[Next]Add Token Exchange grant type to agent application template #19552
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will build PRs submitted to the master branch. | |
| name: π· PR Builder | |
| on: | |
| pull_request: | |
| types: [ opened, synchronize, labeled ] | |
| branches: [ master, next ] | |
| paths-ignore: | |
| - "**.md" | |
| - "LICENSE" | |
| - "**.jsp" | |
| workflow_dispatch: | |
| # Avoid running multiple builds for the same PR. | |
| concurrency: | |
| group: pr-builder-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| jobs: | |
| knip: | |
| name: πͺ Knip (DEAD CODE) | |
| if: false # Keeping knip disabled until existing dead code is cleaned up. | |
| # if: ${{ github.event_name == 'pull_request' || github.event.label.name == 'trigger-pr-builder' || github.event_name == 'workflow_dispatch' }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [ 20.x ] | |
| pnpm-version: [ 10.x ] | |
| steps: | |
| - name: β¬οΈ Checkout | |
| id: checkout | |
| uses: actions/checkout@v4 | |
| - name: π’ Setup node | |
| id: setup-node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: π₯‘ Setup pnpm | |
| id: setup-pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: ${{ matrix.pnpm-version }} | |
| run_install: false | |
| - name: π Get pnpm store directory | |
| id: get-pnpm-cache-dir | |
| run: | | |
| echo "pnpm_cache_dir=$(pnpm store path)" >> "$GITHUB_OUTPUT" | |
| - name: π Cache pnpm modules | |
| uses: actions/cache@v4 | |
| id: pnpm-cache | |
| with: | |
| path: ${{ steps.get-pnpm-cache-dir.outputs.pnpm_cache_dir }} | |
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-store- | |
| - name: 𧩠Install Dependencies | |
| id: install-dependencies | |
| run: pnpm install | |
| - name: πͺ Run Knip | |
| id: run-knip | |
| # Knip findings and runtime failures will fail CI. | |
| run: pnpm knip:ci | |
| lint: | |
| name: ⬣ ESLint (STATIC ANALYSIS) | |
| if: ${{ github.event_name == 'pull_request' || github.event.label.name == 'trigger-pr-builder' || github.event_name == 'workflow_dispatch' }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [ 20.x ] | |
| pnpm-version: [ 10.x ] | |
| steps: | |
| - name: β¬οΈ Checkout | |
| id: checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: π’ Setup node | |
| id: setup-node | |
| uses: actions/setup-node@v2 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: π³ Set SHAs for Nx | |
| id: set-shas | |
| uses: nrwl/nx-set-shas@v3 | |
| with: | |
| main-branch-name: "master" | |
| - name: π₯‘ Setup pnpm | |
| id: setup-pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: ${{ matrix.pnpm-version }} | |
| run_install: false | |
| - name: π Get pnpm store directory | |
| id: get-pnpm-cache-dir | |
| run: | | |
| echo "pnpm_cache_dir=$(pnpm store path)" >> "$GITHUB_OUTPUT" | |
| - name: π Cache pnpm modules | |
| uses: actions/cache@v4 | |
| id: pnpm-cache | |
| with: | |
| path: ${{ steps.get-pnpm-cache-dir.outputs.pnpm_cache_dir }} | |
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-store- | |
| - name: 𧩠Install Dependencies | |
| id: install-dependencies | |
| run: pnpm install | |
| - name: π¦ Lint Changed Files | |
| id: lint-changed-with-eslint | |
| working-directory: .github/workflows | |
| run: | | |
| if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
| bash ./scripts/lint-changed.sh | |
| else | |
| bash ./scripts/lint-changed.sh ${{ github.event.pull_request.number }} | |
| fi | |
| # Temporarily disable linting all files as it is failing intermittently. | |
| # - name: β³ Lint All Files | |
| # id: lint-with-eslint | |
| # run: pnpm nx affected --base=${{ env.NX_BASE }} --head=${{ env.NX_HEAD }} --plain --target=lint --parallel=3 | |
| typecheck: | |
| name: Κ¦ Typecheck (STATIC ANALYSIS) | |
| if: ${{ github.event_name == 'pull_request' || github.event.label.name == 'trigger-pr-builder' || github.event_name == 'workflow_dispatch' }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [ 20.x ] | |
| pnpm-version: [ 10.x ] | |
| steps: | |
| - name: β¬οΈ Checkout | |
| id: checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: π’ Setup node | |
| id: setup-node | |
| uses: actions/setup-node@v2 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: π³ Set SHAs for Nx | |
| id: set-shas | |
| uses: nrwl/nx-set-shas@v3 | |
| with: | |
| main-branch-name: "master" | |
| - name: π₯‘ Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: ${{ matrix.pnpm-version }} | |
| run_install: false | |
| - name: π Get pnpm store directory | |
| id: get-pnpm-cache-dir | |
