Skip to content

feat(router): Add new JWT authentication variants and use them #4964

feat(router): Add new JWT authentication variants and use them

feat(router): Add new JWT authentication variants and use them #4964

Workflow file for this run

name: CI-pr
on:
pull_request:
# paths:
# - ".github/workflows/**"
# - "crates/**"
# - "examples/**"
# - "Cargo.lock"
# - "Cargo.toml"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
# Disable incremental compilation.
#
# Incremental compilation is useful as part of an edit-build-test-edit cycle,
# as it lets the compiler avoid recompiling code that hasn't changed. However,
# on CI, we're not making small edits; we're almost always building the entire
# project from scratch. Thus, incremental compilation on CI actually
# introduces *additional* overhead to support making future builds
# faster...but no future builds will ever occur in any given CI environment.
#
# See https://matklad.github.io/2021/09/04/fast-rust-builds.html#ci-workflow
# for details.
CARGO_INCREMENTAL: 0
# Allow more retries for network requests in cargo (downloading crates) and
# rustup (installing toolchains). This should help to reduce flaky CI failures
# from transient network timeouts or other issues.
CARGO_NET_RETRY: 10
RUSTUP_MAX_RETRIES: 10
# Don't emit giant backtraces in the CI logs.
RUST_BACKTRACE: short
# Use cargo's sparse index protocol
CARGO_REGISTRIES_CRATES_IO_PROTOCOL: sparse
jobs:
formatting:
name: Check formatting
runs-on: ubuntu-latest
steps:
- name: Checkout repository with token
if: ${{ github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name }}
uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.ref }}
token: ${{ secrets.AUTO_FILE_UPDATE_PAT }}
- name: Checkout repository for fork
if: ${{ github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name }}
uses: actions/checkout@v3
- name: Install Rust
uses: dtolnay/rust-toolchain@master
with:
toolchain: nightly
components: rustfmt
- name: Check formatting for forked pull requests
if: ${{ github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name }}
shell: bash
run: cargo +nightly fmt --all --check
- name: Run formatter
if: ${{ github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name }}
shell: bash
run: |
cargo +nightly fmt --all
if ! git diff --exit-code --quiet -- crates; then
echo "::notice::Formatting check failed"
git config --local user.name 'github-actions[bot]'
git config --local user.email '41898282+github-actions[bot]@users.noreply.github.com'
git add crates
git commit --message 'chore: run formatter'
git push
fi
check-msrv:
name: Check compilation on MSRV toolchain
runs-on: ${{ matrix.os }}
strategy:
fail-fast: true
matrix:
os:
- ubuntu-latest
# - macos-latest
# - windows-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: "Fetch base branch"
shell: bash
run: git fetch origin $GITHUB_BASE_REF --depth 1
- name: Install mold linker
uses: rui314/setup-mold@v1
if: ${{ runner.os == 'Linux' }}
with:
make-default: true
- name: Install Rust
uses: dtolnay/rust-toolchain@master
with:
toolchain: 1.65
- uses: Swatinem/[email protected]
with:
save-if: ${{ github.event_name == 'push' }}
- name: Install cargo-hack
uses: baptiste0928/[email protected]
with:
crate: cargo-hack
version: 0.6.5
- name: Deny warnings
shell: bash
run: sed -i 's/rustflags = \[/rustflags = \[\n "-Dwarnings",/' .cargo/config.toml
- name: Check files changed
shell: bash
run: |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/api_models/; then
echo "api_models_changes_exist=false" >> $GITHUB_ENV
else
echo "api_models_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/cards/; then
echo "cards_changes_exist=false" >> $GITHUB_ENV
else
echo "cards_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/common_enums/; then
echo "common_enums_changes_exist=false" >> $GITHUB_ENV
else
echo "common_enums_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/common_utils/; then
echo "common_utils_changes_exist=false" >> $GITHUB_ENV
else
echo "common_utils_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/diesel_models/; then
echo "diesel_models_changes_exist=false" >> $GITHUB_ENV
else
echo "diesel_models_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/drainer/; then
echo "drainer_changes_exist=false" >> $GITHUB_ENV
else
echo "drainer_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/external_services/; then
echo "external_services_changes_exist=false" >> $GITHUB_ENV
else
echo "external_services_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/masking/; then
