feat(oidc): support multiple signing keys (#26) #166
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| jobs: | |
| fmt: | |
| name: Format | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 | |
| with: | |
| toolchain: stable | |
| components: rustfmt | |
| - run: cargo fmt --check | |
| clippy: | |
| name: Clippy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 | |
| with: | |
| toolchain: stable | |
| components: clippy | |
| - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 | |
| - run: cargo clippy -- -D warnings | |
| test: | |
| name: Unit Tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 | |
| with: | |
| toolchain: stable | |
| - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 | |
| - run: cargo test | |
| check: | |
| name: Cargo Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 | |
| with: | |
| toolchain: stable | |
| - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 | |
| - run: cargo check | |
| check-wasm: | |
| name: Cargo Check (WASM) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 | |
| with: | |
| toolchain: stable | |
| targets: wasm32-unknown-unknown | |
| - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 | |
| - run: cargo check -p multistore-cf-workers --target wasm32-unknown-unknown | |
| audit: | |
| name: Audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 | |
| with: | |
| toolchain: stable | |
| - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 | |
| - run: cargo install cargo-audit | |
| - run: cargo audit | |
| integration: | |
| name: Integration Tests | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 | |
| with: | |
| node-version: "lts/*" | |
| - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1 | |
| with: | |
| toolchain: stable | |
| targets: wasm32-unknown-unknown | |
| - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 | |
| - name: Start MinIO | |
| run: | | |
| docker run -d --name minio \ | |
| -p 9000:9000 \ | |
| -e MINIO_ROOT_USER=minioadmin \ | |
| -e MINIO_ROOT_PASSWORD=minioadmin \ | |
| minio/minio:latest server /data | |
| # Wait for MinIO to be ready | |
| for i in $(seq 1 30); do | |
| if curl -sf http://localhost:9000/minio/health/live > /dev/null 2>&1; then | |
| echo "MinIO is ready" | |
| break | |
| fi | |
| sleep 1 | |
| done | |
| - name: Seed MinIO buckets | |
| run: | | |
| curl -sSL https://dl.min.io/client/mc/release/linux-amd64/mc -o /usr/local/bin/mc | |
| chmod +x /usr/local/bin/mc | |
| mc alias set local http://localhost:9000 minioadmin minioadmin | |
| mc mb --ignore-existing local/public-data | |
| mc mb --ignore-existing local/private-uploads | |
| mc anonymous set download local/public-data | |
| echo "Hello from s3-proxy!" | mc pipe local/public-data/hello.txt | |
| echo '{"status":"ok"}' | mc pipe local/public-data/health.json | |
| echo "Secret payload" | mc pipe local/private-uploads/docs/secret.txt | |
| - name: Build worker | |
| working-directory: examples/cf-workers | |
| run: | | |
| cargo install worker-build | |
| worker-build --release | |
| - name: Write .dev.vars | |
| run: | | |
| echo "SESSION_TOKEN_KEY=$(openssl rand -base64 32)" > examples/cf-workers/.dev.vars | |
| - name: Start wrangler dev | |
| working-directory: examples/cf-workers | |
| run: | | |
| npx wrangler dev --config wrangler.integration.toml --port 8787 & | |
| # Wait for wrangler to be ready | |
| for i in $(seq 1 30); do | |
| if curl -so /dev/null http://localhost:8787/ 2>/dev/null; then | |
| echo "Wrangler dev is ready" | |
| break | |
| fi | |
| if [ "$i" -eq 30 ]; then | |
| echo "ERROR: wrangler dev failed to start within 60 seconds" | |
| exit 1 | |
| fi | |
| sleep 2 | |
| done | |
| - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5 | |
| - name: Run integration tests | |
| run: uvx --with pytest,boto3,requests pytest tests/integration/ -v |