misc: added audit logs for project and org role management operations #3411
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Check API For Breaking Changes" | |
| on: | |
| pull_request: | |
| types: [opened, synchronize] | |
| paths: | |
| - "backend/src/server/routes/**" | |
| - "backend/src/ee/routes/**" | |
| jobs: | |
| check-be-api-changes: | |
| name: Check API Changes | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout source | |
| uses: actions/checkout@v3 | |
| # - name: Setup Node 20 | |
| # uses: actions/setup-node@v3 | |
| # with: | |
| # node-version: "20" | |
| # uncomment this when testing locally using nektos/act | |
| - uses: KengoTODA/actions-setup-docker-compose@v1 | |
| if: ${{ env.ACT }} | |
| name: Install `docker compose` for local simulations | |
| with: | |
| version: "2.14.2" | |
| - name: 📦Build the latest image | |
| run: docker build --tag infisical-api . | |
| working-directory: backend | |
| - name: Start postgres and redis | |
| run: touch .env && docker compose -f docker-compose.dev.yml up -d db redis | |
| - name: Start the server | |
| run: | | |
| echo "SECRET_SCANNING_GIT_APP_ID=793712" >> .env | |
| echo "SECRET_SCANNING_PRIVATE_KEY=some-random" >> .env | |
| echo "SECRET_SCANNING_WEBHOOK_SECRET=some-random" >> .env | |
| echo "Examining built image:" | |
| docker image inspect infisical-api | grep -A 5 "Entrypoint" | |
| docker run --name infisical-api -d -p 4000:4000 \ | |
| -e DB_CONNECTION_URI=$DB_CONNECTION_URI \ | |
| -e REDIS_URL=$REDIS_URL \ | |
| -e JWT_AUTH_SECRET=$JWT_AUTH_SECRET \ | |
| -e ENCRYPTION_KEY=$ENCRYPTION_KEY \ | |
| --env-file .env \ | |
| infisical-api | |
| echo "Container status right after creation:" | |
| docker ps -a | grep infisical-api | |
| env: | |
| REDIS_URL: redis://172.17.0.1:6379 | |
| DB_CONNECTION_URI: postgres://infisical:[email protected]:5432/infisical?sslmode=disable | |
| JWT_AUTH_SECRET: something-random | |
| ENCRYPTION_KEY: 4bnfe4e407b8921c104518903515b218 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.21.5" | |
| - name: Wait for container to be stable and check logs | |
| run: | | |
| SECONDS=0 | |
| HEALTHY=0 | |
| while [ $SECONDS -lt 60 ]; do | |
| # Check if container is running | |
| if docker ps | grep infisical-api; then | |
| # Try to access the API endpoint | |
| if curl -s -f http://localhost:4000/api/docs/json > /dev/null 2>&1; then | |
| echo "API endpoint is responding. Container seems healthy." | |
| HEALTHY=1 | |
| break | |
| fi | |
| else | |
| echo "Container is not running!" | |
| docker ps -a | grep infisical-api | |
| break | |
| fi | |
| echo "Waiting for container to be healthy... ($SECONDS seconds elapsed)" | |
| sleep 5 | |
| SECONDS=$((SECONDS+5)) | |
| done | |
| if [ $HEALTHY -ne 1 ]; then | |
| echo "Container did not become healthy in time" | |
| echo "Container status:" | |
| docker ps -a | grep infisical-api | |
| echo "Container logs (if any):" | |
| docker logs infisical-api || echo "No logs available" | |
| echo "Container inspection:" | |
| docker inspect infisical-api | grep -A 5 "State" | |
| exit 1 | |
| fi | |
| - name: Install openapi-diff | |
| run: go install github.com/oasdiff/oasdiff@latest | |
| - name: Running OpenAPI Spec diff action | |
| run: oasdiff breaking https://app.infisical.com/api/docs/json http://localhost:4000/api/docs/json --fail-on ERR | |
| - name: cleanup | |
| if: always() | |
| run: | | |
| docker compose -f "docker-compose.dev.yml" down | |
| docker stop infisical-api || true | |
| docker rm infisical-api || true |