Add required claims for generated JWT #49
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Run tests with coverage | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| env: | |
| PROJECT_NAME: Boxer.Issuer | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| validate_commit: | |
| name: Validate Code and Publish Coverage | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write # required for dependabot PRs | |
| pull-requests: write # required for dependabot PRs | |
| contents: read # required for dependabot PRs | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install minimal stable with clippy and rustfmt | |
| uses: actions-rust-lang/[email protected] | |
| with: | |
| toolchain: stable | |
| components: rustfmt, clippy | |
| - name: Install just, cargo-llvm-cov, cargo-nextest | |
| uses: taiki-e/[email protected] | |
| with: | |
| tool: cargo-llvm-cov | |
| - name: Rustfmt Check | |
| uses: actions-rust-lang/rustfmt@v1 | |
| - name: Generate code coverage | |
| run: cargo llvm-cov --all-features --workspace --lcov --output-path lcov.info | |
| - name: Upload coverage to Codecov | |
| uses: romeovs/[email protected] | |
| with: | |
| lcov-file: ./lcov.info | |
| build_image: | |
| name: Build Docker Image and Helm Charts | |
| runs-on: ubuntu-latest | |
| needs: [ validate_commit ] | |
| # Disable for now | |
| if: ${{ false && always() && (needs.validate_commit.result == 'success' || needs.validate_commit.result == 'skipped') }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Log in to the Container registry | |
| uses: docker/[email protected] | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Get project version | |
| uses: SneaksAndData/github-actions/[email protected] | |
| id: version | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=semver,pattern={{version}},value=${{steps.version.outputs.version}} | |
| flavor: | |
| latest=false | |
| - name: Set up Docker Buildx | |
| uses: docker/[email protected] | |
| with: | |
| use: true | |
| platforms: linux/arm64,linux/amd64 | |
| - name: Build and push Docker image | |
| uses: docker/[email protected] | |
| with: | |
| context: . | |
| file: .container/Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: linux/arm64,linux/amd64 | |
| - name: Build and Push Chart | |
| uses: SneaksAndData/github-actions/[email protected] | |
| with: | |
| application: ${{ github.event.repository.name }} | |
| app_version: ${{ steps.meta.outputs.version }} | |
| container_registry_user: ${{ github.actor }} | |
| container_registry_token: ${{ secrets.GITHUB_TOKEN }} | |
| container_registry_address: ghcr.io/sneaksanddata/ | |