Skip to content

Bump System.IdentityModel.Tokens.Jwt from 8.0.0 to 8.0.1 in /source (… #65

Bump System.IdentityModel.Tokens.Jwt from 8.0.0 to 8.0.1 in /source (…

Bump System.IdentityModel.Tokens.Jwt from 8.0.0 to 8.0.1 in /source (… #65

Workflow file for this run

name: Build and Test
on:
pull_request_target:
branches:
- main
types:
- opened
- synchronize
paths-ignore:
- CHANGELOG.md
push:
branches:
- main
paths-ignore:
- CHANGELOG.md
- .github/**
env:
buildFolderName: output
buildArtifactName: output
testResultFolderName: testResults
jobs:
authorize:
name: Authorization for Secret Access
if: github.event_name == 'pull_request_target'
runs-on: ubuntu-latest
steps:
- run: true
environment:
${{ github.event_name == 'pull_request_target' &&
github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
build:
name: Build Module
runs-on: ubuntu-latest
needs:
- authorize
steps:
- uses: actions/checkout@v4
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
fetch-depth: 0
- name: 'Build and Package Module'
uses: ./.github/actions/build
test:
name: Test Module
strategy:
matrix:
os: [windows-latest, ubuntu-latest, macos-latest]
needs:
- authorize
- build
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
fetch-depth: 0
- name: 'Test Module'
uses: ./.github/actions/test
with:
os: ${{ matrix.os }}
publish-test-results:
permissions:
checks: write
pull-requests: write
name: Publish Test Results
if: success() || failure()
runs-on: ubuntu-latest
needs:
- authorize
- test
steps:
- uses: actions/checkout@v4
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
fetch-depth: 0
- name: 'Publish Test Results'
uses: ./.github/actions/publish-test-results
workload-identity-test:
if: github.event_name == 'pull_request_target'
name: Test Workload Identity Auth
strategy:
matrix:
os: [windows-latest, ubuntu-latest, macos-latest]
needs:
- authorize
- build
permissions:
id-token: write # This is required for requesting the ID token of the pipeline
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
fetch-depth: 0
- name: Download Build Artifact
uses: actions/download-artifact@v4
with:
name: ${{ env.buildArtifactName }}
path: ${{ env.buildFolderName }}
- name: Get token
shell: pwsh
env:
TENANT_ID: ${{ secrets.TENANT_ID }}
CLIENT_ID: ${{ secrets.CLIENT_ID }}
run: |
$Url = $env:ACTIONS_ID_TOKEN_REQUEST_URL
$Params = @{
'Uri' = "$Url&audience=api://AzureADTokenExchange"
'Headers' = @{
'Authorization' = "Bearer $($env:ACTIONS_ID_TOKEN_REQUEST_TOKEN)"
}
}
$OidcTokenResponse = Invoke-RestMethod @Params
$OidcToken = $OidcTokenResponse.value
Import-Module ./output/AzAuth
Get-AzToken -WorkloadIdentity -ExternalToken $OidcToken -TenantId $env:TENANT_ID -ClientId $env:CLIENT_ID -ErrorAction Stop | Out-Null
Write-Host "Successfully retrieved token for Workload Identity."