Reject non-empty aud when jwt-aud is not configured #1600
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test | |
| on: | |
| workflow_call: | |
| secrets: | |
| CACHIX_AUTH_TOKEN: | |
| required: false | |
| CODECOV_TOKEN: | |
| required: false | |
| pull_request: | |
| branches: | |
| - main | |
| - v[0-9]+ | |
| paths: | |
| - .github/workflows/test.yaml | |
| - .github/workflows/report.yaml | |
| - .github/actions/setup-nix/** | |
| - default.nix | |
| - nix/** | |
| - .stylish-haskell.yaml | |
| - cabal.project | |
| - postgrest.cabal | |
| - '**.hs' | |
| - test/** | |
| - '!**.md' | |
| concurrency: | |
| # Terminate all previous runs of the same workflow for pull requests | |
| group: test-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| coverage: | |
| name: Coverage | |
| runs-on: ubuntu-24.04 | |
| defaults: | |
| run: | |
| # Hack for enabling color output, see: | |
| # https://github.com/actions/runner/issues/241#issuecomment-842566950 | |
| shell: script -qec "bash --noprofile --norc -eo pipefail {0}" | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Setup Nix Environment | |
| uses: ./.github/actions/setup-nix | |
| with: | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| tools: tests.coverage.bin tests.testDoctests.bin tests.testSpecIdempotence.bin cabalTools.update.bin | |
| - run: postgrest-cabal-update | |
| - name: Run coverage (IO tests and Spec tests against PostgreSQL 15) | |
| run: postgrest-coverage | |
| - name: Upload coverage to codecov | |
| uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 | |
| with: | |
| files: ./coverage/codecov.json | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Run doctests | |
| if: always() | |
| run: postgrest-test-doctests | |
| - name: Check the spec tests for idempotence | |
| if: always() | |
| run: postgrest-test-spec-idempotence | |
| postgres: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| pgVersion: [13, 14, 15, 16, 17] | |
| name: PG ${{ matrix.pgVersion }} | |
| runs-on: ubuntu-24.04 | |
| defaults: | |
| run: | |
| # Hack for enabling color output, see: | |
| # https://github.com/actions/runner/issues/241#issuecomment-842566950 | |
| shell: script -qec "bash --noprofile --norc -eo pipefail {0}" | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Setup Nix Environment | |
| uses: ./.github/actions/setup-nix | |
| with: | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| tools: tests.testSpec.bin tests.testIO.bin tests.testBigSchema.bin withTools.postgresql-${{ matrix.pgVersion }}.bin cabalTools.update.bin | |
| - run: postgrest-cabal-update | |
| - name: Run spec tests | |
| if: always() | |
| run: postgrest-with-postgresql-${{ matrix.pgVersion }} postgrest-test-spec | |
| - name: Run IO tests | |
| if: always() | |
| run: postgrest-with-postgresql-${{ matrix.pgVersion }} postgrest-test-io -vv | |
| - name: Run IO tests on a big schema | |
| if: always() | |
| run: postgrest-with-postgresql-${{ matrix.pgVersion }} postgrest-test-big-schema -vv | |
| memory: | |
| name: Memory | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Setup Nix Environment | |
| uses: ./.github/actions/setup-nix | |
| with: | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| tools: tests.testMemory.bin cabalTools.update.bin | |
| - run: postgrest-cabal-update | |
| - name: Run memory tests | |
| run: postgrest-test-memory | |
| loadtest: | |
| strategy: | |
| matrix: | |
| kind: ['mixed', 'jwt-hs', 'jwt-hs-cache', 'jwt-hs-cache-worst', 'jwt-rsa', 'jwt-rsa-cache', 'jwt-rsa-cache-worst'] | |
| name: Loadtest | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Nix Environment | |
| uses: ./.github/actions/setup-nix | |
| with: | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| tools: loadtest.loadtestAgainst.bin loadtest.report.bin cabalTools.update.bin | |
| - run: postgrest-cabal-update | |
| - name: Run loadtest | |
| env: | |
| TARGET_BRANCH: ${{ github.base_ref || github.ref_name }} | |
| run: | | |
| if [ "$TARGET_BRANCH" = "main" ]; then | |
| latest_tag=$(git tag --sort=-creatordate --list "v*" | head -n1) | |
| else | |
| latest_tag=$(git tag --merged HEAD --sort=-creatordate "v*" | head -n1) | |
| fi | |
| postgrest-loadtest-against -k ${{ matrix.kind }} "$TARGET_BRANCH" "$latest_tag" | |
| postgrest-loadtest-report -g ${{ matrix.kind }} >> "$GITHUB_STEP_SUMMARY" | |
| flake: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| runs-on: | |
| - macos-13 # x86_64-darwin | |
| - macos-14 # aarch64-darwin | |
| - ubuntu-24.04 # x86_64-linux | |
| - ubuntu-24.04-arm # aarch64-linux | |
| name: Flake Check | |
| runs-on: ${{ matrix.runs-on }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Nix Environment | |
| uses: ./.github/actions/setup-nix | |
| with: | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - name: Run flake check | |
| run: | | |
| nix flake check |