Implement OIDC metadata caching with expiration #1575
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
tags: | |
- "v*" # Push events to matching v*, i.e. v1.0, v20.15.10 | |
branches: | |
- "main" | |
paths-ignore: | |
- "docs/**" | |
- "README.md" | |
- ".github/workflows/release.yml" | |
- ".github/workflows/official-site.yml" | |
pull_request: | |
branches: | |
- "main" | |
env: | |
CARGO_TERM_COLOR: always | |
REGISTRY_USERNAME: lovasoa | |
REGISTRY_IMAGE: lovasoa/sqlpage | |
jobs: | |
compile_and_lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- run: npm ci | |
- run: npm test | |
- name: Set up cargo cache | |
uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 | |
- run: cargo fmt --all -- --check | |
- run: cargo clippy --all-targets --all-features -- -D warnings | |
- run: cargo test | |
- name: Upload Linux binary | |
uses: actions/upload-artifact@v4 | |
with: | |
name: sqlpage-linux-debug | |
path: "target/debug/sqlpage" | |
test: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
database: ["postgres", "mysql", "mssql"] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up cargo cache | |
uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 | |
- name: Start database container | |
run: docker compose up --wait ${{ matrix.database }} | |
- name: Show container logs | |
if: failure() | |
run: docker compose logs ${{ matrix.database }} | |
- name: Run tests against ${{ matrix.database }} | |
timeout-minutes: 5 | |
run: cargo test | |
env: | |
DATABASE_URL: ${{ matrix.database }}://root:[email protected]/sqlpage | |
RUST_BACKTRACE: 1 | |
RUST_LOG: sqlpage=debug | |
windows_test: | |
runs-on: windows-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up cargo cache | |
uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 | |
- name: Check port usage | |
run: netstat -bano | |
- run: cargo test | |
env: | |
RUST_BACKTRACE: 1 | |
- name: Upload Windows binary | |
uses: actions/upload-artifact@v4 | |
with: | |
name: sqlpage-windows-debug | |
path: "target/debug/sqlpage.exe" | |
docker_build: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: | |
- linux/amd64 | |
- linux/arm/v7 | |
- linux/arm64 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- id: suffix | |
name: Cache name suffix | |
run: echo "suffix=-$(tr '/' '-' <<< ${{ matrix.platform }})" >> "$GITHUB_OUTPUT" | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.REGISTRY_IMAGE }} | |
flavor: suffix=${{ steps.suffix.outputs.suffix }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to Docker Hub | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ env.REGISTRY_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Build and push by digest | |
id: build | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
platforms: ${{ matrix.platform }} | |
labels: ${{ steps.meta.outputs.labels }} | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
cache-from: type=registry,ref=${{ env.REGISTRY_IMAGE }}:main${{ steps.suffix.outputs.suffix }} | |
# don't save cache on prs | |
cache-to: > | |
${{ github.event_name != 'pull_request' | |
&& format('type=registry,ref={0}:main{1},compression=zstd,mode=max', env.REGISTRY_IMAGE, steps.suffix.outputs.suffix) | |
|| '' | |
}} | |
- name: Export digest | |
if: github.event_name != 'pull_request' | |
run: | | |
mkdir -p /tmp/digests | |
digest="${{ steps.build.outputs.digest }}" | |
touch "/tmp/digests/${digest#sha256:}" | |
- name: Upload digest | |
uses: actions/upload-artifact@v4 | |
if: github.event_name != 'pull_request' | |
with: | |
name: digests${{ steps.suffix.outputs.suffix }} | |
path: /tmp/digests/* | |
if-no-files-found: error | |
retention-days: 1 | |
docker_push: | |
runs-on: ubuntu-latest | |
if: github.event_name != 'pull_request' | |
needs: | |
- docker_build | |
steps: | |
- name: Download digests | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: digests* | |
merge-multiple: true | |
path: /tmp/digests | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.REGISTRY_IMAGE }} | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ env.REGISTRY_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Create manifest list and push | |
working-directory: /tmp/digests | |
run: | | |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) | |
- name: Inspect image | |
run: | | |
docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} |