feat: Update release workflows to use output token from Vault and add… #1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Release Auth | |
| on: | |
| push: | |
| jobs: | |
| test_auth: | |
| runs-on: ubuntu-latest | |
| env: | |
| java_environment: zulu | |
| jre_version: 17 | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Retrieve secrets from Vault | |
| id: secrets | |
| uses: hashicorp/vault-action@4c06c5ccf5c0761b6029f56cfb1dcf5565918a3b # v3.4.0 | |
| continue-on-error: true | |
| with: | |
| url: "https://vault.maas-vault-prod.solace.cloud:8200" | |
| role: "cicd-workflows-secret-read-role" | |
| method: jwt | |
| path: jwt-github | |
| jwtGithubAudience: https://github.com/${{ github.repository_owner }} | |
| exportToken: true | |
| secrets: | | |
| secret/data/tools/githubactions RE_BOT_PACKAGES_READ_WRITE_CLASSIC_USER | GITHUB_USER ; | |
| secret/data/tools/githubactions RE_BOT_PACKAGES_READ_WRITE_CLASSIC_TOKEN | GITHUB_TOKEN | |
| - name: Warn of Vault Login Failure | |
| if: steps.secrets.outcome != 'success' | |
| run: echo "Could not (${{steps.secrets.outcome}}) log into vault using cicd-workflows-secret-read-role. Has this repo been onboarded in maas-vault-configuration?"; exit 1 | |
| - name: Set up JDK ${{ env.jre_version }} (${{env.java_environment}}) | |
| uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 | |
| with: | |
| distribution: ${{ env.java_environment }} | |
| java-version: ${{ env.jre_version }} | |
| cache: "maven" | |
| - name: Test Dependency Resolution | |
| env: | |
| GITHUB_TOKEN: ${{ steps.secrets.outputs.GITHUB_TOKEN }} | |
| run: | | |
| echo "Testing if we can download dependencies from SolaceDev..." | |
| mvn dependency:resolve -B -s maven/settings.xml | |
| - name: Test Build (Verify - No Deploy) | |
| env: | |
| GITHUB_TOKEN: ${{ steps.secrets.outputs.GITHUB_TOKEN }} | |
| run: >- | |
| mvn verify -B -s maven/settings.xml -Dcheckstyle.skip -Dpmd.skip -Dcpd.skip -Dfindbugs.skip -Dspotbugs.skip -DskipTests=true |