| run: | | |
| echo "pnpm_cache_dir=$(pnpm store path)" >> "$GITHUB_OUTPUT" | |
| - name: π Cache pnpm modules | |
| uses: actions/cache@v4 | |
| id: pnpm-cache | |
| with: | |
| path: ${{ steps.get-pnpm-cache-dir.outputs.pnpm_cache_dir }} | |
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-store- | |
| - name: 𧩠Install Dependencies | |
| id: install-dependencies | |
| run: pnpm install | |
| - name: π· Build Re-usable Modules | |
| id: build-reusable-modules | |
| run: pnpm build:modules | |
| - name: βοΈ Check Type Errors | |
| run: pnpm nx affected --base=${{ env.NX_BASE }} --head=${{ env.NX_HEAD }} --target=typecheck --parallel=3 | |
| test: | |
| name: πΎ Unit Test (TESTING) | |
| needs: [ typecheck ] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [ 20.x ] | |
| pnpm-version: [ 10.x ] | |
| steps: | |
| - name: β¬οΈ Checkout | |
| id: checkout | |
| uses: actions/checkout@v4 | |
| - name: π’ Setup node | |
| id: setup-node | |
| uses: actions/setup-node@v2 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: π₯‘ Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: ${{ matrix.pnpm-version }} | |
| run_install: false | |
| - name: π Get pnpm store directory | |
| id: get-pnpm-cache-dir | |
| run: | | |
| echo "pnpm_cache_dir=$(pnpm store path)" >> "$GITHUB_OUTPUT" | |
| - name: π Cache pnpm modules | |
| uses: actions/cache@v4 | |
| id: pnpm-cache | |
| with: | |
| path: ${{ steps.get-pnpm-cache-dir.outputs.pnpm_cache_dir }} | |
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-store- | |
| - name: 𧩠Install Dependencies | |
| id: install-dependencies | |
| run: pnpm install | |
| - name: π· Build Re-usable Modules | |
| id: build-reusable-modules | |
| run: pnpm build:modules | |
| - name: π Run Jest & Collect Coverage | |
| id: run-jest-test-and-coverage | |
| run: pnpm test:unit:coverage | |
| - name: π€ Aggregate Test Coverage | |
| id: aggregate-coverage-reports | |
| run: | | |
| pnpm test:unit:coverage:aggregate | |
| pnpm nyc:text-summary-report | |
| pnpm nyc:text-report | |
| - name: Upload `@wso2is/core` coverage reports to Codecov | |
| id: upload-wso2is-core-coverage-1 | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: ./modules/core/coverage/coverage-final.json | |
| flags: '@wso2is/core' | |
| verbose: true | |
| - name: Upload `@wso2is/features` coverage reports to Codecov | |
| id: upload-wso2is-features-coverage-1 | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: ./features/coverage/coverage-final.json | |
| flags: '@wso2is/features' | |
| verbose: true | |
| - name: Upload `@wso2is/i18n` coverage reports to Codecov | |
| id: upload-wso2is-i18n-coverage-1 | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: ./modules/i18n/coverage/coverage-final.json | |
| flags: '@wso2is/i18n' | |
| verbose: true | |
| build: | |
| name: π§ Build | |
| needs: [ test, typecheck ] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [ 20.x ] | |
| maven-version: [ 3.8.6 ] | |
| java-version: [ 21 ] | |
| pnpm-version: [ 10.x ] | |
| steps: | |
| - name: β¬οΈ Checkout | |
| id: checkout | |
| uses: actions/checkout@v4 | |
| - name: π’ Setup node | |
| id: setup-node | |
| uses: actions/setup-node@v2 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: β Set up JDK 21 | |
| id: jdk-setup | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: ${{ matrix.java-version }} | |
| distribution: "adopt" | |
| cache: maven | |
| - name: 𦩠Set up Maven | |
| uses: stCarolas/setup-maven@v4 | |
| id: mvn-setup | |
| with: | |
| maven-version: ${{ matrix.maven-version }} | |
| - name: π₯‘ Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: ${{ matrix.pnpm-version }} | |
| run_install: false | |
| - name: π Get pnpm store directory | |
| id: get-pnpm-cache-dir | |
| run: | | |
| echo "pnpm_cache_dir=$(pnpm store path)" >> "$GITHUB_OUTPUT" | |
| - name: π Cache pnpm modules | |
| uses: actions/cache@v4 | |
| id: pnpm-cache | |
| with: | |
| path: ${{ steps.get-pnpm-cache-dir.outputs.pnpm_cache_dir }} | |
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-store- | |
| - name: 𧩠Install Dependencies | |
| id: install-dependencies | |
| run: pnpm install | |
| - name: π· PNPM Build | |
| id: build-with-pnpm | |
| run: pnpm build | |
| - name: ποΈ Maven Build identity-apps-core | |
| id: build-with-maven | |
| run: | | |
| cd identity-apps-core | |
| mvn clean install -U -Dlint.exec.skip=true -Dbootstrap.exec.skip=true | |
| - name: πΎ Cache local Maven repository | |
| id: cache-maven-m2 | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- |