Skip to content
.github/workflows/vault-deploy-approle.yml

fix(contracts): move misplaced #![cfg(test)] to top of snapshot test.… #4

Sign in to view logs

fix(contracts): move misplaced #![cfg(test)] to top of snapshot test.…

fix(contracts): move misplaced #![cfg(test)] to top of snapshot test.… #4

Workflow file for this run

.github/workflows/vault-deploy-approle.yml at 5ccf143
name: Deploy with Vault AppRole

Check failure on line 1 in .github/workflows/vault-deploy-approle.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/vault-deploy-approle.yml

Invalid workflow file 

(Line: 26, Col: 13): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.VAULT_ADDR == '' || secrets.VAULT_ROLE_ID == '' || secrets.VAULT_SECRET_ID == '', (Line: 31, Col: 13): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.VAULT_ADDR != '' && secrets.VAULT_ROLE_ID != '' && secrets.VAULT_SECRET_ID != ''
on:
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
env:
CARGO_TERM_COLOR: always
RUST_LOG: backend=info,tower_http=debug
jobs:
test-with-approle:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
- name: Cache Rust dependencies
uses: Swatinem/rust-cache@v2
- name: Set fallback JWT secret when Vault credentials are unavailable
if: ${{ secrets.VAULT_ADDR == '' || secrets.VAULT_ROLE_ID == '' || secrets.VAULT_SECRET_ID == '' }}
run: |
echo "JWT_SECRET=fallback-test-secret-value-at-least-32-characters" >> $GITHUB_ENV
- name: Authenticate to Vault with AppRole
if: ${{ secrets.VAULT_ADDR != '' && secrets.VAULT_ROLE_ID != '' && secrets.VAULT_SECRET_ID != '' }}
id: vault-auth
run: |
TOKEN=$(curl -s -X POST \
"${{ secrets.VAULT_ADDR }}/v1/auth/approle/login" \
-H "Content-Type: application/json" \
-d "{
\"role_id\": \"${{ secrets.VAULT_ROLE_ID }}\",
\"secret_id\": \"${{ secrets.VAULT_SECRET_ID }}\"
}" | jq -r '.auth.client_token')
if [ -z "$TOKEN" ]; then
echo "Failed to obtain Vault token"
exit 1
fi
echo "::add-mask::$TOKEN"
echo "VAULT_TOKEN=$TOKEN" >> $GITHUB_ENV
- name: Read JWT_SECRET from Vault
if: ${{ steps.vault-auth.outcome == 'success' }}
run: |
JWT_SECRET=$(curl -s -X GET \
"${{ secrets.VAULT_ADDR }}/v1/data/secret/stellar/jwt_secret" \
-H "X-Vault-Token: $VAULT_TOKEN" | jq -r '.data.data.value')
echo "::add-mask::$JWT_SECRET"
echo "JWT_SECRET=$JWT_SECRET" >> $GITHUB_ENV
- name: Run tests
run: cargo test --lib --verbose
working-directory: backend
env:
JWT_SECRET: ${{ env.JWT_SECRET }}
- name: Build backend
run: cargo build --release
working-directory: backend
- name: Check formatting
run: cargo fmt --all -- --check
working-directory: backend
- name: Run clippy
run: cargo clippy --all-targets --all-features -- -D warnings
working-directory: backend