test: change to workflow_call

bcgov · Nov 13, 2024 · bb6a956 · bb6a956
1 parent 935d78e
commit bb6a956
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 11 deletions.
diff --git a/.github/workflows/build-release.yaml b/.github/workflows/build-release.yaml
@@ -21,17 +21,10 @@ env:
 
 jobs:
   check_token_expiration:
-    name: Check Token Expiration
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Checkout token expiration
-        shell: bash
-        run: sh ./.github/workflows/check-token.sh
-        env:
-          BROKER_JWT: ${{ secrets.BROKER_JWT_0E727E83_F027_426A_A31C_D7C1CCEADDF6 }}
+    uses: ./.github/workflows/check-token.yaml
+    with:
+      BROKER_URL: ${{ env.BROKER_URL }}
+      BROKER_JWT: ${{ secrets.BROKER_JWT_0E727E83_F027_426A_A31C_D7C1CCEADDF6 }}
 
   build-release:
     name: Build and release

diff --git a/.github/workflows/check-token.yaml b/.github/workflows/check-token.yaml
@@ -0,0 +1,36 @@
+name: Check token expiration
+
+on:
+  workflow_call:
+    inputs:
+      BROKER_URL:
+        description: "The Broker URL"
+        required: true
+        type: string
+      BROKER_JWT:
+        description: "The broker_jwt to check"
+        required: true
+        type: string
+
+jobs:
+  check-jwt:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check token expiration
+        run: |
+          RESPONSE_CODE=$(curl -o /dev/null -s -w "%{http_code}" -X 'GET' \
+            ${{ inputs.BROKER_URL }}/v1/health/token-check \
+            -H 'accept: */*' \
+            -H 'Authorization: Bearer '"${{ inputs.BROKER_JWT }}"'' \
+            )
+
+          if [ "$RESPONSE_CODE" -eq 401 ]; then
+            echo "Unauthorized (401)"
+            exit 1
+          elif [ "$RESPONSE_CODE" -eq 403 ]; then
+            echo "Invalid JWT: Block list has match"
+            exit 1
+          else
+            echo "Response code: $RESPONSE_CODE"
+          fi
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -20,10 +20,17 @@ env:
   PACKAGE_REPO: https://maven.pkg.github.com/bcgov/java-maven-pipeline-example
 
 jobs:
+  check_token_expiration:
+  uses: ./.github/workflows/check-token.yaml
+    with:
+      BROKER_URL: https://broker.io.nrs.gov.bc.ca
+      BROKER_JWT: ${{ secrets.BROKER_JWT_0E727E83_F027_426A_A31C_D7C1CCEADDF6 }}
+
   deploy-build:
     name: Deploy development version
     if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
     runs-on: ubuntu-latest
+    needs: check_token_expiration
     outputs:
       project_version: ${{ steps.set-build-output.outputs.project_version }}
       build_guid: ${{ steps.set-build-output.outputs.build_guid }}
@@ -94,6 +101,7 @@ jobs:
     name: Deploy release version
     if: ${{ startsWith(github.ref, 'refs/tags/') }}
     runs-on: ubuntu-latest
+    needs: check_token_expiration
     outputs:
       project_version: ${{ steps.set-tag-output.outputs.project_version }}
       build_guid: ${{ steps.set-tag-output.outputs.build_guid }}