feat(router): Add new JWT authentication variants and use them #4969
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI-pr | |
on: | |
pull_request: | |
# paths: | |
# - ".github/workflows/**" | |
# - "crates/**" | |
# - "examples/**" | |
# - "Cargo.lock" | |
# - "Cargo.toml" | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
# Disable incremental compilation. | |
# | |
# Incremental compilation is useful as part of an edit-build-test-edit cycle, | |
# as it lets the compiler avoid recompiling code that hasn't changed. However, | |
# on CI, we're not making small edits; we're almost always building the entire | |
# project from scratch. Thus, incremental compilation on CI actually | |
# introduces *additional* overhead to support making future builds | |
# faster...but no future builds will ever occur in any given CI environment. | |
# | |
# See https://matklad.github.io/2021/09/04/fast-rust-builds.html#ci-workflow | |
# for details. | |
CARGO_INCREMENTAL: 0 | |
# Allow more retries for network requests in cargo (downloading crates) and | |
# rustup (installing toolchains). This should help to reduce flaky CI failures | |
# from transient network timeouts or other issues. | |
CARGO_NET_RETRY: 10 | |
RUSTUP_MAX_RETRIES: 10 | |
# Don't emit giant backtraces in the CI logs. | |
RUST_BACKTRACE: short | |
# Use cargo's sparse index protocol | |
CARGO_REGISTRIES_CRATES_IO_PROTOCOL: sparse | |
jobs: | |
formatting: | |
name: Check formatting | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository with token | |
if: ${{ github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name }} | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.ref }} | |
token: ${{ secrets.AUTO_FILE_UPDATE_PAT }} | |
- name: Checkout repository for fork | |
if: ${{ github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name }} | |
uses: actions/checkout@v3 | |
- name: Install Rust | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: nightly | |
components: rustfmt | |
- name: Check formatting for forked pull requests | |
if: ${{ github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name }} | |
shell: bash | |
run: cargo +nightly fmt --all --check | |
- name: Run formatter | |
if: ${{ github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name }} | |
shell: bash | |
run: | | |
cargo +nightly fmt --all | |
if ! git diff --exit-code --quiet -- crates; then | |
echo "::notice::Formatting check failed" | |
git config --local user.name 'github-actions[bot]' | |
git config --local user.email '41898282+github-actions[bot]@users.noreply.github.com' | |
git add crates | |
git commit --message 'chore: run formatter' | |
git push | |
fi | |
check-msrv: | |
name: Check compilation on MSRV toolchain | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: true | |
matrix: | |
os: | |
- ubuntu-latest | |
# - macos-latest | |
# - windows-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: "Fetch base branch" | |
shell: bash | |
run: git fetch origin $GITHUB_BASE_REF --depth 1 | |
- name: Install mold linker | |
uses: rui314/setup-mold@v1 | |
if: ${{ runner.os == 'Linux' }} | |
with: | |
make-default: true | |
- name: Install Rust | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: 1.65 | |
- uses: Swatinem/[email protected] | |
with: | |
save-if: ${{ github.event_name == 'push' }} | |
- name: Install cargo-hack | |
uses: baptiste0928/[email protected] | |
with: | |
crate: cargo-hack | |
version: 0.6.5 | |
- name: Deny warnings | |
shell: bash | |
run: sed -i 's/rustflags = \[/rustflags = \[\n "-Dwarnings",/' .cargo/config.toml | |
- name: Check files changed | |
shell: bash | |
run: | | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/api_models/; then | |
echo "api_models_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "api_models_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/cards/; then | |
echo "cards_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "cards_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/common_enums/; then | |
echo "common_enums_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "common_enums_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/common_utils/; then | |
echo "common_utils_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "common_utils_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/diesel_models/; then | |
echo "diesel_models_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "diesel_models_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/drainer/; then | |
echo "drainer_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "drainer_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/external_services/; then | |
echo "external_services_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "external_services_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/masking/; then | |
echo "masking_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "masking_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/redis_interface/; then | |
echo "redis_interface_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "redis_interface_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/router/; then | |
echo "router_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "router_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/storage_impl/; then | |
echo "storage_impl_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "storage_impl_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/router_derive/; then | |
echo "router_derive_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "router_derive_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/router_env/; then | |
echo "router_env_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "router_env_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/test_utils/; then | |
echo "test_utils_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "test_utils_changes_exist=true" >> $GITHUB_ENV | |
fi | |
- name: Cargo hack api_models | |
if: env.api_models_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p api_models | |
- name: Cargo hack cards | |
if: env.cards_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p cards | |
- name: Cargo hack common_enums | |
if: env.common_enums_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p common_enums | |
- name: Cargo hack common_utils | |
if: env.common_utils_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p common_utils | |
- name: Cargo hack diesel_models | |
if: env.diesel_models_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p diesel_models | |
- name: Cargo hack drainer | |
if: env.drainer_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p drainer | |
- name: Cargo hack external_services | |
if: env.external_services_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p external_services | |
- name: Cargo hack masking | |
if: env.masking_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p masking | |
- name: Cargo hack redis_interface | |
if: env.redis_interface_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p redis_interface | |
- name: Cargo hack router | |
if: env.router_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --skip kms,basilisk,kv_store,accounts_cache,openapi --no-dev-deps -p router | |
- name: Cargo hack storage_impl | |
if: env.storage_impl_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p storage_impl | |
