CI cleanup #57
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: pull_request | |
| jobs: | |
| go-lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: 1.22.x | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Run linters | |
| uses: golangci/golangci-lint-action@v3 | |
| with: | |
| version: latest | |
| args: --timeout=10m | |
| go-test: | |
| strategy: | |
| matrix: | |
| go-version: [1.22.x] | |
| platform: [ubuntu-latest] | |
| runs-on: ${{ matrix.platform }} | |
| steps: | |
| - name: Install Go | |
| if: success() | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: go tests | |
| run: go test -v -covermode=count -json ./... > test.json | |
| - name: annotate go tests | |
| if: always() | |
| uses: guyarb/[email protected] | |
| with: | |
| test-results: test.json | |
| test: | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:16 | |
| ports: | |
| - "5432:5432" | |
| env: | |
| POSTGRES_PASSWORD: secretpassword | |
| env: | |
| BATON_LOG_LEVEL: debug | |
| BATON_DSN: 'postgres://postgres:secretpassword@localhost:5432/postgres' | |
| CONNECTOR_GRANT: 'grant:entitlement:role:3375:member:role:3373' | |
| CONNECTOR_ENTITLEMENT: 'entitlement:role:3375:member' | |
| CONNECTOR_PRINCIPAL: 'role:3373' | |
| CONNECTOR_PRINCIPAL_TYPE: 'role' | |
| steps: | |
| - name: Install Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: 1.22.x | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Install postgres client | |
| run: sudo apt install postgresql-client | |
| # - name: Import sql into postgres | |
| # env: | |
| # PGPASSWORD: secretpassword | |
| # run: psql -h localhost --user postgres -f test/ci.sql | |
| - name: Install baton | |
| run: wget https://github.com/ConductorOne/baton/releases/download/v0.1.2/baton-v0.1.2-linux-amd64.tar.gz && tar xzf baton-v0.1.2-linux-amd64.tar.gz && mv baton /usr/local/bin | |
| - name: Build baton-postgresql | |
| run: go build ./cmd/baton-postgresql | |
| - name: Run baton-postgresql | |
| run: ./baton-postgresql | |
| - name: Revoke grants | |
| run: ./baton-postgresql --revoke-grant "${{ env.CONNECTOR_GRANT }}" | |
| - name: Check grant was revoked | |
| run: ./baton-postgresql && baton grants --entitlement "${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | jq --exit-status "if .grants then .grants[]?.principal.id.resource != \"${{ env.CONNECTOR_PRINCIPAL }}\" else . end" | |
| - name: Check resources | |
| run: baton resources | |
| - name: Check entitlements | |
| run: baton entitlements | |
| - name: Check grant | |
| run: baton grants --entitlement "${{ env.CONNECTOR_ENTITLEMENT }}" | |
| - name: Grant entitlements | |
| run: ./baton-postgresql --grant-entitlement "${{ env.CONNECTOR_ENTITLEMENT }}" --grant-principal "${{ env.CONNECTOR_PRINCIPAL }}" --grant-principal-type "${{ env.CONNECTOR_PRINCIPAL_TYPE }}" | |
| - name: Check grant was re-granted | |
| run: ./baton-postgresql && baton grants --entitlement "${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\"" | |
| - name: Create user | |
| run: ./baton-postgresql --create-account-login 'testuser' | |
| # TODO: get correct role id using baton CLI | |
| # - name: Rotate credentials for user | |
| # run: ./baton-postgresql --rotate-credentials 'role:16384' --rotate-credentials-type 'role' |