has uncommitted changes). Make sure all the generated API-related files are checked in." | |
| git status --porcelain | |
| exit 1 | |
| fi | |
| - name: Test | |
| if: ${{ matrix.app != 'main-module' }} | |
| run: make -C app/${{ matrix.app }} test | |
| - name: Test top level modules | |
| if: ${{ matrix.app == 'main-module' }} | |
| run: | | |
| go test ./pkg/... | |
| go test ./internal/... |