Clean up grant/revoke for groups. #13
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Baton Gitlab Integration | |
| on: pull_request | |
| jobs: | |
| go-lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.22.x | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Run linters | |
| uses: golangci/golangci-lint-action@v6 | |
| with: | |
| version: latest | |
| args: --timeout=3m | |
| test-groups: | |
| runs-on: ubuntu-latest | |
| env: | |
| # Logging level for Baton | |
| BATON_LOG_LEVEL: debug | |
| # Connector-specific details | |
| CONNECTOR_GRANT: 'group:100021949/c1-test-group3:Maintainer:user:25334081' | |
| CONNECTOR_ENTITLEMENT: 'group:100021949/c1-test-group3:Maintainer' | |
| CONNECTOR_PRINCIPAL: '25334081' | |
| CONNECTOR_PRINCIPAL_TYPE: 'user' | |
| # Secrets for Baton authentication | |
| BATON_ACCESS_TOKEN: "${{ secrets.BATON_ACCESS_TOKEN }}" | |
| steps: | |
| # Step 1: Set up Go environment | |
| - name: Install Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.23.4 | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Build baton-gitlab | |
| run: go build ./cmd/baton-gitlab | |
| - name: Run baton-gitlab | |
| run: ./baton-gitlab | |
| - name: Install baton | |
| run: ./scripts/get-baton.sh && mv baton /usr/local/bin | |
| - name: Check for grant before revoking | |
| run: | | |
| baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \ | |
| jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\"" | |
| - name: Revoke grants | |
| run: ./baton-gitlab --revoke-grant="${{ env.CONNECTOR_GRANT }}" | |
| - name: Check grant was revoked | |
| run: | | |
| ./baton-gitlab && \ | |
| baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \ | |
| jq --exit-status "if .grants then .grants[]?.principal.id.resource != \"${{ env.CONNECTOR_PRINCIPAL }}\" else . end" | |
| - name: Grant entitlement | |
| run: | | |
| ./baton-gitlab --grant-entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" \ | |
| --grant-principal="${{ env.CONNECTOR_PRINCIPAL }}" \ | |
| --grant-principal-type="${{ env.CONNECTOR_PRINCIPAL_TYPE }}" | |
| - name: Check grant was re-granted | |
| run: | | |
| ./baton-gitlab && \ | |
| baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \ | |
| jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\"" | |
| test-projects: | |
| runs-on: ubuntu-latest | |
| env: | |
| # Logging level for Baton | |
| BATON_LOG_LEVEL: debug | |
| # Connector-specific details | |
| CONNECTOR_GRANT: 'project:65850627:Reporter:user:25334081' | |
| CONNECTOR_ENTITLEMENT: 'project:65850627:Reporter' | |
| CONNECTOR_PRINCIPAL: '25334081' | |
| CONNECTOR_PRINCIPAL_TYPE: 'user' | |
| # Secrets for Baton authentication | |
| BATON_ACCESS_TOKEN: "${{ secrets.BATON_ACCESS_TOKEN }}" | |
| steps: | |
| # Step 1: Set up Go environment | |
| - name: Install Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.23.4 | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Build baton-gitlab | |
| run: go build ./cmd/baton-gitlab | |
| - name: Run baton-gitlab | |
| run: ./baton-gitlab | |
| - name: Install baton | |
| run: ./scripts/get-baton.sh && mv baton /usr/local/bin | |
| # tests | |
| - name: Check for grant before revoking | |
| run: | | |
| baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \ | |
| jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\"" | |
| - name: Revoke grants | |
| run: ./baton-gitlab --revoke-grant="${{ env.CONNECTOR_GRANT }}" | |
| - name: Check grant was revoked | |
| run: | | |
| ./baton-gitlab && \ | |
| baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \ | |
| jq --exit-status "if .grants then .grants[]?.principal.id.resource != \"${{ env.CONNECTOR_PRINCIPAL }}\" else . end" | |
| - name: Grant entitlement | |
| run: | | |
| ./baton-gitlab --grant-entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" \ | |
| --grant-principal="${{ env.CONNECTOR_PRINCIPAL }}" \ | |
| --grant-principal-type="${{ env.CONNECTOR_PRINCIPAL_TYPE }}" | |
| - name: Check grant was re-granted | |
| run: | | |
| ./baton-gitlab && \ | |
| baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | \ | |
| jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\"" | |