use image with jq already installed
Signed-off-by: Mario Minardi <mminardi@shaw.ca>
This commit is contained in:
Mario Minardi
parent
e18021d0ed
commit
a11123d768
1 changed files with 9 additions and 9 deletions
|
|
@ -2,30 +2,30 @@ on: [push]
|
||||||
|
|
||||||
env:
|
env:
|
||||||
JWT_CLI_VERSION: 6.2.0 # renovate: datasource=github-releases depName=jwt-cli packageName=mike-engel/jwt-cli
|
JWT_CLI_VERSION: 6.2.0 # renovate: datasource=github-releases depName=jwt-cli packageName=mike-engel/jwt-cli
|
||||||
JQ_VERSION: jq-1.8.1 # renovate: datasource=github-releases depName=jq packageName=jqlang/jq
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
generation-allowed:
|
generation-allowed:
|
||||||
enable-openid-connect: true
|
enable-openid-connect: true
|
||||||
runs-on: docker
|
runs-on: docker
|
||||||
|
container:
|
||||||
|
image: data.forgejo.org/oci/ci:1
|
||||||
steps:
|
steps:
|
||||||
- run: curl -L -o jq https://github.com/jqlang/jq/releases/download/${{ env.JQ_VERSION }}/jq-linux-amd64 && chmod a+x ./jq
|
|
||||||
- run: curl -L -o jwt-linux.tar.gz https://github.com/mike-engel/jwt-cli/releases/download/${{ env.JWT_CLI_VERSION }}/jwt-linux-musl.tar.gz && tar -xvzf ./jwt-linux.tar.gz && chmod a+x ./jwt
|
- run: curl -L -o jwt-linux.tar.gz https://github.com/mike-engel/jwt-cli/releases/download/${{ env.JWT_CLI_VERSION }}/jwt-linux-musl.tar.gz && tar -xvzf ./jwt-linux.tar.gz && chmod a+x ./jwt
|
||||||
- name: validate token generation works
|
- name: validate token generation works
|
||||||
run: |
|
run: |
|
||||||
RAW_JWT=$(curl -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=exampleAudience" | ./jq -r ".value")
|
RAW_JWT=$(curl -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=exampleAudience" | jq -r ".value")
|
||||||
if [[ -z "RAW_JWT" ]]; then
|
if [[ -z "RAW_JWT" ]]; then
|
||||||
echo "Error: RAW_JWT should be set"
|
echo "Error: RAW_JWT should be set"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
DECODED_JWT_BODY=$(echo $RAW_JWT | ./jq -R 'split(".") | .[1] | @base64d | fromjson')
|
DECODED_JWT_BODY=$(echo $RAW_JWT | jq -R 'split(".") | .[1] | @base64d | fromjson')
|
||||||
if [[ -z "$DECODED_JWT_BODY" ]]; then
|
if [[ -z "$DECODED_JWT_BODY" ]]; then
|
||||||
echo "Error: DECODED_JWT_BODY should be set"
|
echo "Error: DECODED_JWT_BODY should be set"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ISS=$(echo $DECODED_JWT_BODY | ./jq -r '.iss')
|
ISS=$(echo $DECODED_JWT_BODY | jq -r '.iss')
|
||||||
if [[ -z "$ISS" ]]; then
|
if [[ -z "$ISS" ]]; then
|
||||||
echo "Error: ISS should be set"
|
echo "Error: ISS should be set"
|
||||||
exit 1
|
exit 1
|
||||||
|
|
@ -41,10 +41,10 @@ jobs:
|
||||||
# Verify that the JWT decodes with the JWKS data
|
# Verify that the JWT decodes with the JWKS data
|
||||||
./jwt decode -S @./jwks.json -A RS256 $RAW_JWT || (echo "Error: failed signature validation" && exit 1)
|
./jwt decode -S @./jwks.json -A RS256 $RAW_JWT || (echo "Error: failed signature validation" && exit 1)
|
||||||
|
|
||||||
WORKFLOW=$(echo $DECODED_JWT_BODY | ./jq -r '.workflow')
|
WORKFLOW=$(echo $DECODED_JWT_BODY | jq -r '.workflow')
|
||||||
AUD=$(echo $DECODED_JWT_BODY | ./jq -r '.aud')
|
AUD=$(echo $DECODED_JWT_BODY | jq -r '.aud')
|
||||||
EVENT_NAME=$(echo $DECODED_JWT_BODY | ./jq -r '.event_name')
|
EVENT_NAME=$(echo $DECODED_JWT_BODY | jq -r '.event_name')
|
||||||
SUB=$(echo $DECODED_JWT_BODY | ./jq -r '.sub')
|
SUB=$(echo $DECODED_JWT_BODY | jq -r '.sub')
|
||||||
if [[ "$WORKFLOW" != "test.yml" ]]; then
|
if [[ "$WORKFLOW" != "test.yml" ]]; then
|
||||||
echo "Error: WORKFLOW should be test.yml but is $WORKFLOW"
|
echo "Error: WORKFLOW should be test.yml but is $WORKFLOW"
|
||||||
exit 1
|
exit 1
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue