Skip to content

feat: Update release workflows to use output token from Vault and add… #1

feat: Update release workflows to use output token from Vault and add…

feat: Update release workflows to use output token from Vault and add… #1

name: Test Release Auth
on:
push:
jobs:
test_auth:
runs-on: ubuntu-latest
env:
java_environment: zulu
jre_version: 17
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Retrieve secrets from Vault
id: secrets
uses: hashicorp/vault-action@4c06c5ccf5c0761b6029f56cfb1dcf5565918a3b # v3.4.0
continue-on-error: true
with:
url: "https://vault.maas-vault-prod.solace.cloud:8200"
role: "cicd-workflows-secret-read-role"
method: jwt
path: jwt-github
jwtGithubAudience: https://github.com/${{ github.repository_owner }}
exportToken: true
secrets: |
secret/data/tools/githubactions RE_BOT_PACKAGES_READ_WRITE_CLASSIC_USER | GITHUB_USER ;
secret/data/tools/githubactions RE_BOT_PACKAGES_READ_WRITE_CLASSIC_TOKEN | GITHUB_TOKEN
- name: Warn of Vault Login Failure
if: steps.secrets.outcome != 'success'
run: echo "Could not (${{steps.secrets.outcome}}) log into vault using cicd-workflows-secret-read-role. Has this repo been onboarded in maas-vault-configuration?"; exit 1
- name: Set up JDK ${{ env.jre_version }} (${{env.java_environment}})
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
with:
distribution: ${{ env.java_environment }}
java-version: ${{ env.jre_version }}
cache: "maven"
- name: Test Dependency Resolution
env:
GITHUB_TOKEN: ${{ steps.secrets.outputs.GITHUB_TOKEN }}
run: |
echo "Testing if we can download dependencies from SolaceDev..."
mvn dependency:resolve -B -s maven/settings.xml
- name: Test Build (Verify - No Deploy)
env:
GITHUB_TOKEN: ${{ steps.secrets.outputs.GITHUB_TOKEN }}
run: >-
mvn verify -B -s maven/settings.xml -Dcheckstyle.skip -Dpmd.skip -Dcpd.skip -Dfindbugs.skip -Dspotbugs.skip -DskipTests=true