Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test/check token #9

Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Open

Test/check token #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
d59a711
test: add check token job
GraceRuan Nov 13, 2024
24cf227
fix: modify the actual secret jwt name
GraceRuan Nov 13, 2024
6d9286d
fix: format the check token
GraceRuan Nov 13, 2024
935d78e
fix: checkout sh file
GraceRuan Nov 13, 2024
bb6a956
test: change to workflow_call
GraceRuan Nov 13, 2024
15196d4
fix: format to use workflow_call
GraceRuan Nov 13, 2024
2e9d4e1
fix: use different variable name for broker
GraceRuan Nov 14, 2024
f0bd03e
fix: convert input to env in workflow_call
GraceRuan Nov 14, 2024
afb6244
fix: only pass secrets in workflow_call
GraceRuan Nov 14, 2024
7356744
fix: secrets inherit
GraceRuan Nov 14, 2024
194e323
fix: add secrets in workflow_call
GraceRuan Nov 14, 2024
454dc04
fix: use secrets in workflow_call
GraceRuan Nov 14, 2024
d9bac86
fix: no type for secrets
GraceRuan Nov 14, 2024
3bf4ec7
fix: use inputs and secrets directly in workflow_call
GraceRuan Nov 14, 2024
c0a9b03
feat: use composer to generate pipelines
GraceRuan Nov 14, 2024
523336f
fix: remove sh script
GraceRuan Nov 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions .github/workflows/build-release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,19 @@ concurrency:

env:
BROKER_URL: https://broker.io.nrs.gov.bc.ca
BROKER_JWT: ${{ secrets.BROKER_JWT_0E727E83_F027_426A_A31C_D7C1CCEADDF6 }}
BROKER_JWT: ${{ secrets.broker_jwt_0e727e83_f027_426a_a31c_d7c1cceaddf6 }}
SERVICE_PROJECT: oneteam-example
SERVICE_NAME: java-maven-pipeline-example

jobs:
check_token_expiration:
uses: ./.github/workflows/check-token.yaml
secrets:
token: ${{ secrets.broker_jwt_0e727e83_f027_426a_a31c_d7c1cceaddf6 }}
build-release:
name: Build and release
runs-on: ubuntu-latest
needs: check_token_expiration
permissions:
contents: read
packages: write
Expand Down Expand Up @@ -84,7 +89,7 @@ jobs:
- name: Open intention
uses: bcgov-nr/action-broker-intention-open@v2
with:
broker_jwt: ${{ secrets.BROKER_JWT_0E727E83_F027_426A_A31C_D7C1CCEADDF6 }}
broker_jwt: ${{ secrets.broker_jwt_0e727e83_f027_426a_a31c_d7c1cceaddf6 }}
intention_path: intention.json
quickstart: true
- name: Set intention ID for deployment job
Expand Down
37 changes: 37 additions & 0 deletions .github/workflows/check-token.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: Check token expiration

on:
workflow_call:
inputs:
url:
description: "The Broker URL"
default: https://broker.io.nrs.gov.bc.ca
type: string
secrets:
token:
description: "The Broker token"
required: true

jobs:
check-jwt:
runs-on: ubuntu-latest

steps:
- name: Check token expiration
shell: bash
run: |
RESPONSE_CODE=$(curl -o /dev/null -s -w "%{http_code}" -X 'GET' \
${{ inputs.url }}/v1/health/token-check \
-H 'accept: */*' \
-H 'Authorization: Bearer '"${{ secrets.token }}"'' \
)

if [ "$RESPONSE_CODE" -eq 401 ]; then
echo "Unauthorized (401)"
exit 1
elif [ "$RESPONSE_CODE" -eq 403 ]; then
echo "Invalid JWT: Block list has match"
exit 1
else
echo "Response code: $RESPONSE_CODE"
fi
10 changes: 8 additions & 2 deletions .github/workflows/deploy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,15 @@ env:
PACKAGE_REPO: https://maven.pkg.github.com/bcgov/java-maven-pipeline-example

jobs:
check_token_expiration:
uses: ./.github/workflows/check-token.yaml
secrets:
token: ${{ secrets.broker_jwt_0e727e83_f027_426a_a31c_d7c1cceaddf6 }}
deploy-build:
name: Deploy development version
if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
runs-on: ubuntu-latest
needs: check_token_expiration
outputs:
project_version: ${{ steps.set-build-output.outputs.project_version }}
build_guid: ${{ steps.set-build-output.outputs.build_guid }}
Expand Down Expand Up @@ -55,7 +60,7 @@ jobs:
echo "artifact_sha256=${artifact_checksum#sha256:}" >> $GITHUB_OUTPUT
env:
BROKER_URL: https://broker.io.nrs.gov.bc.ca
BROKER_JWT: ${{ secrets.BROKER_JWT }}
BROKER_JWT: ${{ secrets.broker_jwt_0e727e83_f027_426a_a31c_d7c1cceaddf6 }}
SERVICE_PROJECT: ${{ env.SERVICE_PROJECT }}
SERVICE_NAME: ${{ env.SERVICE_NAME }}
GITHUB_SHA: ${{ github.sha }}
Expand Down Expand Up @@ -94,6 +99,7 @@ jobs:
name: Deploy release version
if: ${{ startsWith(github.ref, 'refs/tags/') }}
runs-on: ubuntu-latest
needs: check_token_expiration
outputs:
project_version: ${{ steps.set-tag-output.outputs.project_version }}
build_guid: ${{ steps.set-tag-output.outputs.build_guid }}
Expand Down Expand Up @@ -127,7 +133,7 @@ jobs:
echo "artifact_sha256=${artifact_checksum#sha256:}" >> $GITHUB_OUTPUT
env:
BROKER_URL: https://broker.io.nrs.gov.bc.ca
BROKER_JWT: ${{ secrets.BROKER_JWT }}
BROKER_JWT: ${{ secrets.broker_jwt_0e727e83_f027_426a_a31c_d7c1cceaddf6 }}
SERVICE_PROJECT: ${{ env.SERVICE_PROJECT }}
SERVICE_NAME: ${{ env.SERVICE_NAME }}
- name: Checkout repository
Expand Down
2 changes: 1 addition & 1 deletion app-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,4 @@ metadata:
playbook.io.nrs.gov.bc.ca/altAppDirName: ""
playbook.io.nrs.gov.bc.ca/addWebadeConfig: false
github.com/project-slug: ""
playbook.io.nrs.gov.bc.ca/brokerJwtReference: BROKER_JWT_0E727E83_F027_426A_A31C_D7C1CCEADDF6
playbook.io.nrs.gov.bc.ca/clientId: 0e727e83-f027-426a-a31c-d7c1cceaddf6