feat: introduce sso secret templating #1150
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Filter | |
| # This workflow is triggered on pull requests | |
| on: | |
| pull_request: | |
| # Permissions for the GITHUB_TOKEN used by the workflow. | |
| permissions: | |
| id-token: write # Needed for OIDC-related operations. | |
| contents: read # Allows reading the content of the repository. | |
| pull-requests: read # Allows reading pull request metadata. | |
| # Default settings for all run commands in the workflow jobs. | |
| defaults: | |
| run: | |
| shell: bash -e -o pipefail {0} # Ensures that scripts fail on error and pipefail is set. | |
| # Abort prior jobs in the same workflow / PR | |
| concurrency: | |
| group: test-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| lint-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
| - name: Use Node.js latest | |
| uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
| with: | |
| node-version: 20 | |
| - name: Set up Homebrew | |
| uses: Homebrew/actions/setup-homebrew@master | |
| - name: Install UDS CLI | |
| shell: bash | |
| # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver | |
| run: brew install defenseunicorns/tap/uds@0.9.2 | |
| - name: Run Formatting Checks | |
| run: uds run lint-check | |
| # This job checks if there are changes in specific paths source packages. | |
| check-paths: | |
| needs: lint-check | |
| runs-on: ubuntu-latest | |
| name: Select Jobs | |
| outputs: | |
| packages: ${{ steps.path-filter.outputs.changes }} | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| # Uses a custom action to filter paths for source packages. | |
| - name: Check src paths | |
| id: path-filter | |
| uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 | |
| with: | |
| filters: .github/filters.yaml | |
| # This job triggers a separate workflow for each changed source package, if any. | |
| run-package-test: | |
| needs: check-paths | |
| name: Schedule | |
| strategy: | |
| matrix: | |
| package: ${{ fromJSON(needs.check-paths.outputs.packages) }} | |
| flavor: [upstream, registry1] | |
| test_type: [install] | |
| include: | |
| - package: all | |
| flavor: registry1 | |
| test_type: upgrade | |
| - package: all | |
| flavor: upstream | |
| test_type: upgrade | |
| uses: ./.github/workflows/test.yaml | |
| with: | |
| package: ${{ matrix.package }} | |
| flavor: ${{ matrix.flavor }} | |
| test_type: ${{ matrix.test_type }} | |
| secrets: inherit # Inherits all secrets from the parent workflow. |