echo "masking_changes_exist=false" >> $GITHUB_ENV
else
echo "masking_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/redis_interface/; then
echo "redis_interface_changes_exist=false" >> $GITHUB_ENV
else
echo "redis_interface_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/router/; then
echo "router_changes_exist=false" >> $GITHUB_ENV
else
echo "router_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/storage_impl/; then
echo "storage_impl_changes_exist=false" >> $GITHUB_ENV
else
echo "storage_impl_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/router_derive/; then
echo "router_derive_changes_exist=false" >> $GITHUB_ENV
else
echo "router_derive_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/router_env/; then
echo "router_env_changes_exist=false" >> $GITHUB_ENV
else
echo "router_env_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/test_utils/; then
echo "test_utils_changes_exist=false" >> $GITHUB_ENV
else
echo "test_utils_changes_exist=true" >> $GITHUB_ENV
fi
- name: Cargo hack api_models
if: env.api_models_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p api_models
- name: Cargo hack cards
if: env.cards_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p cards
- name: Cargo hack common_enums
if: env.common_enums_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p common_enums
- name: Cargo hack common_utils
if: env.common_utils_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p common_utils
- name: Cargo hack diesel_models
if: env.diesel_models_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p diesel_models
- name: Cargo hack drainer
if: env.drainer_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p drainer
- name: Cargo hack external_services
if: env.external_services_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p external_services
- name: Cargo hack masking
if: env.masking_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p masking
- name: Cargo hack redis_interface
if: env.redis_interface_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p redis_interface
- name: Cargo hack router
if: env.router_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --skip kms,basilisk,kv_store,accounts_cache,openapi --no-dev-deps -p router
- name: Cargo hack storage_impl
if: env.storage_impl_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p storage_impl
- name: Cargo hack router_derive
if: env.router_derive_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p router_derive
- name: Cargo hack router_env
if: env.router_env_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p router_env
- name: Cargo hack test_utils
if: env.test_utils_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p test_utils
# cargo-deny:
# name: Run cargo-deny
# runs-on: ubuntu-latest
# strategy:
# matrix:
# checks:
# - advisories
# - bans licenses sources
# # Prevent sudden announcement of a new advisory from failing CI
# continue-on-error: ${{ matrix.checks == 'advisories' }}
# steps:
# - name: Checkout repository
# uses: actions/checkout@v3
# - name: Run cargo-deny
# uses: EmbarkStudios/[email protected]
# with:
# command: check ${{ matrix.checks }}
test:
name: Run tests on stable toolchain
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
# - macos-latest
# - windows-latest
steps:
- name: Checkout repository for fork
if: ${{ (github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name) }}
uses: actions/checkout@v3
- name: Checkout repository with token
if: ${{ (github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name) }}
uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.ref }}
token: ${{ secrets.AUTO_FILE_UPDATE_PAT }}
- name: "Fetch base branch"
shell: bash
run: git fetch origin $GITHUB_BASE_REF --depth 1
- name: Install mold linker
uses: rui314/setup-mold@v1
if: ${{ runner.os == 'Linux' }}
with:
make-default: true
- name: Install Rust
uses: dtolnay/rust-toolchain@master
with:
toolchain: stable 2 weeks ago
components: clippy
- name: Install cargo-hack
uses: baptiste0928/[email protected]
with:
crate: cargo-hack
# - name: Install cargo-nextest
# uses: baptiste0928/[email protected]
# with:
# crate: cargo-nextest
- uses: Swatinem/[email protected]
with:
save-if: ${{ github.event_name == 'push' }}
# - name: Setup Embark Studios lint rules
# shell: bash
# run: |
# mkdir -p .cargo
# curl -sL https://raw.githubusercontent.com/EmbarkStudios/rust-ecosystem/main/lints.toml >> .cargo/config.toml
- name: Deny warnings
shell: bash
run: sed -i 's/rustflags = \[/rustflags = \[\n "-Dwarnings",/' .cargo/config.toml
