Skip to content

fix: Assertion verification key input #1818

fix: Assertion verification key input

fix: Assertion verification key input #1818

Workflow file for this run

name: Build, Test, and Deliver Client
env:
do_sonarscan: >-
${{ github.event_name == 'push' ||
github.event.pull_request.head.repo.full_name == github.repository }}
on:
pull_request:
push:
branches:
- main
- release/[0-9]+.[0-9]+.[0-9]+
release:
types:
- created
jobs:
lib:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./lib
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
with:
fetch-depth: ${{ !fromJSON(env.do_sonarscan) && 1 || 0 }}
- uses: actions/setup-node@v4
with:
node-version: '22'
cache: 'npm'
cache-dependency-path: './lib/package-lock.json'
- run: npm ci
- run: npm test
- uses: fingerprintjs/action-coverage-report-md@v2
id: coverage-md
with:
srcBasePath: './'
textReportPath: './lib/coverage/coverage.txt'
- run: echo "${MARKDOWN_REPORT}" >>$GITHUB_STEP_SUMMARY
env:
MARKDOWN_REPORT: '${{ steps.coverage-md.outputs.markdownReport }}'
- run: npm audit --omit dev && npm audit --audit-level high --omit dev
- run: npm run license-check
- run: npm run lint
- run: npm pack
- uses: actions/upload-artifact@v4
with:
name: opentdf-sdk-lib
path: ./lib/opentdf-sdk-*.tgz
- name: SonarCloud Scan
if: fromJSON(env.do_sonarscan)
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
cli:
needs:
- lib
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./cli
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '22'
cache: 'npm'
cache-dependency-path: './cli/package-lock.json'
- uses: actions/download-artifact@v4
with:
name: opentdf-sdk-lib
path: lib/
- run: npm uninstall @opentdf/sdk && npm ci && npm i ../lib/opentdf-sdk-*.tgz
- run: npm test
- run: npm audit --omit dev && npm audit --audit-level high --omit dev
- run: npm run license-check
- run: npm run lint
- run: npm pack
- name: Setup Bats and bats libs
uses: bats-core/bats-action@2.0.0
- run: bats bin/opentdf.bats
- uses: actions/upload-artifact@v4
with:
name: opentdf-ctl
path: ./cli/opentdf-ctl-*.tgz
web-app:
needs:
- lib
runs-on: ubuntu-22.04 # NOTE: Playwright not yet supported on 24.04
defaults:
run:
working-directory: ./web-app
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '22'
cache: 'npm'
cache-dependency-path: './web-app/package-lock.json'
- uses: actions/download-artifact@v4
with:
name: opentdf-sdk-lib
path: lib/
- run: npm uninstall @opentdf/sdk && npm ci && npm i ../lib/opentdf-sdk-*.tgz
- run: npm install
- run: npm audit --omit dev && npm audit --audit-level high --omit dev
- run: npm run license-check
- run: npm run lint
- run: npx playwright install
- run: npm test
- run: npm pack
scripts:
runs-on: ubuntu-latest
defaults:
run:
working-directory: .github/workflows
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- name: 🦇🦇🦇🦇🦇🦇
run: docker run --rm -v "$PWD:/mnt" --workdir "/mnt" bats/bats:1.11.0 *.bats
- name: 🦪 ✔ 🧼🧼🧼
run: >-
docker run --rm -v "$PWD:/mnt" --workdir "/mnt" "koalaman/shellcheck:v0.10.0"
--color=always *.sh
platform-roundtrip:
needs:
- cli
- lib
- web-app
runs-on: ubuntu-22.04 # NOTE: Playwright not yet supported on 24.04
defaults:
run:
working-directory: .github/workflows/roundtrip
timeout-minutes: 45
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '22'
cache: 'npm'
cache-dependency-path: './web-app/package-lock.json'
- uses: actions/download-artifact@v4
with:
name: opentdf-sdk-lib
path: lib/
- uses: actions/download-artifact@v4
with:
name: opentdf-ctl
path: cli/
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
with:
go-version: '1.22'
- name: Git clone backend
run: |
git clone --depth 1 https://github.com/opentdf/platform.git
go work init
for x in platform/{protocol/go,lib/{fixtures,ocrypto},sdk,service}; do go work use "$x"; done
