test

EyalDelarea · EyalDelarea · commit 87f1be3b3c4f · 2025-05-04T12:05:21.000+03:00
diff --git a/.github/workflows/oidc-integration-test.yml b/.github/workflows/oidc-integration-test.yml
@@ -9,7 +9,7 @@ name: OIDC Integration Test
 on:
   push:
     branches:
-      - master
+      - "**"
   # Triggers the workflow on labeled PRs only.
   pull_request_target:
     types: [ labeled ]
@@ -23,30 +23,20 @@ permissions:
   contents: read
 
 jobs:
-  oidc-test:
+  generate-oidc-integration:
     strategy:
-      fail-fast: false
       matrix:
-        os: [ ubuntu, macos, windows ]
-        cli-version: [ '2.74.1', '2.75.0','latest' ]
-    runs-on: ${{ matrix.os }}-latest
-    name: OIDC Test - ${{ matrix.cli-version }} on ${{ matrix.os }}
-    env:
-      JFROG_CLI_LOG_LEVEL: DEBUG
-
+        # This has to match the second audience value in the workflow
+        audience_value: [ '' ,'test-audience','github-jfrog' ]
+    runs-on: ubuntu-latest
+    outputs:
+      oidc_provider_name: ${{ steps.gen-oidc.outputs.oidc_provider_name }}
     steps:
-      - name: Checkout Repository
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-
-      # Setup OIDC platform integration
       - name: Generate unique OIDC provider name
         id: gen-oidc
         shell: bash
         run: |
-          cli_version="${{ matrix.cli-version }}" && cli_version="${cli_version//./-}"
-          echo "oidc_provider_name=oidc-integration-${cli_version}-${{ matrix.os }}-$(date +%s)" >> "$GITHUB_OUTPUT"
+          echo "oidc_provider_name=oidc-integration-${{ matrix.audience_value }}-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
 
       - name: Create OpenID Connect integration
         shell: bash
@@ -58,8 +48,9 @@ jobs:
               "name": "${{ steps.gen-oidc.outputs.oidc_provider_name }}",
               "issuer_url": "https://token.actions.githubusercontent.com",
               "provider_type": "GitHub",
+              "audience": "${{ matrix.audience_value }}",
               "enable_permissive_configuration": "true",
-              "description": "Test configuration for CLI version ${{ matrix.cli-version }}"
+              "description": "Test configuration for audience ${{ matrix.audience_value }}"
             }'
 
       - name: Create OIDC Identity Mapping
@@ -76,25 +67,45 @@ jobs:
               },
               "token_spec": {
                 "scope": "applied-permissions/groups:readers",
-                "expires_in": 30
+                "expires_in": 10
               }
             }'
 
-      # Setup
+      - name: Save OIDC provider name
+        shell: bash
+        run: echo "oidc_provider_name=${{ steps.gen-oidc.outputs.oidc_provider_name }}" >> "$GITHUB_ENV"
+
+  oidc-test:
+    needs: generate-oidc-integration
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu, macos, windows ]
+        cli-version: [ '2.74.1', '2.75.0','latest' ]
+        # This has to match the second audience value in the workflow
+        audience_value: [ '' ,'test-audience','github-jfrog' ]
+    runs-on: ${{ matrix.os }}-latest
+    env:
+      JFROG_CLI_LOG_LEVEL: DEBUG
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
       - name: Setup JFrog CLI
         id: setup-jfrog-cli
         uses: ./
         env:
           JF_URL: ${{ secrets.JFROG_PLATFORM_URL }}
         with:
           version: ${{ matrix.cli-version }}
-          oidc-provider-name: ${{ steps.gen-oidc.outputs.oidc_provider_name }}
+          oidc-provider-name: ${{ needs.generate-oidc-integration.outputs.oidc_provider_name }}
+          oidc-audience: ${{ matrix.audience_value }}
 
-      # validate successful OIDC configuration
       - name: Test JFrog CLI connectivity
         run: jf rt ping
 
-      # Validate step outputs
       - name: Validate user output
         shell: bash
         run: test -n "${{ steps.setup-jfrog-cli.outputs.oidc-user }}"
@@ -103,10 +114,12 @@ jobs:
         shell: bash
         run: test -n "${{ steps.setup-jfrog-cli.outputs.oidc-token }}"
 
-      # Cleanup
+  cleanup-oidc-integration:
+    needs: oidc-test
+    runs-on: ubuntu-latest
+    steps:
       - name: Delete OIDC integration
         shell: bash
-        if: always()
         run: |
-          curl -X DELETE "${{ secrets.JFROG_PLATFORM_URL }}/access/api/v1/oidc/${{ steps.gen-oidc.outputs.oidc_provider_name }}" \
-            -H "Authorization: Bearer ${{ secrets.JFROG_PLATFORM_RT_TOKEN }}"
+          curl -X DELETE "${{ secrets.JFROG_PLATFORM_URL }}/access/api/v1/oidc/${{ needs.generate-oidc-integration.outputs.oidc_provider_name }}" \
+            -H "Authorization: Bearer ${{ secrets.JFROG_PLATFORM_RT_TOKEN }}"
