Skip to content

ensure jwt signature verification happens when decoding claim (#22) #98

ensure jwt signature verification happens when decoding claim (#22)

ensure jwt signature verification happens when decoding claim (#22) #98

Workflow file for this run

name: Test
on:
pull_request: {}
push:
branches:
- main
jobs:
dotnet:
name: dotnet
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- windows-latest
- macos-latest
runs-on: ${{ matrix.os }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install nats-server
shell: bash
run: |
mkdir tools && cd tools
branch="main"
for i in 1 2 3
do
curl -sf https://binaries.nats.dev/nats-io/nats-server/v2@$branch | PREFIX=. sh && break || sleep 30
done
case "${{ matrix.os }}" in
ubuntu-latest|macos-latest)
sudo mv nats-server /usr/local/bin
;;
windows-latest)
mv nats-server nats-server.exe
cygpath -w "$(pwd)" | tee -a "$GITHUB_PATH"
;;
esac
- name: Check nats-server
run: nats-server -v
- name: Setup dotnet
uses: actions/setup-dotnet@v3
with:
dotnet-version: |
6.x
8.x
- name: Restore
run: dotnet restore
- name: Build
run: dotnet build --no-restore -p:ContinuousIntegrationBuild=true
- name: Test
# Collect code coverage
# https://github.com/MarcoRossignoli/coverlet/blob/master/Documentation/KnownIssues.md#tests-fail-if-assembly-is-strong-named
run: dotnet test --no-build --logger:"console;verbosity=normal" --collect:"XPlat Code Coverage" --settings Default.runsettings -- RunConfiguration.DisableAppDomain=true
- name: Upload coverage reports to Codecov
# PRs from external contributors fail: https://github.com/codecov/feedback/issues/301
# Only upload coverage reports for PRs from the same repo (not forks)
if: github.event.pull_request.head.repo.full_name == github.repository || github.ref == 'refs/heads/main'
uses: codecov/[email protected]
with:
token: ${{ secrets.CODECOV_TOKEN }}
- name: Test Native AOT
shell: bash
run: |
echo ">> Set up for AOT compilation..."
export exe_file=NATS.Jwt.TestNativeAot
export exe_type=ELF
export dotnet_runtime_id=linux-x64
echo ">> Checking OS..."
if [ "${{ matrix.os }}" = "windows-latest" ]; then
export exe_file=NATS.Jwt.TestNativeAot.exe
export exe_type=PE32
export dotnet_runtime_id=win-x64
elif [ "${{ matrix.os }}" = "macos-latest" ]; then
export dotnet_runtime_id=osx-x64
export exe_type=Mach-O
fi
echo ">> Publishing..."
cd NATS.Jwt.TestNativeAot
rm -rf bin obj
dotnet publish -r $dotnet_runtime_id -c Release -o dist | tee output.txt
echo ">> Checking for warnings..."
grep -i warning output.txt && exit 1
echo ">> Executable sanity checks..."
cd dist
ls -lh
echo ">> Executable is of type $exe_type..."
file $exe_file
file $exe_file | grep $exe_type || exit 1
echo ">> Executable size checks..."
# Can't be less than a meg and not more than 10 megs.
# Fairly arbitrary, but we want to make sure executable size
# is reasonable so we can be somewhat sure AOT compilation
# happened correctly.
export filesize=0
if [ "${{ matrix.os }}" = "windows-latest" ]; then
export filesize=$(stat -c %s $exe_file)
elif [ "${{ matrix.os }}" = "ubuntu-latest" ]; then
export filesize=$(stat -c %s $exe_file)
elif [ "${{ matrix.os }}" = "macos-latest" ]; then
export filesize=$(stat -f %z $exe_file)
fi
echo ">> File size: $filesize bytes"
if [ $filesize -lt 1048576 ]; then
echo ">> Error: File is less than 1MB."
exit 1
fi
if [ $filesize -gt 10485760 ]; then
echo ">> Error: File is more than 10MB."
exit 1
fi
echo ">> File size is within acceptable range."
echo ">> Running executable..."
./$exe_file | tee | grep PASS || exit 1
echo ">> Run complete."