Use Secrets Manager for JWT secret (#140) #568
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pact Provider Verification | |
on: | |
repository_dispatch: | |
types: [provider-verification] | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
jobs: | |
test: | |
name: Provider verification | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- run: make build up | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: 'stable' | |
- run: go build -o ./api-test/tester ./api-test && chmod +x ./api-test/tester | |
- run: echo "JWT=$(JWT_SECRET_KEY=secret ./api-test/tester JWT)" >> "$GITHUB_ENV" | |
- name: Verify specified Pact | |
if: ${{ github.event_name == 'repository_dispatch' }} | |
run: | | |
docker-compose run --rm pact-verifier \ | |
--header="X-Jwt-Authorization=Bearer $JWT" \ | |
--provider-version=$(git rev-parse HEAD) \ | |
--provider-branch=main \ | |
--publish \ | |
--user=admin \ | |
--password=${{ secrets.PACT_BROKER_PASSWORD }} \ | |
--filter-consumer=${{ github.event.client_payload.pact_consumer_name }} \ | |
--consumer-version-selectors='{"branch":"${{ github.event.client_payload.pact_consumer_branch }}"}' | |
- name: Verify pacts, including pending | |
if: ${{ github.event_name == 'push' }} | |
run: | | |
docker-compose run --rm pact-verifier \ | |
--header="X-Jwt-Authorization=Bearer $JWT" \ | |
--provider-version=$(git rev-parse HEAD) \ | |
--provider-branch=main \ | |
--publish \ | |
--user=admin \ | |
--password=${{ secrets.PACT_BROKER_PASSWORD }} \ | |
--consumer-version-selectors='{"mainBranch": true}' \ | |
--enable-pending | |
- name: Verify pacts are still upheld | |
if: ${{ github.event_name == 'pull_request' }} | |
run: | | |
docker-compose run --rm pact-verifier \ | |
--header="X-Jwt-Authorization=Bearer $JWT" \ | |
--provider-version=$(git rev-parse HEAD) \ | |
--provider-branch=${{ github.head_ref }} \ | |
--consumer-version-selectors='{"mainBranch": true}' |