- name: Cargo hack router_derive | |
if: env.router_derive_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p router_derive | |
- name: Cargo hack router_env | |
if: env.router_env_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p router_env | |
- name: Cargo hack test_utils | |
if: env.test_utils_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p test_utils | |
# cargo-deny: | |
# name: Run cargo-deny | |
# runs-on: ubuntu-latest | |
# strategy: | |
# matrix: | |
# checks: | |
# - advisories | |
# - bans licenses sources | |
# # Prevent sudden announcement of a new advisory from failing CI | |
# continue-on-error: ${{ matrix.checks == 'advisories' }} | |
# steps: | |
# - name: Checkout repository | |
# uses: actions/checkout@v3 | |
# - name: Run cargo-deny | |
# uses: EmbarkStudios/[email protected] | |
# with: | |
# command: check ${{ matrix.checks }} | |
test: | |
name: Run tests on stable toolchain | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
- ubuntu-latest | |
# - macos-latest | |
# - windows-latest | |
steps: | |
- name: Checkout repository for fork | |
if: ${{ (github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name) }} | |
uses: actions/checkout@v3 | |
- name: Checkout repository with token | |
if: ${{ (github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name) }} | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.ref }} | |
token: ${{ secrets.AUTO_FILE_UPDATE_PAT }} | |
- name: "Fetch base branch" | |
shell: bash | |
run: git fetch origin $GITHUB_BASE_REF --depth 1 | |
- name: Install mold linker | |
uses: rui314/setup-mold@v1 | |
if: ${{ runner.os == 'Linux' }} | |
with: | |
make-default: true | |
- name: Install Rust | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: stable 2 weeks ago | |
components: clippy | |
- name: Install cargo-hack | |
uses: baptiste0928/[email protected] | |
with: | |
crate: cargo-hack | |
# - name: Install cargo-nextest | |
# uses: baptiste0928/[email protected] | |
# with: | |
# crate: cargo-nextest | |
- uses: Swatinem/[email protected] | |
with: | |
save-if: ${{ github.event_name == 'push' }} | |
# - name: Setup Embark Studios lint rules | |
# shell: bash | |
# run: | | |
# mkdir -p .cargo | |
# curl -sL https://raw.githubusercontent.com/EmbarkStudios/rust-ecosystem/main/lints.toml >> .cargo/config.toml | |
- name: Deny warnings | |
shell: bash | |
run: sed -i 's/rustflags = \[/rustflags = \[\n "-Dwarnings",/' .cargo/config.toml | |
- name: Run clippy | |
shell: bash | |
run: cargo clippy --all-features --all-targets | |
- name: Check Cargo.lock changed | |
if: ${{ (github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name) }} | |
shell: bash | |
run: | | |
if ! git diff --quiet --exit-code -- Cargo.lock ; then | |
git config --local user.name 'github-actions[bot]' | |
git config --local user.email '41898282+github-actions[bot]@users.noreply.github.com' | |
git add Cargo.lock | |
git commit --message 'chore: update Cargo.lock' | |
git push | |
fi | |
- name: Check files changed | |
shell: bash | |
run: | | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/api_models/; then | |
echo "api_models_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "api_models_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/cards/; then | |
echo "cards_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "cards_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/common_enums/; then | |
echo "common_enums_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "common_enums_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/common_utils/; then | |
echo "common_utils_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "common_utils_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/diesel_models/; then | |
echo "diesel_models_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "diesel_models_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/drainer/; then | |
echo "drainer_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "drainer_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/external_services/; then | |
echo "external_services_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "external_services_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/masking/; then | |
echo "masking_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "masking_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/redis_interface/; then | |
echo "redis_interface_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "redis_interface_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/router/; then | |
echo "router_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "router_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/router_derive/; then | |
echo "router_derive_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "router_derive_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/storage_impl/; then | |
echo "storage_impl_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "storage_impl_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/router_env/; then | |
echo "router_env_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "router_env_changes_exist=true" >> $GITHUB_ENV | |
fi | |
if git diff --exit-code --quiet origin/$GITHUB_BASE_REF -- crates/test_utils/; then | |
echo "test_utils_changes_exist=false" >> $GITHUB_ENV | |
else | |
echo "test_utils_changes_exist=true" >> $GITHUB_ENV | |
fi | |
- name: Cargo hack api_models | |
if: env.api_models_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p api_models | |
- name: Cargo hack cards | |
if: env.cards_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p cards | |
- name: Cargo hack common_enums | |
if: env.common_enums_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p common_enums | |
- name: Cargo hack common_utils | |
if: env.common_utils_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p common_utils | |
- name: Cargo hack diesel_models | |
if: env.diesel_models_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p diesel_models | |
- name: Cargo hack drainer | |
if: env.drainer_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p drainer | |
- name: Cargo hack external_services | |
if: env.external_services_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p external_services | |
- name: Cargo hack masking | |
if: env.masking_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p masking | |
- name: Cargo hack redis_interface | |
if: env.redis_interface_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p redis_interface | |
- name: Cargo hack router | |
if: env.router_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --skip kms,basilisk,kv_store,accounts_cache,openapi --no-dev-deps -p router | |
- name: Cargo hack router_derive | |
if: env.router_derive_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p router_derive | |
- name: Cargo hack storage_impl | |
if: env.storage_impl_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p storage_impl | |
- name: Cargo hack router_env | |
if: env.router_env_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p router_env | |
- name: Cargo hack test_utils | |
if: env.test_utils_changes_exist == 'true' | |
shell: bash | |
run: cargo hack check --each-feature --no-dev-deps -p test_utils | |
typos: | |
name: Spell check | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Spell check | |
uses: crate-ci/typos@master |