chore/remove-uuid #802
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| branches: | |
| - master | |
| jobs: | |
| build: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: | |
| - 20 | |
| - 22 | |
| env: | |
| AZURE_VAULT_NAME: kv${{ github.run_id }}-${{ matrix.node-version }}-${{ github.run_attempt }} | |
| AZURE_DEFAULTS_GROUP: ${{ secrets.KEYVAULT_RESOURCE_GROUP }} | |
| AZURE_DEFAULTS_LOCATION: westeurope | |
| steps: | |
| - name: Log in with Azure | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ vars.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ vars.AZURE_TENANT_ID }} | |
| subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - run: npm install | |
| - run: npm run lint | |
| - uses: azure/CLI@v2 | |
| with: | |
| inlineScript: | | |
| az account show | |
| az keyvault create --name ${{ env.AZURE_VAULT_NAME }} | |
| echo "OBJECT_ID=$(az keyvault list | jq '.[0].properties.accessPolicies[0].objectId')" >> $GITHUB_ENV | |
| - uses: azure/CLI@v2 | |
| with: | |
| inlineScript: | | |
| # set keyvault policies | |
| az keyvault set-policy -n ${{ env.AZURE_VAULT_NAME }} --key-permissions backup create decrypt delete encrypt get import list purge recover restore sign unwrapKey update verify wrapKey --object-id ${{ env.OBJECT_ID }} | |
| # set secret policies | |
| az keyvault set-policy -n ${{ env.AZURE_VAULT_NAME }} --secret-permissions backup delete get list purge recover restore set --object-id ${{ env.OBJECT_ID }} | |
| # set certificates policies | |
| az keyvault set-policy -n ${{ env.AZURE_VAULT_NAME }} --certificate-permissions backup create delete deleteissuers get getissuers import list listissuers managecontacts manageissuers purge recover restore setissuers update --object-id ${{ env.OBJECT_ID }} | |
| - run: npm run test | |
| - uses: azure/CLI@v2 | |
| if: ${{ always() }} | |
| with: | |
| inlineScript: | | |
| az keyvault delete --name ${{ env.AZURE_VAULT_NAME }} | |
| automerge: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| contents: write | |
| steps: | |
| - uses: fastify/github-action-merge-dependabot@v3 |