Package JWK: if missing kid in jwks, then refresh JWKS #1916
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: pipeline | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
env: | |
GO_VERSION: 1.22 | |
GOTOOLCHAIN: go1.22.3 | |
jobs: | |
go-setup: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache-dependency-path: ./go.sum | |
check-latest: true | |
- name: Tidy dependencies | |
run: go mod tidy | |
go-lint: | |
needs: [go-setup] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache-dependency-path: ./go.sum | |
- name: GoLint | |
uses: golangci/golangci-lint-action@v5 | |
with: | |
version: "latest" | |
args: --verbose --timeout=5m | |
skip-cache: false | |
- name: GoVet | |
run: go vet ./... | |
# this takes a long time to run, so we continue with go-build, go-test etc. in parallel | |
go-sec: | |
needs: [go-setup] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache-dependency-path: ./go.sum | |
- name: GoSec | |
uses: securego/gosec@master | |
with: | |
args: ./... | |
go-build: | |
needs: [go-setup] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup GO | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache-dependency-path: ./go.sum | |
- name: Install dependencies | |
run: go get ./... | |
- name: Build | |
run: GOARCH=amd64 GOOS=linux go build ./... | |
go-test: | |
needs: [go-lint, go-build, go-sec] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup GO | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
cache-dependency-path: ./go.sum | |
- name: Install gocover-cobertura and gotestfmt | |
shell: bash | |
run: | # install required tooling | |
go install github.com/boumenot/gocover-cobertura@v1.2.0 | |
go install github.com/gotesttools/gotestfmt/v2/cmd/gotestfmt@v2.5.0 | |
- name: Run all tests with 'race' | |
run: | | |
go test -race ./... | |
- name: Run test coverage | |
run: | | |
go test -json -v -coverprofile=coverage.json -covermode atomic ./... 2>&1 | tee gotest.log | gotestfmt | |
- name: Convert go coverage to corbetura format | |
run: gocover-cobertura -ignore-files test\*.go < coverage.json > coverage.xml | |
- name: Generate code coverage report | |
uses: irongut/CodeCoverageSummary@v1.3.0 | |
with: | |
filename: ./coverage.xml | |
badge: false | |
fail_below_min: false | |
format: markdown | |
hide_branch_rate: false | |
hide_complexity: true | |
indicators: true | |
output: both | |
thresholds: "60 80" | |
- name: Add Coverage PR Comment | |
uses: marocchino/sticky-pull-request-comment@v2 | |
if: github.event_name == 'pull_request' | |
with: | |
recreate: true | |
path: code-coverage-results.md | |
- name: Write to Job Summary | |
run: cat code-coverage-results.md >> $GITHUB_STEP_SUMMARY |