- name: Run clippy
shell: bash
run: cargo clippy --all-features --all-targets
- name: Check Cargo.lock changed
if: ${{ (github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name) }}
shell: bash
run: |
if ! git diff --quiet --exit-code -- Cargo.lock ; then
git config --local user.name 'github-actions[bot]'
git config --local user.email '41898282+github-actions[bot]@users.noreply.github.com'
git add Cargo.lock
git commit --message 'chore: update Cargo.lock'
git push
fi
- name: Check files changed
shell: bash
run: |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/api_models/; then
echo "api_models_changes_exist=false" >> $GITHUB_ENV
else
echo "api_models_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/cards/; then
echo "cards_changes_exist=false" >> $GITHUB_ENV
else
echo "cards_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/common_enums/; then
echo "common_enums_changes_exist=false" >> $GITHUB_ENV
else
echo "common_enums_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/common_utils/; then
echo "common_utils_changes_exist=false" >> $GITHUB_ENV
else
echo "common_utils_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/diesel_models/; then
echo "diesel_models_changes_exist=false" >> $GITHUB_ENV
else
echo "diesel_models_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/drainer/; then
echo "drainer_changes_exist=false" >> $GITHUB_ENV
else
echo "drainer_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/external_services/; then
echo "external_services_changes_exist=false" >> $GITHUB_ENV
else
echo "external_services_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/masking/; then
echo "masking_changes_exist=false" >> $GITHUB_ENV
else
echo "masking_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/redis_interface/; then
echo "redis_interface_changes_exist=false" >> $GITHUB_ENV
else
echo "redis_interface_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/router/; then
echo "router_changes_exist=false" >> $GITHUB_ENV
else
echo "router_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/router_derive/; then
echo "router_derive_changes_exist=false" >> $GITHUB_ENV
else
echo "router_derive_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/storage_impl/; then
echo "storage_impl_changes_exist=false" >> $GITHUB_ENV
else
echo "storage_impl_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/router_env/; then
echo "router_env_changes_exist=false" >> $GITHUB_ENV
else
echo "router_env_changes_exist=true" >> $GITHUB_ENV
fi
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/test_utils/; then
echo "test_utils_changes_exist=false" >> $GITHUB_ENV
else
echo "test_utils_changes_exist=true" >> $GITHUB_ENV
fi
- name: Cargo hack api_models
if: env.api_models_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p api_models
- name: Cargo hack cards
if: env.cards_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p cards
- name: Cargo hack common_enums
if: env.common_enums_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p common_enums
- name: Cargo hack common_utils
if: env.common_utils_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p common_utils
- name: Cargo hack diesel_models
if: env.diesel_models_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p diesel_models
- name: Cargo hack drainer
if: env.drainer_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p drainer
- name: Cargo hack external_services
if: env.external_services_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p external_services
- name: Cargo hack masking
if: env.masking_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p masking
- name: Cargo hack redis_interface
if: env.redis_interface_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p redis_interface
- name: Cargo hack router
if: env.router_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --skip kms,basilisk,kv_store,accounts_cache,openapi --no-dev-deps -p router
- name: Cargo hack router_derive
if: env.router_derive_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p router_derive
- name: Cargo hack storage_impl
if: env.storage_impl_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p storage_impl
- name: Cargo hack router_env
if: env.router_env_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p router_env
- name: Cargo hack test_utils
if: env.test_utils_changes_exist == 'true'
shell: bash
run: cargo hack check --each-feature --no-dev-deps -p test_utils
typos:
name: Spell check
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Spell check
uses: crate-ci/typos@master