- run: docker compose up -d --wait --wait-timeout 240
- env:
PLAYWRIGHT_TESTS_TO_RUN: roundtrip
run: |-
./wait-and-test.sh platform
platform-xtest:
needs:
- cli
- lib
uses: opentdf/tests/.github/workflows/xtest.yml@main
with:
js-ref: ${{ github.ref }}
deliver-ghp:
needs:
- lib
- cli
- web-app
- scripts
- platform-xtest
runs-on: ubuntu-latest
timeout-minutes: 5
# To publish from a release or feature branch, remove the ref == condition below
if: >-
(github.event_name == 'push' && github.ref == 'refs/heads/main') ||
(github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release/')) ||
(github.event_name == 'release' && startsWith(github.ref, 'refs/tags/'))
outputs:
FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }}
DIST_TAG: ${{ steps.guess-build-metadata.outputs.DIST_TAG }}
TARGET_VERSION: ${{ steps.check-version.outputs.TARGET_VERSION }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '22'
registry-url: https://npm.pkg.github.com
- name: Check version number is same between tag, library, and/or release
id: check-version
run: |-
if [[ ${{ github.ref }} = refs/heads/release/* ]]; then
scripts/check-version-is.sh "${GITHUB_REF##*release/}"
elif [[ ${{ github.ref }} = refs/tags/sdk/v* ]]; then
scripts/check-version-is.sh "${GITHUB_REF_NAME#v}"
else
scripts/check-version-is.sh
fi
- name: Check version number is same between tag, library, and/or release
id: guess-build-metadata
run: |-
echo "FULL_VERSION=$(.github/workflows/gh-semver.sh)" >> $GITHUB_OUTPUT
echo "DIST_TAG=$(.github/workflows/guess-dist-tag.sh)" >> $GITHUB_OUTPUT
- run: make doc
- run: >-
echo "::notice file=lib/package.json::Will be published to
[GitHub Packages](https://github.com/opentdf/web-sdk/pkgs/npm/client)
as ${{ steps.guess-build-metadata.outputs.DIST_TAG }}
with version=[${{ steps.guess-build-metadata.outputs.FULL_VERSION }}]"
- run: >-
.github/workflows/publish-to.sh
"${{ steps.guess-build-metadata.outputs.FULL_VERSION }}"
"${{ steps.guess-build-metadata.outputs.DIST_TAG }}"
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: echo "- [Client Library](https://github.com/opentdf/web-sdk/pkgs/npm/client)">>$GITHUB_STEP_SUMMARY
- run: echo "- [Command Line Tool](https://github.com/opentdf/web-sdk/pkgs/npm/cli)">>$GITHUB_STEP_SUMMARY
- name: Publish documentation to gh-pages
uses: JamesIves/github-pages-deploy-action@v4.6.0
with:
branch: gh-pages
folder: lib/dist/docs
deliver-npmjs:
runs-on: ubuntu-latest
timeout-minutes: 5
environment: npmjs
needs: deliver-ghp
if: >-
(github.event_name == 'push' && github.ref == 'refs/heads/main') ||
(github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release/')) ||
(github.event_name == 'release' && startsWith(github.ref, 'refs/tags/sdk/v'))
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '22'
registry-url: 'https://registry.npmjs.org'
- run: make all
- run: >-
.github/workflows/publish-to.sh
"${{ needs.deliver-ghp.outputs.FULL_VERSION }}"
"${{ needs.deliver-ghp.outputs.DIST_TAG }}"
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- run: >-
echo "- [Client Library](https://www.npmjs.com/package/@opentdf/sdk/v/${{ needs.deliver-ghp.outputs.FULL_VERSION }})">>$GITHUB_STEP_SUMMARY
- run: >-
echo "- [Command Line Tool](https://www.npmjs.com/package/@opentdf/ctl/v/${{ needs.deliver-ghp.outputs.FULL_VERSION }})">>$GITHUB_STEP_SUMMARY
- run: >-
echo "- [unpkg](https://unpkg.com/browse/@opentdf/sdk@${{ needs.deliver-ghp.outputs.FULL_VERSION }})">>$GITHUB_STEP_SUMMARY
ci:
needs:
- lib
- cli
- web-app
- scripts
- platform-xtest
runs-on: ubuntu-22.04
if: ${{ !cancelled() }}
steps:
- if: contains(needs.*.result, 'failure')
run: echo "Failed due to ${{ contains(needs.*.result, 'failure') }}" && exit 1