Skip to content

refactor(router): redesign JWK authentication logic #4805

refactor(router): redesign JWK authentication logic

refactor(router): redesign JWK authentication logic #4805

Workflow file for this run

name: Router CI
on:
pull_request:
paths:
- "composition-go/**/*"
- "demo/**/*"
- "router/**/*"
- "router-tests/**/*"
- "connect/**/*"
- ".github/workflows/router-ci.yaml"
concurrency:
group: ${{github.workflow}}-${{github.head_ref}}
cancel-in-progress: true
permissions:
contents: read # for actions/checkout to fetch code
pull-requests: write # required for adding pull request comments
packages: write # required for publishing packages
env:
CI: true
ROUTER_REGISTRATION: false
# Both jobs need to kept in sync. We need to distinguish between forks and people with write access to the repository.
jobs:
# Runs for forks without access to repository secrets
build_test_fork:
if: github.event.pull_request.head.repo.full_name != github.repository
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/go
with:
cache-dependency-path: |
router/go.sum
router-tests/go.sum
demo/go.sum
- uses: ./.github/actions/go-mod-tidy
with:
working-directory: ./router
- name: Install tools
run: make setup-build-tools
- name: Generate code
run: make generate-go
- name: Check if git is not dirty after generating files
run: git diff --no-ext-diff --exit-code
- name: Install dependencies
working-directory: ./router
run: go mod download
- name: Run linters on router-tests
uses: ./.github/actions/go-linter
with:
working-directory: ./router-tests
- name: Run linters on router
uses: ./.github/actions/go-linter
with:
working-directory: ./router
- name: Test
working-directory: ./router
run: make test
- name: Build
working-directory: ./router
run: make build
# Runs for people with write access to the repository
# that have access to the secrets
build_test:
if: github.event.pull_request.head.repo.full_name == github.repository
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
- name: Log in to Docker Container registry (With write access)
uses: docker/login-action@v3
with:
registry: docker.io
username: ${{secrets.DOCKER_USERNAME}}
password: ${{secrets.DOCKER_PASSWORD}}
- uses: ./.github/actions/go
with:
cache-dependency-path: |
router/go.sum
router-tests/go.sum
demo/go.sum
- uses: ./.github/actions/go-mod-tidy
with:
working-directory: ./router
- name: Install tools
run: make setup-build-tools
- name: Generate code
run: make generate-go
- name: Check if git is not dirty after generating files
run: git diff --no-ext-diff --exit-code
- name: Install dependencies
working-directory: ./router
run: go mod download
- name: Run linters on router-tests
uses: ./.github/actions/go-linter
with:
working-directory: ./router-tests
- name: Run linters on router
uses: ./.github/actions/go-linter
with:
working-directory: ./router
- name: Test
working-directory: ./router
run: make test
- name: Build
working-directory: ./router
run: make build
integration_test:
runs-on: ubuntu-latest
timeout-minutes: 30
services:
redis:
# Docker Hub image
image: redis:7
# Set health checks to wait until redis has started
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
credentials:
username: ${{secrets.DOCKER_USERNAME}}
password: ${{secrets.DOCKER_PASSWORD}}
ports:
- 6379:6379
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/go
with:
cache-dependency-path: |
router-tests/go.sum
- uses: nick-fields/retry@v3
with:
timeout_minutes: 30
max_attempts: 5
retry_wait_seconds: 5
retry_on: error
command: |
cd router-tests
make test test_params="--timeout=5m"
image_scan:
if: github.event.pull_request.head.repo.full_name == github.repository
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build-push-image
with:
docker_username: ${{secrets.DOCKER_USERNAME}}
docker_password: ${{secrets.DOCKER_PASSWORD}}
docker_context: router
dockerfile: router/Dockerfile
token: ${{secrets.GITHUB_TOKEN}}
image_name: router
image_description: "Cosmo Router"
image_platforms: 'linux/amd64'
load_Image: 'true'
push: 'false'
- uses: ./.github/actions/image-scan
with:
name: "Router"
github_token: ${{secrets.GITHUB_TOKEN}}
image_ref: 'ghcr.io/wundergraph/cosmo/router:sha-${{ github.sha }}'
build_push_image:
# This is a limitation of GitHub. Only organization members can push to GitHub Container Registry
# For now, we will disable the push to the GitHub Container Registry for external contributors
if: github.event.pull_request.head.repo.full_name == github.repository
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build-push-image
with:
docker_username: ${{secrets.DOCKER_USERNAME}}
docker_password: ${{secrets.DOCKER_PASSWORD}}
docker_context: router
dockerfile: router/Dockerfile
token: ${{secrets.GITHUB_TOKEN}}
image_name: router
image_description: "Cosmo Router"